Unit 2 Technology Terminology
WIDS
The Wireless Intrusion Detection System (WIDS) in LCOS devices monitors the different WLANs by using a wide range of specified thresholds. If a potential attack is detected, the system reports it immediately via e-mail, SYSLOG, or SNMP traps. Attacks are detected by monitoring for known or similar patterns. The WIDS configuration is either done directly on the AP or by means of a WIDS profile assigned to the AP by a WLC.
WPA/WPA2
Wi-Fi Protected Access (WPA) was the Wi-Fi Alliance's direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. WPA was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system. WPA has been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 is the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP. However, TKIP is still preserved in WPA2 as a fallback system and for interoperability with WPA.
WPS
A wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols. WPS doesn't work on wireless networks that are using the deprecated WEP security, which can be cracked easily by any hacker with a basic set of tools and skills.
RC4
RC4 generates a pseudorandom stream of bits (a key-stream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or. Decryption is performed the same way (since exclusive-or is a symmetric operation). To generate the keystream, the cipher makes use of a secret internal state which consists of two parts: 1. A permutation of all 256 possible bytes (denoted "S" below). 2. Two 8-bit index-pointers (denoted "i" and "j").
SIEM/Mobile Device Log Files
Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. An important first step in establishing a security analysis protocol is managing your logs. Logs are computer-generated messages that come from all sorts of software and hardware - nearly every computing device has the capability of producing logs. The logs show, in detail, the varied functions of the device or application, as well as when users log in or attempt to log in. The importance of these logs isn't in the logging itself. Instead, it's the analysis of these logs is that provides value. Logs are often used to detect weaknesses in security, and forward-thinking companies who employ strategic security analysts often are able to find and address these weaknesses before breaches can occur.
TKIP
TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products.
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology. The CCMP algorithm is based on the U.S. federal government's Advanced Encryption Standard (AES). CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP). CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks. The Counter Mode component provides data privacy. The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication. The enhanced privacy and security of CCMP compared with TKIP requires additional processing power.
802.1X/EAP (CCMP/AES) [how does this relate to WEP, TKIP, RC4, WPA/WPA2]
IEEE 802.1X standard is simply a standard for passing EAP over a wired or wireless LAN. With 802.1X, you package EAP messages in Ethernet frames and don't use PPP. This is used for authentication. 802.1X uses three terms; the user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. Like WEP, TKIP, RC4, WPA, and WPA2 this is another authentication method and an IEEE standard.
Hotspots and Captive Portals
The micro server will create a hotspot around it, with the same SSID as the network we want to target. At this point, it does not matter if the legitimate network actually exists in the area, but if it does, its access point(s) might have a stronger signal than your portable server and most clients will connect to it instead. On the server, a captive portal is configured, that redirects all requests to a certain webpage. That webpage looks identical to the legitimate one, with the only difference that it does not actually connect the user to the Internet, but instead logs down the supplied username and password! After the user has submitted their sensitive data, they can be redirected to the main page again, thus lead to believe that there is just something wrong with this network.
WEP
Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN.
Robust Secure Networks (RSN)
A network protocol that is used for creating and establishing secure communication connections and transmissions over safe wireless networks such as 802.11.its a part of the standard certified on 802.11.standard. Robust Secure network starts the communication with the development of a secure channel over the channel by forwarding and broadcasting the element message across the entire wireless network. the IE element of the RSN broadcast the following information: - Authentication suites that are available on the whole - Unicast suits that are required for the single access point - Multicasting suits. - Element frame format - The element frame format is specifically ordered to send the exact queue to the exact location. They are ordered like element id, element length, version, group keys, pairwise suit list, authentication suits, and capabilities.
AES
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. NIST specified the new advanced encryption standard algorithm must be a block cipher capable of handling 128-bit blocks, using keys sized at 128, 192, and 256 bits.