Module 11: Wireless Network Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

An ______________NFC device can read information as well as transmit data •Example: Cell Phones

Active

________________ block cipher ________performs three steps on every block (128 bits) of plaintext •Within second step, multiple iterations are performed •Bytes are substituted and rearranged

Advanced Encryption Standard (AES)

The introduction of WLANs in enterprises has changed hard edges to

"blurred edges"

In a network, a well-defined boundary protects data and resources This boundary is known as a

"hard edge"

Bluetooth is a personal area network _________________ designed for data communications over short distances

(PAN) technology

Match the Near Field Communication (NFC) Attacks -Man-in-the-middle -Data Theft -Devices Theft -Eavesdropping 1. Unencrypted N F C communication between the device and terminal can be intercepted and viewed. Because an attacker must be extremely close to pick up the signal, users should remain aware of their surroundings while making a payment 2. Attackers can "bump" a portable reader to a user's smartphone in a crowd to make an NFC connection and steal payment information stored on the phone. This can be prevented by turning off NFC while in a large crowd (Put your cell phone in airplane mode) 3. An attacker can intercept the NFC communications between devices and forge a fictitious response. Devices can be configured in pairing so one device can only send while the other can only receive 4. The theft of a smartphone could allow an attacker to use that phone for purchases. Smartphone should be protected with passwords or strong PINs

1. Eavesdropping 2. Data theft 3. Man-in-the-middle attack 4. Devices Theft

Match the Radio Frequency Identification (RFID) Attacks to their definition. Fake Tags Eavesdropping Unauthorized Tag Access 1. A rogue RFID reader can determine the inventory on a store shelf to track the sales of specific items. Sales information could be used by a rival product manufacturer to negotiate additional shelf space or better product placement 2. Authentic RFID tags are replaced with fake tags that contain fictitious data about products that are not in inventory. Fake tags undermine the integrity of the store's inventory system by showing data for items that do not exist 3. Unauthorized users could listen in on communications between RFID tags and readers. Confidential data, such as a politician's purchase of antidepressants, could be sold to a rival candidate in a "smear" campaign.

1. Unauthorized Tag Access 2. Eavesdropping 3. Fake Tags

What is the following Wireless LAN Transmission? -Single Band -Same band is used in common devices (Vulnerable to interference with other common devices such as microwave, phones) -Wireless Channels will overlap -11 channels -Slower Speed - Longer Range -Can penetrate walls easier

2.4 Ghz

What is the following Wireless LAN Transmission? Dual Band Not usually used in common devices (Less Vulnerable to interference with other common devices such as microwave, phones) Channels do not overlap 25 Channels Faster Speed - shorter range Harder time penetrating through solid objects

5.0 Ghz

In 1997, the IEEE released the final draft for a WLAN standard called IEEE __________.

802.11

WLAN Hardware

A wireless client network interface card adapter performs same functions as wired adapter •Antenna sends and receives signals through airwaves

When in doubt on a test use?

AES

________ is a centrally located WLAN connection device that can send and receive wireless signals •Primarily consists of an antenna and a radio transmitter/receiver

Access point (AP)

Intercepting Wireless Data

An attacker can pick up the RF signal from an open or misconfigured AP •Using a WLAN to read this data could yield significant information to an attacker regarding the wired enterprise network

What Bluetooth Attack describes the following? -Fun way to send messages to other people using bluetooth without using pairing. -Harmless as long as no one sends you any virus or malicious code that can damage your mobile device. -Hacker searches for a discoverable device in the area and sends spam -To defend: Keep your Bluetooth settings to invisible or non-discoverable

BlueJacking

What Bluetooth Attack describes the following? -Unauthorized access of information from a wireless device through a Bluetooth connection. -Can steal: phone book, delete phone book, view call received, place calls. -Hackers may purchase software that allows them to request information from your device -can occur even while your devices is set to invisible or non-discoverable

BlueSnarfing

____________ is considered more annoying than harmful because no data is stolen

Bluejacking

____________is an attack that sends unsolicited messages to Bluetooth-enabled devices

Bluejacking Usually involves text messages, images, or sounds

_______________is an attack that accesses unauthorized information from a wireless device through a Bluetooth connection

Bluesnarfing •The attacker copies e-mails, contacts, or other data by connecting to the Bluetooth device without owner's knowledge

____________ is a wireless technology that uses short-range radio frequency (RF) transmissions

Bluetooth •It provides rapid device pairings •Example: hearing aids - smart home door lock - chicken cooop

Both ______and ______ use a 128-bit key for encryption •Both methods use a 64-bit M I C value

