Mobile Security Midterm
How many security modes does bluetooth support?
4
Wireless networking was initially supported by IT departments because of the productivity gains it provided a) true b) false
B
What is the compromise for COE
COPE
What is circuit switching?
Circuit switching is a Physical connection made between two phones using series of telephony switches, creating an electric circuit. While circuit in use, no other phones could us wires connecting two phones.
Confidentiality
Preventing unauthorized disclosure of information
Antenna Design Goals
Required distance between AP and wireless client Pattern of coverage area (ex: the coverage area might radiate out in all directions, forming a spherical coverage area around an antenna, or an antenna might provide increased coverage in only one or two directions) Indoor or outdoor environment Avoiding interference with other APs
Home address
The home address refers to the mobile node's home IP address, which is where it is registered with the home agent. The address can be static or dynamically assigned when registering with the home agent.
What is Port Address Translation (PAT)?
Used by wireless systems so that multiple devices can be mapped to a single IP address, Does not allow unsolicited external connections unless there's a pre-existing state policy, Your ISP assigns you a single IP address for your home router, When someone signs in with their mobile device the router assigns them a port number, The port number is appended to the IP address, effectively giving each device connected to the access point its own address
Extended service Set (ESS)
Used in larger networks to connect several access points to an Ethernet LAN. An ESS is a combination of two or more BSSes connected via a distribution system medium such as an Ethernet network.
What is Dynamic Host Configuration Protocol (DHCP)?
Used to automatically assign IP addresses to devices as needed
Sniffing Wireless Networks
Wireless LAN sniffing is more complicated than Wireshark sniffing on a wired connection, WLANs operate on different frequencies (2.4, 5 GHz), Each range is divided into multiple channels. If your sniffer has only 1 radio, then you can only sniff 1 channel at a time, Most countries have certain allowed channels and power levels, but these can be overridden
Hack of the Week: Number Stations
Wireless communication using code books, using one time pad, change default passwords; Shortwave radio stations which broadcast a series of coded numbers that can be deciphered by anyone with the correct key
Active Scanning
With active scanning, the client proactively scans the network by sending out probe pulse requests. These requests can contain the SSID of a specific pre-configured network, but they can also "discover '' new networks by leaving the SSID field blank.
What is a channel?
Within each band are Specific radio frequencies at which devices are allowed to operate
What is Time Division Multiple Access (TDMA)?
allows multiple users on the same frequency channel, each with its own sliver of time.
bluetooth security mode 2
authentication, encryption, and authorization are required
Companies tend to lose money on BYOD a) true b) false
b
Wireshark
packet capture analysis tool that allows you to apply filters to traffic captured on a network
IPv6 Addressing
128-bit address scheme, Allows more than 3.5 undecillion addresses, Benefits: Auto-configuration, Improved address management, Built-in security/encryption capability, Optimized routing
Hack of the week: WPA keys
2 step attack: 1) capture a handshake (contains password hash) 2) crack the hash 4 way handshake slightly harder to break than WEP keys. WPA 2 is the latest/greatest security standard
What two frequency bands are commonly used for WLANs
2.4-2.5 GHz range (called the 2.5 GHz band) and 5.75-5.975 GHz range (called the 5 GHz band)
What are the seven layers of the OSI Reference model?
7. Application: User Interface, 6. Presentation: Data format; encryption, 5. Session: Process-to-process communication, 4. Transport: End-to-end communication maintenance, 3. Network: Routing data; logical addressing; WAN delivery, 2. Data Link: Physical addressing; LAN delivery, 1. Physical: Signaling
ARPANET was the predecessor of the modern internet a) true b) false
A
BYOD and COE policies and aims are not aligned with each other a) true b) false
A
Accountability
A chronological record of system activity that can be forensically examined to reconstruct a sequence of system events
Wireless Client Devices
A client station is configured to associate with an access point by creating a Layer 2 connection, Applies to Bluetooth, cellphones, etc Does not apply to all IoT devices (like passive RFID), If multiple access points configured with the same SSID, and if the correct security credentials supplied, client will be handed over the strongest signal Access points must use different channels to avoid interference, Before a client can connect to an access point, it must detect presence of access point
Context-aware Security Devices
A method of providing greater granularity in applying access controls (Security policy dictates rules that apply to authentication process, Rules take into consideration the user's details, which device that person is using, and the location and time, By considering these extra criteria, security administrators can apply different access rights and authorization to different contexts)
What is Network Address Translation (NAT)
A method to mask the address of devices on a network from the outside world, Using NAT, a company can have one public address, which can be accessed from the Internet, and another set of private addresses, which can only be accessed internally
Mobile Node (MN)
A mobile node is a device (it could be anything) that changes its point of attachment from one subnet or network to another. It does its own move detection and must determine not just the change in access type, if any, but also the change in the subnet.
