CNA 210 | CH. 8, Wireless Network Security
initialization vector (IV)
A WEP shared secret key is combined with an __, which is a 24-bit value that changes each time a packet is encrypted
wireless local area network (WLAN)
A ____, commonly called Wi-Fi, is designed to replace or supplement a wired local area network (LAN).
passive active
A _______NFC device, such as an NFC tag, contains information that other devices can read but the tag does not read or receive any information. ______ NFC devices can read information as well as transmit data.
Access point (AP)
A centrally located WLAN connection device that can send and receive information.
ad hoc topology
A configuration in which networks can be created "on the fly" as needed.
Extensible Authentication Protocol (EAP)
A framework for transporting authentication protocols that defines the format of the messages and uses four types of packets: request, response, success, and failure.
Rouge AP system detection
A means for identifying rogue AP devices.
Ad hoc mode
A mode where devices can only communicate between themselves and cannot connect to another network.
Wireless replay attack
A passive attack in which the attacker captures transmitted wireless data, records it, and then sends it on to the original recipient without the attacker's presence being detected.
Message Integrity Check (MIC)
A security improvement for WEP encryption found on wireless networks that helps network administrators avoid attacks that focus on using the bit-flip technique on encrypted network data packets.
Near field communication (NFC)
A set of stands used to establish communication between devices in extremely close proximity.
Radio frequency identification (RFID)
A technology that's commonly used to transmit information between employee identification badges, inventory, tags, book labels, and other paper-based tags that can be detected by a proximity reader.
Preshared key (PSK)
A value that has been previously shared using a secure communication channel between two parties.
A. Controller AP
A wireless LAN controller (WLC) was recently installed, and now Kelsey needs to purchase several new APs to be managed by it. Which type of AP should he purchase? A. Controller AP B. Standalone AP C. Fat AP D. Any type of AP can be managed by a WLC.
Open method
A wireless network in which no authentication is required.
B. WPA2
AES-CCMP is the encryption protocol standard used in . A. WPA B. WPA2 C. IEEE 802.11 D. NFC
C. RFID spectrum
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? A. Frequency band B. Channel selection C. RFID spectrum D. Channel width
Thin AP
An AP that does not contain all the management and configuration functions.
Controller AP
An AP that is managed through a dedicated wireless LAN controller (WLC).
Wireless Equivalent Privacy (WEP)
An IEEE 802.11 security protocol that relies on a minimum of 64-bit shared secret key that is known only by the wireless client and the AP.
Standalone AP
An access point (AP) that does not require another device for management.
Bluejacking
An attack that sends unsolicited messages to Bluetooth-enabled devices. This usually involves sending text messages, but images and sounds can be transmitted as well.
Captive portal AP
An infrastructure that is used on public access WLANs that uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials to provide a higher degree of security.
Wi-Fi Protected Setup (WPS)
An optional means of configuring security on wireless local area networks that was introduced by the Wi-Fi Alliance in early 2007. It was designed to help users who have little or no knowledge of security to quickly and easily implement security on their wireless networks.
Rouge AP
An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.
Enterprise method
Authentication for the WPA2 Enterprise model.
Fat AP
Autonomous AP in which everything is self-contained in a single device.
low energy (LE)
Bluetooth __ is for devices that require short bursts of data over longer distances (such as inventory control devices at a retail store).
Basic Rate/Enhanced Data Rate (BR/EDR)
Bluetooth ______ is designed for devices needing short-range continuous connectivity (such as streaming music to a Bluetooth headset).
Personal Area Network (PAN) technology
Bluetooth is a ___ designed for data communication over short distances and enables users to connect wirelessly to a wide range of computing and telecommunications devices.
AES-CCMP
CCM itself does not require that a specific block cipher be used, but the most secure cipher AES is mandated by the WPA2 standard. For this reason, CCMP for WLANs is sometimes designated as ________.
2 Mbps 800 feet
Compared with the previous version of Bluetooth, the current Bluetooth 5 has a faster speed of _____ vs. 1 Mbps as well as a broader range of coverage of _______ vs. 200 feet.
