Unit 2 Technology Terminology
Security Information and Event Management (SIEM)
A SIEM system is designed to collect and collate all security related information and events that occur on a network. This provides network and security personnel with a high-level overview of the state of their network. SIEM systems can employ rules to define what happens after a particular event, including what actions to take. They can also establish a threshold, preventing false positives or log pollution.
AES
Originally developed by the U.S. government, The Advanced Encryption Standard (AES) is a block encryption cipher. This means that data is encrypted in chunks rather than bit-by-bit (as in a stream cipher like RC4). AES comes in three "flavors", 128 192 and 256, based on the number of bits each uses to encrypt data.
RC4
Introduced in 1987, the RC4 encryption algorithm is designed to secure communications ins a wide range of applications, including VPNs, web browsers, and wireless internet access. Still widely used in 2016, RC4 is on the cusp of being replaced due to its age and vulnerability to attack.
Captive Portal
A captive portal is an authentication mechanism that sits between a user and a wireless access point. Typically seen where it is impractical to use an access credential (WiFi password), captive portals provide additional means of authentication. This can include Active Directory or LDAP. Captive portals are also used when users are charged for WiFi access. The user inputs their payment method and is then granted access to the network.
CCMP
Counter Mode with Cipher Block Chain Messaging (CCMP) is an encryption protocol based on AES, which was originally developed by the U.S. government. CCMP uses a 128-bit key and provides for better confidentiality, authentication, and access control than its predecessors. Because of it's long keys and built-in counter (for integrity checks), it requires significantly more processing horsepower to utilize than previous encryption standards.
Robust Secure Network (RSN)
RSN is a protocol designed to enhance security on an 802.11 network. RSN, in a nutshell, allows clients and WAPs to share information about what authentication and encryption protocols they support, and communicate using the most secure method. Here is an outline of the steps involved in establishing an RSN session: 1. The wireless NIC sends a Probe Request. 2. The wireless access point sends a Probe Response with an RSN Information Exchange (IE) frame. 3. The wireless NIC requests authentication via one of the approved methods. 4. The wireless access point provides authentication for the wireless NIC. 5. The wireless NIC sends an Association Request with an RSN Information Exchange (IE) frame. 6. The wireless access point send an Association Response.
TKIP
Temporal Key Integrity Protocol (TKIP) is the successor to WEP. TKIP provides the encryption for WPA (Wi-Fi Protected Access) and was introduced as a part of the 802.11i standard. TKIP used the RC4 stream encryption algorithm, and has the ability to encrypt each packet with a unique key.
WiFi Protected Setup (WPS)
WPS is a security standard designed to make wireless security easier for home users with little networking knowledge. There are two primary methods: the PIN method and the push button method. In the PIN method, the WAP comes preconfigured with a PIN that users use to connect to it. This has been proven to be fairly insecure and can be reverse engineered in as little as a few hours. The push button method involves pushing a button on the WAP (can be a real button or a button on the web-GUI) and allowing a device or devices in range to connect. This could potentially allow unauthorized connections, but minimizes the likelihood by keeping the window small, or allowing only one device to connect per push.
WEP
A wireless security standard originally specified as a part of the 802.11b protocol, Wired Equivalent Privacy (WEP) provides authentication and encryption. Because of its age, WEP is fairly insecure, and leaves users susceptible to a host of WEP-specific wireless attacks.
802.11x/EAP
Extensible Authentication Protocol (EAP) is a protocol that enables authentication and key management. Although not exclusive to wireless networks, this is where it sees the most use. There are three major components, a supplicant (client), an authenticator (access point), and an authentication server (RADIUS/AAA). Advances in the security of wireless authentication (WEP, TKIP, RC4, WPA/WPA2) are tied directly to the advancement of EAP protocols.
Hotspots
Hotspots are a wireless technology designed to provide anonymous internet access. Typically seen in public locations like coffee shops, hotspots are typically seen as a security nightmare because of their anonymity. Hotspot can also refer to a consumer technology that enables a user to share a mobile data connection with traditional non-mobile (3G, 4G, etc.) devices.
WPA2
WPA2 made a massive leap forward in terms of security when it replaced TKIP encryption with AES (Advanced Encryption Standard). AES uses keys with stronger encryption, making them more difficult to reverse engineer.
WPA
Wi-Fi Protected Access (WPA) is WPA's successor in terms of wireless authentication and encryption. It utilized TKIP for encryption and EAP for authentication. Although significantly more secure than is predecessor (WEP), WPA has become obsolete in recent years as more sophisticated decryption techniques become available.
Wireless Intrusion Detection System (WIDS)
A WIDS is a hardware device designed to detect and prevent unauthorized access to a wireless network. They do so through a variety of means, including: 1. scanning for and quarantining rogue access points 2. scanning for devices designed to attack wireless networks, including WiFi Pineapples and others used to promote de-authentication and man-in-the-middle attacks Recent advances in WIDS technology allow for the use of "fingerprints" or unique characteristics of a devices radio signature that are difficult or impossible to duplicate. This makes identifying rogue devices much easier.