Authorization
A process that works in conjunction with authentication to grant access rights to a user, group, system, or application
what is an Evil Twin
A rogue AP installed with sinister intent, Looks like legit access point (Attacker poses as a genuine network service provider, Users connect to evil twin, use it to access Web sites and perform other tasks, Access point eavesdrops, steals credentials, password, anything of interest)
TOFU: Trust on First Use
A security model used by client software which needs to establish a trust relationship with an unknown or not- yet trusted endpoint, The client attempts to lookup an identifier, usually some kind of public key, in its local trust database. If no identifier exists yet for the endpoint, the client software will either prompt the user to determine if the client should trust the identifier or it will simply trust the identifier which was given and record the trust relationship into its trust database. If a different identifier is received in subsequent connections to the endpoint the client software will consider it to be untrusted.
Bluesnarfing
A technique whereby an attacker gains access to unauthorized information on a Bluetooth-enabled device such as a mobile phone, Attacker can then access contacts, calendar, e-mails, and text messages, Victim's phone must have Bluetooth enabled and be in discoverable mode, Bluetooth devices must also pair, Bluesnarfing uses a get request to pull information from the victim's device
What does victim's device send to rogue network
ARP request Packets
Mobile Application Management (MAM)
Administers and manages applications on mobile devices, Controls the provisioning and distribution of in-house mobile applications and, in some cases, commercially available applications through an enterprise application store
Evil twin access points
An access point(AP) is set to the same network name (SSID) as a legitimate WLAN or hotspot, fooling unsuspecting users into connecting
Denial of Service attack
An attacker tries to prevent legitimate access to a system or service by making it unavailable
Spoofing an Access point
Attacker creates a fake access point with the same SSID as the WEP network Kali Linux contains the tool airbase-ng which can do this The rogue wireless network will show up on the victim's device along with all the other wireless networks in range
Problems with wireless network security
Authentication, Wired Equivalent Privacy (WEP), (Security algorithm used in 802.11 standard, Used a 64- or 128-bit key, Challenge/response mechanism could be eavesdropped)
3 levels of security for bluetooth
Authentication: Verifies the Bluetooth device address, Confidentiality: Prevents eavesdropping, Authorization: ensures a device is authorized to use a service before being permitted to do so
802.11 standards define four topologies, called Service Sets, for how Wi-Fi devices connect with each other:
Basic service set, extended service set, independent basic service set, mesh basic service set
Bluetooth security mode 4:
Bluetooth specifications call out four separate levels of security: Service level 3 (Requires man-in-the-middle protection and encryption, and preferably user interaction), Service level 2 (Requires encryption only), Service level 1 (Does not require encryption; user interaction is not necessary), service level 0 (Requires neither man-in-the-middle protection and encryption, nor user interaction)
What was the first mobile generation to support Internet access a) 1G b) 2G c) 2G+ d) 3G e) 4G
C
Bluejacking
Came about through the misuse of a Bluetooth feature whereby a mobile phone could exchange a "business card" or messages with another phone in the vicinity, Used by storekeepers in malls, for example, for marketing and advertising >> spamming, Bluetooth devices needed to peer before communication, Passersby didn't know with whom his or her device was peering, After spammer's initial message was accepted, spammer's Bluetooth device ID was added to trusted contacts
COPE for company
Can negotiate cheaper price per unit, Takes responsibility for maintenance, operational costs, and service, Can place security restrictions
Passive Scanning
Client listens for a beacon, which an access point continually emits. When a client "hears" a beacon advertising an SSID for which it has been preconfigured, it selects that access point. If it hears more than one beacon, it will select the access point with the strongest signal.
Mesh basic service set (MBSS)
Clients, access points, and gateways are all meshed together, enabling client-to-client and AP-to-AP communication.
