11.5 Wireless Networking
Channel bonding
Channel bonding combines two, non-overlapping 20 MHz channels into a single 40 MHz channel. This results in slightly more than double the bandwidth. The 5 GHz range has a total of 23 channels, with 12 non-overlapping. This allows for a maximum of six non-overlapping bonded (combined) channels. The 2.4 GHz range has a total of 11 channels, with three non-overlapping. This allows for a maximum of one non-overlapping bonded channel. For this reason, channel bonding is typically not practical for the 2.4 GHz range.
AES is typically combined with the _____ to enhance the security of the wireless network.
Counter Mode with Cipher Block Chaining Message Authentication (CCMP)
802.1x
Enterprise level networks need a high level of security. Many enterprise networks use the 802.1x protocol to authenticate users to the wireless network. 802.1x is a standard for local area networks created by The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA). This standard is often labeled IEEE 802.1x. On a wired network, user authentication activates the port the user is connected to. If the user activation fails, the port remains off. You implement the 802.1x protocol in a wireless network by enabling a virtual port when the user is authenticated. 802.1x implementations on wireless networks often use Remote Authentication Dial-In Service (RADIUS).
Wireless networks use specific radio frequency ranges that are regulated by the _____. The two most common frequencies used by wireless networks are the _ GHZ and _ GHz ranges.
Federal Communications Commission (FCC) 2.4 5
_____ provides only authentication, not authorization and accounting.
Kerberos
Drag each wireless networking technology on the left to its associated transmission distance limitation on the right. Each technology may be used more than once. Drag - Infrared - Bluetooth - Near Field Communcation Drop - Up to 100 meters for Class 1 devices. - Up to 2 meters with a few obstacles in between. - Up to 10 meters for Class 2 devices. - A few centimeters.
Up to 100 meters for Class 1 devices. - Bluetooth Up to 2 meters with a few obstacles in between. - Infrared Up to 10 meters for Class 2 devices. - Bluetooth A few centimeters. - Near Field Communcation
Port 1813
Used by RADIUS for accounting.
Port 1812
Used by RADIUS for authentication and authorization.
Port 49
Used by TACACS+ for all communications.
Wired Equivalent Privacy (WEP) wireless security standard
WEP uses the same session key for the entire session. This makes it extremely easy to crack, allowing an attacker to intercept all data.
WPA2
WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications. It was introduced in 2004 and is still heavily used in today's networks.
WPA2-Personal/PSK
WPA2-Personal - Also known as WPA2-PSK. This version uses a pre-shared key (passphrase) to protect the network. WPA2-PSK uses Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code (AES-CCMP) to encrypt all data. When a device connects to the access point, a 4-way handshake occurs to authenticate the device.
WPA3
WPA3 was introduced in 2018 to address the vulnerabilities inherent in the WPA2 handshake and to support newer technologies. Instead of using the pre-shared key, WPA3 implements the Simultaneous Authentication of Equals (SAE) standard.
Wi-Fi Protected Setup (WPS)
Wi-Fi Protected Setup works only on a network that uses a PSK and an appropriate encryption protocol, such as Wi-Fi Protected Access 2 (WPA2) or Wi-Fi Protected Access 3 (WPA3). WPS allows a device to securely connect to a wireless network without entering the PSK. To connect to a device: - You first press the button on the access point that initiates a search for devices in range. - The connecting device may have a WPS button that will automatically join it to the access point. - If there is no button, you enter (on the device) the eight-digit pin unique to the access point. Some devices and access points can also use NFC during the WPS process to connect to each other.
IEEE 802.11 standards
Wireless networks are all defined by the IEEE 802.11 standards. These standards specify ways to increase bandwidth and reduce interference when transferring data using radio waves. The standards are all labeled with the 802.11 designation and letters designate the updated standard.
Wireless networking (Wi-Fi)
Wireless networks send data through the air using radio waves. These radio waves are referred to as an unbounded medium because they are not encased in a sheath like a fiber optic cable or unshielded twisted pair (UTP) cables. This means that the wireless signal can reach areas that a wired network cannot.
