Chapter 5

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Antenna

All wireless devices (e.g., wireless clients and APs) require an antenna. Sometimes the antenna is encased inside the device, or it is attached to the outside. In many cases, it is possible to attach more powerful antennae, which can allow the wireless network client to reside farther away than originally intended by the manufacturer.

802.11i

Also known as WPA2, this standard specifies wireless security enhancements that supersede WiFi Protected Access (WPA).

Wireless access point (AP)

Also known as a base station or a hotspot. The wireless counterpart to a standard Ethernet hub or switch. Provides centralized access to multiple wireless clients. A wireless AP can then be connected to a standard (wired) Ethernet hub, switch, bridge or router.

XMLHttpRequest

An application programming interface (API) that is used to transfer XML and other text data between a Web server and a browser.

VLAN hopping

An attack in which a hacker intercepts packets as they are sent from one VLAN to another on a trunk.

Blog

An online journal created by an individual or an organization that can cover a wide range of topics.

IEEE 802.1x

Authenticates users who want to access 802.11x wireless networks; allows you to connect a wireless access point to a centralized server so that all hosts are properly authenticated

Open System Authentication (OSA)

Authentication occurs in cleartext.

How do internal employees and other trusted users pose a security threat?

By circumventing their company's security policies.

A sphere of influence is also known as a(n)

wireless cell

RADIUS

Centralizes remote user access; mostly meant for dial-up access; uses UDP as its transport protocol, and listens on UDP Port 1812

Unauthorized APs and wireless systems

Conduct regular site surveys to ensure that only authorized networks are in use.

War driving

Conducts site surveys, and uses the latest stable encryption and authentication mechanisms. Also disables beaconing from the wireless AP.

MAC address filtering

Configures a wireless access point so that it allows only certain system MAC addresses to communicate with the rest of the network

Access control

Enables MAC address filtering.

Cleartext transmission

Enables encryption solutions such as Secure Sockets Layer (SSL) or WiFi Protected Access (WPA).

Wired Equivalent Privacy (WEP)

Encrypts all data packets sent between all wireless clients and the wireless access point using a four-step handshake when authenticating a client; however, the request and challenge are both unencrypted

Possible end-user and IT training

If your situation requires extensive wireless authentication and mechanisms, you may need to train both IT workers and end users.

The main problem with "blank" is that it is possible to spoof MAC addresses using commonly available software

MAC address filtering

802.11n

Most current standard that enables high-bandwidth applications to coexist with wireless.

The types of authentication for wireless networks include

Open system (OSA) Shared key authentication (ska)

802.11b

Operates at 11 Mbps (but will fall back to 5.5, then 2, then 1 if signal quality becomes an issue) in the 2.4 GHz band. Uses DSSS only. It is subject to interference from microwave ovens, cordless phones, and Bluetooth devices. Uses weak encryption and authentication, but is inexpensive and easy to install.

802.11g

Operates at speeds of up to 54 Mbps in the 2.4 GHz band. Backward-compatible with 802.11b. Will work with an 802.11b access point, and with an 802.11b network card but only at speeds up to 11 Mbps. The 802.11g standard uses OFDM or DSSS.

802.11a

Operates at up to 54 Mbps in the 5 GHz band. This standard uses OFDM for transmitting data. This standard also offers stronger encryption and more authentication features than 802.11b, and includes forward error correction (FEC) to guard against data loss.

Corporate users participating in ad-hoc networks

Periodically check the settings on users' WLAN cards, or lock user profiles to prevent access to these settings.

802.11e

Provides Quality of Service (QoS) standards for wireless networks, enabling them to carry delay-sensitive packets, such as those for Voice over Wireless LAN (VoWLAN) and streaming media.

WiFi Protected Access (WPA/WPA2)

Secures WiFi networks; the current version is now part of the 802.11i standard, which makes use of the Advanced Encryption Standard (AES) block cipher

Wifi

Short for Wireless Fidelity. A generic term referring to any type of 802.11 high-speed wireless network.