Basic service Set(BSS)
Cornerstone of wireless networks. Defines a common topology, or arrangement, in which a single access point connects and associates with several client stations.
BYOD: COPE
Corporate Owned Personally Enabled
Areas of interest for cyber criminals
Credentials for personal or business accounts, Credentials for business or personal information, Credentials for remote access software for business networks, Access to data and phone services
Mobile IP solves which important problem? a) Battery life b) Wireless connections to the Internet c) access to app stores d) The ability to maintain IP session while moving
D
Which of the following is not a requirement for successful mobility a) location discovery b) move detection c) update signaling d) omnidirectional antennas e) path establishment
D
Intro to wireless bridges:
DSS, If backhaul medium is wireless, WAP can also serve as a wireless bridge, 802.11 standard describes a mechanism called wireless distribution system (WDS) whereby the frame format can handle four MAC addresses, Real-world deployments for WDS are in bridges, repeaters and mesh networks
What is the near-far problem?
Device hooks up to the strongest signal, which hackers can use to get you to connect to a rogue network as long as it is the stronger signal
3G: 3rd Generaltion Wireless Network
Digital voice and mobile broadband. 2000kbps. Next iteration of GPRS, GPRS+ : high speed packet switched internet access, fast download speeds and connection rates, spurred new breed of smartphones.
Shannon/kirchoff's law
Don't want to keep the algorithm secret DES- secret, AES is the proper standard because it is open source, therefore can ind vulnerabilities and fix. The enemy knows the system
COE provides which of the following benefits? a) lower support costs b) improved help desk support c) Reduction of OS compatibility issues d) Reduced security incidents e) all of the above
E
Digital communication offers which of the following advantages? a) more efficient use of bandwidth b) greater utilization c) improved error rates d) less susceptibility to noise and interference e) all of the above
E
What is the Impact of BYOD
Employees use personally owned devices to access work-related systems, files, and applications, Now the Norm
Bluebugging
Enables an attacker to commandeer entire handset, Requires trusted device status, Establishes a connection by tricking victim's phone into believing the attacker device to be a Bluetooth headset, Then attacker can control just about every function of the phone via AT command codes (Attacker can listen in on conversations (hence the name bluebugging))
Mobile Device Management (MDM)
Enables network security administrators to manage mobile devices remotely, Sends over-the-air signals to mobile devices to distribute applications and configuration settings
Multi-access (wired, wireless, mobile) network security requires multiple layers:
External, perimeter, internal, application server
4G and LTE
Fourth generation (4G) is all-IP network, Allows use of ultra broadband and the promise of 1 Gbps data rates, Voice communications can be converted to Voice over IP (VoIP) Includes high-quality, high-definition TV streamed to mobile devices; live interactive gaming applications, Systems currently deployed for 4G are Mobile Worldwide Interoperability for Microwave Access (WiMAX) and Long Term Evolution (LTE)
Detecting MITM on VoIP
Generates a random pair of words on each user's screen, You say the first word to your friend, and they say the second word to you; if they don't match, you have a MITM
COPE for Employee
Gets device they want Can use for personal business Agrees to remove data wipe if device is stolen
Information Security Standards
ISO/IEC 27001:2013, ISO/IEC 27002:2013, NIST SP 800-53
Application server network
Inner security zone protected by another layer of highly restrictive firewall rules
Drawbacks of COE
Irritated employees, Caused anger and resentment toward IT, Stifled productivity
What is wardriving
Is the 802.11 wireless equivalent of war dialing, Attackers search for wireless access points in a form of unauthorized and covert reconnaissance, Doesn't require special equipment; more successful if a high-gain antenna is used, Wardriver uses a sniffer to detect access points and their SSIDs by intercepting and capturing their beacons, Improperly installed WLANs are the same as having a network access port in the parking lot
Any device that meets the following criteria can act as a wireless client:
It contains a radio card or integrated transmit (TX) and receive (RX), noted as TX/RX, Contains an antenna, Operates under 802.11 protocol standards
How to mitigate the risk of BYOD
MDM & MAM
Accountability
Making users accountable for their actions. Need mechanisms in place for accountability of internal users (audit trails, logs)
Mobile IP handles the change of IP address and maintains current sessions by using certain Mobile IP client stack specific components:
Mobile node, home address, home agent, care-of-address, foreign agent
Hack of the Week: Medical Appliances
Modern medical implants include pace makers, defibrillators, insulin pumps, and more. The software is all updated wirelessly. These communication channels are not encrypted, and are configured to always listen for RF updates. Any access to these signals provides root access to the device. Security through obscurity - never works. Takeaway: no security on devices, no battery power to do full encryption/authentication
Netwitness Investigator
More specialized cybersecurity analysis focused tool that also performs packet capture on a wireless network
Benefits of COE to the business
Much lower support costs, Improved help desk and IT support, Thoroughly tested applications working on a common platform, Fewer major virus contaminations Reduction of compatibility issues with OS versions, security and OS patches, and device drivers, Higher user satisfaction due to preconfigured network printers, home drives, and network configurations
Wireshark for mobile potential association issues:
Near-far problem, Unlicensed bands subject to interference, Multipath interference for wireless radios
Independent basic service set (IBSS)
No access point is used. Instead, client stations form peer-to-peer relationships.
