CompTIA® Security+ Guide to Network Security Fundamentals - Chapter 9 - Wireless Network Security
Wireless device probe
A standard wireless device, such as a portable laptop computer that at regular intervals during the normal course of operation, can scan and record wireless signals within its range and report this information to a centralized database.
Message Integrity Check (MIC)
A strong mathematical function in which the receiver and the transmitter each compute and then compare the check. If it does not match, the data is assumed to have been tampered with and the packet is dropped.
personal area network or PAN
Bluetooth falls under the category of _______________. a. local area network (LAN) b. short area network (SAN) c. paired-device network (PDN) d. personal area network (PAN)
evil twin
The primary design of a(n) ____________ is to capture the transmissions from legitimate users. a. rogue access point b. WEP c. evil twin d. Bluetooth grabber
war chalking
The process of documenting and then advertising the location of wireless LANs for others to use.
Wi-Fi Protected Access 2 or WPA2
The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.
802.11b
The second wireless standard created in 1999 which added to higher speeds, 5.5 Mbps and 11 Mbps to the original 802.11 standard.
residential WLAN gateways
This device combines multiple features into a single hardware device. These features often include those of an AP, firewall, router, dynamic host configuration protocol or DHCP server, along with other features.
False: EAP is a framework for transporting authentication protocols instead of the authentication protocol itself.
True or False: EAP is an authentication protocol used in the 802.1x configuration.
False: WEP sucks
True or False: WEP is a secure protocol that all wireless devices should use.
False
True or False: WPA replaces the Message Integrity Check or MIC function in WEP with the Cyclic Redundancy Check or CRC.
Temporal Key Integrity Protocol or TKIP
WPA replaces WEP with _________________. a. WPA2 b. Temporal Key Integrity Protocol (TKIP) c. Cyclic Redundancy Check (CRC) d. Message Integrity Check (MIC)
Wired Equivalent Privacy or WEP, Wi-Fi Protected Setup or WPS, MAC address filtering, and SSID broadcasting
What are the four WLAN protections that are vulnerable and led to multiple attacks?
Master, when the card acts as an AP, managed, when the station acts as a normal client, repeater, mesh, ad hoc, or monitor mode also called Radio Frequency Monitor or RFMON.
What are the six modes that a wireless network interface card can operate in?
Dictionary attack
What is a the problem with having a short pass phrase on a PSK?
a framework for transporting authentication protocols
What is the Extensible Authentication Protocol or EAP? a. a framework for transporting authentication protocols b. a subset of WPA2 c. the protocol used in TCP/IP for authentication d. a technology used by IEEE 802.11 for encryption
32767
What is the maximum duration that a net allocation vector or NAV field be set to?
The SSID can generally can be any alphanumeric string up to 32 characters.
What is the maximum size of a SSID?
Its usage creates a detectable pattern.
What is the primary weakness of wired equivalent privacy (WEP)? a. It functions only on specific brands of APs. b. Its usage creates a detectable pattern. c. It slows down a WLAN from 104 Mbps to 16 Mbps. d. Initialization vectors (IVs) are difficult for users to manage.
bluesnarfing
What is the unauthorized access of information from a wireless device through a Bluetooth connection called? a. bluejacking b. bluesnarfing c. Bluetooth snatching d. Bluetooth spoofing
802.11ac
Which of these IEEE WLANs has the highest data rate? a. 802.11b b. 802.11n c. 802.11g d. 802.11ac
PIN method
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? a. PIN method b. push-button method c. piconet method d. NFC method
Users can more easily roam from one WLAN to another.
Which of these is NOT a limitation of turning off the SSID broadcast from an AP? a. Users can more easily roam from one WLAN to another. b. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP. c. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another. d. Some versions of operating systems favor a network that broadcasts an SSID over one that does not.
Only 50 percent of the packets will be encrypted.
Which of these is NOT a risk when a home wireless router is not securely configured? a. An attacker can steal data from any folder with file sharing enabled. b. Usernames, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. c. Only 50 percent of the packets will be encrypted. d. Malware can be injected into a computer connected to the WLAN.
WNIC probe
Which of these is NOT a type of wireless AP probe? a. wireless device probe b. WNIC probe c. dedicated probe d. AP probe
MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format.
