WLAN Security

Question 1

802.11 Security Basics?

Answer 1

Data Privacy
Authentication, Authorization, And Accounting
Segmentation
Monitoring and Policy

Question 2

Data Privacy?

Answer 2

Encryption

• RC4 Cipher
• AES (Advanced Encryption Standard)

MAC Service Data Unit

Question 3

(AAA)?

Answer 3

Authentication
Authorization
Accounting

Question 4

Authentication?

Answer 4

Identify and Credential Verification, who and what?

Question 5

Authorization?

Answer 5

Granting Access,

What can you do?

Question 6

Accounting?

Answer 6

Tracking the use of resources

Question 7

Rule of AAA?

Answer 7

Authentication is required before association and authorization can be allowed

Question 8

Segmentation?

Answer 8

Based Upon Traffic Type
Based Upon Client Type
Based Upon Authentication or Authorization

LANs
WANs
VLANs

Question 9

Monitoring

Answer 9

Monitoring gives vision into Network performance and Security

Question 10

Monitoring may use?

Answer 10

WIDS

WIPS

Question 11

Policy?

Answer 11

Policy defines how computer systems must be implemented

• Specific WiFi policies must be created
• Traditional wired policies are not sufficient
• Should be written and adaptable as technology changes

Question 12

Legacy 802.11 Security?

Answer 12

Allows legacy client access
Uses older security measures
Is specified in the 802.11 standard as amended
Can be the weak spot of the network

Question 13

Types of Security of 802.11

Answer 13

Legacy Authentication
Static WEP Encryption
MAC Filters
SSID Cloaking/Hiding

Question 14

Legacy Authentication?

Answer 14

Open system or shared key authentication
Wired Equivalent Privacy
Pre-shared keys
Weak when compared to more modern methods
Still used for legacy devices

Question 15

Open System Authentication?

Answer 15

Two way exchange between the client radio and the access point

• The client sends and authentication request
• The access point then sends an authentication response

Does not require any credential
Anybody can have association

Question 16

Shared Key Authentication?

Answer 16

Four-way authentication frame handshake

Question 17

Four-Way authentication frame handshake?

Answer 17

The client station sends an authentication request to the access point
The access point sends a cleartext challenge to the client station in an authentication response
The client station encrypts the cleartext challenge and sends it back to the access point in the body of another authentication request frame.
The access point decrypts the station’s response and compares it to the challenge text

Question 18

Static WEP Encryption?

Answer 18

Uses a 24bit Initialization Vector

Can use either a 40 bit or 104 bit encryption key

Question 19

WEP Provides?

Answer 19

Data Integrity
Confidentiality
Access Control

Question 20

Data Integrity?

Answer 20

A data integrity checksum known as the integrity check value is computed on a data before encryption and used to prevent data from being modified

Question 21

Confidentiality?

Answer 21

The primary goal of confidentiality was to provide data privacy by encrypting the data before transmission

Question 22

Access Control?

Answer 22

For WEP this is a crude form of authorization
Client stations that do not have the same matching static WEP key as an access point are refused to access to network resources

Question 23

WEP Encryption Process?

Answer 23

RC4 - Rivest Cipher

Question 24

WEP Weaknesses?

Answer 24

IV Collisions Attack
Weak Key Attack
Reinjection Attack
Bit-flipping Attack

Easily cracked using freeware
Not allowed in CDE

Question 25

Other Security Measures?

Answer 25

MAC Filters SSID Cloaking In and of themselves these measures are not sufficient Can be a part of a layered approach

Question 26

MAC Filters?

Answer 26

Block or Allow clients based upon MAC Address Easily Bypassed through spoofing Time consuming to implement Does not scale well

Question 27

SSID Cloaking?

Answer 27

Removes the SSID from Beacon frames Does not stop the SSID from being used in the other frames May cause Roaming problems Forces the use of Active scanning in the service set

Question 28

Robust Security Network?

Answer 28

Two stations must authenticate and associate with each other Create dynamic encryption keys through a process known at the 4-way Handshake

Question 29

Components of RSN?

Answer 29

``` Authentication and Authorization 802.1x/EAP Framework Dynamic Encryption Key Generation 4-Way Handshake WPA/WPA2-Personal TKIP Encryption CCMP Encryption ```

Question 30

Authentication And Authorization?

Answer 30

Identity/Credential Verification - Part of AAA - Grants Access to network and or resources Pre-shared key authentication (personal) - No need for external database Server-based authentication - Required AAA server - May require directory access database server

Question 31

PSK Authorization?

Answer 31

Standard defines Authentication and Key Management services

Question 32

During 802.1X authentication, an authentication and key management protocol can be either?

Answer 32

``` A preshared (PSK) protocol An EAP protocol ```

Question 33

Name marketing names for PSK authentication?

