Wireless Security Flashcards
Why is security even more important in wireless networks?
Since signals aren’t contained within a wire, any device within range of the signal can receive traffic
While in wired networks, traffic is generally only encrypted when sent over an untrusted network and not within the LAN, what is the case with wireless networks?
Traffic sent between wireless clients and APs should be encrypted as well
T/F: Ideally, clients should also authenticate the AP to avoid associating with a malicious AP
T
In addition to a unique encryption/decryption key used between the AP and each client, there is also a _____ for broadcast messages.
Group key
To help protect message integrity, a ______ is added to wireless messages
MIC
Message Integrity Check
How is a MIC used to ensure message integrity is preserved?
Sender calculates a MIC for a message. When recipient decrypts the message, it calculated the MIC independently. If the calculated MIC is not equal to the MIC included in the message, it is discarded
What are the most common wireless authentication methods?
- Open Authentication
- WEP (Wired Equivalent Privacy)
- EAP (Extensible Authentication Protocol)
- LEAP (Lightweight EAP)
- EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
- PEAP (Protected EAP)
- EAP-TLS (EAP Transport Layer Security)
Describe the wireless authentication method Open Authentication
Client sends auth request, AP accepts it. No questions asked.
Often used in conjecture with another auth method, e.g. airline wifi
Describe the wireless authentication method WEP
Provided both authentication and RC4 encryption of traffic. Shared key protocol. Not secure and can be easily cracked. Don’t use.
AP sends challenge phrase using WEP key, client encrypts it and sends back. If decrypted client message matches, then AP knows client has correct shared key.
EAP and its different variations are all defined in IEEE ______
802.1x
IEEE 802.1x provides:
port-based network access control
In 802.1x, the device that wants to connect to the network is called the:
Supplicant
In 802.1x, the device that provides access to the network is called the:
Authenticator
In 802.1x, the device that receives client credentials and permits/denies access is called the:
Authentication Server
Typically a RADIUS server
In LEAP, clients must provide a _____ and a _____ to authenticate
username and password
In LEAP, both the client and the AP send a _____ to eachother
Challenge phrase.
In LEAP, _____ aer used, meaning that the WEP keys are changed frequently
Dynamic WEP keys
T/F: LEAP is just as vulnerable as WEP and should not be used anymore
T
EAP-FAST consists of three phases:
- PAC (Protected Access Credential) is generated and passed from the server to the client
- A secure TLS tunnel is established between the client and the server
- Inside of the TLS tunnel, the client and the server communciate further to authenticate the client
Compare and contrast EAP-FAST and PEAP
Instead of a PAC, in PEAP the server uses a digital certificate. Client uses the cert to authenticate the server. Cert is also used to establish a TLS tunnel, and client is then authenticated in the secure tunnel.
Both EAP-FAST and PEAP involve establishing a secure tunnel between the client and the device, and then authenticating the client within the tunnel
EAP-TLS requires a certificate on ______
The AS and on every single client
What is a drawback of EAP-TLS
While it is the most secure, it is the most difficult to implement
T/F: EAP-TLS doesn’t authenticate clients within a TLS tunnel
T
A TLS tunnel is used to exchange encryption key info, but since both the client and the server authenticate each other with digital certificates, the tunnel doesn’t need to be used for authenticating the client
What are the three encryption and integrity methods discussed?
- TKIP (Temporal Key Integrity Protocol)
- CCMP (Counter/CBC-MAC Protocol)
- GCMP
