Lesson 19
WEP keys
A WEP key can be used to verify the identity of an authenticating station. Most APs and clients can hold up to four WEP keys simultaneously
What is AES?
AES is a symmetric-key encryption standard that uses a single key to both encrypt and decrypt payloads.
Passive Attacks
Passive attacks, such as eavesdropping, leave no trace of a hacker's presence on or near the network because the hacker does not have to connect to an AP to listen to packets traversing the wireless segment. WLAN sniffers or custom applications are typically used to gather information about the wireless network from a distance with a directional antenna
WPA Personal
Protects users that have chosen insufficiently complex passwords, making brute-force dictionary attacks more time-consuming and difficult.
WPA2
WPA2 enhances security by dropping the TKIP and adding AES-based encryption. AES is a symmetric-key encryption standard that uses a single key to encrypt and decrypt payloads. AES is quick to encrypt and decrypt whether implemented in hardware or software. Wireless packets using AES are encrypted using a 256-bit key. Full compliance with the IEEE 802.11i wireless security standard adds two new protocols: 4-Way Handshake Group Key Handshake
WPA2 operates in what two modes?
WPA2 operates in enterprise mode and personal mode, which is also known as PSK mode.
By implementing WEP in hardware, it is most likely that an AP can maintain data throughput with WEP enabled. What is a disadvantage of this type of implementation?
A disadvantage is the added cost of a more sophisticated AP.
Man-in-the-Middle Attacks
A man-in-the-middle attack is when a malicious individual uses an AP to effectively hijack mobile nodes by sending a stronger signal than the legitimate AP sends to those nodes. The mobile nodes then associate with this rogue AP, sending their data—possibly sensitive data—into the wrong hands
WPA
A per-packet WPA key distribution with TKIP assigns a new WPA key to both the client and the AP for each packet sent between the two. WPA enables two encryption techniques, TKIP and AES
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)-based solutions have replaced WEP using RC4.
Wi-Fi Easy Connect
Allows a network device with a UI to introduce IoT devices with no UI to the network
WEP filtering
Almost all APs have MAC filtering functionality. Closed system describes a wireless system where APs can take the SSID out of the beacon frame. A WLAN station's SSID must match the AP's or the other stations' SSID for the client to authenticate and associate to the service set.
How might a network administrator ensure that security audits and inventories are not overlooked?
By documenting audit procedures in the security policy, a network administrator can ensure that security audits and inventories are not overlooked.
What are some best practices to follow for information and physical security?
Company personnel are encouraged to continuously be on the lookout for noncompany personnel lurking around the company buildings, which can also be effective in reducing on-premises attacks Wireless security keys should only be known by network administrators
Even though dynamic keys add more overhead and reduce data throughput, what is an advantage of using them?
Dynamic keys make hacking the network through the wireless segment much more difficult.
Why do passive attacks, such as eavesdropping, leave no trace of a hacker's presence on or near the network?
Eavesdropping leaves no trace because the hacker does not have to connect to an AP to listen to packets traversing the wireless segment.
WPA2-Enterprise
Enterprise mode—A network server and sophisticated authentication mechanisms automatically distribute special encryption keys to wireless clients.
Filtering
Filtering is a fundamental security mechanism that can be used in addition to WEP and AES. Filtering keeps out what is not wanted and allows in what is wanted. Filtering works the same way as access lists on a router: defining parameters to which stations must adhere to gain access to the network.
How does filtering work?
Filtering works the same way as access lists on a router—by defining parameters to which stations must adhere to gain access to the network.
What types of software should you install on your mobile users' laptop computers to protect them from malicious attacks while operating on public wireless networks?
Firewall Antivirus software
Active Attacks
Hackers can stage active attacks to perform some type of function on the network. An active attack might be used to gain access to a server to obtain valuable data, use the organization's Internet access for malicious purposes, or even change the network infrastructure configuration.
When combined with Extensible Authentication Protocol (EAP), what can IEEE 802.1x provide?
IEEE 802.1x can provide a secure and flexible environment based on various authentication schemes in use today.
What would be a good time to employ a WLAN gateway?
If a small business has significantly invested in APs and if the APs do not support scalable security measures, a business could employ a WLAN gateway rather than replace all of their APs.
What must the hacker have access to when perpetrating a man-in-the-middle attack?
In a man-in-the-middle attack, the hacker must first know the wireless clients' SSIDs, which are easily obtained, and also the network's security keys, if the wireless connection is not wide open and without security.
In an active attack, what can happen if a hacker progresses past a MAC filter?
