CNA 270 chapter 9 - WLAN Security Basics

Ace your homework & exams now with Quizwiz!

authenticator

Acts as a middleman between the wireless client and the authentication server.

EAP-TLS, TTLS (EAP-MSCHAPv2), PEAP (EAP-MSCHAPv2, EAP-FAST

Some popular EAP types include:

Media access control

MAC

64 bit 128 bit

The WEP key can be either _____ or_____.

PPTP

Using _____on a wireless network should be avoided.

authentication

a way of confirming an identity

10, 26

128-bit WEP keys have _____ ASCII characters and ___ hex characters.

5 , 13,

64-bit WEP keys have _____ ASCII characters and ___ hex characters.

6-63, 64, 256, longer, more random

A Passphrase consists or ___ ASCII (case sensitive) or ___ hexadecimal characters and creates a ___-bit preshared key. The ___ and ____ the passphrase, the more secure it will be.

Client side (endpoint), Network Infrastructure (public or private, Server Side (endpoint)

A VPN solution consists of three components:

overly, integrated

A WIPS requires hardware sensors for monitoring and sending data to the WIPS server. These can be either dedicated devices known as _____, or can share functionality with the wireless access points, known as ______.

dictionary attack

A ______ is performed by software that challenges the encrypted password against common words or phrases in a text file.

Wireless network management system (WNMS), software, hardware, cloud-based

A centralized solution to manage a large number of infrastructure devices available in ____, ____, or _____ form.

shared-key authentication

A four-step process for authentication from original 802.11 which requires WEP in order to function correctly.

passphrase, IEEE 802.11i, 256-bit

After the ____ is entered into the device, with the help of an electronic algorithm from the _____ amendment, it will create a ______ preshared key.

counter mode with cipher-block chaining message authentication code protocol

CCMP

Advanced Encryption Standard (AES)

CCMP uses the _______algorithm block cipher.

Wi-Fi protected setup (WPS)

Certification from Wi-Fi Alliance for push-button and pin-based security.

MAC, registry, configuration file, burned in address

Changing the ____address in the ____ or in a ______ changes only the software reference that the operating system sees and uses. It does not change the ______.

eavesdropping, Radio frequency DoS, MAC address spoofing, Hijacking, Man-in-the-middle attack, peer-to-peer attacks, encryption cracking

Concerns and threats for wireless LANs

WIPS monitoring only parttime

Downside to integrated WIPS sensors

credentials, certificate-based

EAP types allow a user to authenticate to a wireless network in several ways including ____ and ____ authentication

SSID hiding, MAC filtering, WEP

Legacy wireless LAN security technologies

Health Insurance Portability and Accountability Act of 1996

HIPPA

reduce unnecessary tech support calls

Hiding the SSID is sometimes used to....

probe, matching SSID, wildcard SSID (0), null SSID

IEEE 802.11 standard requires access points to respond to all _____requests that have a _______, or what is known as a _______, also known as a _______.

Physical and Data Link

IEEE 802.11 wireless LAN device technology operates a these two layers of the OSI model.

Robust Secure Network (RSN), TKIP, CCMP

IEEE 802.11i introduced ________ which means the network will optionally support ________ and it must also support _________.

device segmentation, virtual local area network (VLAN)

If you have to use WEP, it is important for the network administrator to use appropriate _____ for the WEP-enabled devices in order to not compromise the entire network infrastructure. One way to do this is to consider the use of a _______.

second IP frame

In a very basic sense, VPNs use encapsulation methods where one IP frame is encapsulated within a _____.

WEP, TKIP, CCMP

In the IEEE 802.11 standard, three different encryption mechanisms can be used on a wireless network to protect data traffic:

wireless intrusion prevention system (WIPS)

In wireless networking, ______ is a software/hardware solution that monitors the radios waves and, using a wireless hardware sensor, can report captured information to software to be recorded in a server database.

RADIUS client, RADIUS server

In wireless networking, the wireless access point can act as a ______, which means it will have the capability to accept requests from wireless client devices and forward them to the _______ for authentication.

firmware upgrades, loss of power

It may be necessary to upgrade the device firmware in order to get either TKIP or CCMP capability. Improper _____ or _____ during the upgrade process may render the device unusable or require the device to be sent back to the manufacturer for repair.