Bluetooth is designed for longer distances than _____ and has lower power consumption.
infrared (IR)
Because _____ speeds decrease with distance, either the maximum _____ or the maximum _____ can be achieved, but not both.
transmission distance speed
These wireless frequency ranges are considered _____. This means that you [DO / DO NOT] need special permission to use them. It also means that other devices [CAN / CANNOT] also use these frequencies. If two devices using the same frequency are in the same area, the wireless signals will collide and the signals will be dropped. To remedy this situation, you can adjust the channel on the wireless network. Changing the wireless channel will slightly adjust the frequency to avoid conflicts. Each channel is approximately _ MHz wide. This means that many of the channels overlap slightly.
unlicensed DO NOT CAN 20
A customer is experiencing a sporadic interruption of their Wi-Fi network in one area of their building. A technician investigates and discovers signal interference caused by a microwave oven. The customer approves replacing the wireless access point that covers the area, but asks that the wireless speed also be increased. Which of the following Wi-Fi standards should the replacement device support to BEST fulfill the customer's needs? - 802.11ac - 802.11a - 802.11g - 802.11b
- 802.11ac The microwave oven interferes with wireless signals that operate at 2.4 GHz. The 802.11ac standard is the best choice. It operates at 5.0 GHz and has a maximum speed of 2.6 Gbps. Both the 802.11b and 802.1g standards operate at 2.4 GHz. The 802.11a standard operates at 5.0 GHz, but has a maximum speed of 54 Mbps.
You have been contacted by OsCorp to recommend a wireless internet solution. The wireless strategy must support a transmission range of 150 feet, use a frequency range of 2.4 GHz, and provide the highest possible transmission speeds. Which of the following wireless solutions should you recommend? - 802.11b - 802.11ac - 802.11a - 802.11g
- 802.11g Of the technologies listed, the IEEE 802.11g wireless standard best meets the desired requirements. It has a 2.4 GHz frequency range, a transmission range of up to 150 feet, and a maximum speed of 54 Mbps. The 802.11ac wireless standard uses the 5 GHz frequency range. The 802.11a wireless standard offers maximum speeds of 54 Mbps, but uses the 5 GHz frequency range. 802.11b uses the 2.4 GHz frequency range, but supports only 11 Mbps transfer speeds.
You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 150 Mbps. In addition, the client already has a wireless telephone system installed that operates 2.4 GHz. Which 802.11 standard works BEST in this situation? - 802.11n - 802.11a - 802.11b - 802.11g
- 802.11n 802.11n is the best choice for this client, as 802.11n supports both 5 GHz and 2.4 GHZ with a maximum transmission rate of 600 Mbps. 802.11b and 802.11g both operate in the 2.4 GHz to 2.4835 GHz range, which causes interference with the client's wireless phone system. 802.11a operates in the 5.725 GHz to 5.850 GHz frequency range, which doesn't interfere with the phone system. However, the maximum speed is limited to 54 Mbps.
You have recently purchased a toll pass for a bridge that you cross each day on your way to work. Which of the following wireless technologies is MOST likely being used for this pass? - Passive RFID - Bluetooth - Near Field Communication (NFC) - Active RFID
- Active RFID Active RFID tags have on-board batteries and can send signals over a long distance. Toll passes in vehicles use active RFID. Passive RFID tags are not powered and rely on the energy transferred by the scanner to transmit data. These tags are seen in ID badges, credit cards, and other similar devices. Near Field Communication (NFC) is a newer technology that is built on RFID. NFC requires devices to be within 2 inches of each other. Bluetooth is designed to allow devices to communicate within a personal area network (PAN) of close proximity. However, the devices must be paired, which would make a Bluetooth connection difficult to use as a toll pass for a bridge.
