Ch 8 Security + 6th Edition End of Chapter Questions
*2. Which of these Bluetooth attacks involves accessing unauthorized information through a Bluetooth connection?*
*Bluesnarfing* *page 327* Bluesnarfing is an attack that accesses unauthorized info from a WIRELESS device TRHOUG A BLUETOOTH CONNECTION, often between cell phones and laptop computers. In a blue snarfing attack, the attacker copies emails, calendars, contact lists, cell phone pictures or videos by connecting the Bluetooth device w/o the owner's knowledge or permission. *To prevent blue snarfing, a mobile device like a smartphone should* --(1.) have BLUETOOTH TURNED OFF when not being used or -(2.) set to UNDISCOVERABLE, which keeps BLUETOOTH TURNED ON, yet cannot be detected by another device.
*16. A wireless LAN controller (WLC) was recently installed, and now Kelsey needs to purchase several new APs to be managed by it*. *Which type of AP should he purchase*?
*Controller AP* *pages 353-354* Although thin APs can be managed from a switch, a further improvement can be made by MANAGING from A device THAT IS dedicated FOR configuring APs. Instead of installing standalone APs like fat or thin APs, *controller APs can be managed through a dedicated wireless LAN controller (WLC)*. *The WLC is the single device than can be configured and then these settings are automatically distributed to all controller APS (A remote office WLAN CONTROLLER is used to MANAGE multiple WLCS at REMOTE SITES from a CENTERAL LOCATION.*) Page 336: *Several different wireless attacks can be directed at the enterprise, [among them] *rogue access points* (*Rogue AP*) *System Detection* USING: -*The Correct Type of AP* -*AP Configuration Settings* -and *Wireless Peripheral Protection**Wi-Fi Protected *Several methods can be used to DETECT and PROTECT AGAINST a Rogue AP* (*1.*): *Use of a Wireless Probe* (See notes on following entry which was derived from p.3520 (*2.*) (page 354 LAST NoteBox) *By choosing use of a virtual private network (VPN) to encrypt all transmissions when accessing a public WLAN (*3.*): *By choosing the BEST TYPE of AP to match the needs of the network*. -fat vs. thin (page 353) -controller vs. standalone, (pages 353-354) -captive portal APs (page 354) (*4.) (See notes concerning Question #7): Unless it can be verified that WPS supports these higher levels of security, it is recommended that WPS BE DISABLED THROUGH THE WIRELESS ROUTER'S CONFIGURATION SETTINGS.
*17. AES-CCMP is the encryption protocol standard used in _____*.
*WPA2* page 349 *Advanced Encryption Standard (AES)Counter Mode with Cipher Block Chaining Message Authentication Code Protocol* (*CCMP*) versus the Temporal Key Integrity Protocol (TKIP). *CCMP* uses a 64-bit MIC value, just like TKIP, but PROTECTS everything in the 802.11 Media Access Control (MAC) header (except for the duration field), *while the TKIP MIC protects only the source and destination addresses*
*4. Which of these technologies is NOT found in a wireless router?*
*access point* *page 335* Instead of using an enterprise-grade AP, another device is commonly used referred to as a "Residential WLAN Gateway". Most vendors choose to label a multi-purpose device as a *wireless router*. The features often include those of an AP, firewall, router, dynamic host configuration protocol (DHCP) server, along with other features.
What are the *Passphrases weaknesses*of WPA
A PSK is a passphrase (consisting of letters, digits, punctuation, etc.) that is between 8 and 63 characters in length. PSK passphrases of FEWER THAN 20 CHARACTERS CAN BE SUBJET TO ATTACKS TO CRACK the passphrase. If a user created a PAK passphrase of fewer characters that was a dictionary word, then a match may be found and the passphrase broken
*19. Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS*. *Which should she recommend*?