Which of these is a vulnerability of MAC address filtering? a. The user must enter the MAC. b. MAC addresses are initially exchanged between wireless devices and the AP in an unencrypted format. c. APs use IP addresses instead of MACs. d. Not all operating systems support MACs.
wireless probe
Which of these technologies is NOT found in a wireless broadband router? a. wireless probe b. firewall c. router d. access point
near field communication or NFC
Which technology is predominately used for contactless payment systems? a. wireless local area network (WLAN) b. Bluetooth c. near field communication (NFC) d. Temporal Key Integrity Protocol (TKIP)
PEAP
Which technology should be used instead of LEAP? a. STREAK b. PEAP c. LEAP-2 d. REAP
Bluesnarfing
Which type of Bluetooth attack accesses unauthorized information from a wireless device through a Bluetooth connection?
It allows an attacker to bypass many of the network security configurations.
Why is a rogue AP a security vulnerability? a. It uses the weaker IEEE 802.15.ax protocol. b. It allows an attacker to bypass many of the network security configurations. c. It requires the use of vulnerable wireless probes on all mobile devices. d. It conflicts with other network firewalls and can cause them to become disabled.
wireless routers
A simplified name for a residential WLAN gateway.
Desktop probe
A standard desktop PC that uses a universal serial bus (USB) wireless network interface card adapter to monitor the RF frequency in the area for transmissions.
Media Access Control or MAC address filtering
A method for controlling access to a WLAN based on the device's MAC address.
WPA Enterprise
A more robust mode of WPA designed for larger enterprises, schools, and government agencies.
Dedicated probe
Designed to exclusively monitor the RF frequency for transmissions and look very similar to standard access points.
wireless replay
A passive attack in which the attacker captures transmitted wireless data, records it, and then sends it on to the original recipient without the attacker's presence being detected.
20
A preshared key or PSK of fewer than _______ characters may be subject to an attack if that key is a common dictionary word. a. 20 b. 32 c. 48 d. 64
Lightweight EAP or LEAP
A proprietary EAP method developed by Cisco Systems requiring mutual authentication used for WLAN encryption using Cisco client software.
near field communication or NFC
A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.
near field communications or NFC
A set of standards that can be used to establish communication between devices in close proximity is known as _____.
Wi-Fi Protected Access or WPA
The original set of protections from the Wi-Fi Alliance designed to address both encryption and authentication.
initialization vector or IV
A 24-bit value used in WEP that changes each time a packet is encrypted.
has an initialization vector (IV) that is the same length as a WEP key of 64 bits
A WEP key that is 128 bits in length __________. a. has an initialization vector (IV) that is the same length as a WEP key of 64 bits b. cannot be cracked because it is too long c. cannot be used on access points that use passphrases d. is less secure than a WEP key of 64 bits because shorter keys are stronger
802.11i
A comprehensive security solution that served as the foundation for Wi-Fi Protected Access or WPA and Wi-Fi Protected Access 2 or WPA2.
contactless payment systems
A consumer can pay for a purchase by simply tapping a store's payment terminal with their smartphone. Users store credit card and store loyalty card information in a "virtual wallet" on the smartphone to pay for purchases at an NFC-enabled point-of-sale (PoS) checkout device.
wireless probe
A device that can monitor the airwaves for RF traffic.
per-packet key
A feature of of Temporal Key Integrity Protocol or TKIP which dynamically generates a new key for each packet, thus preventing collisions.
Extensible Authentication Protocol or EAP
A framework for transporting authentication protocols that defines the format of the messages.
scatternet
A group of piconets in which connections exist between different piconets.
Challenge-Handshake Authentication Protocol or CHAP
A weak authentication protocol that has been replaced by the Extensible Authentication Protocol or EAP.
Password Authentication Protocol or PAP
A weak authentication protocol that has been replaced by the Extensible Authentication Protocol or EAP.
packet sniffing
A wireless attack where data that is being transmitted is intercepted and read. An attacker can pick up the RF signal from an open or misconfigured AP and read any confidential wireless transmissions. Also known as a protocol analyzer.
wireless local area network or WLAN
A wireless network designed to replace or supplement a wired local area network (LAN).
Bluetooth
A wireless technology that uses short-range radio frequency or RF transmissions and provides rapid ad hoc device pairings.
wireless replay attack
A(n) _____ is a type of man-in-the-middle attack where an attacker captures the data that is being transmitted, records it, and sends it on to the original recipient without the attacker's presence being detected.
