3.4 - Wireless Security Flashcards

1
Q

Wireless networks

A
  • Require additional security controls, since anyone nearby can listen in
  • Authenticate (username + passwords, multifactor authentication, 802.1x, smart cards etc)
  • Encrypt all data (everyone has an encryption key) to send and receive data
  • Verify the integrity of all communication (original received is original), sometimes called an MIC (message integrity check)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MIC

A
  • Message integrity check
  • verify that that data receives matches the data sent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WPA2

A
  • Wi-Fi Protected Access II
  • Certification began in 2004
  • Uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol or Counter (CBC-MAC Protocol)
  • Challenges: although not insecure, it is susceptible to brute force attacks
  • listen to the four-way handshake (some methods can derive the PSK hash without the handshake)
  • once attacker have hash they can begin brute force to try to get the pre-share key
  • remember GPU processors are fast and cloud based password cracking make brute force easier
  • Once you have the PSK (pre - shared key) you have access to everyone’s wireless key (there’s no forward secrecy)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WPA3

A
  • Wi-Fi Protected Access III
  • Introduced in 2018
  • uses a different block cipher mode (GCMP - Galois/Counter Mode Protocol)
  • stronger encryption than WPA2
  • avoids the hashing problem of WPA3 (includes a mutual authentication, creates a shared session key without sending that key across the network)
  • no more handshaking or hashes being sent
  • has perfect forward secrecy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CCMP

A
  • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol or Counter CBC-MAC Protocol
  • Is used by WPA2 (wi-fi protected access II)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CCMP Security Services

A
  • Data Confidentiality with AES
  • Message Integrity Check (MIC) with CBC- MAC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

GCMP

A
  • Used in WPA III (Wifi protected access III)
  • stronger encryption than WPA2
  • Data confidentiality still uses AES, but the MIC (message integrity check) uses the GMAC (Galois Message Authentication Code) instead of the CBC-MAC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PSK

A
  • Pre- shared key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Perfect Forward Secrecy

A
  • Session keys change often and everyone has a different session key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SAE

A
  • Simultaneous Authentication of Equals
  • Derived from Diffie-Hellman key exchange with an authentication component
  • Everyone uses a different session key, even with the same PSK
  • An IEEE - standard (802.11 standard) - the dragonfly handshake
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Wireless Authentication

A
  • Can be mobile users, or temporary users
  • Generally 2 ways to authenticate: PSK or 802.1x
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PSK

A
  • Pre-shared key / shared password
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

802.1X

A
  • Provides centralized authentication
  • used in corporations, ask to connect to a centralized network and then you must authenticate
  • vs PSK
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Open System

A
  • no password required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

WPA3- Personal

A
  • WPA3- PSK
    0 wPA3 with a preshared key
  • everyone uses the same key
  • unique wpa3 session key is derived from the PSK using SAE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

WPA3- Enterprise

A
  • Common in corporate environments
17
Q

Captive portal

A
  • Method of providing authentication using a separate screen on your browswer (re-direct to a log in page)
  • many also support MFA
  • After you log in then you have access to wireless portal
  • Often have to either log out or there is a timeout for the session
18
Q

WPS

A
  • WiFi Protected Setup
  • Originally called WiFi Simple Config
  • A type of authentication
  • Allows “easy” set up of a mobile device
  • A passphrase can be complicated to a novice
  • Can use a PIN on mobile device or might have to push button on access device or bring wireless device close to the access point using NFC
  • This means you don’t have remembered a shared key or using 802.1x
  • Most common way to authenticate: use PIN (but there are security flaws to this, it might be best to disable)
  • While intended to make things easier, it made things less secure
  • best practice - disable it on wireless network
19
Q

WPS Hack

A
  • Dec 2011
  • PIN = 8 digit number, but it’s really only 7 and a check sum
  • But even worse, the WPS processes only the first 4 digits and then the 3 digits
  • This drastically reduces the combo possibly to a total of 11K possibilities
  • easy to brute force
  • newer WPS will have brute force protections, but older versions don’t
20
Q

Authentication Types

A
  • Username / Password (sometimes combined with other factors)
  • common on both wired / wireless networks
21
Q

EAP

A
  • Extensible Authentication Protocol
  • Authentication framework
  • Often used with 802.1x, prevents access to the network until authentication succeeds.
  • Many different ways to authenticated based on RFC standards (Manufacturers can build their own EAP methods)
22
Q

802.1X

A
  • Aka Port-based Network Access Control (NAC)
  • you don’t get access to network until you authenticate
  • Used in conjunction with an access DB (ex: RADIUS, LDAP, etc)
  • Ex: 3 parts to IEEE 802.1X and EAP
  • Supplicant = client, Authenticator (the device that provides access), Authentication Server (Validates the clients credentials)
23
Q

EAP-FAST

A
  • EAP Flexible Authentication via Secure Tunneling
  • ways the authentication server and the supplicant can receive secure data via a PAC (a shared protected access password, aka a shared secret)
  • Supplicant receives the PAC, and Supplicant and AS (Authentication Server) mutually authenticate and negotiate a TLS tunnel.
  • Sets up a TLS tunnel (very similar to how browsers are encrypted)
  • Often need a RADIUS server (provides an authentication DB)
24
Q

PEAP

A
  • Protect Extensible Authentication Protocol
  • Protect EAP (created by Cisco, Microsoft, and RSA)
  • Also encapsulates EAP in a TLS tunnel, AS uses a digital certificate instead of a PAC
  • Client doesn’t use a separate digital certificate
  • Probably combining MSCHAP v2 (Microsofts Handshake)
  • User can also authenticate with a GTC generic token card
25
Q

EAP-TLS

A
  • EAP Transport Layer Security, strong security, wide adoption, support from most of the industry
  • Requires digital certificates on the AS and all other devices
  • Relatively complex implementation, need a PKI, must deploy/manage certificates, not all devices can support use of TLS