*EAP-Fast* page 341 above the Table: *A common EAP protocol is Protected EAP (PEAP)*. -PEAP is DESIGNED to SIMPLIFY the DEPLOYMENT of 802.1x Authentication by using Microsoft Windows logins and passwords. -PEAP is considered a more *flexible EAP scheme* BECAUSE IT *creates AN encrypted channel between the client and the authentication server, -and *the channel then protects the subsequent user authentication exchange*. -To create this channel, the PEAP client FIRST authenticates the PEAP authentication server using enhanced authentication* page 341 Table on "Common EAP protocols supported by WPA2 Enterprises* "There are several EAP protocols supported in WPA2 Enterprise; the most common are listed in this table" 1.) *EAP-TLS*: uses digital certificates for authentication 2.) *EAP-TTLS*: tunnels client password authentication w/in Transport Layer Security (TLS) records 3.) *EAP-FAST*: securely tunnels any credential form for authentication s.a. a password or a token using TLS
*9. Which of the following is NOT a wireless peripheral protection option?*
*Install a network sensor to detect an attack* page 356 Vulnerabilities in WIRELESS MICE and WIRELESS KEYBOARDS are not uncommon. One attack could let a threat actor *inject mouse movements* or *keystrokes* from a nearby antenna up to 100 yards away. This can occur even when the target device is designed to ENCRYPT and AUTHENTICATE its communications w/a paired computer. *Protections for wireless peripherals include* -*updating* any *vulnerable wireless mice or keyboards devices*, -or *replacing any *vulnerable wireless mice or keyboards devices*, -*switching to more fully tested Bluetooth mice and keyboards*, -or *substituting a wired mouse or keyboard instead of a wireless model*.
*5. Why is a rogue AP a security vulnerability?*
*It allows an attacker to bypass network security configurations.* Page 336: Several different wireless attacks can be directed at the enterprise, [among them rogue access points (Rogue AP)] *Example Scenario*: Lejla is the mgr. of a recently opened retail storefront [that adds] wireless access in the employee BREAK ROOM [so she can use Wi-Fi instead of using data from her cell-phone's limited data plan.] Unfortunately, Lejla also has provided open access to an attacker sitting in his car in the parking lot who PICKS up the wireless signal. This attacker CAN THEN CIRCUMVENT the security protections of the company's network. *Lejla has installed a rouge AP (rogue means someone or something that is deceitful or unreliable)* A rogue AP is *an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users TO ATTACKS. For example, although firewalls are typically used TO RESTRICT SPECIFIC ATTACKS FROM ENTERING A NETWORK, an attacker who can access the network through a rogue AP is BEHIND the firewall.
*18. Elijah was asked by a student intern to explain the Extensible Authentication Protocol (EAP)*. *What would be the best explanation of EAP*?
*It is a framework* for transporting authentication protocols page 351 *Def. of EAP*: EAP is a FRAMEWORK for transporting authentication protocols instead of the authentication protocol ITSELF. EAP essentially *defines the FORMAT of the messages* and *uses FOUR TYPES OF PACKETS: request, response, success* and *failure* *An EAP PACKET contains*: -a field that indicates the FUNCTION of the packet (s.a. "response" or "request") -and an *ID Field used to MATCH requests and responses*. -*Response and request packets also have a FIELD that* (a.) IDs the TYPE of DATA being transported (s.a. an authentication protocol) (b.) along w/ the DATA itself.
*13. What is the primary weakness of wired equivalent privacy (WEP)?*
*Its usage creates a detectable pattern*. *Page 342* *WEP has several security vulnerabilities.* (1.) *The shorter keys* (fewer # of characters in the key used in the algorithms which are used by WEP) *to ENCRYPT packets are easier to break than longer keys*. (2.) *WEP implementation violates the cardinal rule of cryptography: IT creates a DETECTABLE, predictable PATTERN* [due to the algorithm's formula's simplicity] must be avoided at all costs because this pattern provides an attacker w/valuable info to break the encryption.
*What are the five general categories this chapter focuses on concerning the different ways of attacking a wireless connection or attacking a WLAN*?
*My synopsis of this chapter* -*An INTERNAL USER can make a Rogue AP* of a network to affect the computers or other devices to infiltrate a network -*An EXTERNAL ATTACKER can set up a Evil Twin AP* -*A attacker can attack by intercepting transmissions with NFC or RDIF* -An attacker can make use of a Bluetooth opening if a laptop, tablet, or cellphone does not have its *Bluetooth setting TURNED OFF* when the bluetooth is NOT in use* -*An attacker can make use of a Bluetooth opening in public Wi-Fi *WHILE bluetooth is being used by a user in order to: set up a connection between wireless devices s.a. (a.) when the user is connecting to a public Wi-Fi with a cellphone or a laptop (b.) or when a user is attempting to use a cellphone's data plan for another device, s.a. a laptop, which does not have a data plan.
