Chapter 14. Flashcards
What is a rogue access point?
A potential open and unsecured gateway straight into the wired infrastructure that the company wants to protect.
Why do many government agencies ban the usage of ad hoc networks?
Because often computers are plugged into the network via Ethernet. At the same time the wireless radio is turned on, allowing a connection to it or something else. Attackers could use this.
What is MACsec and what is it used for?
Created from The IEEE 802.1AE Media Access Control Security standard. can also be used to secure
the network ports on the wired network. In that case, any new device, including APs, would need to be authenticated to the network prior to being given access.
What is a peer-to-peer attack?
During an an-hoc connection a computer is sharing its data and resources with another PC. The other PC that is connected to it could potentially also gain access to the network through the host PC.
What is client isolation?
is a feature that can often be enabled on WLAN access points or controllers to block wireless clients from communicating with other wireless clients on the
same wireless VLAN. Client isolation, or the various other terms used to describe this feature, usually means that packets arriving at the AP’s wireless interface are not forwarded back out of the wireless interface to other clients. This isolates each user on
the wireless network to ensure that a wireless station cannot be used to gain layer 3 or higher access to another wireless station.
What is casual eavesdropping?
Casual eavesdropping is accomplished by simply exploiting the 802.11 frame exchange methods that are
clearly defined by the 802.11-2012 standard. Software utilities known as WLAN discovery tools exist for the purpose of finding open WLAN networks
What is malicious eavesdropping?
the unauthorized use of 802.11 protocol analyzers to capture wireless communications, is typically considered illegal. Most countries have some type of wiretapping law that makes it a crime to listen in on someone else’s phone conversation. Additionally, most countries have laws making it illegal to listen in on any type of electromagnetic communications, including
802.11 wireless transmissions.
What is the next step that an AP does when you enter a passphase for AP authentication?
That a function is run to convert the passphrase to a Pairwise Master Key (PMK), which is used with the 4-Way Handshake to create the final dynamic encryption keys.
Why is it recommended that AP’s be configured through wire instead of wirelessly?
Policy often dictates that all WLAN infrastructure devices be configured from only the wired side of the network. If an administrator attempts to configure a WLAN device while connected wirelessly, the administrator could lose connectivity due to configuration changes being made. Some WLAN vendors offer secure wireless console connectivity capabilities for troubleshooting and configuration
What is wireless hijacking?
The access point software is configured with the same SSID that is used by a public hotspot access point. The attacker then sends spoofed disassociation or DE authentication frames, forcing users associated with the hotspot AP to roam to the evil twin AP. At this
point, the attacker has effectively hijacked wireless clients at layer 2 from the original AP. The evil twin will have DHCP and be an open authentication AP.
What is a man-in-the-middle attack?
The second WLAN radio is associated to the hotspot access point as a client. Many OS allow Ethernet and wireless to work together and create a bridge. So the attacker deauths and attacks the client to get the wireless AP to connect to the evil twin. The attack then goes through the evil twin, through the laptop bridge, and onto the physical network. .
What is a way to prevent evil twins and man in the middles.
Authentication of the network and the client. 802.1X/EAP
What is intentional jamming?
Intentional jamming attacks occur when an attacker uses some type of signal generator to cause interference in the unlicensed frequency space. Both narrowband and wideband jammers exist that will interfere with 802.11 transmissions, either causing all data to become corrupted or causing the 802.11 radios to continuously defer when performing a clear channel assessment (CCA).
What is unintentional jamming?
Unintentional interference from microwave ovens, cordless phones, and other devices can also cause denial of service. Although unintentional jamming
is not necessarily an attack, it can cause as much harm as an intentional jamming attack
What is the most common DoS attack?
Layer 2 deauth attacks. The most common involves spoofing disassociation or deauthentication. The attacker can edit the 802.11 header and spoof the MAC address of an access point or a client in either the transmitter address (TA) Feld or the receiver address (RA) Feld.