How can you tell if your phone has been pwned?
Odd charges on your cell phone statement Unusual data access patterns, Rapid battery failure/low battery life, Apps downloaded from third parties,Partially trusted insiders have access, Phone is jailbroken, Antivirus stopped running
Wireless Workgroup bridge
Often used when there are several non-wireless devices, such as Ethernet-networked PCs, in a workgroup or in an office that require backup wireless connectivity to the network
What is BYOD?
Opposite of COE, Removes burden of training, Encourages collaboration and innovation, Many business-supported programs run as apps on BYOD devices
What is Packet Switching?
Packet Switching is Enabled technological leap in long-distance digital communications Voice signal is first digitized and then chopped up into a series of packets. More resilient
what is wardialing
Phreakers search banks of telephone numbers looking for a modem that answers; verifies that computer system is connected to external resources by modems
Nonrepudiation
Preventing the denial that an action has been taken. Addresses when someone denies he or she took a certain action
Availability
Preventing unauthorized withholding of resources or services
multipath
Radio waves reflect off certain materials and surfaces; results in multiple versions of same radio waves bouncing around
Defense in Depth for mobile devices
Screen lock password, Encryption of data at rest/ data in flight, Remote wipe device
Common solutions to BYOD
Secure device configuration for joining network, Mobile Application Management (MAM), Mobile Device Management (MDM)
Every access point is identified by a
Service set Identifier (SSID: a configurable name or alphanumeric code)
Hack of the week: Hirte Attack
The Hirte attack sniffs an ARP packet and relocates the IP address in the ARP header to convert the reassembled packet into an ARP request. The victim responds to this with an ARP Reply, thus allowing the attacker to collect new data packets encrypted with the WEP key. Once a sufficient number of packets are collected, tools such as aircrack-ng can easily crack the WEP key!
Care-of-address (CoA)
The care-of-address is the new IP address the mobile node has been assigned by the visited network. The mobile node informs the home agent of the care-of-address when registering its movement.
Foreign agent (FA)
The foreign agent stores all information about mobile nodes that are visiting its network. It advertises care-of-addresses and routing services to the mobile node while it is visiting its network. If there is no foreign agent present on a network, then the mobile node itself must handle getting a local address and advertising it.
Home Agent (HA)
The home agent is a router capable of processing and tracking mobile routing IP updates, tracking mobile node registrations, and forwarding traffic to mobile nodes on visited networks through IP tunnels.
Authentication
The process of validating a claimed identity, whether a user, device, or application
What basic principle does one point of access allows control of the entire system violate
The rule of least privilege
What is a one time pad
Theoretically the most secure form of encryption known - a stream cipher with a cryptographic random sequence of numbers as a single-use key
What is the common operating environment
To ensure Y2K compliance, and to facilitate efficient and standard validation, IT departments implemented the Common Operating Environment (COE), Was about control IT had over any technology used within a business, With COE, IT stipulated a common desktop PC policy ; a common stripped-down, and locked OS; and authorized applications
Spread spectrum
Transmission is spread across entire frequency space available (ex: over a 22 MHz band at 100 mW)
IPv4 addressing
Uses a format called dotted decimal, which consists of four octets (groups of eight in binary code), Total number of combinations is more than 4 trillion; actual number of usable addresses is in the billions, address space is used up transitioning to IPv6
4G: 4th generation wireless network & 5G
Voice and IP-based protocols for data transfers 10 times faster than 3G-LTE 100,000kbps Technology currently predominate mobile offering Led to bring your own device (BYOD) 5G is otw
2G: 2nd generation wireless network
Voice using digital technology; very basic data transfer. 64kbps. General Packet Radio Service (GPRS) is a packet-based data service for mobile networks, improved mobile data rates.