B. It is a framework for transporting authentication protocols.
Elijah was asked by a student intern to explain the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? A. It is the transport protocol used in TCP/IP for authentication. B. It is a framework for transporting authentication protocols. C. It is a subset of WPA2. D. It is a technology used by IEEE 802.11 for encryption.
Disassociation attack
Field where receiving stations store all
A. Captive portal
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing. What type of AP has he encountered? A. Captive portal B. Web-based portal C. Rogue portal D. Authenticated portal
Turn bluetooth off when not being used, or set it to undiscoverable.
How can a user protect themselves from bluesnarfing?
11,000
How many PINs must be attempted by an attacker before they can successfully break WPS PIN authentication?
280 trillion 900 years
How many possible keys can be generated for a given data packet using TKIP? How long does this ensure will pass before a collision occurs?
802.3
IEEE standard that set specifications for Ethernet local area network technology.
routing protocol attack
In a ___________________ attack, the attacker injects specific packets into the network to redirect a traffic stream through another router that is controlled by the attacker.
hard edge
In a traditional wired network, a well-defined boundary or ________ protects data and resources.
D. EAP-FAST
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? A. EAP-TLS B. EAP-TTLS C. EAP-SSL D. EAP-FAST
Personal Enterprise
Originally there were two modes for WPA. WPA ________ was designed for individuals or small offices, which typically have 10 or fewer employees. WPA __________ was intended for larger businesses, schools, and government agencies.
Piconet
Primary type of Bluetooth network topology.
Advanced Encryption Standard (AES)
The WPA2 standard addresses encryption by using the ___ block cipher, which performs three steps on every block (128 bits) of plaintext
Wi-Fi Direct
The Wi-Fi Alliance implementation of WLAN ad hoc mode.
Generation 2
The current version of RFID standards known as ____________ contains some security enhancements over the previous version
Media Access Control (MAC) address filtering
The most common type of wireless access control is _______________________.
Institute of Electrical and Electronics Engineers (IEEE)
The most widely known and influential organization in the world of computer networking and wireless communications.
Wi-Fi Protected Access (WPA)
The original set of protections from the Wi-Fi Alliance designed to address both encryption and authentication.
C. evil twin
The primary design of a(n) ________ is to capture the transmissions from legitimate users. A. rogue access point B. WEP C. evil twin D. Bluetooth grabber
Wi-Fi Protected Access 2 (WPA2)
The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.
IEEE 802.1x
This standard, originally developed for wired networks, provides a greater degree of security by implementing port-based authentication.
True
True or False? In WPS there is no lockout limit for entering PINs, meaning an attacker can make an unlimited number of PIN attempts.
True
True or False? Jamming attacks generally are rare because sophisticated and expensive equipment is necessary to flood the RF spectrum with enough interference to impact the network.
True
True or False? Most RFID tags are passive and do not have their own power supply.
False. 128-bit is the option added by most vendors to increase security.
True or False? Most vendors chose to use a 254 bit key when using WEP.
False. While the first part is true, beaconing can not always be turned off.
True or False? SSID beaconing is the default mode in virtually every AP, but all APs allow beaconing to be turned off if necessary.
False. It's the other way around
True or False? Whereas an evil twin is set up by an internal user, a Roug AP is set up by an attacker.
True
True or False? With WEP, a small 40-bit encryption key must be manually entered on APs and devices. This key does not change and is the basis for encryption for all transmissions.
Service Set Identifier (SSID)
User-supplied network name for a wireless network that is generally any alphanumeric string up to 32 characters in length.
Temporal Key Integrity (TKIP)
WPA and WPA2 encryption technology
B. Temporal Key Integrity Protocol (TKIP)
WPA replaces WEP with __________. A. WPA2 B. Temporal Key Integrity Protocol (TKIP) C. Cyclic redundancy check (CRC) D. Message Integrity Check (MIC)
Key management Passphrases
What are the two areas of vulnerability in WPA?