You need a type of wireless connection that can transfer data between your phone, PDA, and laptop. You are transferring sensitive information. Which of the following is the BEST choice for this wireless connection? - Cellular WAN - Wireless Ethernet - Bluetooth - Infrared
- Bluetooth A Bluetooth connection is the best choice because it automatically detects Bluetooth-enabled devices and creates a wireless PAN between them. Bluetooth can be used for both voice and data signals, and it also provides 128-bit encryption to protect sensitive information in transit. Infrared is a line-of-sight medium, so it may be difficult to maintain connectivity. Infrared also does not provide encryption. Cellular WAN provides very little security for information in transit and requires a cellular connection for each device. Wireless Ethernet is used to transfer data, not to connect devices.
Additional security measures you can implement on all wireless networks include:
- Change the default username and password for the wireless access point. - Disabling the SSID broadcast will help hide the network from the casual observer. A potential attacker can still easily discover the SSID, but disabling the SSID broadcast creates an extra step. - Enable MAC address filtering. This setting allows access only to devices with the specified MAC addresses. - Update the wireless access point firmware. As security threats become known, manufacturers often release fixes to address known issues to prevent attacks. - Enable and properly configure the firewall. The firewall will help in stopping an attacker from gaining access through open ports.
RFID systems are vulnerable to various kinds of attacks, including: To protect against these attacks, RFID chips often operate at different frequencies. This makes it more difficult for an attacker to find and scan them.
- Eavesdropping - On-path attack - Denial of service - Cloning and spoofing
IEEE 802.11b specs
- Frequency: 2.4 GHz - Maximum speed: 11 Mbps - Maximum distance: 150 ft - Channels (non-overlapped): 11 (3) - Backwards compatibility: none
IEEE 802.11g specs
- Frequency: 2.4 GHz - Maximum speed: 54 Mbps - Maximum distance: 150 ft - Channels (non-overlapped): 11 (3) - Backwards compatibility: 802.11b
IEEE 802.11n specs
- Frequency: 2.4, 5 GHz - Maximum speed: 600 Mbps - Maximum distance: 300 ft - Channels (non-overlapped): 2.4 Ghz- 11 (3 or 1) 5 GHz- 23 (12 or 6) - Backwards compatibility: 802.11a/b/g, depending on implementation
IEEE 802.11ax (Wi-Fi 6) specs
- Frequency: 5 GHz - Maximum speed: 14 Gbps - Maximum distance: 300 ft - Channels (non-overlapped): Depends on configuration - Backwards compatibility: 802.11b/g/n/ac
IEEE 802.11ac (Wi-Fi 5) specs
- Frequency: 5 GHz - Maximum speed: 3.46 Gbps - Maximum distance: 300 ft - Channels (non-overlapped): Depends on configuration - Backwards compatibility: 802.11b/g/n
IEEE 802.11a specs
- Frequency: 5 GHz - Maximum speed: 54 Mbps - Maximum distance: 100 ft - Channels (non-overlapped): 23 (12) - Backwards compatibility: n/a
Newer 802.11 standards have added new technologies in order to increase potential bandwidth and transmission distance like
- MIMO - MU-MIMO - Channel bonding
Eavesdropping
An attacker uses an RFID reader to listen to conversations between a tag and the intended reader.
A user pays for a retail purchase by placing a smartphone next to the merchant's reader. Which of the following wireless mobile device connections is this? - Bluetooth - NFC - MicroUSB - Lightning
- NFC Near Field Communication (NFC) enables two electronic devices, one of which is typically a mobile device such as a smartphone, to establish communication within 10 cm (3.9 in) of each other. A popular NFC application is mobile proximity payments. A microUSB connection connects two devices using a physical cable. A wireless Bluetooth connection has a range of approximately 10 m (32 ft), making it unsuitable for retail transactions. A lightning connection is used to connect an Apple mobile device to another device with a physical cable or by plugging the second device directly into the lightning connection. A credit card reader can be plugged into a lightning connection to make retail payments, but is not required in this scenario.
Which of the following wireless communication technologies can be described as follows? - It has a limited transmission range of less than two inches. - It is used with credit cards and passports. - It is slower than other wireless technologies. - It constantly emits a signal. - Bluetooth - Infrared in diffuse mode - IEEE 1394 - Infrared in line-of-sight mode - NFC
- NFC Near Field Communication, or NFC, uses the 13.56 MHz frequency and has a very short range. In order for devices to communicate, they have to be within two inches of each other. NFC chips are being used for applications such as passports and credit cards to contain all the information about the passport holder or the credit card account. NFC chips use encryption algorithms to secure the connection, but constantly emit a signal and use a much slower transmission speed than other wireless technologies.
