Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CEH - Certified Ethical Hacker > 16 - Hacking Wireless Networks > Flashcards

16 - Hacking Wireless Networks Flashcards

1
Q

How does a Wireless network work?

A

Data is transmitted by means of electromagnetic waves to carry signals over the communication path.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some common wireless terminologies?

A
  • GSM: Used for mobile transportation for wireless network worldwide.
  • Bandwidth: Describes the amount of info that may be broadcasted over a connection
  • Basic Service Set Identifier (BSSID): The MAC address of an access point that has set up a Basic Service Set (BSS)
  • ISM band: Frequency band for international Industrial, Scientific, and Medical communities
  • Access Point: Used to connect wireless devices to a wireless/wired network.
  • Hotspot: Places where wireless network is available for public use.
  • Association: The process of connecting a wireless device to an access point.
  • Service Set Identifier (SSID): A 32 alphanumeric character unique identifier given to a wireless LAN.
  • Orthogonal Frequency-division Multiplexing (OFDM): Method of encoding digital data on multiple carrier frequencies
  • Multiple Input, Multiple Output Orthogonal Frequency Divisional Multiplexing (MIMO-OFDM): Air interface for 4G and 5G broadband wireless comms.
  • Direct-sequence Spread Spectrum (DSSS): Original data signal is multiplied with a pseudo random noise spreading code.
  • Frequency-hopping Spread Spectrum (FHSS): Method of transmitting radio signals by rapidly switching a carrier among many frequency channels.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Wi-Fi?

A

A WLAN that is based on IEEE 802.11 standard where it allows the device to access the network from anywhere within range of an access point.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some advantages/disadvantages for wireless networks?

A
  • Advantages: Fast & easy installation, easy to provide connectivity, access can be from anywhere within range, access for the public.
  • Disadvantages: Issues with security, as computers increase bandwidth suffers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different types of Wireless Networks?

A
  • Extension to a Wired Network: By placing AP’s between wired and wireless devices to extend an network.
  • Multiple Access Points: Connects computers wirelessly by using multiple AP’s.
  • LAN-to-LAN Wireless Networks: Interconnecting LAN’s via AP’s.
  • 3G/4G Hotspot: A type of wireless network that provides Wi-Fi access to Wi-Fi enabled devices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the different wireless standards?

A
  • 802.11 (Wi-Fi):
    • Applies to wireless LANs and uses FHSS or DSSS as the frequency hopping spectrum
  • 802.11a:
    • Second extension to the original 802.11 and operates in the 5GHz range.
    • Supports bandwidth up to 54 Mbps by using OFDM
    • It is a fast standard but is sensitive to walls and other obstacles.
  • 802.11b:
    • Operates in the 2.4 GHz ISM band
    • Supports up to 11 Mbps by using DSSS
  • 802.11d:
    • Enhanced version of a and b.
    • The particulars of this domain can be set at the MAC layer.
  • 802.11e:
    • Defines QoS for wireless applications
    • Standard maintains the quality of video and audio streaming, etc.
  • 802.11g:
    • Supports a max bandwidth of 54Mbps using OFDM and uses 2.4GHz.
    • Compatible with 802.11b which means 802.11b devices can work directly with an 802.11g access point.
  • 802.11i:
    • Provides improved encryption for networks
    • Requires protocols such as TKIP, AES
  • 802.11n:
    • Developed to improve 802.11g in terms of bandwidth
    • Operates on 2.4 and 5 GHz and supports a max data rate up to 300Mbps.
  • 802.11ac:
    • Operates on 5GHz
    • Faster and more reliable than 802.11n.
    • Involves Gigabit networking that provides an instantaneous experience
  • 802.11ad:
    • Works on the 60GHz spectrum
    • Transfer speed is much higher than 802.11n
  • 802.12:
    • Works on the demand media utilization by working on the demand priority protocol.
    • Ethernet speed increases to 100Mbps
  • 802.15:
    • It defines the standards for a wireless personal area network (WPAN).
  • 802.15.1 (Bluetooth):
    • Bluetooth is mainly used for exchanging data over short distances fixed and mobile devices.
  • 802.15.4 (ZigBee):
    • Has a low data rate and complexity.
    • Transmits long distance data through the mesh network.
    • 250kbits/s
  • 802.15.5:
    • The standard deploys itself on a full mesh or half mesh topology.
  • IEEE 802.16:
    • WiMax
    • Standard for fixed broadband wireless metropolitan networks (MANs) that use a point-to-multipoint architecture.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the types of authentication modes for Wi-Fi?

