14. Wireless Security Fundamentals

Question 1

What does MIC stand for and what does it do?

Answer 1

Message Integrity Check

MIC is calculated on the data being encrypted and it ensures that someone didn’t alter the message.

Question 2

What are the 4 categories of wireless security threats listed in the guide?

Answer 2

Rogue devices
Ad hoc networks
Client association issues
Passive or active attacks

Question 3

What is a rogue client?

Answer 3

Any client that is associated to a rogue AP (an AP that is not a part of your network but can be heard by an AP on your network)

Question 4

What does wIPS stand for?

Answer 4

Wireless Intrusion Protection System

Question 5

What algorithm does WEP use?

Answer 5

RC4 cipher algorithm

Question 6

How long are WEP keys?

Answer 6

40 or 104 bits long

represented by 10 or 26 hex digits

Question 7

How is WEP used for authentication by an AP?

Answer 7

AP sends a challenge phrase which the client encrypts with the WEP key.

Question 8

802.1x requires authentication before a client has access to what?

Answer 8

Wired network

Question 9

What does EAP stand for?

Answer 9

Extensible Authentication Protocol

It is a framework for authentication

Question 10

There are 3 roles in the 802.1x client authentication. What are they and who are they?

Answer 10

Supplicant - client
Authenticator - typically WLC
Authentication server (AS) - typically Radius server

Question 11

LEAP (Lightweight EAP) uses what type of encryption?

Answer 11

RC4 cipher algorithm (this is why it shouldn’t be used)

Question 12

What kind of keys does LEAP use?

Answer 12

Dynamic WEP keys

Question 13

EAP-FAST, PEAP, and EAP-TLS all have an inner authentication and an outer authentication that uses what kind of tunnel for protection?

Answer 13

Transport Layer Security (TLS)

Question 14

What are the differences between EAP-FAST, PEAP, and EAP-TLS in the way they do the inner authentication?

Answer 14

EAP-FAST uses PACs
PEAP uses a digital certificate from the AS but doesn’t require a certificate from the user
EAP-TLS require supplicant and AS to present digital certificates

Question 15

What does TKIP stand for?

Answer 15

Temporal Key Integrity Protocol

Question 16

What is the underlying encryption of TKIP?

Answer 16

WEP

Question 17

What does CCMP stand for?

Answer 17

Counter/CBC-MAC Protocol

Question 18

CCMP consists of what 2 algorithms?

Answer 18

AES counter mode encryption

Cipher Block Chaining Message Authentication Code (CBC-MAC) used for message integrity check

Question 19

How do you know if a device supports CCMP?

Answer 19

WPA2 designation

Question 20

Difference between WPA and WPA2

Answer 20

WPA can use either TKIP or AES(CCMP)

WPA2 only uses AES(CCMP)

Question 21

WPA and WPA2 support what two authentication modes?

Answer 21

Personal mode uses pre-shared key

Enterprise mode uses 802.1x EAP

Question 22

Cisco developed what to secure management frames?

Answer 22

Management Frame Protection (MFP)

Question 23

To use client MFP, client device must support what version of CCX and use what version of WPA

Answer 23

CCXv5

WPA2

Question 24

Wireless security is configured on a per what basis?

Answer 24

per WLAN

Question 25

What is local EAP?

Answer 25

The controller has a built in authentication server that supports LEAP, EAP-FAST, PEAP, EAP-TLS.

Question 26

What are the components of wireless security?

Answer 26

Authentication
Message privacy (encryption)
Message integrity
Intrusion protection