Ch-13

Question 1

Wi-Fi ranges/standards

Answer 1

802. 11b is outdated.
803. 11ac is the most broadly deployed standard currently.
804. 211ax/Wi-Fi6 is steady becoming more available.
805. 11b - 11 Mbit/s - 2.4GHz
806. 11ac - 6933 Mbit/s - 5Ghz
807. 11ax - 9608 Mbit/s - 5Ghz

Others -

802. 11a - 64 Mbit/s - 5Ghz
803. 11g - 54 Mbit/s - 2.4Ghz
804. 11n - 600 Mbit/s - 2.4 and 5Ghz

Question 2

Wireless Attacks

Answer 2

Roque Access Points - Offer a point of entry to the network that bypasses security. Can be placed maliciously or by accedent.

Evil Twins - Malicious fake access point that apears to be legitiament. Typcially will match the SSID of the legitamate.

Most modern enterprise networks have systems built-in to detect new access points in an area.

Question 3

Wi-Fi channels

Answer 3

In the 2.4Ghz band each channel is 20MHz wide, with 5-MHz between each channel, There are 11 channels for 2.4 GHz Wi-Fi resulting in overlap between channels in the 100MHz of space allocated. In most cases this means that channels 1,6, and 11 are used.

Channel 1 - 2.412 MHz
Channel 2 - 2.417 MHz
Channel 3 - 2.422 MHz
Channel 4 - 2.427 MHz
Etc.
Each channel is 22 MHz wide

Question 4

Wi-Fi Security

Answer 4

Most widely deployed - WPA2
WPA-Personal - Uses PSK (WPA-PSK). Allows use without a authentication server
WPA-Enterprise - Relies on RADIUS authentication as part of an 802.1x implementation.
WPA2 introduced the use of CCMP w/ AES to provide authentication and confidentiality. CCMP replaced the use of WEP

The replacement - WPA3
All devices since 2018 have been required to support WPA3 as well as WPA2.
WPA3-Personal - Uses SAE and validates between both the client and network and creates perfect forward secrecy. SAE also means that each user can use their own password.
WPA3-Enterprise - Still uses RADIUS. Provides stronger encryption with an optional 192-bit mode, adds authentication encryption and additional controls.

Question 5

Wireless Auth Protocols

Answer 5

802. 1x is an IEEE standard for access control for both wired and wireless.
803. 1x uses RADIUS servers, as well as EAP for confidentially

EAP has many variants as it was intended to be able to be ‘extended’.

PEAP - Wraps EAP using TLS tunnel. Devices on the network use unique encryption keys. Replace keys regularly

EAP-FAST - Cisco developed protocol. Uses a shared key or dynamic keys that were established using public key authentication for reauthentication. Designed to be faster than PEAP.

EAP-TLS - Implements certificate based auth as well as mutual auth of the device and network. Certificates on both the network and device are used to generate keys. Used less frequently due to the challenge of certificate management.

EAP-TTLS - EAP-TLS but the client device does not have a certificate to create a secure session. Reduces overhead of certification management but may require additional software.

Question 6

Mobile Device Management (MDM) tools

Answer 6

microSD HSM - It is HSM in a very small package, typically microSD card, USB, SIM. They support the use of key creation, backup and restore, management and PKI auth and other cryptographic tools on devices that otherwise would not. However the microSD HSM still require an app for use.

SEAndriod - Security Enhanced Linux for Android Devices - Provides the ability to enforce mandatory access control on android devices. This means better compartmentalization, limiting vulns, as well as securing mobile systems and the use of logs. Any action that isn’t explicitly allowed will be denied and added to logs.