2.2 Wireless Security

Question 1

Pre-shared key

Answer 1

A series of letters and numbers generated from the SSID and password when a client joins a network. Used by both the AP and the client

Question 2

Wired Equivalent Privacy

Answer 2

Original 802.11 wireless security standard that claims to be as secure as a wired network

Question 3

What is the main weakness of WEP, and why is it a weakness?

Answer 3

24-bit initialisation vector. It is a weakness because a 24-bit IV is not long enough to prevent repetition on a busy network, thus allowing attackers to detect patterns in the ciphertext

Question 4

WPA
(Wi-Fi Protected Access)

Answer 4

Replacement for WEP; uses TKP, MIC and RC4 encryption

Question 5

WPA2

Answer 5

802.11i standard to provide better wireless security

Question 6

Which encryption method was introduced by WPA2 to replace the more vulnerable TKIP system used in WPA?

Answer 6

AES
(Advanced Encryption Service)

Question 7

WPS
(Wi-Fi Protected Setup)

Answer 7

Automated encryption setup for wireless networks at a push of a button

Question 8

Why is WPS (Wi-Fi Protected Setup) vulnerable?

Answer 8

Because the external registrar PIN is susceptible to brute-force attacks that could allow attackers to gain access to an encrypted Wi-Fi network

Question 9

How can you make a Wi-Fi network more secure?

Answer 9

By using VPNs and disabling WPS

Question 10

What sort of encryption does GCMP use?

Answer 10

128- or 256-bit AES encryption

Question 11

WPA3

Answer 11

Latest and most secure version of wireless network encryption currently available

Question 12

What bit encryption do the Enterprise and Personal versions of WPA3 use, respectively?

Answer 12

192-bit and 192- or 128-bit

Question 13

What does opportunistic wireless encryption do?

Answer 13

Ensures that communication between each pair of endpoints is protected from other endpoints

Question 14

Simultaneous authentication of equals

Answer 14

Password-based authentication and password authenticated key agreement that relies on forward secrecy

Question 15

Why is SAE less likely to suffer from dictionary attacks?

Answer 15

Because a unique cryptographic key is generated for each connection attempt

Question 16

Forward secrecy

Answer 16

An system that changes the keys used for decryption and encryption frequently and automatically to reduce exposure of sensitive data if one key is hacked

Question 17

Give the steps of authentication for WPA3

Answer 17

1. AP and client use a public key system to generate a pair of long-term keys
2. AP and client exchange a one-time use session key
3. AP sends client messages and encrypts them using the created session key
4. Client decrypts received messages using the same on-time use session key
5. Process repeats for each message being sent, starting from Step 2

Question 18

What OSI layer do RADIUS servers run in?

Answer 18

7 - Application layer

Question 19

What does the RADIUS protocol allow?

Answer 19

It allows remote access servers to communicate with a central server to authenticate dial-in users and authorise access to the requested system or service

Question 20

What is RADIUS?

Answer 20

A client-server protocol and software

Question 21

TACACS+

Answer 21

Cisco-proprietary protocol that provides separate authentication,
authorization, and accounting services

Question 22

Diameter

Answer 22

Peer-to-peer protocol created as a next-generation version of RADIUS

Question 23

What networks is Diameter used for?

Answer 23

Long-term evolution and IP multimedia system networks

Question 24

SSO

Answer 24

Enables users to authenticate once and receive authorizations for
multiple services across the network

Question 25

Kerberos

Answer 25

A protocol for authenticating service requests between trusted hosts across an untrusted network

Question 26

Which OSs have Kerberos support built in?

Answer 26

Windows, macOS, FreeBSD, and Linux

Question 27

How does Kerberos conduct authentication and authorisation functions?

Answer 27

By using symmetric encryption and the Key Distribution Center

Question 28

802.1x

Answer 28

Used for port-based authentication on wired and wireless networks; enables unique credentials for every device

Question 29

List the 6 different mechanisms of authentication allowed for by Extensible Authentication Protocol

Answer 29

• MD5
• TLS
• TTLS
• FAST
• Protected EAP
• Lightweight EAP

Question 30

Which devices can run the Lightweight EAP protocol and why?

Answer 30

Cisco-based devices, because the protocol is proprietary

Question 31

MD5 authentication method?

Answer 31

Uses simple passwords and the challenge handshake process to provide remote access authentication

Question 32

How does EAP-TLS work?

Answer 32

Uses public key infrastructure with a digital certificate being installed on both the client and the server

Question 33

EAP-TTLS

Answer 33

Requires a digital certificate on server and password on client. Provides authentication for wired and wireless networks

Question 34

EAP-FAST

Answer 34

Uses protected access credential (PAC) instead of a certificate to establish mutual authentication

Question 35

Protected EAP

Answer 35

Uses server certificates and AD databases to authenticate a client’s password; mainly used for wireless networks