Chapter 13 Wireless and Mobile Security

Question 1

What radio bands does WiFI rely on?

Answer 1

2.4GHz and 5GHz bands.

Question 2

WiFi security concerns

Answer 2

WiFi can travel beyond the spaces that an organization owns or controls.

Question 3

WiFi standards/frequencies

Answer 3

802. 11b 2.4GHz
803. 11a 5GHz
804. 11g 2.4GHz
805. 11n 2.4 and 5GHz
806. 11ac 5GHz
807. 11ax 2.4 and 5GHz, additional fq in the 6 GHz band

Question 4

What range does Bluetooth operate in?

Answer 4

2.4GHz

Bluetooth devices are peer to peer, not client-server.

Question 5

Are bluetooth devices secure?

Answer 5

No. While bluetooth supports encryption, it replies on a PIN.

Question 6

What is NFC used for?

What kind of attacks can be used?

Answer 6

very short range, often used for payment terminals.

Interception, replay attacks, spoofing.

Question 7

How does RFID work?

Answer 7

short range, uses a tag and a receiver to exchange info. can be deployed with:

• active tags with their own power source and alway send signals to reader
• semi-active tags which have battery power for their circuits but are activated by the reader.
• passive tags, which are entirely powered by the reader.

Question 8

RFID frequency ranges

Answer 8

Low frequency RFID - short range low power tags (entry access and identification)
High frequency tags - longer range, about 1 meter, faster speed.
Ultra high frequency - fastest to read and longest range. inventory and anti theft uses.

Question 9

RFID attack

Answer 9

RFID tags can be attacked in multiple ways from simple destruction to modification and reprogramming. Tags can be cloned, modified, spoofed, and impersonated.

Question 10

Infared

Answer 10

only works line of sight
supports everything from low bandwidth to gigabit speeds.
usually used for point to point connections between individual devices.
Infared has largely been replaced by bluetooth and wifi

Question 11

GPS

Answer 11

GPS signals can be jammed or spoofed.

Question 12

What is an Evil Twin Attack?

Answer 12

a malicious fake access point that is set up to appear legitimate. once the client connects to the evil twin, the attacker will often provide internet connectivity so the victim does not notice. the attacker can then capture all the victims traffic.

Question 13

What is a Rogue Access Point?

Answer 13

Rogue access points are APs added to your network either intentionally or unintentionally that can offer a point of entry to attackers or other unwanted users.

Wireless IDS can prevent these

Question 14

What is bluejacking vs. bluesnarfing?

Answer 14

Bluejacking simply sends unsolicited messages to bluetooth users.
Bluesnarfiing is unauthorized access to the device, typically aimed at data collection.

Question 15

Best protection against bluetooth attacks?

Answer 15

turn off bluetooth when not in use.

Question 16

RF and Protocol attacks

What is disassociation?

Answer 16

Disassociation is what happens when a device disconnects from an access point. Many attacks work better if the attacker can force the victim to disconnect from the network.

Question 17

How can you force a victim to disassociate from a network?

Answer 17

send a deauthentication frame, which is a specific wireless protocol element that can be sent to the access point by spoofing the victims wireless MAC address.

Question 18

RF and Protocol Attacks: Jamming

Answer 18

Jamming blocks all the traffic in a range or frequency.

Question 19

Wi-Fi Deauther vs Jammer

Answer 19

deauthers are often incorrectly called jammers. a deauther will send deauthentication frames where a jammer will send out powerful traffic to drown out traffic. Jammers are illegal in the US whereas deauthers are not.

Question 20

WAP placement

Answer 20

Wireless access point placement can be decided using a site survey and a heat map. This can be done using a WiFi Analyzer software.

Question 21

WLAN Controllers

Answer 21

Enterprise networks rely on a Wireless LAN (WLAN) controller to help manage access points and networks. Wireless controllers can be hardware devices, cloud service, VM, or software package.

Question 22

Controller/AP Security

Answer 22

Much like other network devices, both controllers and APs need to be configured to be secure by:
changing default settings
disable insecure protocols and services
setting strong passwords
protecting administrative interfaces by placing them on isolated VLANs
ensuring they are regularly patched and updated
monitoring and logging should be turned on

Question 23

Wi-Fi Security standards

Answer 23

WPA-personal uses a preshared key and is often called WPA_PSK
WPA-enterprise relies on a RADIUS authentication server

Question 24

What encryption does WPA2 use?

Answer 24

WPA2 introduced the CCMP protocol, which uses AES encryption.

Question 25

WPA3 security improvments

Answer 25

WPA3 provides SAE (simultaneous authentication of equals), replaces preshared keys and requires validation.
It also provides for network authentication instead of only user authentication.

Question 26

What is perfect forward secrecy?

Answer 26

perfect forward secrecy changes encryption keys regularly so that a single key won’t compromise past or future communications.

Question 27

What are the 3 types of wireless authentication on modern wifi?

Answer 27

Open networks (includes captive portal)
Preshared Keys
Enterprise auth using RADIUS server and EAP

Question 28

Which EAP variant best fits the following:
___ wraps EAP using a TLS tunnel. Devices use unique encryption keys with (temporal key integrity protocol) TKIP implemented to replace keys on a regular basis.