*1. Which technology is predominately used for contactless payment systems?*
*NFC* page 327 *Def.* of the term, *NFC*: page 327 *NFC* (*Near Field Communication*) *Attacks *NFC Standards is a set of WIRELESS standards used to establish communication between devices in very close proximity*. Once the devices are brought w/in 4 centimeters of each other or tapped together, two-way communication is established. Devices using NFC can be "ACTIVE" or "PASSIVE". A passive NFC device, s.a. an NFC ta, contains info that other devices can read but the tag does not read or receive an info. An active NFC can both transmit info and as well as transmit data. *Examples of NFC uses include* *Automobile*, *Office Procedures* s.a. Time Clocks for clocking into work or entering a security door, or *Retail Store Coupons* or customer reward cards can be provided by tapping the Point-of-Sale (POS) terminal' *Transportation* on a bus or train NFC can be used to quickly passthrough turnstiles and receive updated schedules by tapping the device on a kiosk. *but most importantly for Contactless payment systems* s.a. *Apple-Pay* in which users store payment card numbers in a "virtual wallet" on a smartphone to pay for purchases at an NFC-enabled PoS checkout cash register or credit card verification device
Which of the following is the most secure protocol to use when accessing a WIRELESS network?*
*WPA2* WPA2 addresses the two major security areas of WLANs, encryption and authentication. The primary difference between WPA2 and IEEE 2802.11i is that WPA2 allows: -*wireless clients using TKIP to operate in the same WLAN, whereas IEEE 302.11i DOES NOT PERMIT THEM TO DO SO.
*6. Which of these is NOT a risk when a home wireless router is not securely configured?*
*Only a small percentage of the total traffic can be encrypted.* *Page 341* *What can be attacked when a home wireless router is NOT securely configured:* -An attacker can steal DATA from ANY FOLDER with FILE SHARING ENABLED -User names, passwords, credit card numbers and other info sent over the WLAN can be CAPTURED by an attacker -Malware can be INJECTED INTO A COMPUTER CONNECTED to the WLAN -Download Harmful content s.a. child pornography to a computer and then turn that computer into a file server to distrute the content. When authorities have traced the files back to that computer, the unsuspecting owner has been arrested and his equipment confiscated.
*7. Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable?*
*PIN method* *page 343* Page 336: Several different wireless attacks can be directed at the enterprise, [among them] *rogue access points* (*Rogue AP*) *System Detection* USING: -*The Correct Type of AP* -*AP Configuration Settings* -and *Wireless Peripheral Protection**Wi-Fi Protected Page 343 on WPS: *Setup (WPS) is an optional means of CONFIGURING SECURITY on wireless local area networks*. Introduced by the the Wi-Fi Alliance in early 2007, WPS is designed to help users who have little or no knowledge of security to quickly and easily implement security on their WLANS. There are two common WPS methods: *PIN (Personal ID Number) printed on a sticker of the wireless router or displayed tHRough a software setup wizard. The user types the PIN into the wireless device (like a wireless tablet laptop, computer, or smartphone) and the security configuration automatically occurs. This is the mandatory model, and all devices certified for WPS MUST support it. The second method is the *Push-button method*: the user pushes a button (usually an actual button on the wireless router and a virtual one displayed through a SOFTWARE SETUP WIZARD on the wireless device) and the security configuration takes place. Support for this model is mandatory for wireless routers and optional for connecting devices. However, there are significant design and implementation flaws in WPS using the PIN method -There is NO LOCKOUT LIMIT for entering PINs, so an attacker can make an unlimited number of PIN attempts -The last PIN character is only a checksum -The wireless router reports the validity of the first and second halves of the PIN separately, so essentially an attacker must break only two short PIN values (a 4-character PIN and a 3-character PIN). Due to the PIN being broken down into two shorter values, only 11,000 different PINs must be attempted before determining the correct value. If the attacker's computer can generate 1.3 PIN attempts per second (or 46 attempts per minute), the attacker can crack the PIN in less than four hours and become connected to the WLAN. This effectively defeats security restrictions regarding allowing only authorized users to connect to the wireless network. Some wireless vendors ARRE IMPLEMENTING ADD'L SECURITY MEASURES FOR WPS, s.a. LIMITING THE # and FREQUENCY of PIN guesses. However, unless it can be verified that WPS supports these higher levels of security, it is recommended that WPS BE DISABLED THROUGH THE WIRELESS ROUTER'S CONFIGURATION SETTINGS.