Hack of the week: WEP keys
WEP keys & configuration details are stored in the mobile device Victim has enabled automatic connection to wireless networks in range of their device. Fragmentation attack Spoofing AP, no DHCP server on rogue network so device is not assigned IP address,
General Threat Categories
Who or what you are protecting the assets from (External attackers or Employees & Most companies employ practice of least privilege), Which assets you wish to protect, Security measures should be proportional to the value of the assets, and should not create an impediment to the assets' purpose and function, Key is to ensure that information security processes, practices, and techniques are aligned with the business's plans, goals, objectives and functions
Solution to problem with wireless network security
Wi-Fi Protected Access (WPA),(Introduced by Wi-Fi Alliance, Used a 256-bit key, Featured integrity checks, Served as interim replacement for WEP), WPA2 used today
4G phones support IPv6 addressing a) true b) false
a
All wireless devices attached to the same access point share a common collision domain a) true b) false
a
In network security, C-I-A stands for which of the following a) confidentiality, integrity, availability b) central intelligence agency c) control, intelligence, access d) confidentiality, intercept, awareness
a
Layers 4 to 7 are often grouped together and referred to as the Application Layers a) true b) false
a
More mobile-capable tablets are sold than PCs a) true b) false
a
Most bluetooth vulnerabilities are based on how they connect, or peer, with each other, and can be mitigated by disabling connectivity while out of the office a) true b) false
a
The BES server allows which of the following? a)push emails to mobile devices b) Netflix on phones c) GMS and CDMA compatibility d) SMS
a
Unauthorized wireless access is often a means of access for sophisticated attacks a) true b) false
a
Which of the following describes an evil-twin? a) a version of a rogue AP in which the device masquerades as a legitimate access point b) a social engineering scam c) a bluetooth hack that takes over a another device d) a peer-to-peer hack
a
Which of the following describes the strategy and practice of implementing multiple layers of security a) defense in depth b) perimeter security c) least privilege d) trust but verify
a
A basic service set is comprised of which of the following? a) several access points operating as a single network b) an access point and several wireless clients c) several clients connected together d) a WLAN and the back-end wired LAN e) none of the above
b
Cell phones in the same cell can communicate directly with each other without going through the base station a) true b) false
b
Compliance with the ISO/IEC 27002:2013 standard is mandatory? a) true b) false
b
In FDMA, timing and synchronization are key considerations a) true b) false
b
MAC addresses are often changed by IT personnel to accommodate growing networks a) true b) false
b
MDM helps to do which of the following? a) empower employees by letting them choose their own smart devices for use at work b) predict sensitive info c) protect devices and data from unauthorized access d) all of the above
b
Mobility and wi-fi have made AAA-based access much easier a) true b) false
b
PDCA stands for which of the following? a) plan, document, check, audit b) plan, do, check, act c) people, documents, computers, access d) none of the above
b
Passive scanning allows a client to find a wireless network for the first time a) true b) false
b
Passive surveys automatically collect and assess connection-quality information a) true b) false
b
Site surveys help determine RF coverage only a) true b) false
b
Switches primarily operate at which layer of the OSI reverence model? a) Physical layer b) data link layer c) network layer d) transport layer e) none of the above
b
The data link layer uses a logical addressing scheme to switch data frames? a) true b) false
b
Thin access points have basic switching capabilities a) true b) false
b
Unskilled attackers are not a threat and can be diregarded a) true b) false
b
Which of the following describes MDM? a) it is an important security certification b) it is a technology that enables network security administrators to manage mobile devices c) it is a data privacy regulation that pertains to the healthcare industry d) it is a technology that enables network security administrators to manage applications on mobile devices
b
Which of the following describes the act of wardriving? a) mounting a battering ram on your car b) searching for unsecured wireless networks while driving around c) jamming other people's wireless networks d) taking over someone else's bluetooth connection
b
Which of the following reflects the correct order of the OSI Reference Model from Layer 1 to layer 7? a) Application, Presentation, Session Transport, Network, Data link, Physical b) Physical, data link, network, transport, session, presentation, application c) physical, application, presentation, session, transport, network, data link d) Network, IP, Data Link, Application, Logical, Presentation, Physical, Session
b
Wireless networking standards are defined on the network layer a) true b) false
b
Wireless networking's security issues are primarily the result of which of the following a) slower access b) the ability to receive and inject data via remote means c) lack of IT control d) IT policy configuration
b
Wireless-based DoS attacks can only happen at layer 1 a) true b) false