Common authentication protocols
- RADIUS - TACACS+ - Kerberos
Wireless networks today use either the WPA2 or WPA3 security standards along with an appropriate encryption algorithm.
- TKIP - AES
Which of the following authentication methods allows you to securely connect a printer to the wireless network with the least amount of effort? - Captive Portal - Open Network - WPS - PSK
- WPS Wi-Fi Protected Setup (WPS) allows you to connect a device to the wireless network simply by pushing the button on the wireless access point. The connecting device then connects by using a WPS button or an 8-digit pin. WPS can only be used on a wireless network that is using a PSK and an appropriate encryption protocol. An open network is not secure and should not be used except in certain situations. A pre-shared key is the passphrase that is used to connect to the wireless network. This is a secure method, but would not require less effort than using WPS. Implementing a captive portal forces a user to view and interact with the portal before accessing a network. This method is not the most secure, nor does it require the least amount of effort to connect a device to the wireless network.
There are two types of RFID tags:
1) Active RFID tags have on-board batteries and can send signals over a long distance. Toll passes in vehicles use active RFID. 2) Passive RFID are not powered and rely on the energy transferred by the scanner to transmit data. ID badges, credit cards, and similar devices use these tags.
Devices using NFC operate in one of three modes:
1) Reader/writer mode is used to read information stored on an NFC chip. 2) Peer-to-Peer mode enables two devices to communicate and exchange information. 3) Card Emulation mode enables the device to function as a smart card to perform contactless payment or ticketing. This mode is typically used by smart phones.
There are three components in a wireless 802.1x setup:
1) Supplicant- The wireless client. 2) Authenticator- This device responsible for handling the communications between the supplicant and authentication server. 3) Authentication server- The server that contains the centralized database for user authentication.
There are two version of WPA2 available:
1) WPA2-Personal/PSK 2) WPA2-Enterprise
The range of a Bluetooth is determined by its class: - Class 1 devices can transmit up to _ meters. - Class 2 devices can transmit up to _ meters. - Class 3 devices transmit at a range less than _ meters.
100 10 10
Bluetooth uses a _-bit proprietary encryption mechanism to encrypt signals.
128
Bluetooth operates in the _ GHz range and uses adaptive frequency hopping (AFH).
2.4
_ GHz wireless signals are wider, but shorter. This means they can travel further, but transmit data at a slower rate.
2.4
The 2.4 GHz range has _ non-overlapping channels and the 5 GHz range has _ non-overlapping channels.
3 24
_ GHz wireless signals are thinner, but taller. This means they do not travel as far, but can transmit data at a faster rate.
5
RADIUS federation
A RADIUS federation is multiple RADIUS servers that communicate with each other after establishing a trust relationship. These servers may be on different networks and could span multiple organizations.
Dual band access point
A dual band access point can use one radio to transmit at one frequency, and a different radio to transmit at a different frequency.
Open network
An open network has no authentication. It allows anyone to connect to the network. This access method should be used only in public places that want to offer free wireless access.
Long-range wireless network
A long-range wireless network is typically setup to connect two buildings together on the same network. If the locations are only a short distance apart, you can install a high-end wireless access point with special antennas. These networks still use the unlicensed frequencies and appropriate 802.11 standard. If the network locations are spread across a longer distance, special equipment is needed. These long-range networks also need special permission to use a licensed frequency range such as 900 MHz or 3.65 GHz. Regardless of the range, some wireless access points allow the power to be increased. Increasing the power allows the access point to transmit a longer distance, but can lead to overheating and instability. Always follow FCC guidance and requirements if increasing the power as this can cause interference with other wireless devices in the area.
Authentication
A user must first be authenticated before connecting to the wireless network. Authentication is the process of proving the user's identity and proving that the user is allowed to be on the network.