A
  • Open System Authentication Process: Where any wireless client can be authenticated with the AP’s.
  • Shared Key Authentication Process: Where both the AP and client use the same WEP key to provide authentication.
  • Centralized Authentication Server: Where a RADIUS servers sends authentication keys to both AP and client for authentication. The key enables the AP to identify a particular wireless client.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the types of Wireless Antennas?

A
  • Directional Antenna:
    • Used to broadcast and obtain radio waves from a single direction
  • Omnidirectional Antenna:
    • Provides 360 degree horizontal radiation.
  • Parabolic Grid Antenna:
    • Based on the principle of a satellite dishes but doesn’t have solid backing, can pick up Wi-Fi signals from a distance of 10 miles.
  • Yagi Antenna:
    • A unidirectional antenna for a frequency band of 10MHz to VHF and UHF.
  • Dipole Antenna:
    • Bidirectional antenna, used to support client connections rather that site-to-site applications.
  • Reflector Antennas:
    • Used to concentrate EM energy which is radiated or received at a focal point.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the types of wireless encryption?

A
  • 802.11i: amendment that specifies security mechanisms for 802.11 wireless networks
  • WEP: Encryption algos for 802.11 networks
  • LEAP: Proprietary version of EAP developed by Cisco
  • WPA: Advanced wireless encryption protocol using TKIP and MIC.
  • TKIP: Security protocol used in WAP as a replacement for WEP
  • WPA2: Upgrade to WPA using AES and CCMP for encryption
  • AES: Symmetric-key encryption used in WPA2
  • CCMP: Encryption protocol used in WPA2
  • WPA2 Enterprise: Integrates EAP standards for WPA2 encryption.
  • EAP: Supports multiple encryption standards such as token cards, Kerberos, certificates, etc.
  • RADIUS: Centralized authentication and authorization management system
  • PEAP: Protocol that encapsulates the EAP within an encrypted tunnel and authenticated Transport Layer Security (TLS) tunnel.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some issues/concerns with WEP?

A
  • IV’s is too short, 24 bits
  • Identical key streams
  • Lack of centralized key management
  • Cipher was meant to be one time used.
  • No defined method for encryption key distribution
  • Prone to password cracking attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the different types of Wireless attacks?

A
  • Access Control Attacks: Aim to penetrate a network by evading WLAN access control measures.
    • War Driving
    • Rogue Access Points
    • MAC Spoofing
  • Integrity Attacks: Attackers send forged control, management or data frames over a wireless network to misdirect wireless devices in order to perform another type of attack.
    • WEP Injection
    • Data Replay
    • RADIUS Replay
  • Confidentiality Attacks: These attacks attempt to intercept confidential info sent over wireless associations, whether clear text or encrypted by Wi-Fi protocols.
    • Eavesdropping
    • Traffic Analysis
    • Cracking WEP Key
  • Availability Attacks: Aims at obstructing the delivery of wireless services to legit users, either by crippling those resources or denying them access to WLAN resources.
    • Access Point Theft
    • DoS
    • Authenticate Flood
  • Authentication Attacks: To steal the identity of Wi-Fi clients
    • Identity Theft
    • LEAP Cracking
    • VPN Login Cracking
    • Password Speculation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a rogue access point attack?

A

Attacker sets up AP near a target network in order to lure user’s to connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is client mis-association?

A

Attacker sets up access point in a neighboring network of the corporate perimeter and lures users to connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a honeypot access point attack?

A

Where an attacker sets up a legit looking network amongst many other nearby networks and lures someone to connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an AP MAC Spoofing?