Configuration software

Software necessary to configure both the client and the AP. Provided by the manufacturer. Wireless equipment belonging to the same standard is interoperable between manufacturers, unless the manufacturer has added a non-standard feature (usually a form of encryption). Even non-standard equipment will support universal features.

802.11h

Solves problems with wireless networks operating in the 5 GHz band by decreasing interference with satellites and radar, thus making them acceptable in European countries and in several other countries.

Shared Key Authentication (SKA

Wired Equivalent Privacy (WEP) is employed. Both the wireless AP and the wireless client share the key.

Sources of interference

Wireless networks can fail due to excessive interference from sources that generate electromagnetic interference (EMI) and radio frequency interference (RFI). EMI can be generated by motors and manufacturing equipment. RFI can be caused by radios, cordless phones and imaging devices used in hospitals (e.g., MRI devices).

Location for wireless hardware installation

You must identify secure locations to reduce the possibility of tampering.

RAID

a category of disk drive that employs two or more drives and allows you to store data redundantly

broadcast domain

a group of systems that communicate directly with each other without the aid of a router. If one system can send a packet to the Layer 2 addresses of all systems, then they all exist in the same broadcast domain.

Firewall

a security that controls the flow of information between the internet and private networks A firewall prevents outsiders from accessing an enterprise's internal network, which accesses the Internet indirectly through a proxy server.

Payload optimization (also known as packet aggregation)

a technique that enables more data to be included in each transmitted packet.

Authentication based on Extensible Authentication Protocol (EAP)

allows authentication over PPP links and wireless connections. It is capable of allowing authentication via a RADIUS server, a challenge/response authentication scheme, one-time passwords, and digital certificates. EAP is built on a public-key encryption system to ensure that only authorized users can access a network.

xmlhttprequest

an application programming interface that is used to transfer XML and other text data between a Web server and browser.

vlan hopping

an attack in which a hacker intercepts packets as they are sent from one vlan to another on a trunk.

Improved encryption through Temporal Key Integrity Protocol (TKIP)

an encryption scheme that scrambles keys using a hashing algorithm and ensures the integrity of those keys through an integrity-checking feature.

data is considered "blank" when it is not being read or updated

at rest

Creating corporate security policies "blank" prevent trusted users from inadvertently causing security breaches.

does not

two or more "blank" operating on the same LAN will usually conflict and affect the LAN's operability

firewalls

What is the term given to the practice of categorizing online content through tags?

folksonomy

Which of the following is an example of an Ajax-driven Web application?

google maps

Direct Sequence Spread Spectrum (DSSS)

hopping from one frequency to another, a signal is spread over the entire band at once through the use of a spreading function.

Infrastructure

in which systems connect via a centralized access point, called a wireless access point (AP).

Ad-hoc

in which systems use only their NICs to connect with each other.

Which of the following is an example of a greynet application?

instant messaging

Frequency Hopping Spread Spectrum (FHSS)

involves changing the frequency of a transmission at regular intervals. That is, signals move from frequency to frequency, and each frequency change is called a hop.

virtual local are network (vlan)

logical subgroup within a local area network created with software instead of hardware.

Greynet

network-based applications that a corporate network user downloads and installs without the permission or knowledge of the IT department.

Which type of Web site contains malicious content that is designed to harm a user's computer?

poisoned Web site

Basic Service Set Identifier (BSSID)

provided by a wireless AP and has one function: to differentiate one wireless cell from another

Wireless AP beacon

sends a special Ethernet frame called a beacon management frame. This beacon informs clients about the AP's availability.

Orthogonal Frequency Division Multiplexing (OFDM)

splits a radio signal into smaller sub-signals that are transmitted simultaneously on different frequencies.

system snooping

the action of a hacker who enters a computer network and begins mapping the contents of the system.

drive-by download

the automatic download of malicious content without the user's knowledge or consent.

Voice over IP (VoIP)

the use of internet protocol data networks to convey voice normally carried by telephone networks.