Advanced Encryption Standard (AES)
AES is based on the Rijndael algorithm. AES keys can be either 128, 192, or 256 bits and encrypts data in 128-bit chunks. AES is considered one of the strongest encryption protocols and is used in more than just wireless networks.
Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code (AES-CCMP)
AES is the encryption algorithm. AES-CCMP uses a 128-bit key and a 128-bit block size.
Denial of service
An attacker blocks radio signals or jams the system with interfering noise.
Cloning and spoofing
An attacker creates a copy of an existing tag, then uses the fake tag to gain access to a secure system.
On-path attack
An attacker intercepts a signal from an RFID tag and manipulates the signal before sending it to the intended recipient. This kind of attack is frequently used to take down a system.
Bluetooth Low Energy (BLE)
BLE reduces the power consumption of Bluetooth devices.
Beamforming
Beamforming focuses the signal to a specific receiving device which results in a higher quality signal.
Object Exchange (OBEX)
Bluetooth devices use a protocol called Object Exchange (OBEX) to perform the pairing process and exchange data.
Bluetooth
Bluetooth is designed to allow devices to communicate within a personal area network (PAN) of close proximity. PAN devices include cell phones, personal digital assistants (PDAs), printers, mice, and keyboards. Bluetooth requires that devices are in discovery mode to find each and synchronize.
Adaptive frequency hopping (AFH)
By using AFH, Bluetooth can automatically detect other devices in the area and avoid the frequencies used by those devices. It can switch between 79 channels to avoid interference.
Kerberos
Kerberos was developed at MIT and is a key component of Windows Active Directory. Kerberos has three main components: 1) Client 2) Authentication server (typically the Active Directory server) 3) Trusted Key Distribution Center (KDC) When a user attempts to login to the network, the following process occurs: 1) The user's credentials are sent to the authentication server. 2) The authentication server validates the user's credentials, and sends back a session key and a ticket granting ticket. 3) The user sends the session key and ticket granting ticket to the KDC. The KDC sends back a ticket that authenticates the user for the session. Using tickets, Kerberos allows clients and servers to authenticate with each other seamlessly throughout the network.
Multiple-Input, Multiple-Output (MIMO)
MIMO increases bandwidth by using multiple antennas for both the transmitter and receiver. A system is described by the number of sending and receiving antennas. The 802.11n specifications allow up to four sending and four receiving antennas. MIMO relies on beamforming to deliver better speeds.
Multi-User MIMO (MU-MIMO)
MU-MIMO is an enhancement to MIMO that allows multiple users to use the same channel. In addition to adding MU-MIMO, 802.11ac doubled the number of MIMO radio streams from four to eight.
Captive portal
Many open networks implement a captive portal. After a device connects to the wireless network but before it can access the internet, the user is redirected to a captive portal page. The user might be prompted to agree to the terms and conditions of using the network or even asked to pay a fee before being granted internet access.
NFC
NFC is a newer technology that is built on RFID. NFC allows two-way communication between two devices that are within 2 inches of each other. NFC operates in the 13.56 MHz frequency. It has a maximum transmission speed of 424 Kbps. Special chips called NFC chips can send, receive, and store data. Data transmissions can be secured by using encryption algorithms.
Bluetooth 1.0
Operates at a range of 10 meters and speeds up to 1 Mbps.
Bluetooth 5.0
Operates at a range up to 240 meters and speeds up to 2 Mbps (48 Mbps when using High Speed mode). Bluetooth 5 improves the performance of BLE devices. It also introduced the dual audio feature which allows audio to play simultaneously on two connected devices.
Bluetooth 2.0
Operates at a range up to 30 meters and speeds up to 1 Mbps. A special mode called Enhanced Data Rate (EDR) enables transfer rates up to 3 Mbps.
Bluetooth 3.0
Operates at a range up to 30 meters and speeds up to 1 Mbps. A special mode known as High Speed (HS) allows the Bluetooth device to use a nearby 802.11 link to achieve speeds up to 24 Mbps.
