Telecom Chapter 7 - Wireless LANs II
corporations with multiple access points
802.11i 802.1X initial authentication mode was created for ________.
residences with a single access point
802.11i PSK initial authentication mode was created for ________.
both confidentiality and message integrity
802.11i provides ________.
rogue
A ________ is an unauthorized internal access point.
802.1X Initial Authentication Mode
Created for corporations w/ many APs. Dubbed Enterprise Mode. Strong and complex to implement. BUT can be defeated by rogue APs and Evil Twin Attacks. Uses a central authentication server. Authentication based on credentials on 802.1X authentication server.
Unshared Pairwise Session Key
Hosts give PSK to WAP. WAP gives a random ________ to the host so they can use the network. Every session different, can even reassign at certain times.
Three Weaknesses of PSK
- Unauthorized disclosure of the PSK - PSK changes after employee leaves are laborious (if you remember) - Weak PSKs are easy to crack or guess
WPA3 Main Enhancements
- individualized data encryption - protect against dictionary attacks - simplified security for devices w/o display, IoT devices - provides 192-bit security suite for protecting Wi-Fi users' networks with higher security requirements
Elements of 802.1X Initial Authentication Mode
1) Requirements for Credentials, authentication server to supplicant. 2) Provide Credentials, supplicant to authentication server. 3) Credentials Check, at authentication server. 4) Authorization Message to the Authenticator. 5) Authorization Message to the Client.
Frequency Hopping Spread Spectrum (FHSS)
802.11 Wi-Fi uses 20 MHz or wider channels in the 2.4 GHz and 5 GHz bands. Bluetooth operates only in the 2.4 GHz band. Bluetooth divides the band into 79 channels, each 1 MHz wide. For spread spectrum transmission, hops between channels every few frames. Bluetooth radios hop among the frequencies up to 1,600 times per second. These radios avoid channels where other devices (including 802.11 devices) are active.
Evil Twin Attack
A man-in-the-middle attack in which the ________ intercepts traffic passing between a wireless host and a legitimate AP. An _________ AP is usually a notebook computer. A MitM attack is difficult to detect because it is transparent to both the wireless client and the AP. Both operate as usual. Neither can tell that it is dealing with an impostor.
collect information
A security might use SNMP Get commands to ________ to look for a rogue access point.
power
A security might use SNMP Set commands to change an access point's ________.
Drive-By Hackers
AKA Wardrivers. Located outside corporate premises. Connects to an unsecure AP within the site. If successful, then attacker can communicate with any hosts within the site - without going through the border firewall.
Virtual Private Network (VPN)
An encrypted path through an untrusted network. Because it is encrypted, others cannot read it. It is as if the transmission was traveling over its own private network. Client encrypts with Key Client-Server and Key VC-ET. Sends doubly-encrypted frame to Evil Twin but he can only decrypt Key VC-ET so confidentiality is maintained.
Rogue Access Point
An unauthorized AP set up within a firm by an employee or department. Employee may not have malicious intent. Used by drive-by hackers.
one-to-one
Bluetooth uses ________ operation
Pre-Shared Key (PSK) Mode
Created for homes, businesses with a single AP. No use of authentication server. Authentication based on knowledge of pre-shared key. Strong but has three flaws: - Unauthorized disclosure of the PSK - PSK changes after employee leaves are laborious (if you remember) - Weak PSKs are easy to crack or guess Dubbed Personal Mode
Initial Authentication
Distinct from ongoing message-by-message authentication. The wireless client is the supplicant. It must prove its identity to the AP before the AP will allow the client to connect.
documents could be printed without downloading drivers
If Wi-Fi supported the basic printing profile, ________.
802.1X
If a firm has many access points, it should use ________ initial authentication mode in 802.11i.
wireless access point
In 802.1x initial authentication mode, the authenticator is the ________.
FHSS and AFH
Since Bluetooth operates in the 2.4GHz frequency range, as does 802.11g/n, how does Bluetooth ensure there is no interference?
both after the initial provisional placement of access points and periodically afterwards
Site surveys should be done ________.
Adaptive Frequency Hopping (AFH)
When a Bluetooth device uses AFH it scans the radio frequencies before transmitting to detect and avoid used channels by hopping to an unused channel.
both Unauthorized sharing of the pre-shared key and A weak passphrase may be selected
Which of the following is a risk in 802.11i PSK mode?
Evil Twin Access Point
Which of the following is usually set up by a hacker OUTSIDE the building?
never
Wi-Fi direct ________ uses access points.
802.11i
________ secures the connection b/w a wireless host and WAP via the use of authentication and encryption.