Answer 33

WPA/WPA2-Passphrase WPA/WPA2-PSK WPA/WPA2-Preshared Key

Question 34

802.1X/EAP Framework

Answer 34

Based on EAP | Supports Mutiple EAP Types

Question 35

EAP?

Answer 35

Extensible Authentication Protocol | Port Based Access Control

Question 36

Three Main Components?

Answer 36

Supplicant Authenticator Authentication Server

Question 37

TKIP?

Answer 37

Temporal Key Integrity Protocol

Question 38

TKIP Encryption?

Answer 38

``` Optional encryption for an RSN Use constitutes a Legacy RSN Uses a 48 bit Initialization vector Uses the MIC Adds 20 bits of Overhead to frames ```

Question 39

MIC?

Answer 39

Message Integrity Check

Question 40

CCMP?

Answer 40

Counter-Mode (CM) with Cipher Block Chaining (CBC) Message Authentication Code (MAC) Protocol

Question 41

CCMP Encryption?

Answer 41

``` Required for an 802.11 RSN Uses the Rijndael algorithm Uses an 8 byte MIC Stronger than TKIP Requires more robust chipset to function ```

Question 42

Traffic Segmentation?

Answer 42

VLANs - Guest - Voice - Data RBAC

Question 43

RBAC?

Answer 43

Role-Based Access Control

Question 44

Role Based Access Control?

Answer 44

Is an approach to restricting system access to authorized users.

Question 45

3 Main components of an RBAC?

Answer 45

Users Roles Permissions

Question 46

RBAC Permissions can be defined as?

Answer 46

Layer 2 permissions Layer 3 permissions Layer 4-7 permissions Bandwidth permissions

Question 47

Layer 2 permissions?

Answer 47

MAC Filters

Question 48

Layer 3 permissions?

Answer 48

Access control lists

Question 49

Layers 4-7 permissions?

Answer 49

Stateful firewall rules

Question 50

VPN Wireless Security?

Answer 50

Protocols | Encryption

Question 51

Protocols of VPN?

Answer 51

Point to Point Tunneling Protocol | Layer L2 Tunneling Protocol

Question 52

Encryption of VPN?

Answer 52

Microsoft Point-To-Point Encryption | Internet Protocol Security

Question 53

Guest WLAN Security?

Answer 53

Guest SSID Guest VLAN Firewall Policy Captive Web Portal

Question 54

Guest SSID?

Answer 54

Multiple corporate SSIDs are broadcasted by the company APs along with a guest SSID

Question 55

Guest VLAN?

Answer 55

Guest traffic is usually segmented from corporate user traffic in a unique VLAN tied to a unique guest subnet Guest traffic is often also routed to a demilitarized zone

Question 56

e.g. MCAT, pharma, bar exam, Spanish, Series 7 Dismiss Search Bar Search Flashcards in “WLAN Security” Firewall Policy?

Answer 56

Guest users are not allowed on private networks because corporate network servers and resources usually reside on the private IP space

Question 57

Captive Web Portal?

Answer 57

Guest users must normally log in through a captive web portal page before they can proceed to the Internet

Question 58

Wireless Security Management?

Answer 58

Wireless Attacks Intrusion Monitoring Security Policy

Question 59

Wireless Attacks?

Answer 59

``` Rogue Wireless Devices Peer-To-Peer Attacks Eavesdropping Encryption Cracking Authentication Attacks MAC Spoofing. ... ```

Question 60

Rogue Wireless Devices?

Answer 60

Unsanctioned Devices on the Sanctioned Network Located Behind Firewalls Growing Risk ESS or IBSS Devices

Question 61

Intrusion Monitoring?

Answer 61

Wireless Intrusion Detection System Wireless Intrusion Prevention System Mobile WIDS/WIPS Spectrum Analysis

Question 62

Wireless Intrusion Detection?

Answer 62

``` Server uses: signature analysis protocol analysis behavior analysis rf spectrum analysis ```

Question 63

Wireless Security Policy?

Answer 63

General Security Policy Functional Security Policy Legislative Compliance Industry Compliance

Question 64

General Security Policy?

Answer 64

``` Statement of Authority Appliance Audience Violation Reporting Procedures Risk Assessment and Threat Analysis Security Auditing ```

Question 65

Functional Security Policy?

Answer 65

Policy Essentials Baseline Practices Design and Implementation Monitoring and Response