b
compliance with government and industry regulations is the best way to ensure network security a) true b) false
b
1G: 1st generation wireless network
basic voice using analog technology. 2.4kbps
CDMA was predominant in which generation of mobility? a) 1G b) 2G c) 3G d) 4G
c
Grid and parabolic antennas are examples of which of the following? a) MIMO antennas b) Omnidirectional antennas c) directional antennas d) all of the above
c
IP addressing is specified in which layer? a) Layer 1 b) layer 2 c) layer 3 d) layer 4 e) all of the above
c
Over the next several years, the most significant impact of widespread wireless connectivity fee most people will be which of the following? a) being able to check email while on a plane b) free wireless hotspots in malls and coffee shops c) the emergence of the IoT which will connect household appliances and systems to the network d) lower internet rates
c
Self-organizing WLANs do which of the following? a) automatically place themselves in a building b) vote for their own leader c) adjust power levels and channels via a controller to ensure peak performance d) allow for seamless roaming
c
What is the effect of increasing the gain on an omnidirectional antenna? a) it does nothing b) it focuses the beam c) it increases horizontal coverage while decreasing vertical coverage d) it increases vertical coverage while decreasing horizontal coverage
c
Which of the following are the main design considerations for cellular systems? a) iphones and androids b) data rates and subscriber plans c) Frequency sharing and cell handoffs d) cell handoffs and forward passing e) none of the above
c
Which of the following is not a use of Wi-Fi in warehousing? a) asset tracking b) loss control c) forklift automation d) picking efficiency
c
what is the purpose of ISO/IEC 27002:2013? a) to provide rules and methods for wireless security b) to provide a standard for cross-vendor solution compatibility c) to provide requirements for establishing, implementing, maintaining, and improving to an information security management system d) to give regulators something to do
c
why does social engineering tend to work? a) people are dumb b) hackers know mind-control techniques c) hackers know how to take advantage of human behaviors and tendencies d) security is weak
c
What is a frequency band
certain radio frequency (RF) ranges are reserved for communication
what is ratcheting a key?
changing the keys multiple times during a session that is asynchronous messaging (session is open for days)
Fragmentation attack
collects pieces fo the keys over time
An organization can greatly reduce risk by doing which of the following? a) educating employees b) deploying simple best practices c) adopting least-privilege policies d) all of the above
d
Hackers are motivated primarily by which of the following? a) social status b) political aims c) financial gain d) all of the above
d
The IPv6 address 23a2:0001:0000:00a3:0000:0000:00ba: c0f2 can be written as which of the following? a) 23a2:1:a:3:ba:cf2 b) 232.10.030:0f2 c) 23a2::a3::c0f2 d) 23a2:1:0:a3::ba:c0f2
d
The concept of least privilege does which of the following? a) it identifies the haves and the have-nots b) it gives access to critical systems with minimal approval c) it limits access approval to one system per day d) it blocks access from all systems by default giving access on an as-needed basis
d
Wardrivers look for which fo the following vulnerabilities? a) the use of default administrative usernames and passwords b) no or weak encryption c) the use of default SSID settings d) all of the above
d
Which of the following describes EDGE and GPRS a) key 4G technologies b) members of U2 c) Frequency sharing techniques d) pre 3G data-sharing technologies
d
Which of the following was one thing Blackberry limited got right that opened the door for the BYOD phenomenon a) it invented the first smartphone b) it was the first to roll out 3G mobility c) its phones could run third-party apps d) its devices could receive push emails from Microsoft Exchange Servers
d
An 802.11 wireless client can be which of the following? a) a wireless-enabled PC b) an access point c) a wi-fi enabled phone d) a wireless thermostat e) all of the above
e
Wardrivers use unsecured wireless networks to do which of the following? a) launch viruses b) source spam c) initiate DoS attacks d) visit illegal web sites e) all of the above
e
Which of the following are sources of RF interference? a) microwave ovens b) bluetooth radios c) other wireless networks d) malicious jammers e) all of the above
e
Which of the following is a common security threat for mobile and wi-fi enabled devices? a) physical loss and theft b) malicious applications c) phishing d) unsecure or rogue wireless access points e) all of the above
e
why is packet analysis particularly problematic on wireless networks? a) you can "listen" to traffic without a physical connection b) unlike wired networks, you don't need port mirroring to see all the traffic c) packets can be modified and reinserted without authentication d) it can be used to initiate a local denial of service attack e) all of the above
e
Why is IPsec not helpful
encryption is done at the IP layer of the protocol stack so end user may not know if working, Not all routers support IPSec so encryption may not be end to end, you don't know if the other party supports IPSec, there are benefits to doing additional encryption at the application layer, so that the user can be told if the call is encrypted
How does WAP work?