*3. What is a difference between NFC and RFID?*
*RFID is designed for paper-based tags while NFC is not* page 330 *Radio Frequency Identification* (*RFID*) *Another Standards is a set of WIRELESS standards used to read information on TAGS placed upon PAPER*. *Examples of RFID uses include* Employee ID badges, inventory tags, book labels and other PAPER-BASED tags that can be DETECTED BY A PROXIMITY READER.
What methods can be used to DETECT and PROTECT AGAINST a Rogue AP
*Several methods can be used to DETECT and PROTECT AGAINST a Rogue AP* (*1.*): *Use of a Wireless Probe* (See notes on Question #20) (*2.*) (page 354 LAST NoteBox) *By choosing use of a virtual private network (VPN) to encrypt all transmissions when accessing a public WLAN (*3.*): *By choosing the BEST TYPE of AP to match the needs of the network*. -fat vs. thin (page 353) -controller vs. standalone, (pages 353-354) -captive portal APs (page 354) (*4.) (See notes concerning Question #7): Unless it can be verified that WPS supports these higher levels of security, it is recommended that WPS BE DISABLED THROUGH THE WIRELESS ROUTER'S CONFIGURATION SETTINGS.
*14. WPA replaces WEP with*
*Temporal Key Integrity Protocol (TKIP)* See notes on following entries for explanation
What are the differences between WPA and WPA2?
*The WPA2's Standard Uses*: -(*1.*) *Advanced Encryption Standard (AES) block cipher* versus the Temporal Key Integrity Protocol (TKIP). TKIP addressed the issue of ensuring that collisions of packets would not occur for more than 900 years. The WPA's Message Integrity Check (MIC) PROTOCOL would drop a packet which was detected as being tampered with during transmission. Once the MIC protocol dropped a packet, however the PSK's shared secret MUST BE CHANGED ON ALL DEVICES TO ENSURE ADEQUATE SECURITY for the PSK WLAN. For enterprises, PSK is simply NOT A VIABLE SOLUTION ! -(*2.*) *Counter Mode with Cipher Block Chaining Message Authentication Code Protocol* (*CCMP*) versus the Temporal Key Integrity Protocol (TKIP). *CCMP* uses a 64-bit MIC value, just like TKIP, but PROTECTS everything in the 802.11 Media Access Control (MAC) header (except for the duration field), *while the TKIP MIC protects only the source and destination addresses*
*12. Which of these is NOT a limitation of turning off the SSID broadcast from an AP?*
*Users can more easily roam from one WLAN to another.* *page 346 Another means of controlling access to the WLAN [besides use of MAC filtering] is using the *Service Set Identifier* (*SSID*) *of the WIRELESS network*. The SSID is the user-supplied network name of a wireless network [often listed on a label on the "Residential WLAN Gateway" device]. The *Service Set Identifier* (*SSID*) generally cvan be any alphanumeric string up to 32 characters. Although normally the SSID is broadcast so that any devie can see it, the broadcast can be restricted. Then only those users that know the "secret" SSID in advance would be allowed to access the network. Some wireless security sources encourage users to CONFIGURE their APs to PREVENT THE BROADCAST (BEACONING) OF THE SSID, and instead require the USER to ENTER the SSID # MANUALLY on the wireless devices. Although this might seem to provide protection by not advertising the SSID, it provides ONLY a WEAK degree OF SECURITY and HAS SEVERAL LIMITATIONS: (1.) *The SSID can be easily discovered even when it is not contained in beacon frames* BECAUSE *it is transmitted in other management frames SENT by the AP*. (2.) *Turning off the SSID broadcast MIGHT PREVENT USERS from being able to freely roam from one AP coverage area to another*. (3.) *It is not always possible or convenient to turn off SSID beaconing. SSID beaconing is the DEFAULT MODE in virtually every AP, and not all APs ALLOW BEACONING to be TURNED OFF.*
*20. Which of these is NOT a type of wireless AP probe?*
*WNIC probe* is not one of the four types of a wireless AP probes which can be used (page 352) *What protective device can be used to protect against a Rogue Access Point on a wireless connection between a laptop and a public Wi-Fi?* *Def. of Wireless AP probe*: A special sensor called a *wireless probe*, a device that can monitor the AIRWAVES (radio frequencies) for TRAFFIC. There are 4 types of wireless probes which can be used to DETECT and PROTECT AGAINST a Rogue AP : -Wireless Device Probe -Desktop Probe -Access Point Probe -Dedicated Probe *Once a suspicious wireless signal is detected by a wireless probe, the info is sent to a centralized database where WLAN mgt. system software compares it to a list of APPROVED APs. Any device not on the list is considered a ROUGE AP*. *The WLAN mgt. system can instruct the switch to disable the port to which the rogue AP is connected, thus severing its connection to the wired network*.
