CH16 Securing Networks

Question 1

What is a Privilege Escalation?

Answer 1

occurs when a user is able to gain the rights of another user or administrator

Question 2

What is a Vertical Privilege Escalation?

Answer 2

goes from a user to an admin account.

Question 3

What is a Horizontal Privilege Escalation?

Answer 3

privilege escalation goes from one user to another user

Question 4

What is a Backdoor?

Answer 4

a way of bypassing normal authentication in a system

Question 5

What are the keys of having a good network security?

Answer 5

An IPS, proper firewall configs, network segmentation, and firmware updates are the keys to having network security

Question 6

What is EMI ?

Answer 6

EMI = Electromagnetic Interference

a disturbance that can affect electrical circuits, devices, and cables due to radiation or electromagnetic conduction.

EMI can be caused by TVs, microwaves, cordless phones, motors, and other devices.

Shielding the cables (Shielded Twisted Pair - STP) or source can minimize EMI.

Question 7

What is RFI?

Answer 7

RFI = Radio Frequency Interference

A disturbance that can affect electrical circuits, devices, and cables due to AM/FM transmissions or cell towers.

RFI causes more problems for wireless networks

Question 8

What is Crosstalk?

Answer 8

occurs when a signal transmitted on one copper wire creates an undesired effect on another wire

Most companies use UTP (Unshielded Twisted Pair cabling) because it’s much cheaper to work with. (vs. Shielded Twisted Pair - STP)

Question 9

What is Data Emanation?

Answer 9

The electromagnetic field generated by a network cable for device when transmitting.

A Faraday cage can be installed to prevent a room from emanating

To capture them, you need a spectrum analyzer

Question 10

What is PDS ?

Answer 10

PDS = protected distribution system

PDS helps you protect network medias. It is a secured system of cable management to ensure that wired network remains free from eavesdropping, tapping, data emanations, and other threats

Question 11

What is SSID?

Answer 11

SSID = Service Set Identifier

Uniquely identifies the network and is the name of the Wireless Access Point (WAP) used by the clients.

For the exam : You should disable the SSID broadcast (hide the name of the Access Point) so that clients have to already know the name of it prior to connecting to it

Question 12

What is Rogue Access Point?

Answer 12

Unauthorized Wireless Access Point (WAP) or Wireless Router that allows access to the secure network. (Hooking up a wireless access point on a port and sending out signal for the devices to connect).

It can introduce its own DHCP server and cause all sorts of other issues.

To prevent this, you should enable MAC filtering on the network, network access control, and run a good IDS or IPS on your network that can detect or prevent these devices when they initially try to connect

Question 13

What is an Evil Twin?

Answer 13

a rogue, counterfeit, and unauthorized WAP with the same SSID as your valid one.

To prevent evil twin from being effective by making sure that all of your wireless clients are configured to use a VPN whenever they connect over Wi-Fi even if they’re connecting to your own Wi-Fi

Question 14

What is Pre-Shared Key?

Answer 14

Same encryption key is used by the access point and the client

Question 15

What is Open Encryption in terms of wireless network?

Answer 15

No security or protection provided

Question 16

What is WEP?

Answer 16

WEP = Wired Equivalent Privacy

Original 802.11 wireless security standard that claims to be as secure as a wired network.

WEP’s weakness is its 24-bit IV (Initialization Vector).

NOT secure

Question 17

What is WPA?

Answer 17

WPA = WiFi Protected Access

Replacement for WEP which uses TKIP, Message Integrity Check (MIC), and RC4 encryption.

WPA was flawed, so it was replaced by WPA2.

Question 18

What is WPA2?

Answer 18

WiFi Protected Access version 2

802.11i standard to provide better wireless security featuring AES with a 128-bit key, CCMP, and integrity checking.

Question 19

What is WPS?

Answer 19

WPS = WiFi Protected Setup

Automated encryption setup for wireless networks at a push of a button, but is severely flawed and vulnerable.

Always disable WPS

Question 20

For wireless Security, what else would you have to do In addition to using WPA2 standard for your encryption?

Answer 20

you should also set up a VPN for your wireless devices.

Encryption and VPNs are always a good idea.