MAC address filtering, MAC address

Its purpose is to either all or disallow access to the wireless network by restricting which ______ can IEEE authenticate and associate to a wireless network.

use of air (shared unbound medium)

Key vulnerability in wireless networking

Pin-based, push-button

Many manufacturers of SOHO-grade wireless LAN equipment have adopted either ____ or _____ wireless security.

disabling the SSID broadcast, SSID hiding, closed network

Most manufacturers of SOHO and enterprise access points provide the option not to broadcast the SSID in beacon frames. This is commonly known as ______,______, or _____.

24- bit

NO matter which you use, 64-bit WEP or 128-bit WEP, you are still only using a ___ initialization vector (IV).

802.11i

Newer security methods based on which IEEE amendment?

static keys, same key, manually entered

One disadvantage to WEP is that it uses ______, which means all wireless devices - access points, bridges, and client stations - must have the _____ and the key must be _______.

WEP Cloaking

One solution to the vulnerability of WEP is ________ which allows organizations to operate WEP-encrypted networks securely and preserve their ecisting investment in mobile devices such as barcode scanners.

open system , shared-key

Original IEEE 802.11 standard addresses these two types of authentication:

Microsoft Point-to-Point Encryption (MPPE-128) Protocol, tunneling, encryption

PPTP uses _________for encryption. This process provides both _____ and _______ capabilities for the user's data.

legislative compliance

Plans for complying with regulations on how data is handled for businesses such as healthcare, retail, financial, and others.

limiting throughput, enforcing time restrictions, controlling access to specific resources

Role-based access control can be used for various activities users may perform while connected to a wireless LAN, including.....

Service set Identifier

SSID

WIPS

Some advantages to using a ____ include: captures info by 24/7 monitoring, detects threats such as DoS attacks and rogue access points, notifies you about threats, supports integrated spectrum analysis, ensures compliance with corporate security policy and legislative compliance, retains data for forensic investigation, and uses hardware sensors for monitoring.

PIN, PBC, PIN, near field communication (NFC)

Support for both ___ and ___ configurations is required for access points; client devices at a minimum must support ____. A third, optional method, _____ tokens is also supported.

Temporal Key Integrity Protocol

TKIP

temporal key integrity protocol

TKIP

environment, specifications, cost, complexity

The EAP type chosen will depend on the ______ in which the wireless LAN is used. EAP types vary in ____, ___, and ______.

SecureEasySetup (SES)

The Linksys version of push-button security is called___.

discovery phase, passive, active

The SSID will allow wireless devices such as notebook computers to identify and connect to a wireless LAN using the ________, which includes the _____ and _____ scanning processes.

WPA, WPA 2.0, WPS

The WiFi alliance has released several certifications that pertain to wireless networking: ___ and ____ for SOHO and enterprise deployments, and ____ for the home user.

access point, registrar, PIN, PIN

The _____ will detect when a new wireless device device that supports WPS is in radio range. When this device tries to join the network, the _______ will prompt the user to enter the unique ____. Once the ____ is entered, the process authenticates the device and encrypts the network data sent to and from the device.

beacon frame, 10

The ________ is an advertisement of the wireless network. By default this is set to broadcast at about ___ times a second.

IEEE 802.1X/EAP, TKIP/RC4

The authentication method used by WPA - enterprise is _____ and the encryption/cipher method is ______.

passphrase, TKIP/RC4

The authentication method used by WPA - personal is _____ and the encryption/cipher method is ______.

IEEE 802.1X/EAP, CCMP/AES or TKIP/RC4

The authentication method used by WPA2 - enterprise is _____ and the encryption/cipher method is ______.

passphrase, CCMP/AES or TKIP/RC4

The authentication method used by WPA2 - personal is _____ and the encryption/cipher method is ______.

Extensible Authentication Protocol (EAP)

The authentication process used with IEEE 802.1X is....

6, 2

The media access control (MAC) address is a unique hardware identifier of a computer network device. This __-byte address is the Layer _ address that allows frames to be sent to and received from a device.

authentication , data privacy

The original IEEE 802.11 standard addressed which two areas of security?

access point

The registrar device in the case of a wireless LAN is the ______.

authentication, authorization, accounting

The three components that work together in the AAA protocol are:

IEEE 802.1X, user-based security

This advanced enterprise-level solution operates at Layer 2 and is an IEEE standard. It is also called _____.

MAC address spoofing

This involves tricking the wireless device into thinking its unique MAC address is something other than what is encoded in the actual network card.