CCMP and TKIP

The ________________ (C B C-M A C) component of C C M P provides data integrity and authentication •The Cipher Block Chaining Message Authentication Code (C B C-M A C) component of C C M P provides data integrity and authentication

Cipher Block Chaining Message Authentication Code

_________________ is the encryption protocol used for W P A 2 •Specifies the use of CCM with A E S

Code Protocol (CCMP)

WPA : Uses both ______________and _______________

Encryption and authentication

WPA2 addresses two major security areas of WLANs:

Encryption and authentication

_____________ is an AP set up by an attacker (External attacker) •Attempts to mimic an authorized AP •Attackers capture transmissions from users to _________ AP

Evil twin

________________ is a framework for transporting authentication protocols •Defines message format •Uses four types of packets -Request -Response -Success -Failure

Extensible Authentication Protocol (EAP)

Answer True or False for the following. WPS is secure.

False •Very Insecure!!!

Ratified in early 2014 and has data rates over 7 Gbps

IEEE 802.11ac

Institute of ____________ is the most influential organization for computer networking and wireless communications

Institute of Electrical and Electronics Engineers (IEEE) i

How many Mbps and Ghz for each Wireless LAN Transmission standard? -802.11a -802.11b -802.11g -802.11n -802.11n -802.11ac -802.1ax

Mbps.................... Ghz -54Mbps............... 5.0 Ghz -11Mbps..................2.4 Ghz -54Mbps................2.4 Ghz -65-600Mbps......2.4 Ghz/5.0 Ghz -Multiple Input Multiple Output (MIMO) uses dual antennas, MIMO, channel bonding, frame aggregation -1.3Gbps - 6Gbps.............2.4Ghz/ 5.0A AND 5.0B (Tri-band) -Network access control and authentication

_________________address filtering is the most common type of wireless access control •It is used by nearly all wireless AP vendors •Permits or blocks device based on MAC address

Media Access Control (MAC)

is a set of standards used to establish communication between devices in close proximity

Near field communication (NFC) •Think Contactless Payment Systems •Once devices are brought within 4 cm of each other or tapped together, two-way communication is established

_________________utilizes a PIN printed on a sticker of the wireless router or displayed through a software wizard •User enters Pin and security configuration automatically occurs

PIN method

Two common WPS methods include the following

PIN method and Push-button method

A ___________NFC device contains information that other devices can read but does not read or receive any information (example, NFC tag, Credit Card)

Passive

_________________is when the user-supplied network name of a wireless network; usually broadcast so that any device can see it -The broadcast can be restricted

Service Set Identifier (SSID)

The primary type of Bluetooth network topology is a ______________(How Bluetooth works)

Piconet

Authentication for W P A Personal is accomplished by using a ___________ •After AP configured, client device must have same key value entered •Key is shared prior to communication taking place •Uses a passphrase to generate encryption key •Must be entered on each A P and wireless device in advance •Devices that have the secret key are automatically authenticated by the A P

Preshared Key (PSK)

A common EAP protocol is __________________ •Simplifies deployment of 802.1x by using Microsoft Windows logins and passwords •Creates encrypted channel between client and authentication server

Protected EAP (PEAP)

____________user pushes buttons and security configuration takes place

Push-button method

Wireless Denial of Service Attack __________________ occurs when attackers use intentional RF interference to flood the RF spectrum with enough interference to prevent a device from communicating with the AP

RF jamming •Jamming - used by hackers to halt security cameras! •Jamming - used by hacker and drones!

_________________ is commonly used to transmit information between employee identification badges, inventory tags, book labels, and other paper-based tags that can be detected by a proximity reader

Radio frequency identification (RFID)

What is the primary differences between the 2.4 GHz and 5GHz wireless frequencies

Range and bandwidth 5GHz provides faster data rates at a shorter distance. 2.4GHz offers coverage for farther distances, but may perform at slower speeds.

___________ access point is an unauthorized access point that allows an attacker to bypass network security configurations •Usually set up by an insider (employee) •May be set up behind a firewall, opening the network to attacks

Rogue

______________ occurs when attackers craft a fictitious frame that pretends to come from a trusted client when it actually comes from the attacker

Spoofing

WEP =

WEEP

__________ vulnerabilities include the following: _________ can only use 64-bit or 128-bit number to encrypt •Initialization vector (IV) is only 24 of those bits •Short length makes it easier to break _____________violates the cardinal rule of cryptography: avoid a detectable pattern •Attackers can see duplication when IVs start repeating

WEP

Second generation of WPA is known as _____________ •Introduced in 2004 •Based on final IEEE 802.11i standard

WPA2

The Wi-Fi Alliance has created a similar technical specification called _________.

