Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CWNA > CWSP 206 > Flashcards

CWSP 206 Flashcards

1
Q

Authentication

A
  • Authentication is the first of two steps required to connect to a 802.11 BSS
  • Both Authentication and Association must occur, in that order, before a client can pass traffic on a 802.11 BSS
  • Authentication happens at Layer 2 of the OSI model
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Open System Authentication

A
  • Open System Authentication is the only pre-RSNA security mechanism that has not been deprecated
  • Clients authenticate w/o the need of verification
  • Uses a 2 frame management exchange
  • Authentication result is called a “null authentication”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WEP

A
  • WEP (Wired Equivalent Protocol) is an optional method that can be used w/ Open System Authentication
  • Not designed for authentication, but rather to provide data privacy
  • WEP is a Layer 2 encryption method that uses ARC4 streaming cipher
  • WEP is only used to encrypt layers 3 - 7 (MSDU - MAC Service Data Unit) of the OSI model
  • WEP encryption had three goals of:
    Confidentiality
    Access Control
    Data Integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IV Collisions Attack

A
  • IV (Initialization Vector) collision attacks is considered one of WEP’s weaknesses
  • The 24-bit IV is in cleartext and a new IV is generated for every transmitted frame
  • If WEP is used for the WLAN, and the WEP-encrypted network is busy an IV Collision can occur due to the limited size of the IV (24-bit)
  • An attacker can recover the secret key being used to encrypt the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Weak Key Attack

A
  • Weak key attacks are another known as another weakness of WEP-encrypted networks
  • Because of ARC4 key-scheduling algorithm, weak IV keys are generated
  • Attackers can recover the secret key much easier
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Reinjection Attack

A
  • Reinjection attacks are a weakness of WEP-encrypted networks
  • Tools for hackers exist that implement a packet reinjection attack to accelerate the collection of weak IVs on a network with little traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Bit-Flipping Attack

A
  • Bit-Flipping attacks are a weakness of WEP-encrypted networks
  • The ICV data integrity check is considered weak and WEP-encrypted packets can be tampered with
  • WEP cracking tools use a combination of reinjection, weak key, and IV collision attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

TKIP

A
  • Temporal Key Integrity Protocol is a layer 2 security protocol that was created to replace WEP
  • TKIP uses the RC4 algorithm for encryption and decryption
  • TKIP adds 20 bytes of overhead to an 802.11 data frame totaling up to 2324 bytes
  • TKIP uses dynamically created encryption keys as opposed to statics keys used via WEP
  • Uses a 4-way handshake
  • TKIP was designed to defeat replay attacks
  • TKIP can either be a Pairwise Transient Key (PTK) or a Group Temporal Key (GTK)
  • TKIP has been deprecated even though it’s defined in the 802.11-2012 standard due to security risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Shared Key Authentication

A
  • Shared key authentication uses WEP to authenticate client stations and requires a static WEP kep be configured on both the client and AP
  • Authentication will NOT work if WEP keys are a mismatch on either side
  • Shared key authentication is a four-way frame exchange
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Symmetric Algorithm

A
  • When using a symmetric algorithm, the key used to encrypt the plaintext is the same key used to decrypt the ciphertext
  • WEP, TKIP, and CCMP are all methods that use symmetric algorithms
  • Symmetric algorithms require less CPU power than asymmetric
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Asymmetric Algorithm

A
  • Asymmetric algorithms used a pair of keys. One key is used for encryption while another key is used for decryption
  • The key used for decryption is also known as the private key
  • The key used for encryption is known as the public key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Stream Cipher

A

A stream cipher is a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream called the keystream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Block Cipher

A
  • A block cipher is a symmetric key cipher where plaintext bits are combined in blocks of data
  • Example: RC4/RC5/DES/3DES/AES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

WLAN Encryption Methods

A
  • Encryption methods for WLAN are defined at L2
  • Also known as MPDU (MAC Protocol Data Unit)
  • The encryption will make the cipher text portion (MSDU) or MAC Service Data Unit and encapsulate it with the MAC and FCS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

MIC

A
  • Message Integrity Code
  • Also known as “Michael” and is considered as a integrity protocol used with TKIP
  • Designed to stop bit-flipping, redirection, or impersonation attacks
  • 8 bytes in size and appended to the end of the MSDU
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

TKIP MPDU

A
  • First 32 bytes are the MAC header
  • The encrypted frame is made up of the following:
    Initialization Vector (IV)/Key ID - 4 bytes
    Extended IV - 4 bytes
    MSDU payload - 0 - 2304 bytes
    MIC - 8 bytes
    ICV - 4 bytes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

CCMP

A
  • CCMP operates at layer 2 of the OSI model and uses AES cipher for encryption
  • Counter Mode with Cipher-Block Chaining Message Authentication Code Protocol
  • Part of the 802.11i amendment to replace TKIP and WEP
  • CCMP is mandantory for a RSN (Robust Security Network)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

RC4/ARC4

A
  • RC4 is a stream cipher known as Ron’s Code or Rivest Cipher
  • RC4/ARC4 is widely used in WEP and SSL
  • RC4/ARC4 is not recommended for use in newer networks due to its weaknesses in the cipher
19
Q

Layer 3 VPN Technologies

A
  • Point-to-Point Tunneling Protocol (PPTP)

- Internet Protocol Security (IPSec)

20
Q

RC5

A
  • Rivest Cipher 5 is a symmetric block cipher designed in 1994
  • RC5 allows for a variable block size, key size, and number of rounds
  • Block size can be set to 32, 64, or 128 bits
  • Key size can range from 0 to 2040 bits
  • The number of rounds can range from 0 to 255
21
Q

DES

A
  • Data Encryption Standard is a symmetric block cipher developed in the early 1970s
  • DES uses a 56 bit symmetric key
  • DES is now considered to be insecure due to the small key size
  • DES has a 64 bit block size, 8 bits are used for checking parity
22
Q

3DES

A
  • Triple Data Encryption Algorithm (3DES) is a symmetric block cipher published in 1998
  • 3DES uses a key bundle which consists of 3 DES keys (K1, K2, K3) and each effective key length is 56 bits
  • 8 bits are used for checking parity, similar to DES
  • 3DES performs 48 DES-equivalent rounds on each block
23
Q

AES

A
  • Advanced Encryption Standard is a symmetric block cipher that supports key sizes of 128, 192, and 256 bits
  • AES is used by the 802.11 encryption protocol CCMP
  • AES uses a fixed block size of 128 bits
  • Number of rounds performed on the block varies on the key size (128, 192, 256)
  • AES-128 performs 10 rounds, AES-192 performs 12 rounds, AES-256 performs 14 rounds
24
Q

802.11 Data Frame

A
  • An 802.11 data frame is also known as MAC Protocol Data Unit (MPDU)
25
Q

CCMP MPDU

A
  • Similar to a TKIP MPDU
  • Packet Number (PN) is a 48-bit number that uniquely identifies a frame
  • Nonce is a random numerical value that’s 104 bits in size
  • AAD (Additional Authentication Data) is additional information constructed from portions of the MPDU and enforces data integrity
26
Q

AAA

A
  • Authentication: Is the verification of user identity and credentials
  • Authorization: Involves granting access to network resources and services, Authentication MUST take place before Authorization
  • Accounting: Is tracking the use of network resources by users and devices
27
Q

802.1X Framework Components

A
  • Supplicant: A host with software that is requesting authentication and access to network resources. Supplicants are often identified as laptops or wireless devices trying to access the wireless network
  • Authenticator: A device that blocks or allows traffic to pass through its port entity. Authenticators are often identified as either an AP or WLAN controller
  • Authentication Server: A server that validates the credentials of the supplicant that is requesting access and notifies the authenticator that the supplicant has been authorized
28
Q

Shared Secret

A

A shared secret is used between the authenticator (AP) and the authentication server for the RADIUS protocol exchange

29
Q

PAP

A
  • Password Authentication Protocol is considered a Legacy Authentication Protocol
  • Defined in RFC 1334
  • It was originally designed for use with Point-to-Point Protocol (PPP) and provides no protection to the peer identity
30
Q

CHAP

A
  • Challenge Handshake Authentication Protocol was defined in 1994 and is more evolved than PAP
  • CHAP is used with PPP and the password of the user identity is encrypted with an MD5 hash
31
Q

MS-CHAP

A
  • Microsoft Challenge Handshake Authentication Protocol uses a hash of the password in a transmitted user identity
  • Microsoft proprietary
  • Defined in RFC 2433
32
Q

MS-CHAPv2

A
  • Version 2 of MS-CHAP
  • Defined in RFC 2759 and released with Microsoft Windows 2000
  • Uses a stronger hashing algorithm and supports mutual authentication during MS-CHAPv2 exchange
33
Q