In an active attack, the hacker can navigate to the APs and remove all MAC filters, making it easier to gain access next time.
Why is it important that the network administrator implement user-based authentication as soon as possible upon installing a WLAN infrastructure?
It is important that the network administrator implement user-based authentication as soon as possible upon installing a WLAN infrastructure because user authentication is a WLAN's weakest link and the IEEE 802.11 standard does not specify any method of user authentication.
What occurs when a hacker uses jamming to gain access to a network?
Jamming simply shuts down the WLAN by using an overwhelming RF signal.
Jamming
Like saboteurs arranging an overwhelming Denial of service (DoS) attack on web servers, an overwhelming RF signal can shut down a WLAN
WLAN attack methods
Passive attacks (eavesdropping) Active attacks (connecting, probing, and configuring the network) Jamming attacks Man-in-the-middle attacks
WPA2-Personal
Personal mode—Also known as PSK mode, a user must manually enter keys on each device on the wireless network. Once the PSK has been entered into each device, WPA2 blocks unauthorized users by requiring all devices to have the matching PSK. Personal mode is less secure than Enterprise mode.
Wi-Fi Certified Enhanced Open
Protects users, who are not using a password, from passive eavesdropping attacks.
Three basic types of filtering can be performed on a WLAN:
SSID filtering MAC filtering Protocol filtering
Security in the WLAN
Security keys are an effective solution for reducing the risk of casual eavesdropping. APs should not emit strong signals that extend into the organization's parking lot or beyond. User authentication should be based on device-independent schemes such as usernames and passwords, biometrics, smart cards, token-based systems, or some other type of secure means of identifying the user, not the hardware or organization. Always connect APs to switches instead of hubs
Wi-Fi Protected Access Key (WPA)
TAKP assigns a new WPA key to both the client and the AP for each packet sent between the two. Although dynamic keys add more overhead and reduce data throughput, they make hacking the network through the wireless segment much more difficult.
Temporal Key Integrity Protocol (TKIP)
TKIP is no longer considered secure TKIP was essentially an upgrade to WEP that fixes known security problems in WEP's implementation of the rc4 algorithm TKIP upgrades WEP to fix the protocol's implementation of RC4.
What's the best way to discover rogue APs?
To discover rogue APs, regular AP discovery sessions should be scheduled but not announced.
VPN (Virtual Private Network)
Using IPSec with shared secrets or certificates is generally the solution of choice among security professionals. The exact process occurs when the VPN server is implemented in an enterprise gateway with one exception. After the client and the AP are associated, the VPN establishes a tunnel with the upstream gateway device instead of the AP. Wireless VPN solutions are reasonably economical and relatively simple to implement . When the VPN server is built into the AP, the client must first associate with the access point
Why is WEP not secure when used with shared key authentication?
WEP is not secure when used with shared key authentication because the AP transmits the challenge text in the clear and receives the same challenge text encrypted with the shared key. An intruder can quickly discover the secret key by comparing the two versions of the challenge text and can then use the key to decrypt all data traffic.
When are WDMZs generally implemented?
When are WDMZs generally WDMZs are generally implemented in medium- and large-scale WLAN deployments.
If WEP must be used, what steps should be taken to ensure that network data is adequately protected?
When using WEP, change WEP keys frequently, use MAC filters, and implement IEEE standard 802.1x and wireless VPN to ensure network data protection.
(WPA3) Wi-Fi Protected Access version 3
Wi-Fi Protected Access version 3 (WPA3). WPA3 provides new security measures and features such as 256-bit Galois/Counter Mode Protocol (GCMP-256), 384-bit Hashed Message Authentication Mode (HMAC), and 256-bit Broadcast/Multicast Integrity Protocol (BIP-GMAC-256). WPA3 devices are backward compatible with devices using the WPA2 protocol WPA3 expands on WPA by adding : Simultaneous Authentication of Equals (SAE) protocol Individualized data encryption Stronger brute force attack protection Intelligent connection 192-bit security suite
Wired Equivalent Privacy (WEP
Wired Equivalent Privacy (WEP) is an encryption algorithm used by the shared key authentication process to authenticate users and encrypt data payloads over the wireless segment of a local area network (LAN). Wired Equivalent Privacy (WEP) is an encryption algorithm used by the shared key authentication process to authenticate users and encrypt data payloads over the wireless segment of a local area network (LAN). Wep Open key authentication is more secured than shared key authentication
Wi-Fi Protected Access (WPA2)
is the customer-friendly term for the IEEE 802.11i security standard using AES. The only publicized hole in WPA2 is through the wps