Bluetooth 4.0
Operates at a range up to 60 meters and speeds up to 1 Mbps (24 Mbps when using High Speed mode). Version 4.0 introduced the Bluetooth Low Energy (BLE) standard.
A _____ is required for issuing certificates. At a minimum, the _____ server must have a server certificate. To support mutual authentication, each client must also have a certificate.
PKI RADIUS
Perfect forward secrecy
Perfect forward secrecy is a cryptography method that generates a new key for every transmission. This makes the handshake much more secure from hackers. If any portion of the handshake is intercepted, the key is still unable to be cracked.
AAA protocol
RADIUS and TACACS+ are both considered AAA protocols. AAA means the protocol provides: - Authentication: proves the user's identity. - Authorization: defines what the user can access. - Accounting: logs what the user accessed while on the network.
Remote Authentication Dial-In Service (RADIUS)
RADIUS was developed in 1991. It was originally used to authenticate users to the remote network over a dial-up network. RADIUS is known as a triple-A protocol. This means it provides authentication, authorization, and accounting management. A RADIUS server is required to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells and authenticate using the same account information. The wireless access point is a RADIUS client. The wireless access point forwards the wireless device's credentials to the RADIUS server for authentication. RADIUS sends a user's credentials over UDP and encrypts only the password. The username is sent in cleartext.
RFID
RFID uses radio waves to transmit data from small circuit boards called RFID tags to special scanners.
Simultaneous Authentication of Equals (SAE) standard.
SAE uses a 128-bit key and perfect forward secrecy to authenticate users.
Match each authentication protocol on the left with its unique characteristic on the right. (Each protocol may be used more than once). Drag - Remote Authentication Dial-In Service (RADIUS) - Terminal Access Controller Access-Control System (TACACS+) - Kerberos Drop - Sends a user's credentials over UDP - Sends a user's credentials over TCP - Is a key component of Windows Active Directory - Provides a trusted Key Distribution Center (KDC) - Only encrypts the password
Sends a user's credentials over UDP - Remote Authentication Dial-In Service (RADIUS) Sends a user's credentials over TCP - Terminal Access Controller Access-Control System (TACACS+) Is a key component of Windows Active Directory - Kerberos Provides a trusted Key Distribution Center (KDC) - Kerberos Only encrypts the password - Remote Authentication Dial-In Service (RADIUS)
Terminal Access Controller Access-Control System (TACACS+)
TACACS+ was developed by Cisco to address security concerns in RADIUS. - Is used only on Cisco devices. - Sends a user's credentials over TCP. - Encrypts all data packets including username and password.
Temporal Key Integrity Protocol (TKIP)
TKIP was used with the WPA and WPA2 wireless security standards. TKIP was developed to address the security flaws that were prevalent in the Wired Equivalent Privacy (WEP) wireless security standard. With TKIP, each packet has a unique encryption key. TKIP accomplishes this by mixing: - A base key. - The MAC address of the wireless access point. - A packet serial number. The serial number is changed for each packet which results in a new encryption key for each packet. The encryption key for each packet is 128-bits and is based on the Rivest Cipher 4 (RC4) encryption algorithm. TKIP is known to have vulnerabilities and is no longer considered secure and should not be used on modern wireless networks.
Pairing
The process of connecting two Bluetooth devices is called pairing. To connect two devices: 1) The client device is put in discoverable mode. This means that other nearby Bluetooth devices can see the device. 2) The server device sees the client device and sends a pairing request to begin the pairing process. 3) A security passkey is exchanged between the two devices to confirm the correct devices are being paired. The passkey can be pre-programmed or manually created depending on the devices being paired. 4) If the passkey matches, the two devices are paired. 5) Once paired, the devices remember each other and automatically connect in the future. The pairing process does not need to repeat.
4-way handshake
The process uses the pre-shared key and SSID to generate a session key during this process. The handshake does have some vulnerabilities that a hacker can use to intercept the data and perform offline password attacks against.
Pre-shared key (PSK)
This is probably the most commonly used access method. A pre-shared key is a passphrase a user enters to access the wireless network.
WPA2-Enterprise
This version uses a RADIUS server to authenticate users to the network.
