Chapter 14.

Question 1

What is a rogue access point?

Answer 1

any wireless access point that has been installed on a network’s wired infrastructure without the consent of the network’s administrator or owner, thereby providing unauthorized wireless access to the network’s wired infrastructure.

A potential open and unsecured gateway straight into the wired infrastructure that the company wants to protect.

Question 2

Why do many government agencies ban the usage of ad-hoc networks?

Answer 2

Often computers are plugged into the network via Ethernet at the same time the wireless radio is turned on, allowing a connection to it or something else. Attackers could use this.

Question 3

What is MACsec and what is it used for?

Answer 3

Created from The IEEE 802.1AE Media Access Control Security standard. can also be used to secure
the network ports on the wired network. In that case, any new device, including APs, would need to be authenticated to the network prior to being given access.

Question 4

What is a peer-to-peer attack?

Answer 4

During an an-hoc connection a computer is sharing its data and resources with another PC. The other PC that is connected to it could potentially also gain access to the network through the host PC.

Question 5

What is client isolation?

Answer 5

is a feature that can often be enabled on WLAN access points or controllers to block wireless clients from communicating with other wireless clients on the
same wireless VLAN. Client isolation, or the various other terms used to describe this feature, usually means that packets arriving at the AP’s wireless interface are not forwarded back out of the wireless interface to other clients. This isolates each user on
the wireless network to ensure that a wireless station cannot be used to gain layer 3 or higher access to another wireless station.

Question 6

What is casual eavesdropping?

Answer 6

Casual eavesdropping is accomplished by simply exploiting the 802.11 frame exchange methods that are
clearly defined by the 802.11-2012 standard. Software utilities known as WLAN discovery tools exist for the purpose of finding open WLAN networks

Question 7

What is malicious eavesdropping?

Answer 7

the unauthorized use of 802.11 protocol analyzers to capture wireless communications, is typically considered illegal. Most countries have some type of wiretapping law that makes it a crime to listen in on someone else’s phone conversation. Additionally, most countries have laws making it illegal to listen in on any type of electromagnetic communications, including
802.11 wireless transmissions.

Question 8

What is the next step that an AP does when you enter a passphase for AP authentication?

Answer 8

That a function is run to convert the passphrase to a Pairwise Master Key (PMK), which is used with the 4-Way Handshake to create the final dynamic encryption keys.

Question 9

Why is it recommended that APs be configured through wired VTY instead of wirelessly?

Answer 9

Policy often dictates that all WLAN infrastructure devices be configured from only the wired side of the network. If an administrator attempts to configure a WLAN device while connected wirelessly, the administrator could lose connectivity due to configuration changes being made. Some WLAN vendors offer secure wireless console connectivity capabilities for troubleshooting and configuration

Question 10

What is wireless hijacking?

Answer 10

The access point software is configured with the same SSID that is used by a public hotspot access point. The attacker then sends spoofed disassociation or DE authentication frames, forcing users associated with the hotspot AP to roam to the evil twin AP. At this
point, the attacker has effectively hijacked wireless clients at layer 2 from the original AP. The evil twin will have DHCP and be an open authentication AP.

Question 11

What is a man-in-the-middle attack?

Answer 11

The second WLAN radio is associated to the hotspot access point as a client. Many OS allow Ethernet and wireless to work together and create a bridge. So the attacker deauths and attacks the client to get the wireless AP to connect to the evil twin. The attack then goes through the evil twin, through the laptop bridge, and onto the physical network. .

Question 12

What is a way to prevent evil twins and man in the middles.

Answer 12

Mutual Authentication between the network and the client. 802.1X/EAP

Question 13

What is intentional jamming?

Answer 13

Intentional jamming attacks occur when an attacker uses some type of signal generator to cause interference in the unlicensed frequency space. Both narrowband and wideband jammers exist that will interfere with 802.11 transmissions, either causing all data to become corrupted or causing the 802.11 radios to continuously defer when performing a clear channel assessment (CCA).

Question 14

What is unintentional jamming?

Answer 14

Unintentional interference from microwave ovens, cordless phones, and other devices can also cause denial of service. Although unintentional jamming
is not necessarily an attack, it can cause as much harm as an intentional jamming attack

Question 15

What is the most common DoS attack?

