Wireless Networks

Question 1

Wireless Local Area Network (WLAN)?

Answer 1

▪ Allows users to roam within a coverage area
▪ Popularity has increased exponentially
▪ Convenient to use and expand network access throughout a room, floor,
or building
▪ IEEE 802.11 is the most common type
▪ Other wireless options exist (used for PAN)
● Bluetooth
● Infrared (IR)
● Near-Field Communications (NFC)
● Ant+
● Z-Wave

Question 2

Ad Hoc

Answer 2

Wireless devices communicate directly with
each other without the need for a centralized
access point
▪ Peer-to-Peer connections

Question 3

Infrastructure

Answer 3

Wireless devices communicate with other
wireless or wired devices through a wireless
router or access point
▪ Traditional WiFi in Home and Office networks

Question 4

Wireless Access Point (AP or WAP)

Answer 4

▪ Expands wired LAN into the wireless domain
● Does not interconnect two networks
(not a router)
● Functions as a hub
▪ Connects wired LAN and wireless devices into the same subnet
▪ All clients on an access point are on a single collision domain

Question 5

Wireless Router

Answer 5

Gateway device and base station for wireless devices to communicate
with each other and connect to the Internet
▪ Often combines many features into one device:
● Wireless Access Point (WAP or AP)
● Router
● Switch
● Firewall
● Fiber, Cable, or DSL modem

Question 6

o Independent Basic Service Set (IBSS)

Answer 6

Contains only devices/clients with no APs(AD-HOC WLAN)

Question 7

Basic Service Set (BSS)

Answer 7

Only one AP connected to the network (SOHO network)

Question 8

Extended Service Set (ESS)

Answer 8

Contains multiple APs to provide coverage (College campus)

Question 9

Mesh Topology

Answer 9

▪ May not use a centralized control
▪ Range of combined wireless defines network
▪ Uses WiFi, Microwave, Cellular, and more

Question 10

AP Placement

Answer 10

▪ Careful planning is required to
prevent the APs from interfering
with one another and still
maintaining the desired
coverage area in ESS
▪ Coverage should overlap
between APs to allow
uninterrupted roaming from one
cell to another but can’t use
overlapping frequencies

Question 11

AP Placement (2.4 Ghz)

Answer 11

Non-overlapping coverage cells
for 2.4 GHz band should have
10% to 15% coverage overlap in
coverage area

Question 12

AP Placement (5 Ghz

Answer 12

▪ Identical channels should be separated by at least two cells instead of
one

Question 13

Site Surveys

Answer 13

▪ Wireless survey to determine coverage areas
▪ Produces a heat map with coverage

Question 14

Wireless Range Extenders

Answer 14

▪ Specialized device that overcomes distance limitations of wireless
networks
▪ Amplifies the signal and extends reachability or a wireless cell
▪ Wireless repeater receives signal on one antenna and repeats it on other

Question 15

Antennas

Answer 15

Coverage areas vary based on the type used
▪ Most SOHO wireless APs have fixed antennas
▪ Enterprise-class APs support different types
▪ Factors in antenna effectiveness
● Distance
● Pattern of Wireless Coverage
● Environment (indoor/outdoor)
● Avoiding Interference with other APs

Question 16

Omnidirectional Antenna

Answer 16

Radiates power equally in all directions

Question 17

Unidirectional Antenna

Answer 17

Focuses Power in one direction for covering greater distances

Question 18

Spread Spectrum Wireless Transmissions

Answer 18

▪ Direct-Sequence Spread Spectrum (DSSS)
▪ Frequency-Hopping Spread Spectrum (FHSS)
▪ Orthogonal Frequency-Division Multiplexing (OFDM)
▪ Only DSS and OFDM are commonly utilized in today’s WLANs

Question 19

Direct-Sequence Spread Spectrum (DSSS)

Answer 19

Modulates data over an entire range of frequencies using a series of
signals known as chips
▪ More susceptible to environmental interference
▪ Uses entire frequency spectrum to transmit

Question 20

Frequency-Hopping Spread Spectrum (FHSS)

Answer 20

Devices hop between predetermined frequencies
▪ Increases security as hops occur based on a common timer

Question 21

Orthogonal Frequency Division Multiplexing (OFDM)

Answer 21

Uses slow modulation rate with simultaneous transmission of data over
52 data streams
▪ Allows for higher data rates while resisting interference between data
streams

Question 22

Frequencies and Channels

Answer 22

IEEE 802.11 standards are differentiated by their characteristics, such as
frequency range used:
● 2.4 GHz band
o 2.4 GHz to 2.5 GHz range
● 5 GHz band
o 5.75 GHz to 5.875 GHz range
▪ Each band has specific frequencies (or channels) to avoid overlapping
other signals
▪ Channels 1, 6, and 11 will avoid overlapping frequencies in 2.4 GHz band

