1.6 Securing Wireless Networks Flashcards
Created in 1997, the evolving standards that gives us the methods by which we create wireless local area networks.
IEEE802.11
Most of the amendments to 802.11 have focused on the following.
Performance, frequency range, speed/bandwidth, and security.
The most recent approved 802.11 amendment, incorporated in the standard in 2016. Aggregated bandwidth of 1 Gbps and operates in the 5GHz frequency range. what many people look for today when purchasing new laptops smartphones and access points.
802.11ac
Not officially ratified at the moment, this is the next iteration of 802.11 amendments. Initial support suggests the possibility of aggregated bandwidth of 11 Gbps. Also known as the high efficiency amendment.
802.11ax
New sets of naming conventions proposed by the Wi-Fi alliance
Wi-Fi generational names
Wi-Fi 6 refers to this 802.11 amendment
802.11ax
Attackers can use these to be within range of a wireless network from further away.
High Gain amplifiers and antennas
802.11 amendment that tries to address some of the security shortcomings.
802.11i
This directly translates to the number of possible keys that can be used in cryptographic operations
key length
These restrictions limited the key length of WEP to 40 bits
United States export restrictions
With the RC4 cipher it is critical that this does not repeat
Keys, keying material
This was the security undoing of WEP
Improper key generation. Repeating of the 24 bit initialization vector (IV) that led to potential uncovering of the pre-shared key.
Used by some cryptographic implementations to try and add uniqueness to each encryption operation. This becomes part of the encryption key.
Initialization vectors - IVs
Keyspace for WEP initialization vectors
2^24
A nonprofit organization founded in 1999. goals of the organization were to provide standardization around interoperability, reliability, and the consistency of hardware that leveraged 802.11 technologies.
Wi-Fi alliance
This deprecated protocol is an improvement to how the encryption keys for the underlying RC4 stream cipher are generated
TKIP - temporal key integrity protocol
These checks help to make packet forgery and replay attacks more difficult
Integrity checks
The Wi-Fi alliance will only certify a device for Wi-Fi 6 if the device supports this encryption protocol
WPA3
WPA3 will support up to this key length for it’s AES based encryption
192 bit key length
Once this is uncovered, an adversary might be able to decrypt any and all of the encrypted communication on the WLAN
Pre-shared key
The newer handshake with WPA3 where pre shared keys are only used to authenticate to the network, and no longer to drive session keys for encrypted communication.
Dragonfly
What a wireless access point uses to notify clients on changes in communication, such as channel usage.
management frames
these devices are managers of the wlan. They are responsible for maintaining which channels to use for communication, handling clients connecting and disconnecting, and enforcing which security mechanisms to use.
Wireless access points
A DoS attack where an adversary can impersonate an access point and transmit a spoofed management frame, disconnecting all connected clients.
Spoof of a disassociate request.
Included in WPA3, this is designed to provide encryption on open, insecure networks.
OWE - opportunistic wireless encryption
Type of attack when an adversary convinces technology to use older protocols or software.
Downgrade attack
A type of attack where an adversary leverages peripheral knowledge of a system in order to infer something important about this system.
Side channel attack or timing attack.
Attack where an adversary uses computational timing differences to determine information about a system.
Timing attack
a situation where an individual, without permission, would bring their own wireless access point to work and connect it to the organization’s wired Network just so they can have their own wireless.
Rogue access point
an attack where a fake access point is installed with the same name as the legitimate access point, and clients are tricked into communicating with the fake instead of the real access point.
Evil Twin AP or Masquerading AP
This network access control method is an excellent way to mitigate the risk of a rogue AP, by preventing the rogue AP from being granted full access to the internal network.
802.1X
This network access control method can restrict access to a network.
802.1X
Two best prevention methods for evil twin rogue AP attacks.
Early detection. Certificates for mutual authentication to alert and users they are not connecting to a legitimate AP
A way to describe and measure how well devices are able to hear each other.
SNR - signal to noise ratio
A network that exists in close physical proximity to our person. Short distance, limited range.
PAN - personal area networks
These are the standards for personal area networking
IEEE802.15
This group governs the standards for Bluetooth, promoting standardization, interoperability, ease of use, product certification.
Bluetooth SIG - special interest group
Chips that are usually soldered onto the motherboard of your device to provide functionality.
SoC - system on chip
This technology is a low-cost, low bandwidth, potentially battery powered alternative to Bluetooth.
Zigbee
This PAN technology is designed to work within a physical proximity of only one to two inches
NFC - near field communications
This PAN technology is most commonly used as a method to uniquely identify an object and potentially to track its location.
RFID
These are the biggest advancements in 5G technology
Low latency (< 1ms), high bandwidth (multi Gigabit), and support for large numbers of connected clients (high density).