Answer 15

Layer 2 deauth attacks. The most common involves spoofing disassociation or deauthentication. The attacker can edit the 802.11 header and spoof the MAC address of an access point or a client in either the transmitter address (TA) Field or the receiver address (RA) Field.

Question 16

What is management frame protection (MFP) mechanisms?

Answer 16

An 802.11w-2009 amendment for the prevention of spoofing 802.11 management frames.

Question 17

What are robust management frames that was created in 802.11w? Worked with frame protection?

Answer 17

Robust management frames can be protected by the management frame protection service and include disassociation, deauthentication, and robust action frames. Action frames are used to request a station to take action on behalf of another station, and not all action frames are robust.

Question 18

What is the best tool to discover a layer 1 DoS?

Answer 18

Spectrum Analyzer.

Question 19

What is the best tool to discover a layer 2 DoS?

Answer 19

Protocol Analyzer.

Question 20

What are the 3 components that make up a WIDS (Wireless Intrusion Detection System)?

Answer 20

1. WIDS server.
2. Management Consoles
3. Sensors.

Question 21

What is a WIDS server?

Answer 21

A WIDS server is a software server or hardware server appliance acting as a central point of monitoring security and performance data collection. The server uses signature analysis, behavior analysis, protocol analysis, and RF spectrum analysis to detect
potential threats.

Question 22

What is a WIDS Management Console?

Answer 22

A software-based management console is used to communicate back to a WIDS server from a desktop station. The management console is the software
interface used for administration and configuration of the server and sensors.

Question 23

What is a WIDS sensor?

Answer 23

Hardware- or software-based sensors may be placed strategically to listen to and capture all 802.11 communications. Sensors are the eyes and ears of a WIDS monitoring solution. Sensors use 802.11 radios to collect information used in securing and analyzing
WLAN traffic. Devices are in constant listening mode.

Question 24

What are the 3 WIDS design models?

Answer 24

1. Overlay
2. Integrated
3. Integration Enabled.

Question 25

What is an Overlay WIDS system?

Answer 25

Overlay The most secure model is an overlay WIDS that is deployed on top of the existing
wireless network. This model uses an independent vendor’s WIDS and can be deployed to
monitor any existing or planned WLAN.

Question 26

What is an integrated WIDS system?

Answer 26

Most WLAN vendors have fully integrated WIDS capabilities. A centralized WLAN controller or a centralized network management server (NMS) functions as the IDS server. Access points can be configured in a full-time sensor-only mode or can act as
part-time sensors when not transmitting as access points. They use off channel scanning.

Question 27

What is an integrated WIDS solution?

Answer 27

Wireless Intrusion Detection System

Wi-Fi vendors often integrate their APs and management systems with the major WIDS vendors. The Wi-Fi vendor’s APs integrate software code that can be used to turn the APs into sensors that will communicate with the third-party WIDS server.
Standalone or controller-based APs can be converted into full-time sensors that gather security monitoring information for a separate third-party WIDS server

Question 28

What is one method of containing rogue AP’s by WIPS?

Answer 28

One of the most common methods is to use spoofed deauthentication frames. As shown in Figure 14.12, the WIPS will have the sensors go active and begin
transmitting deauthentication frames that spoof the MAC addresses of the rogue APs and rogue clients. The WIPS uses a known layer 2 denial-of-service attack as a countermeasure. The effect is that communications between the rogue AP and clients are rendered useless. This countermeasure can be used to disable rogue APs, individual client stations, and rogue ad-hoc networks.

Question 29

What is a general wireless policy?

Answer 29

A general wireless security policy establishes why a wireless security policy is needed for an organization.

Question 30

What is Sarbanes-Oxley?

Answer 30

The Sarbanes-Oxley Act of 2002 defines stringent controls on corporate accounting and auditing procedures with a goal of corporate responsibility and enhanced financial disclosure.

Question 31

What is GLBA?

Answer 31

requires banks and financial institutions to notify customers of policies and practices disclosing customer information. The goal is to protect personal information such as credit card numbers, Social Security numbers, names, addresses, and so forth

Question 32

What is PCI (Payment Card Industry) compliance?

Answer 32

Protection of credit cards and the data.