A

Where an attacker spoofs a MAC address to connect as an authorized user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can a DoS attack occur on a wireless network?

A

An attacker sends an de-authentication request and the devices disconnect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the methodologies for hacking wireless networks?

A
  • Wi-Fi Discovery: Discovery and footprinting network in passive and active way. Looking for networks in range.
  • GPS Mapping: Attackers create map of discovered Wi-Fi networks and create a database with statistics such as location.
  • Wireless Traffic Analysis: Analyze the traffic to identify vulnerabilities and susceptible victims in a target wireless network to help determine the appropriate strategy for a successful attack.
  • Launch Wireless Attacks: Carry out various types of attacks such as fragmentation attacks, MAC spoofing attacks, DoS, etc.
  • Crack Wi-Fi Encryption:
    • Start wireless interface in Monitor mode
    • Test injection capability
    • Use tool such as to do fake authentication with AP
    • Start wifi sniffing tool to collect unique IVs
    • Start a WiFi packet encryption tool in ARP request replay mode to inject packets
    • Run a cracking tool to extract encryption key form the IVs
  • Compromise the Wi-Fi Network
18
Q

What are the active/passive methods of Wi-Fi discovery?

A
  • Passive: Sniffing traffic
  • Active: Sends out probe request with the SSID to see if an AP responds.
19
Q

How does an attacker choose the right Wi-Fi card for use in an attack?

A
  • Determine the Wi-Fi requirements: do you just want to listen or inject data
  • Learn the capabilities of a wireless card: Know the manufacturer of the card and the chipset (usually different)
  • Determine the chipset of the Wi-Fi card: To find out chipset, you can search the internet, look at Windows driver file names, check manufacturer name, look at chipset number, look up FCC ID
  • Verify chipset capabilities: Verify chipset is compatible with OS, etc
  • Determine the drivers and patches required
20
Q

What is a AirPcap adapter?

A

It is an adapter that captures full 802.11 data, management, and control frames that can be viewed in control frames. Can also:

  • Decrypt WEP/WPA-encrypted frames
  • Provides multi-channel capture
  • Traffic injection
  • Can replay 802.11 network traffic
21
Q

What is Spectrum Analysis?

A

Helps actively monitor the spectrum usage in a particular area and measure the power of the spectrum

22
Q

What is a fragmentation attack?

A

Where the attacker uses a packet to generate their own packets using the PRGA (Pseudo Random Generating Algorithm) which are then used for various injection attacks.

23
Q

What are the different types of DoS attacks?

A
  • Disassociation Attack: Where attacker makes the victim unavailable to other wireless devices by destroying the connectivity between the AP and client
  • Deauthentication Attack: Where the attacker floods stations with forged deauthenticates or disassociates to disconnect users from an AP.
24
Q

What are the different ways a MitM attack can occur?

A
  • Eavesdropping: Where an attacker sniffs traffic
  • Manipulation: Where the attacker can receive the victims data and manipulate it
25
Q

What is the Evil Twin attack?

A

where a wireless AP pretends to be a legit AP by replicating another network name.

26
Q

What are methods to break WPA/WPA2 Encryption?

A
  • WPA PSK: The keys can be brute forced using dictioanry attacks
  • Offline Attack: Be near AP to capture WPA/WPA2 auth handshake and capture right packets with keys in them so they can be cracked offline
  • De-Authentication Attack: Force client to disconnect, capture the reconnect packets so they can be brute forced
  • Brute-Force WPA Keys
27
Q

What is Bluetooth?

A

A short range wireless communication technology that replaces cables connecting portable or fixed devices while maintaining high levels of security.

28
Q

What are the modes of Bluetooth?

A
  • Discoverable:
    • Discoverable: Sends inquiry responses to all inquiries.
    • Limited Discoverable: Visible for a certain period of time
    • Non-Discoverable: Never answers an inquiry scan
  • Pairing:
    • Non-pairable: Rejects every pairing request
    • Pairable: Will pair upon request
29
Q

What are the different Bluetooth attacks?

