3.4 Wireless Security Flashcards

1
Q

Define Counter/CBC-MAC protocol (CCMP)

A

Encryption used by WPA2 with CBC-MIC providing message integrity check (MIC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define WPA2 (2)

A
  1. Provides encryption, data integrity & authentication
  2. Secure but subject to brute-force attacks by obtaining the hash for the pre-shared key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Galois Counter Mode Protocol (GCMP)

A

Encryption used by WPA3 with Galois message authentication code (GMAC) providing message integrity (MIC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define WPA3 (2)

A
  1. Latest and most secure WiFi encryption
  2. Uses perfect forward secrecy (PFS) so that it is not vulnerable to brute-force attacks since the pre-shared key is different for every session
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Message Integrity Check (MIC)

A

Used by 802.11 wireless to provide message integrity, aka MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Simultaneous Authentication of Equals (SAE) (2)

A
  1. PFS key exchange that expands security of Diffie-Hellman
  2. Used by WPA3 to eliminate brute-force vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Extensible Authentication Protocol (EAP)

A

A standard authentication framework for wireless network authentication used in conjunction with 802.1X

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define EAP-FAST (Flexible Authentication via Secure Tunneling) (3)

A
  1. Establishes a secure tunnel over which authentication credentials are provided to authenticator
  2. Commonly used with RADIUS
  3. Uses shared secret to establish tunnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define PEAP (2)

A
  1. Protected EAP
  2. Like EAP-FAST except it requires a server certificate to create tunnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define EAP-TLS (3)

A
  1. Requires digital certificates on all devices
  2. Difficult to implement due to requirement of PKI
  3. Older devices that lack support for certificates can’t use it to connect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define EAP-TTLS (2)

A
  1. Tunneled Transport Layer Security
  2. Works like EAP-TLS minus client digital certificate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Federation

A

Using third-party or external authentication services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define RADIUS

A

Provides federated wireless authentication with other providers, such as Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define 802.1X

A

Network authentication protocol that opens up wireless or wired network ports upon authentication and authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the pre-shared key used by the WiFi encryption protocols?

A

The WiFi password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define WPS

A
  1. WiFi Protected Setup
  2. Instead of requiring a password to connect to WiFi, access is granted by transferring configuration to the device by using a PIN or with the push of a button when the devices are near each other via NFC
17
Q

WiFi PSK

A

Pre-shared key, everyone uses the same password to access the WiFi network

18
Q

Define WiFi Captive Portal (3)

A
  1. Authentication is done via a browser page where credentials are entered
  2. Access is often provided for a limited time before having to re-authenticate
  3. Can provide an acceptable use agreement that must be accepted
19
Q

Define Site Survey for WiFi

A

A site survey for WiFi networks is conducted to identify possible interference and WiFi coverage

20
Q

Define heat map for WiFi

A

A visual representation of the coverage/signal strength of a WiFi network

21
Q

Uses of WiFi (packet) Analyzer (3)

A

Capture WiFi packets to view:
1. signal-to-noise ratio
2. channel use info
3. utilization

22
Q

Define WiFi channel overlap and what channels don’t interfere with each other

A
  1. Access points can interfere with each other if their channels overlap
  2. In US, channels 1, 6, & 11 do not interfere with each other
23
Q

WiFi access point placement considerations (3)

A
  1. Signal coverage (range)
  2. Interference (channel overlap)
  3. Site survey to identify these as well as external sources of interference
24
Q

How do EAP-FAST and EAP-TLS stand out from other EAP-based protocols?

A
  1. EAP-FAST doesn’t require client or server certificates
  2. EAP-TLS requires both server and client certificates, PKI infrastructure, no tunnel but most secure