ch 8 Flashcards
Wireless technology that uses short-range radio frequency (R F) transmissions
• Bluetooth
Established when two Bluetooth devices come within range of each other
• Piconet
Bluetooth V5 goes up to
800 ft
One active slave connected to two Masters
Scatter net
- an attack that sends unsolicited messages to Bluetooth-enabled devices
Text messages, images, or sounds
• Blue jacking
An attack that accesses unauthorized information from a wireless device through a Bluetooth connection
• Bluesnarfing
A set of standards used to establish communication between devices in close proximity
Once devices are brought within 4 cm of each other or tapped together, two-way communication is established
• (NFC) Near field communication
contains information that other devices can read but does not read or receive any information
• Passive NFC device
can read information as well as transmit data
• Active NFC device
unencrypted NFC communication between the device and terminal can be intercepted and viewed
eavesdropping
attackers can ‘bump’ a portable reader to a user’s smart phone in a crowd and make an NFC connection and steal payment information stored on the phone
data theft
an attack can intercept the NFC communications between devices and forge a fictitious response
man-in-the-middle-attack
the theft of a smart phone could allow the attacker to use that phone for purchases
device theft
Commonly used to transmit information between employee identification badges, inventory tags, book labels, and other paper-based tags that can be detected by a proximity reader
• (R F I D) Radio frequency identification
Current version of RFID standards known as
Generation 2
a rouge RFID reader can determine the inventory on a store shelf to track the sales of specified items
unauthorized tag access
authentic RFID tags are replaced with what that contain fictitious data about products that are not in the inventory
fake tags
unauthorized users could listen in on communications between RFID tags and readers
eavesdropping
what is designed to replace or supplement a wired LAN
WLAN
Most influential organization for computer networking and wireless communications
Dates back to 1884
Began developing network architecture standards in the 1980s
Operates at AP 200 MW
• (IEEE) WLANS Institute of Electrical and Electronics Engineers
Standard for wireless local area networks (WLANs) Higher speeds (5.5 Mbps and 11 Mbps)
IEEE 802.11
Standard for wireless local area networks (WLANs)
Specifies maximum rated speed of 54Mbps using the 5GHz spectrum
• IEEE 802.11a
Standard for wireless local area networks (WLANs)
Preserves stable and widely accepted features of 802.11b and increases data transfer rates similar to 802.11a
• IEEE 802.11g
Standard for wireless local area networks (WLANs)
Ratified in 2009
Improvements: speed, coverage area, resistance to interference, and strong security
• IEEE 802.11n
Standard for wireless local area networks (WLANs)
Ratified in early 2014 and has data rates over 7 Gbps
• IEEE 802.11ac
Antenna and radio transmitter/receiver send and receive wireless signals
Bridging software to interface wireless devices to other devices
-Acts as “base station” for wireless network
• Access point (A P) major parts
A WLAN using an A P is operating
• infrastructure mode
Network that are not using an A P operate
Devices can only communicate between themselves and cannot connect to another network
• ad hoc mode
The Wi-Fi Alliance has created a similar technical specification
• Wi-Fi Direct
Used by small offices or home users to connect to the Internet
Features included are A P, firewall, router, dynamic host configuration protocol (D H C P) server, and others
• Residential WLAN gateway
• for WIFI Boundary is known as a
“hard edge”
for WIFI boundries are unknown
“blurred edges”
• WIFI goes up to
460 ft.
- An unauthorized access point that allows an attacker to bypass network security configurations
- Usually set up by an insider (employee)
• Rogue access point
A P set up by an attacker
Attempts to mimic an authorized A P
• Evil twin
An attacker can pick up the R F signal from an open or misconfigured A P
• Intercepting Wireless Data
Also known as “hijacking”
The attacker captures transmitted wireless data, records it, and then sends it on to the original recipient without the attacker’s presence being detected
• Wireless Replay Attack
attackers use intentional R F interference to flood the R F spectrum with enough interference to prevent a device from communicating with the A P
R F jamming
attackers craft a fictitious frame that pretends to come from a trusted client when it actually comes from the attacker
Spoofing
- attackers send a frame with the duration field set to a high value, preventing other devices from transmitting for that period of time
Manipulating duration field values
most home users fail to configure any security on their home networks
• Wireless Home Attacks
An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmissions
Encrypts plaintext into cipher text
• W E P –
Method of controlling WLAN access
Limit a device’s access to AP
• MAC Address Filtering
Addresses exchanged in unencrypted format
Attacker can see address of approved device and substitute it on his own device
Managing large number of addresses is challenging
• Vulnerabilities of MAC address filtering
The user-supplied network name of a wireless network; usually broadcast so that any device can see it
• (S S ID) Service Set Identifier
• (W P A)
Wi-Fi Protected Access
modes of WPA:
W P A Personal
W P A Enterprise
W P A addresses both encryption and authentication
• (T K I P)
Temporal Key Integrity Protocol
Uses a longer 128 bit key than W E P
• (T K I P) Temporal Key Integrity Protocol
• (M I C)
Message Integrity Check
designed to prevent man-in-the-middle attacks
• (M I C) Message Integrity Check
• (P S K)
Preshared Key
Authentication for W P A Personal
After A P configured, client device must have same key value entered
• (P S K) Preshared Key
• (W P A 2)
Wi-Fi Protected Access 2
Two modes of WPA2:
W P A 2 Personal
W P A 2 Enterprise
• (A E S)
Advanced Encryption Standard
performs three steps on every block (128 bits) of plaintext
Within second step, multiple iterations are performed
Bytes are substituted and rearranged
• (A E S) Advanced Encryption Standard
• (C C M P)
The Cipher Block Chaining Message Authentication Code
provides data integrity and authentication
Both C C M P and T K I P use a 128-bit key for encryption
Both methods use a 64-bit M I C value
• (C B C-M A C) The Cipher Block Chaining Message Authentication Code
Originally developed for wired networks
Provides greater degree of security by implementing port-based authentication
Blocks all traffic on a port-by-port basis until client is authenticated
• IEEE 802.1x Authentication
A framework for transporting authentication protocols
Defines message format
• (E A P) Extensible Authentication Protocol
- is Protected E A P
• (PEAP) A common EAP protocol
this product uses digital certificates for authentication
EAP-TLS
what are the 4 types of rouge AP discovery tools
wireless device probe, desktop probe, access point probe, dedicated probe
what are autonomous ap’s that have intelligence required to manage wireless authentication, encryption, and other functions of wireless devices they serve
fat or thick AP’s
what AP’s do not contain all the management and configuration functions of a fat AP
lightweight or this AP’s
what can controller AP’s be managed through
(WLC) Wireless LAN Controllers
where should an antenna and an AP be positioned
near the center of a coverage area placed high on a wall to reduce signal obstructions and deter theft.
what can you do for wireless peripheral protection
updating or replacing any venerable devices, switching to more fully tested Bluetooth mice and keyboards, substitute with a weird mouse or keyboard.