A
  • Bluesmacking: DoS attack that overloads devices with random packets
  • Bluejacking: Sending unsolicited messages over BT to BT devices
  • Blue Snarfing: Theft of info from a wireless device through a BT connection
  • BlueSniff: Proof of concept for a BT wardriving utility
  • Bluebugging: Remotely accessing BT devices and using its features
  • BluePrinting: Collecting info about BT devices
  • MAC spoofing Attack: Intercepting data intended for other BT devices
  • MitM/Impersonation Attack: Modifying data between BT enabled devices communicating in a Piconet
30
Q

What are some BT Threats?

A
  • Leaking calendar and address books
  • Bugging devices: making unintended calls, etc
  • Sending SMS messages
  • Causing financial losses
  • Remote Control
  • Social Engineering: convince users to lower security settings
  • Malicious Code
  • Protocol Vulnerabilities
31
Q

What are the wireless security layers?

A
  • Wireless Signal Security: Wireless IDS, RF Spectrum Security
  • Connection Security: Per-Packet Authentication, Centralized Encyrption
  • Device Security: Vulnerabilities and Patches
  • Data Protection: WPA2 and AES
  • Network Protection: Strong Authentication
  • End User Protection: Stateful Per User Firewalls
32
Q

How can you defend against WPA/WPA2 Cracking?

A
  • Use a complex, random passphrase that is a minimum of 20 characters
  • Use WPA2 with AES/CCMP encryption only
  • Use VPN
  • Implement a Network Access Control (NAC) or Network Access Protection
33
Q

How to defend against KRACK attacks?

A
  • Update all routers to latest patches
  • Auto update on all wireless devices
  • Avoid using public WiFi networks
  • Browse only secured websites
  • Do not connect to insecure WiFi routers
  • Always enable HTTPS everywhere extension
  • Enable 2FA
34
Q

How to detect and block rogue AP?

A
  • RF scanning: repurposed access points that warn about wireless devices in the area
  • AP scanning: Scan for AP’s in a nearby area.
  • Using Wired Side Inputs: Software detects devices connected in the LAN, including Telnet, SNMP, CDP
  • Launch DoS on the rogue AP
  • Block switch port the rogue AP is connected
35
Q

How do you defend against wireless attacks?

A
  • Configuration Best Practices: Change default SSID and disable broadcast, set router pw, enable MAC address filtering
  • SSID Settings Best Practices: Use SSID cloaking, do not use important info in SSID name, use FW between AP and intranet, limit strength of wireless network, encrypt traffic
  • Authentication Best Practices: Use WPA over WEP, place Wireless AP in secure location, keep drivers updated, use centralized server
36
Q

How do you defend against Bluetooth Hacking?

A
  • Use non regular pattern as PIN keys
  • Keep device in non-discoverable mode
  • Do not accept unknown or untrusted pairing requests
  • Always enable encryption
  • Keep track of paired devices and remove unneeded ones
  • Only pair in secure area
  • Use AV
  • Use link encryption
37
Q

What is WPA3 Encryption?

A

Advanced implementation of WPA2 and uses AES-GCMP 256.

  • WPA3-Personal: Delivers password-based authentication using SAE protocol (Dragonfly Key Exchange)
  • WPA3-Enterprise: Uses HMAC-SHA-384 to generate keys and ECDSA-384 for exchanging keys
38
Q

What is the aLTEr attack?

A

Performed on LTE devices, attackers install fake communication tower between 2 authentic endpoints intending to mislead the victim. Tower interrupts the data transmission and hijacks the session.

39
Q

What are the Wormhole and Sinkhole attacks?

A
  • Wormhole: Exploits dynamic routing protocols where attacker locates himself in the network to sniff and record transmissions. Attacker creates tunnel to forward data between 2 endpoints
  • Sinkhole: Attacker uses malicious code and advertises this node as shortest possible route and attracts all neighboring nodes.
40
Q

How can you crack WPA3 Encryption Cracking?

A

Dragonblood is a set of vulnerabilities in the WPA3 that allows attackers to recover keys, etc.

CEH - Certified Ethical Hacker (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions