chapter 4 part 2 Flashcards
what is 802.1x?
Port-Based Access Control:
Ethernet security- if a device connects to a port on a switch then the switch is the Gateway and communicates with a server to figure out if the user is legit.
Central authentication server?
a server on the LAN that works with the switch gateway ports and associated devices connected- this server asks for passwords for each device (supplicant) before allowing said device to communicate on the network.
what is the benefit of using a Server (Radius) instead of using a switch as a gateway and authentication on a network?
reduces cost b/c each switch on the network would need to have high processing power and need to be configured with authentication information.
- consistency b/c one database is checked for any connection and this reduces security issues b/c if many databases then one could be mis-configured.
- Immediate changes since just one database is used.
EAP?
Extensible Authentication Protocol
what is the EAP operation?
EAP - Extensible Authentication Protocol:
step 1: EAP start sent to server from switch,
2: server sends EAP request to client (smart card),
3: client responds negative to smart card,
4: EAP Request with MS-CHAP from server to device
5: Supplicant (Device) responds with MS-CHAP response string.
6: Server sends back success EAP to device but goes to switch (Gateway) first and the switch decides how to authenticate the user.
pass-through operation?
when a switch on a LAN passes EAP: Extensible Authentication Protocol information from a server to a supplicant (device on LAN).
Extensibility?
EAP Extensible Authentication Protocol: is Extensible b/c it is able to add new protocols without changing the overall structure of the EAP and no updates are needed to old EAP 802.1x switches. saves $
what is Radius?
a client/ server Protocol used by 802.1x Authentication servers. Also: authenticated users, restricts access and what specific users can/ can not do to files. *works with EAP
if a network is OPEN or if a network if not encrypted/ does not use security/// are both types for anyone to access?
if a network is marked as open then yes anyone can get on it, but if a network does not have security on it then no, only users that have permission can access it.
RFMON?
Radio Frequency Monitoring: a chipset on a client must have this ability if they want to use a sniffer program on wireless networks.
Pomiscuous mode?
a wireless card that is set up in this mode allows an attacker to receive packets that are intended for other wireless users.
whaling>?
focusing attacks on high value targets like CEO’s
Evil twin access point?
a computer that has software on it so it can act like a wireless access point and do a man in the middle attack
how can a DOS attack work on a wireless network?
use CTS/RTS frames. these frames tell the other wireless clients to wait while a message is being transmitted. this causes denial of service to other users.
how does 802.11i work and what is it?
same as 802.1x but over wifi:
*uses a digital certificate between the client and the AP (Outer authentication)- access Point. this is an additional layer of security since wireless signals can be intercepted. then the frames use the EAP to communicate with the Radius server. (inner Authentication)