four-way handshake: 1. The WAP sends a nonce (a single-use random number), called ANonce. The client uses this value to create a key. 2. The client sends its own nonce (called SNonce) to the WAP along with an integrity and authentication message, called the message integrity code (MIC). The WAP uses the SNonce to create the key needed to decrypt messages from the client. 3. The WAP replies with the key used to decrypt broadcast messages, called the group temporal key (GTK), along with a MIC. 4. The client sends a confirmation to the WAP, which completes the association.
How can you provide perfect forward secrecy?
if we destroyed the keys at the end of each call, so you can retroactively compromise the call by disclosing the keys in the future
What is Frequency Division Multiple Access (FDMA)
is the foundation of cellular coverage maps, but in this case each channel is split up further so that multiple users can share a common channel without interference. FDMA does not require a great deal of timing synchronization, but it does require very precise transmission and receiving filters. FDMA is a 1G technology
What is Code Division Multiple Access (CDMA)?
makes it possible for several users to share multiple frequency bands at the same time by spreading the signal out over the frequencies.
What is the difference between a residential and an enterprise gateway?
matter of capabilities, Enterprise gateway typically has a WLAN and a LAN interface, which enables it to act as a translational bridge between the two mediums, Is typically deployed as a guest point of access to the Internet, with no direct access to the corporate network
bluetooth security modes 1 and 3
no service security trust model is applied
Hack of the week: Traffic Lights
one AP, four key components: Sensors that detect cars, Controllers that use the sensor data to control the lights at a given intersection, Radios for wireless communication among intersections, Malfunction management units (MMUs) which return lights to safe fallback configurations if an "invalid" configuration occurs. Takeaways: stop using default UserID and password combos that can be found online, encrypt wireless traffic
PII
personally identifiable information
Integrity
preventing unauthorized modification of information
What is the challenge with Frequency Sharing?
small number of frequency channels
Distribution system service (DSS)
translates traffic between an 802.11 device and the distribution medium used backhaul
What are the two bluetooth service security types
trusted (Trusted device has full access to all services of another trusting device) and untrusted (untrusted devices do not have an established relationship and can reach only restricted services)
How to secure wireless conversations
use IPSec (may not help), Signal encrypted IM and voice app from open whisper systems, free and open source code, calls over wifi or data connections, automatic end-to-end encryption keys generated and stored at endpoints, not the service provider, messages may be set to expire up to 1 week after viewing
What is one way to achieve forward/backward secrecy
use a different set of ephemeral keys for each message exchange
Pfsense firewall
used to set regulation and firewall rules on a specific network such as what protocols are allowed on what IP addresses and also used NAT to bind a public internet address to an internal server
Unlicensed bands
users can operate without an FCC license
Perimeter network layer
uses an inner firewall to segregate the external network from internal resources; normally hosts more secure and restricted web services
Narrowband
uses little bandwidth by transmitting over a narrow beam of frequency (ex: a 2MHz wide channel at 80 watts)
Internal network
where user hosts reside
External network layer
where web servers and services are exposed to the Internet; layered firewalls provide a secure demilitarized zone (DMZ)
what is the difference between wired and wireless?
wireless is easier to intercept which is why encryption becomes important
