Security Plus - Chapter 13 Flashcards
Cellular Network
Provide connectivity for mobile devices like cell phones by dividing geographic areas into “cells” with tower coverage allowing wireless communications between devices and towers or cell sites.
LTE (Long-term evolution), 4G, & 5G. 5G requires more densely populated antenna distribution but provides significantly more speed. Connections are provided by a cellular carrier, which is secured, managed, and controlled outside of your organization, and traffic sent via cellular connection goes through a third-party network.
Wi-Fi Network
A range of wireless protocols that are used to provide wireless networking. Relies on 2.4 GHz and 5 GHz radio bands and uses multiple channels within those bands to allow multiple networks to coexist.
Standard Wi-Fi ranges (slowest to fastest):
- 802.11b - 11mbits 2.4 GHz
- 802.11n - 54 mbits 5 GHz
- 802.11g - 54 mbits 2.4 GHz
- 802.11ac - 600 mbits 5 GHz
- 802.11ax - 6.9 gbits 2.4, 5, or 6 GHz
- 802.11be - 40+ gbits 2.4, 5, or 6 GHz
Other Wireless Network Information
WPA2
WPA3
Ad hoc mode - Allows devices to talk with each other directly
Infrastructure mode - Sends traffic through a base station or access point.
Service Set Identifiers (SSIDs) - Identify the wireless network name. Can be set to broadcast or private.
Bluetooth
Operates on 2.4 GHz range, for low-power, short range (usually 30 - 50 meters) connections that do not have very high bandwidth needs.
Bluetooth Security Modes
Security Mode 1 - No security unsecure
Security Mode 2 - Service-level enforced security
Security Mode 3 - Link-level enforced security
Security Mode 4 - Standard pairing with Security Simple Pairing
Bluetooth does not support encryption. Fixed PINs reduce the security of the connection. Susceptible to eavesdropping as well.
Radio Frequency Identification (RFID)
A relatively short range (less than a foot (passive) to 100 meters (active)) wireless technology that uses a tag and receiver to exchange information.
Active has their own power source and always send signals to be read by a reader, semi-active have a battery but are activated by a reader, passive tags are always powered by a reader.
Frequency ranges:
Low - Short range, low-power for entry access and identification purposes, where they are scanned by a nearby reader.
High - Have a longer readable range up to a meter and communicate more quickly. Used for near-field communication, can support read-only, write-only and rewritable tags.
Ultra-high - The fastest to read with the longest range. Used in circumstances where readers are far away. Inventory management and antitheft purposes so a tag can be read from meters away.
Global Positioning System (GPS)
Uses a constellation of satellites that send out signals which are received by a compatible GPS receiver. Can be as accurate as to identify a GPS device to within a foot of their location. This allows for highly accurate placement for geofencing, and other GPS uses. Provides a consistent time signal as well.
Attacks:
Can be jammed or spoofed
Near-Field Communication (NFC) Not on exam
Short-range communication between devices, like payment terminals. Less than 4 inches of range. Attacks have to come from other devices within close proximity.
Infrared (Not on exam)
Wireless technology that works in line-of-sight opportunities. Wide range of speeds. from 115 kbits to 1 gbits. Television remote controls.
Wireless Connection Models
Point-to-Point - Connects two nodes, and transmissions between them can only be received by the endpoints.
Point-to-Multipoint - Connects multiple devices from a single location. Ex. Wi-Fi
Broadcast - Sends out information on many nodes and are received by many nodes. Ex. GPS and radio
Attacks against Wireless Network and Devices
Evil Twin - A malicious illegitimate access point that is setup to appear to be a legitimate trusted network.
Rogue Access Points
Access points that are added to your network either intentionally or unintentionally. Once connected, they offer a point of entry to attackers or other unwanted users.
Bluetooth Attacks
Bluejacking - Sends unsolicited messages to Bluetooth-enabled devices.
Bluesnarfing - Unauthorized access to a Bluetooth device, typically aimed at gathering information like contact lists or other details of or on the device.
Bluetooth impersonation attacks - Take advantage of weaknesses in the Bluetooth specification, meaning that all devices that implement Bluetooth as expected are likely to be vulnerable to them. They exploit a lack of mutual authentication.
Disassociation Attack
When a threat causes a device to disconnect from an access point. This causes the system to attempt to reconnect, providing the attacker with a window of opportunity to setup a more powerful evil twin or capture information as the system tries to reconnect.
Attackers may send a deauthentication frame, a specific wireless protocol element that spoofs the victim’s wireless MAC address.
Jamming Attack
Blocks all traffic in the range or frequency it is conducted against.
Sideloading
The process of transferring files to a mobile device, typically via a USB connection, microSD, or Bluetooth in order to install applications outside of the official app store.
Jailbreaking
Takes advantage of vulnerabilities or other weaknesses in a mobile device’s operating system to conduct a privilege escalation attack and root the system. This provides a user with more access to the device than they normally have.
Wireless Access Point Design
Tuning and placement of wireless access points are critical because wireless access points have a limited number of channels to operate within, and multiple wireless access points using the same channel within range of each other can decrease the performance and usability of the network. Also need to ensure the network is not extended to areas that the organization does not want the network available. Another area of design is distributing the proper channel band with space between if multiple channels are used in close proximity to each other. Network management software can be used to monitor for interference and overlap problems and adjust your network using the capabilities that determine if there are rogue access points or unknown wireless devices.
Site Surveys
Involve moving throughout a facility or space to determine what existing networks are in place and to look at the physical structure for the location options for your access points. Wireless signal strength tools test strength while walking through the facility and can be used with GPS and marking ideal locations in the facility or a floorplan or map with the wireless signal spot, signal strength, and what channel or channels each access point is on.
Heatmap
The floor plan map of a wireless network placement throughout a facility with the details of placement, signal strength and channels each access point are on.
Wireless Local Area Network (WLAN)
Controllers that help manage access points and the organization’s wireless network. Can be deployed as hardware devices, cloud-hosted, a virtual machine, or software package.
Securing WLAN Controllers
Both controllers and access points should be secured by changing default settings, disabling insecure protocols and services, setting strong passwords, protecting their administrative interfaces by placing them on isolated VLANs, and ensuring they are regularly patched and updated.
Wi-Fi Security Standards
WPA2-Personal - Uses a pre-shared key and is thus often called WPA2-PSK. Allows the client to authenticate without an authentication infrastructure.
WPA2-Enterprise - Relies on a RADIUS authentication server as part of an 802.1X implementation for authentication.
WPA2 introduced the use of Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). This uses the Advanced Encryption Standard (AES) to provide confidentiality, delivering much stronger encryption than previous protocols like Wired Equivalent Privacy (WEP). Then CCMP provides authentication for user and access control capabilities.
WPA3 - Replaces WPA2 and is required to support all Wi-Fi devices since 2020. WPA3 improvements:
- WPA3-Personal - Provides additional protection for password-based authentication, using a process known as Simultaneous Authentication of Equals (SAE). SAE replaces the pre-shared key in WPA2 and requires interaction between both the client and the network to validate both sides. Reduces brute force attack opportunities. WPA3 also implements Perfect Forward Secrecy, which ensures the traffic sent between the client and network is secure even if the client’s password has been compromised.
WPA3-Enterprise - Provides stronger encryption than WPA2 with an optional 192-bit security mode and adds authenticated encryption and additional controls for deriving and authenticating keys and encrypting frameworks.
Perfect Forward Secrecy
Uses a process that changes the encryption keys in an ongoing basis so that a single exposed key won’t result in the entire communication being exposed. Keys can be reset throughout the session at set intervals or for every communication.
