Network Security TPD 13 Securing Wireless Networks
pairwise keys
Any keys used between a pair of devices in TKIP. See also Temporal Key Integrity Protocol (TKIP).
active attacks
Attacks that use active scanning (sending out probe request frames on each available channel) in an attempt to gather information for subsequent attacks.
Extensible Authentication Protocol (EAP)
A group of extensible management protocols used in IEEE 802.1x. EAP includes a method of secure key exchange, and wireless stations use it to request port access.
Message Integrity Check (MIC)
A mathematical function used in WPA that replaces the Cyclic Redundancy Check (CRC), it's designed to detect tampering in packets. See also Wi-Fi Protected Access (WPA).
IEEE 802.1x
A standard developed to provide a means of port-based access control on Ethernet LANs, it has been revised for wireless networks to incorporate authentication and key management.
Wi-Fi Protected Access (WPA)
A subset of the 802.11i standard that addresses encryption and authentication, it uses IEEE 802.1x or preshared keys for authentication and TKIP for encryption. See also IEEE 802.1x and Temporal Key Integrity Protocol (TKIP).
Advanced Encryption Standard (AES)
A symmetric block cipher used for encryption in IEEE 802.11i.
association
A two-step process of being accepted into a wireless network. First, a station listens for beacon frames to locate a network to join, and then it goes through the authentication process. Second, the station sends an association request frame, if it's accepted, it receives an association ID and connection information. A station can be associated with only one network at a time and must be authenticated before being associated.
data frames
A type of MAC frame that contains the TCP/IP packet sent over a wireless network or between wireless devices. It carries data from higher-layer applications, such as printer control data or Web pages.
management frames
A type of MAC frame used to establish and maintain communications between wireless devices or between a wireless device and an access point.
control frames
A type of MAC frame used to help deliver data frames between stations and control access to the medium.
clear to send (CTS)
A type of control frame sent in response to a request to send (RTS) frame, it gives the sender clearance to begin transmitting packets.
acknowledgement (ACK)
A type of control frame that a receiving station sends when a packet has been received successfully with no errors.
power-save poll (PS-Poll)
A type of control frame that a station sends on awakening from power save mode, it indicates to the access point that it's ready to receive any frames the AP has buffered for it.
request to send (RTS)
A type of control frame that a station sends when it wants to transmit. The RTS frame sender requests that the medium be reserved long enough for the transmission to be completed and an acknowledgement control frame to be received from the destination.
radio frequency (RF) monitor mode
A wireless NIC mode (equivalent to promiscuous mode in wired NICs) that allows a WNIC to capture packets without authenticating or associating with an AP or ad hoc (peer to peer) wireless network.
IEEE 802.11i
A wireless security standard intended to replace the IEEE 802.11 WEP-based standard. It uses 802.1x authentication and AES for encryption. See also Advanced Encryption Standard (AES).
default key
A wireless station or AP's key for encrypting messages for transmission. The default key doesn't have to be the same on every station, but the same key must be used for both encryption and decryption.
shared key authentication
An 802.11 authentication method that uses a standard challenge-response process with shared key encryption. It relies on a wireless station having the correct key to encrypt the AP's challenge text as the criteria for acceptance. Its security drawback is that it uses WEP, which is easily cracked, for encrypting the shared key.
passive attack
An attack that uses passive scanning to gather information for later use in other attacks, also called network reconnaissance.
Temporal Key Integrity Protocol (TKIP)
An encryption method devised as a replacement for WEP in WPA.TKIP is based on the same RC4 mechanisms used in WEP but includes a method for generating new keys for each packet. It also incorporates automatic AP-client synchronization of unicast encryption keys, so keys don't have to be changed manually, as in WEP.
site survey
An in-depth examination of a proposed wireless network site designed to determine AP placement and identify stray signals, noise, and obstacles.
wardriving
Driving around with a laptop and WNIC in RF monitor mode to detect unsecured wireless signals.
initialization vector (IV)
In WEP's shared key encryption, a 24-bit value added to the beginning of a key to initialize the key stream generated by the RC4 algorithm.
pairwise master key (PMK)
The TKIP key used to generate data encryption keys, data integrity keys, and session group keys, among others. This key is used only once at the start of a session.
Wi-Fi Protected Access version 2 (WPA2)
The encryption and authentication architecture based on the final ratified IEEE 802.11i standard.WPA2 uses preshared keys or IEEE 802.1x for authentication and AES for encryption. See also Advanced Encryption Standard (AES) and IEEE 802.1x.
pairwise transient key (PTK)
The first TKIP key generated by the pairwise master key (PMK) and used for further key generation, according to the cryptographic algorithm in use.
IEEE 802.11 authentication
The process by which an AP accepts or rejects a wireless device's connection attempt.
passive scanning
The process of a wireless station listening on each available channel for an AP's beacon frame, and then moving on to the next channel without sending anything.
active scanning
The process of a wireless station sending out a probe request frame on each available channel and waiting for a probe response frame from available APs.
penetration testing
The process of using a variety of tools and techniques to attempt to break into a network. Penetration testing, also called ethical hacking, is used legitimately as part of security audits to identify security vulnerabilities that attackers could exploit.
open system authentication
This 802.11 authentication method relies on a station having an SSID that matches the network it's attempting to join as the only criteria for acceptance. Its security drawback is that SSIDs are transmitted in cleartext in management frames.
rogue devices
Wireless devices installed on a network without authorization or verification of configurations.