MAC address

This is easily visible and cannot be encrypted

open system

This type of authentication is a two-step process, a two-frame exchange, and is one of the simplest ways to provide an authentication process.

passphrase-based security, the same 256-bit

This was designed with the SOHO or home-based user in mind. This type of security requires all wireless devices that are part of the same wireless network to have ____ pre-shared key (PSK) in order to securely communicate.

Point-to-Point Tunneling Protocol (PTP), Layer 2 Tunneling Protocol (L2TP)

Two common types of VPN protocols are:

tunneling, encryption

VPNs consist of two parts, _____ and _____.

layer 3

VPNs typically operate at _____.

Wired equivalent privacy

WEP

open system or shared-key

WEP can be used in one of two ways:

wireless intrusion prevention system

WIPS

intrusion signature database

WIPS countermeasures are based on identifying the intrusion by comparing the captured information to an _____ within the WIPS server.

802.1X, supplicant, authenticator, authentication server

Wireless devices that use ____ technology are identified using different terminology than that used in the IEEE 802.11 standards-based wireless networking: ______ (wireless client device), _____ (wireless access point), ______ (RADIUS or AAA authentication server)

Internet Protocol Security (IPSec)

With L2TP, a popular choice of encryption is _____, which provides authentication and encryption for each IP packet in a data stream.

IEEE 802.11 open system authentication

With _____ all information is broadcast through the air in plain text.

Remote Authentication Dial-In User Service (RADIUS)

___ is a networking service that provides centralized authentication and administration of users.

TKIP, encryption, integrity, 48, replay attacks, message integrity check, forgery attacks, RC4

___ was designed as a firmware upgrade to WEP. Enhancements include , pre-packet key mixing of the IV to separate IVs from the weak keys, A dynamic rekeying mechanism to change ______ and _____keys, __-bit IV and IV sequence counter to prevent _____, ____(MIC) to prevent ______, and the use of the ___ stream cipher, thereby allowing backward compatibility with WEP.

IEEE 802.1X/EAP

____ consists of two different components used together to form an enterprise computer network security solution.

Layer 2 Tunneling Protocol (L2TP)

____ is a combination of two different tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol.

Role-based access control (RBAC)

____ is a way of restricting access to only authorized users based on roles rather than user identities.

CCMP

____ is mandatory for robust security network (RSN) compliance.

Passive

____ scanning occurs when the wireless client device listens for beacons frames.

PPTP

____ was developed by a vendor consortium, was very popular because of its configuration, and was included in all Microsoft Windows operating systems starting with Windows 95.

physical layer monitoring

_____ allows the wireless network engineer to see what is happening in the air as it relates to radio frequency, usually accomplished with the use of a spectrum analyzer.

CCMP, 2012, WPA2

_____ is a mandatory part of the IEEE 801.11i amendment, now in the IEEE 802.11-___ standard and part of ______certification from the Wi-Fi Alliance.

IEEE 802.1X

_____ is a port-based access control method and was designed to work with IEEE 802.3 Ethernet wired networks.

Virtual Private Networking (VPN)

_____ is the capability to create private communications over a public network infrastructure such as the internet.

user-based security, centralized database

______ allows an administrator to restrict access to a wireless network and its resources by creating users in a ______.

PIN functionality

_______ is required in order for a wireless device to be Wi-Fi Protected Setup (WPS) certified.

Data link layer monitoring, frame exchanges, frame decoding

_______ means looking at the layer 2 information; it allows a network engineer to view both ______ and _____ by expanding on the captured wireless frames.

captive portal

a process that redirects a user to an authentication source of some type before they will be allowed wireless network access.

payment card industry (PCI)

a regulation requiring companies to adhere to security standards created to protect card information pertaining to financial transactions

hijack attack

deauthentication frames force wireless device to reauthenticate...

data privacy

ensuring that information or data is understandable only by the individuals or groups it is intended for.

authentication

gives the capability to control access to a system

SSID

logical name for the wireless network and was designed to be used for wireless device segmentation.

supplicant

the software security component of the wireless client device.

dec 2011

when security flaw was reported with WPS


Related study sets

Medical Surgical Exam 3: ATI practice questions

View Set

India; Tertiary Economic Activities.

View Set

SDSU Anthropology 101 InQuizitive Chapter 11

View Set

Honors U.S. History Chapter 22 Test Preparation

View Set

VAS English - Unit 2D - What city is he from? (questions and answers)

View Set

SAP 1 & 2 - Ophthalmology Formative

View Set