Wi-Fi Direct

______________was introduced by the Wi-Fi Alliance to fit into the exiting WEP engine without requiring extensive hardware upgrades or replacements

Wi-Fi Protected Access (WPA)

_________ is based on final IEEE 802.11i standard

Wi-Fi Protected Access 2 (WPA2)

____________is an optional means of configuring security on WLANS

Wi-Fi Protected Setup (WPS)

__________ is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmissions •Encrypts the transmission

Wired Equivalent Privacy (WEP)

Networks that are not using an AP operate in ______________ mode

ad hoc

Devices can only communicate between themselves and _________ connect to another network

cannot

Types of APs include

fat vs. thin APs, controller vs. standalone, and captive portal Aps

The other device (__________) takes commands

follower •Active followers are sending transmissions •Parked followers are connected but not actively participating

A WLAN using an AP is operating in _____________mode

infrastructure

One device (___________) controls all wireless traffic

leader

A ____________ gateway is used by small offices or home users to connect to the Internet

residential WLAN

Temporal Key Integrity Protocol (T K I P) Encryption

•Used in W P A •Uses a longer 128 bit key than W E P •Dynamically generated for each new packet •Includes a Message Integrity Check (M I C), designed to prevent man-in-the-middle attacks

Thin Access Points

•Useful in a large networks •Central management point (Cloud Based) •Configuration of APs is centralized in a controller

A _____________ is designed to replace or supplement a wired LAN

wired local area network (WLAN)

Access point (AP) functions ▶Acts as "base station" for wireless network ▶Acts as a bridge between ____________ and ____________ networks because it can connect to a wired network by a cable

wireless and wired

Several attacks can be directed against wireless data system including:

• Ultra-wide band (airtag) • Bluetooth attacks • Near Field Communication (NFC) attacks • Radio frequency identification systems (RF) • Wireless local area network attacks

There are two types of hard edges:

•A network hard edge •The second is made up of the walls and buildings that house the enterprise

Important considerations must be taken into account when installing a new WLAN for an organization:

•All areas of a building should have adequate wireless coverage •All employees must have a reasonable amount of bandwidth •A minimum amount of wireless signal should "bleed" outside the walls of the building

What are Examples of NFC uses:

•Automobile •Entertainment •Office •Retail stores •Transportation

An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router? A. WPA+CCMP B. WPA2+CCMP C. WPA+TKIP D. WPA2+ TKIP

•D. WPA2+ TKIP

Most RFID tags are passive because..........

•Do not have their own power supply •Because they do not require a power supply, they can be very small

Several tools can be used in a site survey for installation

•Heat maps •Wi-Fi analyzers •Channel overlays

Amendments to this standard include:

•IEEE 802.11a - All •IEEE 802.11b - Big •IEEE 802.11g - Grizzlies •IEEE 802.11n - Need •IEEE 802.11ac - Air Conditioning •IEEE 802.11ax

Other security steps can be taken to protect a wireless network such as:

•Installation and configuration •Specialized systems communications •Rogue AP system detection

Key management of WPA Vulnerabilities

•Key sharing is done manually without security protection •Keys must be changed on a regular basis •Key must be disclosed to guest users

Passphrases of WPA Vulnerabilities

•PSK passphrases of fewer than 20 characters subject to cracking

Not advertising the SSID only provides a weak degree of security and has limitations of...

•SSID can be discovered when transmitted in other frames •May prevent users from being able to freely roam from one AP coverage area to another •It's not always possible to turn off SSID beaconing

Design and implementation flaws of WPS include the following:

•There is no lockout limit for entering PINs •The last PIN character is only a checksum •The wireless router reports the validity of the first and second halves of the PIN separately

Fat Access Points

•Useful in a small networks •Manages authentication and Encryption •Each AP acts as an independent unit •There is no central management unit for all the Access Points in the network In Fat APs, users cannot roam. The user must connect to different APs as they move through the building. Movement from one AP to another is NOT Seamless.

There are two modes of WPA2:

•WPA2 Personal •WPA2 Enterprise


Ensembles d'études connexes

EMT Chapter 17-19, 21 & 22 - Neurologic Emergencies, Gastrointestinal and Urologic Emergencies, Endocrine and Hematologic, Toxicology, Psychiatric Emergencies, EMT

View Set

Forensic Analysis/Restriction enzymes

View Set

biochemistry test - unit 2 module 6

View Set

Electric vehicle charging systems midterm

View Set

NC BLET JUVENILE LAWS AND PROCEDURES

View Set