Question 23

Channel Bonding

Answer 23

Allows you to create a wider channel by merging neighboring channels
into one

Question 24

Radio Frequency Interference (RFI)

Answer 24

▪ Caused by using similar frequencies to WLAN
▪ Common sources of interference:
● Other wifi devices (overlapping channels)
● Cordless phones and baby monitors (2.4 GHz)
● Microwave ovens (2.4 Ghz)
● Wireless security systems (2.4 GHz)
● Physical obstacles (Walls, appliances, cabinets)
● Signal strength (Configurable on some devices)

Question 25

Carrier Sense Multiple Access/Collision (Avoidance/ Detection)

Answer 25

WLAN uses CSMA/CA to control access to medium, where wires Ethernet uses CSMA/CD ▪ Listens for transmission to determine if safe to transmit ● If channel is clear, transmits Request to Send (RTS) ● Device waits for acknowledgment ● If received an RTS, responds with Clear to Send (CTS) ● If not received, device starts random back off timer

Question 26

Wireless Security

Answer 26

Wireless networks offer convenience, but also many security risks ▪ Encryption of data transferred is paramount to increasing security

Question 27

Pre-Shared Key

Answer 27

Both AP and client uses same encryption key ▪ Problems: ● Scalability is difficult if key is compromised ● All clients must know the same password

Question 28

Wired Equivalent Privacy

Answer 28

▪ Original 802.11 wireless security standard ● Claimed to be as secure as wired networks ▪ Static 40-bit pre-shared encryption key ● Upgraded to 64-bit and 128-bit key over time ▪ Uses 24-bit Initialization Vector (IV) ● Sent in clear text ▪ Brute Force Attack within minutes using AirCrack-ng and other tools

Question 29

Wi-Fi Protected Access (WPA)

Answer 29

▪ Replaced WEP and its weaknesses ▪ Temporal Key Integrity Protocol (TKIP) ● 48-bit Initialization Vector (IV) instead of 24-bit IV ● Rivest Cipher 4 (RC4) used for encryption ▪ Uses Message Integrity Check (MIC) ● Confirms data was not modified in transit ▪ Enterprise Mode WPA ● Users can be required to authenticate before exchanging keys ● Keys between client and AP are temporary

Question 30

Wi-Fi Protected Access 2 (WPA2)

Answer 30

▪ Created as part of IEEE 802.11i standard ● Requires stronger encryption and integrity checks ● Integrity checking through CCMP o Counter Mode with Cipher Block Chaining Message Authentication Code Protocol ▪ Uses Advanced Encryption Standard (AES) ● 128-bit key or above ▪ Supports two modes ● Personal mode with pre-shared keys ● Enterprise mode with centralized authentication

Question 31

WEP and WPA/WPA2 Security Cracking

Answer 31

▪ Utilities can capture wireless packets and run mathematical algorithms to determine the pre-shared key

Question 32

Network Authentication 802.1x

Answer 32

▪ Each wireless user authenticates with their own credentials ▪ Used also in wired networks

Question 33

Extensible Authentication Protocol (EAP)

Answer 33

Authentication performed using 802.1x ▪ EAP-FAST ● Flexible Authentication via Secure Tunneling ▪ EAP-MD5 ▪ EAP-TLS

Question 34

MAC Address Filtering

Answer 34

▪ Configures an AP with a listing of permitted MAC addresses (like an ACL) ▪ Problems: ● Knowledgeable users can falsify their MAC easily using freely available tools ● Examples: o MAC Address Changer (Windows) o MacDaddyX (OSX)

Question 35

Network Admission Control (NAC)

Answer 35

▪ Permits or denies access to the network based on characteristics of the device instead of checking user credentials ▪ Conducts a posture assessment of client ● Checks the OS and antivirus version of client

Question 36

Captive Portals

Answer 36

▪ Web page that appears before the user is able to access the network resources ▪ Webpage accepts the credentials of the user and presents them to the authentication server

Question 37

Geofencing

Answer 37

GPS or RFID defines real-world boundaries ▪ Barriers can be active or passive ▪ Device can send alerts if it leaves area ▪ Network authentication can use it to determine access

Question 38

Disable SSID Broadcast

Answer 38

Configures an AP to not broadcast the name of the wireless LAN ▪ Problem: ● Knowledgeable users can still easily find the SSID using wireless sniffing tools

Question 39

Rogue Access Point

Answer 39

Malicious users set up an AP to lure legitimate users to connect to the AP ▪ Malicious users can then capture all the packets (data) going through the rogue access point

Question 40

Unsecured Wireless Networks

Answer 40

War Driving ● Occurs when users perform reconnaissance looking for unsecured wireless networks ▪ War Chalking ● Occurs when users write symbols on a wall to notify others of AP characteristics