3.4 - 3.5 Flashcards
Wireless cryptography
Needs protection from snoopers,
So need to secure wireless such as authentication and encryption, plus integrity to see if origin is same ans not changed
Wpa2 and wpa3
Uses ccmp block cipher mode to message authenticate or counter, data confidentiality with AES and message integrity with MIC and Cbc-MAC could be susceptible to bruteforce attacks
Wpa3 2018 uses gcmp galois/counter mode protocol with stronger encryption than wpa2 uses sae or simultaneous authentication of equals
Wireless authentication
Preshared keys for regualr
Security, for deeper security, 802.1x using active director creds for their own authentication credentials
Using wps
Wifi protected setup allows easy setup of mobile device such as personal access number or touch button or nfc
Has a flaw, pin has 8 digits thats actually a 7 digit and check up easing bruteforce. So four digits has 10000 positivlities abs last three has 1000 possibilities allow for some hour for bruteforce
Best to disable dont use
802.1x
Portbased network access control requiring authentication for access to database with radius ldap or tacacs
- Supplicant - client
Authenticator - provides access
Authentication seever - validates Clients credentials
Eap fast (flexible authentication via secure tunneling) shared protected access credential and sets up tls tunnel, then everything inside encrypted
Peap protected extensible authentication protocol, no shared password rather a digital certificate
Eap tls, this needs certificates on all devices from sender and user need a formal pki and older devices may not be able to do this
Eap ttls Needs only one cert and ks a tunnel inside another tunnel
Or radius federation, one authentication across devices
Installing networks
Site survey, maybe existing access points in or nearby the site can use heat maps to create visually where strongest signal strengths are. Has wireless survey tools to use
Wireless packet analysis to listen to signals around the site and monitor and analyze, but user has to be quiet
Channel selection or overlaps need to use non overlapping channels
Maintained via wireless
Controllers to handle updates and all central type management
Mobile device management
Mdm, manage data, set policies, if camera is operational, screen locks personal ID number, what apps and versions on device, unsecured apps to be allowed or disallowed (allow lists)
Content management policies
Remote wipes
Geolocations
Geofencing (restrict from certain locations of device; disable when in the office or allow when out of office).
Screen lock
Push notification services
Password and PINs
context aware authentication
Containerization
Full device encryption
Mobile security
Microsd hsm - seecices such as encryption, key generation, digital sigs, authentication
Unified endpoint management (uem) same security across all devices
Mobile application management (mam) to manage apps on these devices
Seandroid linux security in android to protect across all android systems, protects kernal from daemons
Firmware ota updates
Over the air updates, automatically when ready with push notifications
Mobile
Deployment models
Byod
Cope - corporate Owned but Personally enabled
Vdi/vmi virtual desktop or virtual mobile infrastructure where apps and data are separated from mobile device and data is stored securely through remote access
