2.2 Wireless Security Flashcards

Compare and contrast wireless security protocols and authentication methods

1
Q

Pre-shared key

A

A series of letters and numbers generated from the SSID and password when a client joins a network. Used by both the AP and the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Wired Equivalent Privacy

A

Original 802.11 wireless security standard that claims to be as secure as a wired network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the main weakness of WEP, and why is it a weakness?

A

24-bit initialisation vector. It is a weakness because a 24-bit IV is not long enough to prevent repetition on a busy network, thus allowing attackers to detect patterns in the ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WPA
(Wi-Fi Protected Access)

A

Replacement for WEP; uses TKP, MIC and RC4 encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WPA2

A

802.11i standard to provide better wireless security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which encryption method was introduced by WPA2 to replace the more vulnerable TKIP system used in WPA?

A

AES
(Advanced Encryption Service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WPS
(Wi-Fi Protected Setup)

A

Automated encryption setup for wireless networks at a push of a button

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is WPS (Wi-Fi Protected Setup) vulnerable?

A

Because the external registrar PIN is susceptible to brute-force attacks that could allow attackers to gain access to an encrypted Wi-Fi network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can you make a Wi-Fi network more secure?

A

By using VPNs and disabling WPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What sort of encryption does GCMP use?

A

128- or 256-bit AES encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WPA3

A

Latest and most secure version of wireless network encryption currently available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What bit encryption do the Enterprise and Personal versions of WPA3 use, respectively?

A

192-bit and 192- or 128-bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does opportunistic wireless encryption do?

A

Ensures that communication between each pair of endpoints is protected from other endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Simultaneous authentication of equals

A

Password-based authentication and password authenticated key agreement that relies on forward secrecy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is SAE less likely to suffer from dictionary attacks?

A

Because a unique cryptographic key is generated for each connection attempt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Forward secrecy

A

An system that changes the keys used for decryption and encryption frequently and automatically to reduce exposure of sensitive data if one key is hacked

17
Q

Give the steps of authentication for WPA3

A
  1. AP and client use a public key system to generate a pair of long-term keys
  2. AP and client exchange a one-time use session key
  3. AP sends client messages and encrypts them using the created session key
  4. Client decrypts received messages using the same on-time use session key
  5. Process repeats for each message being sent, starting from Step 2
18
Q

What OSI layer do RADIUS servers run in?

A

7 - Application layer

19
Q

What does the RADIUS protocol allow?

A

It allows remote access servers to communicate with a central server to authenticate dial-in users and authorise access to the requested system or service

20
Q

What is RADIUS?

A

A client-server protocol and software

21
Q

TACACS+

A

Cisco-proprietary protocol that provides separate authentication,
authorization, and accounting services

22
Q

Diameter

A

Peer-to-peer protocol created as a next-generation version of RADIUS

23
Q

What networks is Diameter used for?

A

Long-term evolution and IP multimedia system networks

24
Q

SSO

A

Enables users to authenticate once and receive authorizations for
multiple services across the network

25
Kerberos
A protocol for authenticating service requests between trusted hosts across an untrusted network
26
Which OSs have Kerberos support built in?
Windows, macOS, FreeBSD, and Linux
27
How does Kerberos conduct authentication and authorisation functions?
By using symmetric encryption and the Key Distribution Center
28
802.1x
Used for port-based authentication on wired and wireless networks; enables unique credentials for every device
29
List the 6 different mechanisms of authentication allowed for by Extensible Authentication Protocol
- MD5 - TLS - TTLS - FAST - Protected EAP - Lightweight EAP
30
Which devices can run the Lightweight EAP protocol and why?
Cisco-based devices, because the protocol is proprietary
31
MD5 authentication method?
Uses simple passwords and the challenge handshake process to provide remote access authentication
32
How does EAP-TLS work?
Uses public key infrastructure with a digital certificate being installed on both the client and the server
33
EAP-TTLS
Requires a digital certificate on server and password on client. Provides authentication for wired and wireless networks
34
EAP-FAST
Uses protected access credential (PAC) instead of a certificate to establish mutual authentication
35
Protected EAP
Uses server certificates and AD databases to authenticate a client's password; mainly used for wireless networks
36