128 bits
AES performs three steps on every block of plaintext. A block is _____ in size.
WPA2
AES-CCMP is the encryption protocol standard used in ______________. a. Bluetooth b. WPA2 c. IEEE 802.11 d. WPA
evil twin
An AP set up by an attacker to mimic an authorized AP and capture transmissions, so a user's device will unknowingly connect to this evil twin instead of the authorized AP.
Protected EAP or PEAP
An EAP method designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords.
Wired Equivalent Privacy or WEP
An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.
802.11w
An IEEE amendment designed to protect against wireless DoS attacks. However, it only protects specific management frames instead of all management frames, it requires updates to both the AP and the wireless clients, and it may interfere with other security devices.
access point or AP
An antenna and a radio transmitter/receiver to send and receive wireless signals with special bridging software to interface wireless devices to other devices. It includes a wired network interface that allows it to connect by cable to a standard wired network
bluesnarfing
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection.
bluejacking
An attack that sends unsolicited messages to Bluetooth-enabled devices.
site survey
An in-depth examination and analysis of a wireless LAN site.
captive portal AP
An infrastructure that is used on public access WLANs to provide a higher degree of security.
Wi-Fi Protected Setup or WPS
An optional means of configuring security on wireless local area networks primarily intended to help users who have little or no knowledge of security to quickly and easily implement security on their WLANs. Due to design and implementation flaws, WPS is not considered secure.
rogue access point
An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.
open AP
An unsecured access point.
wireless broadband routers
Another name for a residential WLAN gateway.
robust security network or RSN
Another name for the 802.11i standard which is more commonly known as WPA2
preshared key or PSK
Authentication for WPA Personal is accomplished by using a _____.
802.11g
Formally ratified in 2003, this wireless standard combined 802.11b and 802.11a with speeds up to 54 Mbps.
captive portal
If Cora tries to access a free public Wi-Fi at a local coffee shop that requires her to first agree to an Acceptable Use Policy (AUP) before continuing, what type of AP has she encountered? a. web-based b. captive portal c. rogue d. Internet content filter
initialization vector or IV
In WEP, the shared secret key is combined with a(n) _____, which is a 24-bit value that changes each time a packet is encrypted.
RF jamming
Intentionally flooding the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.
802.11a
Issued at the same time as 802.11b, this wireless standard had a speed of 54 Mbps.
33 feet or 10 meters
Most Bluetooth devices have a range of _____ and can transmit 1 million bits per second (Mbps).
WPA Personal
One of two modes of WPA designed for individuals or small office/home office or SOHO settings, which typically have 10 or fewer employees.
piconet
One of two types of Bluetooth network topolgies, where when two Bluetooth devices come within range of each other, they automatically connect with one another. One device as master and the other as slave.
wireless client network interface card adapter
Performs the same functions as a wired adapter with one major exception: there is no external cable RJ-45 connection. In its place is an antenna sometimes embedded into the adapter to send and receive signals through the airwaves.
802.11n
Ratified in 2009, this wireless standard has significant improvements over previous standards including greater coverage area, security, and speeds up to 600 Mbps.
802.11ac
Ratified in 2011, this wireless standard has data rates over 7 Gbps.
war driving
Searching for wireless signals from an automobile or on foot using a portable computing device.
active slaves
Slave devices that are connected to the piconet and are sending transmissions.
parked slaves
Slave devices that are connected to the piconet but are not actively participating.
Personal Area Network or PAN
Technology designed for data communication over short distances such as Bluetooth.
Temporal Key Integrity Protocol or TKIP
The WPA and WPA2 encryption technology.
Service Set Identifier or SSID
The alphanumeric user-supplied network name of a WLAN.
preshared key or PSK
The authentication model used in WPA that requires a secret key value to be entered into the AP and all wireless devices prior to communicating.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP
The encryption protocol used for WPA2 that specifies the use of a general-purpose cipher mode algorithm providing data privacy with AES.
802.11
The first wireless standard with a bandwidth of 2 Mbps.
Access point probe
The functionality of detecting neighboring APs, friendly APs as well as rogue APs included in the access point inself.
802.11ac
The newest IEEE WLAN standard that has data rates over 7 Gbps is _____.
Lightweight EAP or LEAP
_____ is a proprietary EAP method developed by Cisco System and is based on the Microsoft implementation of CHAP.