Answer 28

PEAP

Question 29

Which EAP variant best fits the following:
Cisco developed protocol focused on providing faster re-authentication while roaming. Works around public key exchanges that slow down other variants by using a shared secret key for reauthentication. Can use preshared keys or dynamic keys.

Answer 29

EAP-FAST

Question 30

Which EAP variant best fits the following:
___ implements certificate based authentication. Uses certificates on both client and network devices to generate keys that are then used for communications. Used less frequently due to certificate management challenges.

Answer 30

EAP-TLS

Question 31

Which EAP variant best fits the following:
___ extends EAP-TLS and does not require a certificate. Problem is that it requires additional software on some devices whereas PEAP does not while providing similar functionality. There are times it may be implemented due to specific requirements.

Answer 31

EAP-TTLS

Question 32

Mobile device deployment: BYOD vs CYOD

Answer 32

In ‘Bring your own device’ the device is completely yours, you control it. Greatest risk to organizational data.
In ‘Choose your own device’ the organization owns it but you control and maintain it. can make security slightly easier.

Question 33

Mobile device deployment: COPE v. Corporate owned

Answer 33

COPE is corporate owned personally enabled which allows for some personal use on devices while meeting enterprise needs.
Corporate owned provides corporate with complete control but less flexibility

Question 34

What is VDI

Answer 34

virtual desktop infrastructure allows device users to connect to a remote environment, perform actions, and then return to normal device use.

Question 35

What is containerization?

Answer 35

containerization tools help split devices between work and personal use environments, allowing a personal container or work container to be run on the device without mixing data and access.

Question 36

Mobile device management

Answer 36

• Mobile device management (MDM), unified endpoint management (UEM), and mobile application management (MAM) are all tools administrators and security professionals can use.
• Functions include application delivery, configuration, update and version management, performance monitoring and analytics, logging, data gathering.
• Although MAM are in use, MDM and UEM are taking over the market because they provide more control.

Question 37

UEM vs MDM

Answer 37

UEM is more capable than MDM

Question 38

MDM: name the described tool:
This may include deploying specific apps to all devices, limiting which apps can be used, remotely adding or removing applications, or monitoring application usage.

Answer 38

Application Management

Question 39

MDM: name the described tool:
This ensures secure access to files and/or CONTROL of organizational data. A major concern is the combination of business and personal data. This tool helps lock away business data in a controlled space.

Answer 39

Content Management.
note: can be easily confused with containerization or storage segmentation. Pay attention to the subtle differences: content management focuses on secure access and control, whereas containerization and storage segmentation focus on separation.

Question 40

MDM: name the described tool:
This is used when a device is lost or stolen, or when an employee is terminated. Admins must choose between the full version or only targeting organizational data and apps that have been deployed on personal devices. This can be a liability if personal data is accidentally impacted.

Answer 40

Remote Wipe

Question 41

MDM: name the described tool:
This allows you to use the location of a mobile device to make decisions about its operation. Some organizations only allow use inside certain facilities, while others wipe devices if they leave a security perimeter.

Answer 41

Geolocation/Geofencing
note: could be confused with context-aware authentication. the difference is that geolocation focuses on only location, whereas context-aware focuses on behavior, time, and authentication.

Question 42

MDM: name the described tool:
These are normal device security models to prevent unauthorized access. Most common for organizations is the amount of time before a screen locks and requires reauthentication. MDM might also set password length, complexity or require password change intervals.

Answer 42

Screen lock, passwords and PINs

Question 43

MDM: name the described tool:

Widely available on modern mobile devices, fingerprints and facial recognition are common.

Answer 43

Biometrics

Question 44

MDM: name the described tool:
This goes beyond PINs passwords and biometrics to better reflect user behavior. This may include location, hours of use, and a wide range of other behaviors.

Answer 44

Context-aware authentication
note: this will distinguish itself from geolocation and screen lock passwords pins by its depth, going beyond each of the other options.

Question 45

MDM: name the described tool:
Increasingly common to separate work and personal use on mobile devices. Greatly reduces the risk of cross contamination and exposure of sensitive data.

Answer 45

Containerization

Question 46

MDM: name the described tool:
can be used to keep personal and business data separate. This may include separate volumes of data that may require encryption. This and containerization can be combined.

Answer 46

Storage Segmentation

Question 47

MDM: name the described tool:

This is used to ensure stolen or lost devices do not result in a breach.

Answer 47

FDE

most effective when combined with remote wipe capabilities.

Question 48

MDM: describe the tool:

can be useful to alert users of issues or ask them to perform actions

Answer 48

Push notifications

Question 49

What is carrier unlocking?

Answer 49

allows phones to be used with other cellular providers

Question 50

What is sideloading?

Answer 50

manually installing programs or custom firmware on a device, typically after jailbreaking or rooting.

Question 51

What is a microSD HSM?

Answer 51

Same as other HSMs, they are hardware devices used to store and manage passwords and cryptographic keys in a very small form factor.

Question 52

What is SEAndroid?

Answer 52

SEAndroid provides the ability to enforce Mandatory Access Control over traditional Discretionary Access Control on Android devices.

Question 53

Which wifi standard introduced CCMP?

Answer 53

WPA2

Question 54

Which wifi standard introduced SAE?

Answer 54

WPA3