chapter 4 part 2

Question 1

what is 802.1x?

Answer 1

Port-Based Access Control:
Ethernet security- if a device connects to a port on a switch then the switch is the Gateway and communicates with a server to figure out if the user is legit.

Question 2

Central authentication server?

Answer 2

a server on the LAN that works with the switch gateway ports and associated devices connected- this server asks for passwords for each device (supplicant) before allowing said device to communicate on the network.

Question 3

what is the benefit of using a Server (Radius) instead of using a switch as a gateway and authentication on a network?

Answer 3

reduces cost b/c each switch on the network would need to have high processing power and need to be configured with authentication information.

• consistency b/c one database is checked for any connection and this reduces security issues b/c if many databases then one could be mis-configured.
• Immediate changes since just one database is used.

Question 4

EAP?

Answer 4

Extensible Authentication Protocol

Question 5

what is the EAP operation?

Answer 5

EAP - Extensible Authentication Protocol:
step 1: EAP start sent to server from switch,
2: server sends EAP request to client (smart card),
3: client responds negative to smart card,
4: EAP Request with MS-CHAP from server to device
5: Supplicant (Device) responds with MS-CHAP response string.
6: Server sends back success EAP to device but goes to switch (Gateway) first and the switch decides how to authenticate the user.

Question 6

pass-through operation?

Answer 6

when a switch on a LAN passes EAP: Extensible Authentication Protocol information from a server to a supplicant (device on LAN).

Question 7

Extensibility?

Answer 7

EAP Extensible Authentication Protocol: is Extensible b/c it is able to add new protocols without changing the overall structure of the EAP and no updates are needed to old EAP 802.1x switches. saves $

Question 8

what is Radius?

Answer 8

a client/ server Protocol used by 802.1x Authentication servers. Also: authenticated users, restricts access and what specific users can/ can not do to files. *works with EAP

Question 9

if a network is OPEN or if a network if not encrypted/ does not use security/// are both types for anyone to access?

Answer 9

if a network is marked as open then yes anyone can get on it, but if a network does not have security on it then no, only users that have permission can access it.

Question 10

RFMON?

Answer 10

Radio Frequency Monitoring: a chipset on a client must have this ability if they want to use a sniffer program on wireless networks.

Question 11

Pomiscuous mode?

Answer 11

a wireless card that is set up in this mode allows an attacker to receive packets that are intended for other wireless users.

Question 12

whaling>?

Answer 12

focusing attacks on high value targets like CEO’s

Question 13

Evil twin access point?

Answer 13

a computer that has software on it so it can act like a wireless access point and do a man in the middle attack

Question 14

how can a DOS attack work on a wireless network?

Answer 14

use CTS/RTS frames. these frames tell the other wireless clients to wait while a message is being transmitted. this causes denial of service to other users.

Question 15

how does 802.11i work and what is it?

Answer 15

same as 802.1x but over wifi:
*uses a digital certificate between the client and the AP (Outer authentication)- access Point. this is an additional layer of security since wireless signals can be intercepted. then the frames use the EAP to communicate with the Radius server. (inner Authentication)

Question 16

what is EAP-TLS?

Answer 16

EAP-TLS: supplicant needs a digital certificate- expensive.

• PEAP: Protective EAP: any lvl of authentication can be selected.
• *both used as extended EAP for wireless EAP or 802.11i