802.11a, 802.11b, and 802.11g networks use "blank" types of wireless modes.

two

Channel bonding

two separate non-overlapping channels can be used at the same time to transmit data. This technique also increases the amount of data that can be transmitted.

War driving is a form of "blank" site surveying

unauthorized

Multiple Input, Multiple Output (MIMO)

uses multiple antennae to direct signals from one place to another. Instead of sending and receiving a single stream of data, MIMO can simultaneously transmit three streams of data and receive two

spread specturm

various methods for radio transmission in which frequencies or signal paterns are continuously changed.

poisoned Web sites.

A Web site that contains malicious content designed to harm your computer.

Raid

A category of disk drive that employs two or more drives and allows you to store data redundantly.

Web 2.0

A concept referring to the changing trends in the use of WWW technology and Web design that have led to the development of information-sharing and collaboration capabilities.

Wiki

A page or collection of web pages that can be viewed and modified by anybody with a web browser and access to the internet.

Ajax

A programming methodology that uses a number of existing technologies together and enables Web applications to make incremental updates to the user interface without the need to reload the browser page.

end point

A system that uses a wireless NIC.

Service Set Identifier (SSID)

A unique identifier for a wireless cell that controls access to the cell. Often, a SSID is a simple text string entered into an AP. SSIDs are case-sensitive. They can also be encrypted.

RSS

A web feed format for delivering web content that is updated frequently; allows you to view headlines and updates from your favorite websites without the need to open your web browser or visit any websites.

Podcast

A web feed format for downloading audio or digital-media files that can be syndicated, subscribed to, and downloaded automatically as new content is added.

Wireless Transport Layer Security (WTLS)

The Wireless Application Protocol (WAP) encryption standard that uses certificates to encrypt wireless packets.

port agility

The ability to dynamically send and receive traffic across any open network port.

drive-by downloads

The automatic download of malicious content without the user's knowledge or consent.

the correct order of the WEP four-step handshake when authenticating a client

The client requests authentication. This request is sent unencrypted. The AP issues a challenge to the client. The challenge is sent unencrypted. The client sends an encrypted response to the challenge. The AP sends an encrypted authentication response.

802.11

The original specifications for wireless networking. Initially provided for data rates of 1 Mbps or 2 Mbps in the 2.4 GHz band using either FHSS or DSSS.

Folksonomy

The practice of categorizing online content through tags, which allows non-technical users to collectively classify and find information.

Voice over IP (VoIP) devices

The use of Internet Protocol (IP) data networks to convey voice normally carried by telephone networks.

Wireless NIC

This device is installed on a PC to make it a wireless client. It can be attached in any number of ways, including PCI card, USB or Personal Computer Memory Card International Association (PCMCIA).

The states of wireless host association

Unauthenticateand unassociated Authenticated and unassociated Authenticated and associated

Encryption and network traffic

Use additional APs or move from a wireless solution to a faster wired solution (e.g., Fast Ethernet).

Weak and/or flawed encryption

Use additional encryption and authentication methods.

Determination of authentication, encryption and access-control means

Various encryption options are available. If you choose EAP as an authentication mechanism, you must then choose the authentication protocol.

spread spectrum

Various methods for radio transmission in which frequencies or signal patterns are continuously changed.

WTLS is used for "blank" while "blank" is used to encrypt transmissions in wireless Ethernet networks that use wireless access points.

WAP WEP

wireless transport layer security

WAP encryption standard that uses certificates to encrypt wireless packets.

Beacon

When a wireless AP is ready to accept connections, it sends a special Ethernet frame called a beacon management frame to inform clients of its availability.


Set pelajaran terkait

Exam 2: Profit and Perfect Competition

View Set

Tort Ch. 12 Special Tort Actions

View Set

Muscles of the Arm and Forearm: Origin, Insertion, and Action

View Set

EOSC 118: Lesson 7 - Minerals: Parent Gem Minerals

View Set

Vista previa- Realidades 3-Vocabulario en contexto-Pp. 68-71

View Set