Chapter 14. Flashcards Preview

CWNA > Chapter 14. > Flashcards

Flashcards in Chapter 14. Deck (32):

What is a rogue access point?

A potential open and unsecured gateway straight into the wired infrastructure that the company wants to protect.


Why do many government agencies ban the usage of ad hoc networks?

Because often computers are plugged into the network via Ethernet. At the same time the wireless radio is turned on, allowing a connection to it or something else. Attackers could use this.


What is MACsec and what is it used for?

Created from The IEEE 802.1AE Media Access Control Security standard. can also be used to secure
the network ports on the wired network. In that case, any new device, including APs, would need to be authenticated to the network prior to being given access.


What is a peer-to-peer attack?

During an an-hoc connection a computer is sharing its data and resources with another PC. The other PC that is connected to it could potentially also gain access to the network through the host PC.


What is client isolation?

is a feature that can often be enabled on WLAN access points or controllers to block wireless clients from communicating with other wireless clients on the
same wireless VLAN. Client isolation, or the various other terms used to describe this feature, usually means that packets arriving at the AP’s wireless interface are not forwarded back out of the wireless interface to other clients. This isolates each user on
the wireless network to ensure that a wireless station cannot be used to gain layer 3 or higher access to another wireless station.


What is casual eavesdropping?

Casual eavesdropping is accomplished by simply exploiting the 802.11 frame exchange methods that are
clearly defined by the 802.11-2012 standard. Software utilities known as WLAN discovery tools exist for the purpose of finding open WLAN networks


What is malicious eavesdropping?

the unauthorized use of 802.11 protocol analyzers to capture wireless communications, is typically considered illegal. Most countries have some type of wiretapping law that makes it a crime to listen in on someone else’s phone conversation. Additionally, most countries have laws making it illegal to listen in on any type of electromagnetic communications, including
802.11 wireless transmissions.


What is the next step that an AP does when you enter a passphase for AP authentication?

That a function is run to convert the passphrase to a Pairwise Master Key (PMK), which is used with the 4-Way Handshake to create the final dynamic encryption keys.


Why is it recommended that AP's be configured through wire instead of wirelessly?

Policy often dictates that all WLAN infrastructure devices be configured from only the wired side of the network. If an administrator attempts to configure a WLAN device while connected wirelessly, the administrator could lose connectivity due to configuration changes being made. Some WLAN vendors offer secure wireless console connectivity capabilities for troubleshooting and configuration


What is wireless hijacking?

The access point software is configured with the same SSID that is used by a public hotspot access point. The attacker then sends spoofed disassociation or DE authentication frames, forcing users associated with the hotspot AP to roam to the evil twin AP. At this
point, the attacker has effectively hijacked wireless clients at layer 2 from the original AP. The evil twin will have DHCP and be an open authentication AP.


What is a man-in-the-middle attack?

The second WLAN radio is associated to the hotspot access point as a client. Many OS allow Ethernet and wireless to work together and create a bridge. So the attacker deauths and attacks the client to get the wireless AP to connect to the evil twin. The attack then goes through the evil twin, through the laptop bridge, and onto the physical network. .


What is a way to prevent evil twins and man in the middles.

Authentication of the network and the client. 802.1X/EAP


What is intentional jamming?

Intentional jamming attacks occur when an attacker uses some type of signal generator to cause interference in the unlicensed frequency space. Both narrowband and wideband jammers exist that will interfere with 802.11 transmissions, either causing all data to become corrupted or causing the 802.11 radios to continuously defer when performing a clear channel assessment (CCA).


What is unintentional jamming?

Unintentional interference from microwave ovens, cordless phones, and other devices can also cause denial of service. Although unintentional jamming
is not necessarily an attack, it can cause as much harm as an intentional jamming attack


What is the most common DoS attack?

Layer 2 deauth attacks. The most common involves spoofing disassociation or deauthentication. The attacker can edit the 802.11 header and spoof the MAC address of an access point or a client in either the transmitter address (TA) Feld or the receiver address (RA) Feld.


What is management frame protection (MFP) mechanisms?

An 802.11w-2009 amendment for the prevention of spoofing 802.11 management frames.


What are robust management frames that was created in 802.11w? Worked with frame protection?

Robust management frames can be protected by the management frame protection service and include disassociation, deauthentication, and robust action frames. Action frames are used to request a station to take action on behalf of another station, and not all action frames are robust.


What is the best tool to discover a layer 1 DoS?

Spectrum Analyzer.


What is the best tool to discover a layer 2 DoS?

Protocol Analyzer.


What are the 3 components that make up a WIDS system (Wireless intrusion Detection System)?

1. WIDS server.
2. Management Consoles
3. Sensors.


What is a WIDS server?

A WIDS server is a software server or hardware server appliance acting as a central point of monitoring security and performance data collection. The server uses signature analysis, behavior analysis, protocol analysis, and RF spectrum analysis to detect
potential threats.


What is a WIDS Management Console?

A software-based management console is used to communicate back to a WIDS server from a desktop station. The management console is the software
interface used for administration and configuration of the server and sensors.


What is a WIDS sensor?

Hardware- or software-based sensors may be placed strategically to listen to and capture all 802.11 communications. Sensors are the eyes and ears of a WIDS monitoring solution. Sensors use 802.11 radios to collect information used in securing and analyzing
WLAN traffic. Devices are in constant listening mode.


What are the 3 WIDS design models?

1. Overlay
2. Integrated
3. Integration Enabled.


What is an Overlay WIDS system?

Overlay The most secure model is an overlay WIDS that is deployed on top of the existing
wireless network. This model uses an independent vendor’s WIDS and can be deployed to
monitor any existing or planned WLAN.


What is an integrated WIDS system?

Most WLAN vendors have fully integrated WIDS capabilities. A centralized WLAN controller or a centralized network management server (NMS) functions as the IDS server. Access points can be configured in a full-time sensor-only mode or can act as
part-time sensors when not transmitting as access points. They use off channel scanning.


What is an integrated WIDS solution?

Wi-Fi vendors often integrate their APs and management systems with the major WIDS vendors. The Wi-Fi vendor’s APs integrate software code that can be used to turn the APs into sensors that will communicate with the third-party WIDS server.
Standalone or controller-based APs can be converted into full-time sensors that gather security monitoring information for a separate third-party WIDS server


What is one method of containing rogue AP's by WIPS?

One of the most common methods is to use spoofed deauthentication frames. As shown in Figure 14.12, the WIPS will have the sensors go active and begin
transmitting deauthentication frames that spoof the MAC addresses of the rogue APs and rogue clients. The WIPS uses a known layer 2 denial-of-service attack as a countermeasure. The effect is that communications between the rogue AP and clients are rendered useless. This countermeasure can be used to disable rogue APs, individual client stations, and rogue
ad hoc networks.


What is a general wireless policy?

A general wireless security policy establishes why a wireless security policy is needed for an organization.


What is Sarbanes-Oxley?

The Sarbanes-Oxley Act of 2002 defines stringent controls on corporate accounting and auditing procedures with a goal of corporate responsibility and enhanced financial disclosure.


What is GLBA?

requires banks and financial institutions to notify customers of policies and practices disclosing customer information. The goal is to protect personal information such as credit card numbers, Social Security numbers, names, addresses, and so forth


What is PCI compliance?

Protection of credit cards and the data.