PIN Push-button
What are the two methods for WPS?
C. RFID is designed for paper-based tags while NFC is not.
What is a difference between NFC and RFID? A. NFC is based on wireless technology while RFID is not. B. RFID is faster than NFC. C. RFID is designed for paper-based tags while NFC is not. D. NFC devices cannot pair as quickly as RFID devices.
Bluetooth 5
What is the current version of Bluetooth?
Lack of an external RJ-45 connection
What is the one key difference between a wireless client network interface and a wired adapter?
B. Its usage creates a detectable pattern.
What is the primary weakness of wired equivalent privacy (WEP)? A. It functions only on specific brands of APs. B. Its usage creates a detectable pattern. C. It slows down a WLAN from 104 Mbps to 16 Mbps. D. Initialization vectors (IVs) are difficult for users to manage.
Organizationally unique identifier (OUI), (24-bits) Individual address block (IAB), (24-bits)
What two parts make up unique 48-bit number that is "burned" a network interface card adapter when manufactured?
Jamming
When an attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.
C. Install a network sensor to detect an attack
Which of the following is NOT a wireless peripheral protection option? A. Update or replacing any vulnerable device B. Switch to a more fully tested Bluetooth model C. Install a network sensor to detect an attack D. Substitute a wired device
A. Bluesnarfing
Which of these Bluetooth attacks involves accessing unauthorized information through a Bluetooth connection? A. Bluesnarfing B. Bluejacking C. Bluecreeping D. Bluestealing
B. PIN method
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? A. Push-button method B. PIN method C. Piconet method D. NFC method
C. Users can more easily roam from one WLAN to another.
Which of these is NOT a limitation of turning off the SSID broadcast from an AP? A. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another. B. Some versions of operating systems favor a network that broadcasts an SSID over one that does not. C. Users can more easily roam from one WLAN to another. D. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP.
A. Only a small percentage of the total traffic can be encrypted.
Which of these is NOT a risk when a home wireless router is not securely configured? A. Only a small percentage of the total traffic can be encrypted. B. An attacker can steal data from any folder with file sharing enabled. C. User names, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker. D. Malware can be injected into a computer connected to the WLAN.
B. WNIC probe
Which of these is NOT a type of wireless AP probe? A. Wireless device probe B. WNIC probe C. Dedicated probe D. AP probe
C. MAC addresses are initially exchanged unencrypted.
Which of these is a vulnerability of MAC address filtering? A. APs use IP addresses instead of MACs. B. The user must enter the MAC. C. MAC addresses are initially exchanged unencrypted. D. Not all operating systems support MACs.
A. Access point
Which of these technologies is NOT found in a wireless router? A. Access point B. Router C. Dynamic host configuration protocol (DHCP) server D. Firewall
A. Near field communication (NFC)
Which technology is predominately used for contactless payment systems? A. Near field communication (NFC) B. Wireless local area network (WLAN) C. Bluetooth D. Radio Frequency ID (RFID)
C. It allows an attacker to bypass network security configurations.
Why is a rogue AP a security vulnerability? A. It uses the weaker IEEE 80211i protocol. B. It conflicts with other network firewalls and can cause them to become disabled. C. It allows an attacker to bypass network security configurations. D. It requires the use of vulnerable wireless probes on all mobile devices.
Bluetooth
Wireless technology that uses short-range radio frequency (RF) transmissions and provides device pairing.
WPA, WPA2
___ and _____ are the primary wireless security solutions today
The Cipher Block Chaining Message Authentication Code (CBC-MAC)
_______ component of CCMP provides data integrity and authentication.
Protected EAP (PEAP)
____is considered a more flexible EAP scheme because it creates an encrypted channel between the client and the authentication server, and the channel then protects the subsequent user authentication exchange.
certificate-based authentication
he most secure form of IEEE 802.1x authentication is ___________________________ in which each supplicant computer must have a digital certificate as proof of its identity.