EAP

A
  • Extensible Authentication Protocol
  • Defined in IETF RFC 2284
  • EAP is a layer 2 protocol that’s very flexible
  • EAP messages are encapsulated in EAP over LAN (EAPOL) frames
  • EAP can work in either one-way or two-way communication
34
Q

EAPOL Message Types

A
  • There are five major types of EAPOL messages
  • EAP-Packet
    Encapsulated EAP frame. Packet type is known as 0000 0000
  • EAPOL-Start
    This is an optional frame that the supplicant can use to start the EAP process. Packet type is known as 0000 0001
  • EAPOL-Logoff
    This frame terminates an EAP session and shuts down virtual ports. Packet type is known as 0000 0010
  • EAPOL-Key
    This frame is used to exchange dynamic keying information and is used during the 4-way handshake. Packet type is known as 0000 0011
  • EAPOL-Encapsulated-ASF-Alert
    This frame is used to send alerts, such as SNMP traps to the virtual ports. Packet type known as 0000 0100
35
Q

EAP-MD5

A
  • EAP-MD5 is considered a weak EAP protocols based on today’s security protocols for EAP
  • EAP-MD5 weaknesses were the following:

One-Way Authentication, only the supplicant is validated and not the server

Username in Cleartext, the supplicant’s username is always seen in clear text

Weak MD5 Hash, the supplicant password is hashed using the MD5 algorithm and wasn’t designed to be used over a wireless medium

36
Q

EAP-LEAP

A
  • EAP-LEAP (Lightweight Extensible Authentication Protocol) was introduced in 2000
  • LEAP was used to generate dynamic WEP keys
  • LEAP uses a similar hashing algorithm as MS-CHAP and MS-CHAPv2
  • EAP-LEAP does have security weaknesses that are the following:

Username in Cleartext, the supplicant’s usersname is seen in cleartext in the initial EAP-Response. LEAP is vulnerable to social engineering attacks

Weak MS-CHAPv2 Hash, the supplicant password is hashed using MS-CHAPv2 which has been found to be vulnerable. LEAP is vulnerable to offline dictionary attacks

37
Q

EAP-PEAP

A
  • EAP Protected Extensible Authentication Protocol is the most common and widely supported EAP protocol
  • EAP-PEAP creates an encrypted TLS tunnel after the supplicant’s inner identity is validated
  • EAP-PEAP has three versions:

EAP-PEAPv0 (EAP-MSCHAPv2)

EAP-PEAPv0 (EAP-TLS)

EAP-PEAPv1 (EAP-GTC)

38
Q

RSNA

A
  • Robust Security Network Associations
  • A RSNA requires two 802.11 stations (STAs) to establish procedures to authenticate and associate with each other
  • Dynamic encryption are generated as well through the 4-Way Handshake process
39
Q

RSN

A
  • Robust Security Network
  • RSN is a network that allows for the creation of only robust security network associations (RSNA)
  • A BSS where all STAs are using TKIP/ARC4 or CCMP/AES dynamic keys for encryption
40
Q

RSNIE

A
  • Robust Security Network Information Element
  • RSNIE is often referred to simply as RSN Information Element
  • RSNIE is an optional field of variable length that’s found in 802.11 management frames
    -The RSNIE can identify the encryption capabilities of a station
  • RSNIE is found in four different 802.11 management frames:
    Beacon management frames
    Probe response frames
    Association request frames
    Re-association request frames
41
Q

AKM

A
  • Authentication and Key Management
  • AKM services consist of a set of one or more algorithms designed to provide authentication and key management
  • EAP protocols are used during AKM services
42
Q

AKMP

A
  • Authentication and Key Management Protocol
  • AKMP can either be a preshared key (PSK) or an EAP protocol used during 802.1X authentication.
  • There’s a third type of AKMP called Simultaneous Authentication of Equals (SAE) which could be the replacement of PSK authentication
43
Q

Dynamic WEP

A
  • Dynamic WEP known as a proprietary solution
  • Keys are generated per session per user
  • Every user has a different key
  • Dynamic WEP can still be cracked but less chance of social engineering
44
Q

WMM

A
  • Wi-Fi Multimedia is based on the QoS mechanisms that were originally defined in the IEEE 802.11e amendment
  • WMM enabled Wi-Fi networks to prioritize traffic generated by different applications

CWNA (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions