Chapter 10 CIT 345
Extensible Authentication Protocol ( EAP)
A framework for transporting the authentication protocols in an IEEE 802.1X network.
Wi- Fi Protected Setup ( WPS)
An optional means of configuring security on wireless local area networks designed to help users who have little or no knowledge of security.
rounds
An iteration used in AES encryption.
authentication request
A data packet in an IEEE 802.1X network that contains the specific AP that is sending the authentication request and the user name and password.
authenticator
A device in an IEEE 802.1X network that accepts or rejects a supplicant.
supplicant
A device in an IEEE 802.1X network that makes an appeal for access.
VPN concentrator
A device that aggregates VPN connections.
temporal key
A 128- bit encryption key used in TKIP.
integrated sensor ( also AP sensor or embedded sensor)
A WIDS/ WIPS sensor that uses existing APs to monitor the RF.
overlay sensor
A WIDS/ WIPS sensor that uses separate dedicated sensors for scanning the RF for attacks.
anomaly- based monitoring
A method for auditing usage by detecting statistical anomalies.
signature- based monitoring
A method for auditing usage by examining network traffic, activity, transactions, or behavior to compare against well- known patterns.
heuristic monitoring
A method for auditing usage by using an algorithm to determine if a threat exists.
behavior- based monitoring
A method for auditing usage by using the normal processes and actions as the standard.
Secure Sockets Layer ( SSL)
A protocol developed by Netscape for securely transmitting documents over the Internet.
Transport Layer Security ( TLS)
A protocol that guarantees privacy and data integrity
preshared key ( PSK)
A secret value that is manually entered on both the AP and each wireless device.
intrusion system
A security management system that compiles information from a computer network or individual computer and then analyzes it to identify security vulnerabilities and attacks.
wireless intrusion detection system ( WIDS)
A security management system that constantly monitors the RF for attacks and sounds an alert if one is detected.
wireless intrusion prevention system ( WIPS)
A security management system that monitors network traffic to immediately react to block a malicious attack.
Hypertext Transport Protocol over Secure Sockets Layer ( HTTPS)
A security protocol that uses HTTP sent over SSL/ TLS.
IEEE 802.1X
A standard originally developed for wired networks that blocks all traffic on a port- by- port basis until the client is authenticated.
Per- User Preshared Keys ( PPSK)
A technology that combines many of the advantages of 802.1X with the ease of use of PSK.
virtual private network ( VPN)
A technology that uses an unsecured public network as if it were a secure private network.
WPA Personal
A temporary security solution designed for individuals or small office/ home office settings.
Wi- Fi Protected Access ( WPA)
A temporary security solution developed by the Wi- Fi Alliance in 2003.
WPA Enterprise
A temporary security solution intended for large enterprises, schools, and government agencies.
dictionary attack
An attack that compares encrypted versions of common dictionary words against data captured through wireless transmissions.
Kerberos
An authentication system developed by the Massachusetts Institute of Technology ( MIT) and used to verify the identity of networked users.
Secure Shell ( SSH)
An encrypted alternative to the Telnet protocol that is used to access remote computers.
block cipher
An encryption cipher that manipulates an entire block of plaintext at one time.
stream cipher
An encryption cipher that takes one character and replaces it with another character.
WEP2 ( WEP Version 2)
An enhancement to WEP that attempted to overcome WEP's limitations by adding a longer key value and a different authentication system.
dynamic WEP
An enhancement to WEP that uses rotating keys.
per- packet key
Dynamically generating a new key for each packet to preventing collisions.
unicast
Network traffic destined for only one address.
broadcast
Network traffic sent to all users on the network.
Message Integrity Check ( MIC)
Part of the WPA standard designed to prevent an attacker from conducting active or passive man- in- the- middle attacks.
Temporal Key Integrity Protocol ( TKIP)
Part of the WPA standard that adds an additional layer of security while still preserving WEP's basic functionality.
Role- Based Access Control ( RBAC)
Providing access based on a user's job function within an organization.
Wi- Fi Protected Access 2 ( WPA2)
The Wi- Fi Alliance's security standard based on IEEE 802.11i.
Advanced Encryption Standard ( AES)
The block cipher used in IEEE 802.11i/ WPA2.
WPA2 Personal
The current Wi- Fi Alliance standard designed for individuals or small office/ home offices.
WPA2 Enterprise
The current Wi- Fi Alliance standard designed for large enterprises, schools, and government agencies.
Secure Shell 2 ( SSH2)
The current version of the Secure Shell ( SSH) protocol.
IEEE 802.11i ( also known as robust security network ( RSN))
The current wireless security standard ratified by the IEEE in 2004.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol ( CCMP)
The encryption protocol used for 802.11i/ WPA2.
Remote Authentication Dial In User Service ( RADIUS)
The industry standard with widespread support suitable for high- volume service control applications.
Real- Time Location Services ( RTLS)
Using wireless technologies for asset tracking of wireless equipment.
8. Another name for the robust security network ( RSN) is .
a. IEEE 802.11i
9. Which of the following is false about the Advanced Encryption Standard ( AES)?
a. It is a stream cipher.
Which of the following replaces the Cyclic Redundancy Check ( CRC) function in WEP in WPA?
a. Message Integrity Check ( MIC)
Which of the following is not an Extensible Authentication Protocol ( EAP) used in IEEE 802.1X?
a. SSL/ TLS
5. functions as a " wrapper" around WEP by adding an additional layer of security but still preserving WEP's basic functionality in WPA.
a. TKIP
4. Which of the following is a temporary security model for a small office/ home office?
a. WPA Personal
_____________ is an optional means of configuring security designed to help users who have little or no knowledge of security to quickly and easily implement it on their WLANs.
a. Wi- Fi Protected Setup ( WPS)
16. Each of the following is a label used to tag an AP by a sensor except:
a. detected AP.
15. Which of the following WIDS sensors uses existing APs to monitor the RF?
a. integrated sensors
Dynamic WEP uses rotating _____________.
a. keys
7. Which of the following is not a weakness of preshared key ( PSK)?
b. Keys are entered automatically but cannot be verified.
11. In a RADIUS authentication with a wireless device in an IEEE 802.1X network, the AP serves as the .
b. authenticator
Authentication for the IEEE 802.11i/ WPA2 Enterprise model is achieved by using .
b. preshared key ( PSK)
17. Which of the following is false regarding a virtual private network ( VPN)?
c. VPN requires the use of special hardware for the client.
13. Which of the following security models has the lowest level of security?
c. WPA Personal
18. Each of the following can be used as a secure device management technology except:
d. File Transfer Protocol ( FTP).
2. Which of the following was a security enhancement introduced by WEP2?
d. Kerberos
1. Each of the following is a weakness of WEP except:
d. cannot function in WIDS.
Each of the following is a type of wireless probe that can be used to detect a rogue AP except:
d. remote probe.
Which IDS monitoring technique compares network traffic, activity, and transactions against those of known attacks?
d. signature- based monitoring