*8. Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi.* *When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing.* *What type of AP has he encountered?*
*captive portal* (page 354) Def. of Captive portal APs A home user who installs a WLAN can simply launch a web browser to give immediate and unlimited access to the Internet. In a public area that is served by a WLAN, however, opening a web browser will rarely give immediate Internet access BECAUSE: -the owner of the WLAN usually wants to advertise itself as providing this service or -wants the user to read and accept an Acceptable Use Policy (AUP) BEFORE using the WLAN. -AND SOMETIMES A 'GENERAL' AUTHENTICATION, s.a. A PASSWORD given to all current hotel guests, must be entered before being given access to the network. This type of information, approval, or authentication can be supported through a *captive portal AP*. A captive portal AP uses a standard web browser to provide info, and gives the wireless user the opportunity to agree to a police or present valid login credentials, providing a higher degree of security
*10. The primary design of a(n) _____ is to capture the transmissions from legitimate users.*
*evil twin* page 337 *Whereas a rogue AP* is set up by a n INTERNAL USER, *an evil twin is an AP that is set up by an attacker*. This AP is designed to mimic an authorized AP, so a user's mobile device like a laptop or tablet will UNKNOWINGLY connect to this evil twin instead. *Attackers can then capture the transmissions* from users to the evil twin AP.
*11. Which of these is a vulnerability of MAC address filtering?*
*mac addresses.* *page 344* a.k.a: -*Ethernet Address*, -*Physical Address* -*Hardware Address*, and -*Vendor Address*, -*Vendor ID*, -*NIC address*, One means of protecting a WLAN is to CONTROL which devices ARE PERMITTED to JOIN the network. Wireless access control is intended to limit a user's admission to the AP: only those who are AUTHORIZED can connect to the AP and thus become part of the wireless LAN. The most common type of wireless access control is Media Access Control (MAC) address filtering. The MAC address is a hardware address that uniquely identifies each node ofa network. The MAC address is a unique 48-bit # that is "burned" into the NIC adapter when it is manufactured. This # consists of two parts: (a.) a 24-bit organizationally unique identifier (OUI), sometimes called a "company ID," which references the company that produced the adapter, and a (b.) 24-bit #individual address block (IAB), which uniquely IDs the CARD itself. A typical MAC address is illistruated as the OUI being "00-50-F2" and the IAB as being "7C-63-E1" with a resulting MAC address as being altogether as "00-50-F2-7C-63-E1" *Filtering by MAC address has SEVERAL VULNERABILITIES*: (1.) *MAC address are initially exchanged between wireless devices and the AP in an UNENCRYPTED FORMAT*. An attacker monitoring the AIRWAVES could easily SEE the MAC address OF AN APPROVED DEVICE AND THEN SUBSTITUTE that approved MAC address on his/her OWN DEVICE (2.) *Managing several MAC addresses can pose significant challenges*. The sheer # of users often makes it difficult to manage ALL the MAC addresses. As new users are added to the network and old users leave, keeping track of MAC address filtering DEMANDS ALMOST CONSTANT ATTENTION. For this reason, MAC address filtering IS NOT ALWAYS PRACTICAL in a large and dynamic wireless network.