Question 21

What is WAP?

Answer 21

WAP = Wireless Access Points

Wireless security also relies upon proper WAP placement

Question 22

What is Omnidirectional antenna WAP?

Answer 22

WAP = Wireless Access Points

access point is going to radiate out its signal equally in every single direction.

Question 23

What is Bidirectional or unidirectional antenna ?

Answer 23

WAP = Wireless Access Points

controls which direction the signal is actually radiated

Question 24

What signal does Wireless B, G, and N use?

Answer 24

2.4 GHz signal

Question 25

What signal does Wireless A, N, and AC use?

Answer 25

5.0 GHz signal

Question 26

What is Wireless security jamming?

Answer 26

Intentional radio frequency interference targeting your wireless network to cause a denial of service condition.

Wireless site survey software and spectrum analyzers can help identify jamming and interference.

Question 27

What is AP (Access Point) Isolation ?

Answer 27

creates network segment for each client when it connects to prevent them from communicating with other clients on the network

Question 28

What is War Driving Wireless Attack?

Answer 28

Act of searching for wireless networks by driving around until you find them. Attackers can use wireless survey or opensource attack tools. They connect to your network so that they can attack other networks through your network.

Question 29

What is War Chalking Wireless attack?

Answer 29

Act of physically drawing symbols in public places to denote the open, closed and protected networks in range. War chalking digitally is becoming more commonplace

Question 30

What is IV Attack in terms of wireless attack?

Answer 30

attacker observes the operation of a cipher being used with several different keys and finds a mathematical relationship between those keys to determine the clear text data

Question 31

What is WiFi disassociation attack ?

Answer 31

targets an individual client connected to a network, forces it offline by deauthenticating it, and then captures the handshake when it reconnects.

Used as part of an attack on WPA/WPA2

Question 32

What is Brute Force Attack ?

Answer 32

Attacker continually guesses a password until the correct one is found. Brute force will always find the password eventually. It’s just a matter of time and power it is going to take

Question 33

What is WPA3?

Answer 33

Wi-fi Protected Access 3
introduced in 2018 to strengthen WPA2
WPA3 has an equivalent cryptographic strength of 192-bits in WPA3 – Enterprise Mode

Question 34

What encryption does WPA3 Enterprise Mode use?

Answer 34

uses AES-256 encryption with a SHA-384 hash for integrity checking

Question 35

What encryption does WPA3 Personal Mode use?

Answer 35

Uses CCMP-128 as the minimum encryption required for secure connectivity.

Largest improvement in WPA3 is the removal of the Pre-Shared Key (PSK) exchange.

Question 36

What is Simultaneous Authentication of Equals (SAE) ?

Answer 36

a secure password-based authentication and password-authenticated key agreement method. SAE provides forward secrecy

Question 37

What is Perfect Forward Secrecy or Forward Secrecy ?

Answer 37

a feature of key agreement protocols (like SAE) that provides assurance that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised

Question 38

What are the 5 step process that Forward Secrecy goes through?

Answer 38

1. The AP and the client use a public key system to generate a pair of long-term keys
2. The AP and the client exchange a one-time use session key using a secure algorithm like Diffie-Hellman.
3. The AP sends the client messages and encrypts them using the session key created in Step 2.
4. Client decrypts the messages received using the same one-time use session key.
5. The process repeats for every message being sent, starting at Step 2 to ensure forward secrecy.

Question 39

What is Bluejacking ?

Answer 39

sending of unsolicited message to Bluetooth-enabled devices such as mobile phones and tablets.

Bluejacking sends information

Question 40

What is Bluesnarfing?

Answer 40

unauthorized access of information from wireless device through a Bluetooth connection

Bluesnarfing takes information

Question 41

What is RFID?

Answer 41

RFID = Radio Frequency Identification

Devices that use a radio frequency signal to transmit identifying information about the device or token holder.

For the exam: remember that RFID devices can send information from a card to a reader to provide authentication or identification.

Question 42

What is New Field Communication (NFC)

Answer 42

It was invented to minimize the ability to eavesdrop on RFID

NFC allows two devices to transmit information when they’re in close proximity to each other