Definitions of Terms Used in Question #4's multiple choices of answers:
Def. of *Router*: (page 241 Ch. 6): Network device that can FORWARD PACKETS across DIFFERENT COMPUTER NETWORKS. When a router receives an incoming packet, it reads the destination address and then, using info in its ROUTING TABLE, SENDS the PACKET to the next network TOWARD its DESTINATION *Def. of Dynamic Host Configuration Protocol (DHCP) Server* (from Wikipedia) The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server *dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks*. *Def. of a firewall: (page 246): Device designed to limit the SPREAD of malware Def. of *Access Point* (page 334): An access point (AP) is a centrally located WLAN CONNECTION DEVICE that can SEND and RECEIVE info. It consists of three major parts: (a.) an antenna and a radio transmitter/receiver to send and receive wireless signals, (b.) Special BRIDGING SOFTWARE to interface wireless devices to other devices, (c.) A wired network interface that allows it to connect by cable to a standard wired network. An AP has 2 basic functions (1.) Acts as the "base station" for the wireless network. All wireless devices w/ a wireless NIC transmit to the AP, which in turn redirects the signal if necessary to other wireless devices (2.) Act as a BRIDGE between WIRELESS and WIRED networks. The AP can be connected to the ried network by a cable, allowing all the wireless devices to access through he AP the wired network and vice versa
*What are the three general categories of types of Rogue Access Point Attacks?*
Page 336: Several different wireless attacks can be directed at the enterprise, [among them] *rogue access points* (*Rogue AP*) *System Detection* USING: -*The Correct Type of AP* -*AP Configuration Settings* -and *Wireless Peripheral Protection*
*15. Adabella was asked by her supervisor to adjust the FREQUENCY SPECTRUM SETTINGS on a new AP.* *She brought up the configuration page and looked through the different options*. *Which of the following frequency spectrum settings would she NOT be able to adjust?*
RFID pages 330-332
Why does WPA not serve as a the most secure protocol to use when accessing a *wireless*
The Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA) in October 203. One of the design goals of WPA was to fit the existing WEP (Wired Equivalent Privacy) engine w/o requiring extensive hardware upgrades or replacements BUT the SECURITY of WPA was designed ONLY AS AN INTERIM SHORT-TERM SOLUTION to address the critical WEP vulnerabilities AND WAS NOT SEEN AS A LONG-TERM SOLUTION. WPA addresses BOTH: -*Encryption* and -*Authentication* page 348: WPA Vulnerabilities Although an improvement over WEP, WPA nevertheless had weaknesses. -*Key Mgt. weaknesses* -*Passphrases weaknesses*
*Can a person's own devices be turned into a rogue AP by an attacker?*
YES!!! *page 337 Note Box* *Rogue APs do not even have to be separate network devices* The wireless *Hosted Network function* in *Microsoft Windows* makes it possible to *virtualize the physical wireless network interface card (NIC)* *INTO* *MULTIPLE VIRTUAL WIRELESS *NIC* (Virtual Wi-Fi) *that can be access by a software-based wireless SP (SoftAP)*. (1.) *This means that any computer can easily be turned into a rogue AP* (2.) *And some smartphone apps can allow these devices to also function as APs*
What organizations worked together to develop WPA and WPA2?
page 347: As a result of the wireless security vulnerabilities, both the IEEE and Wi-Fi Alliance Organizations worked to create COMPREHENSIVE SECURITY SOLUTIONS. The results from the IEEE, known as the IEEE802.11i, served as the foundation for the Wi-Fi alliance's Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2). The IEEE standard of IEEE 802.11i stated that a PSK generated from a passphrase OF LESS THAN about 20 characters is unlikely to deter attacks from the passphrase being broken
What are the *Key Mgt. weaknesses* of WPA
page 348 *The distribution and share of PSK* (Pre-Shared Key) is performed manually w/o any technology security protections. The keys can be distributed by telephone, email, or a text message (none of which are secure) Any user who obtains a key is assumed to be authentic and approved. Yet changing the PSK key on a regular basis requires reconfiguring the key on every wireless device and on all APs (access points). To allow a guest user to have access to a PSK WLAN, the key must be given to that guest. Once the guest departs, this shared secret MUST BE CHANGED ON ALL DEVICES TO ENSURE ADEQUATE SECURITY for the PSK WLAN. For enterprises, PSK is simply NOT A VIABLE SOLUTION ! *Def. of Pre-Shared Key*: and also called WPA or WPA2 Personal, it is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise authentication server.
Def. of Peripheral Devices
page 356 Mice and keyboards