Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COMPTIA - Sec+ Textbook > Lesson 10: Installing and Configuring Wireless and Physical Access Security > Flashcards

Lesson 10: Installing and Configuring Wireless and Physical Access Security Flashcards

1
Q

wireless networking

A
  • uses electromagnetic radio waves to carry data signals over the air
  • “unguided media”
  • wireless networks configured in one of two modes:
    • Ad hoc—the wireless adapter allows connections to and from other devices (a peer-to-peer WLAN). In 802.11 documentation, this is referred to as an independent basic service set (IBSS).

• Infrastructure—the adapter is configured to connect through an access point (AP) to other wireless and wired devices (according to 802.11 documentation, basic service set, BSS | more than one BSS can be grouped in an extended service set (ESS))

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

service set identifier (SSID)

A
  • all wireless devices operating on a WLAN must be configured with the same network name, referred to as the service set identifier (SSID)
  • when multiple access points are grouped into an extended service set, this is more properly called the extended SSID (ESSID)
  • this just means that all the APs are configured with the same SSID
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

wireless controller

A
  • allow for centralized management and monitoring of the access points on the network
  • this may be achieved through use of a dedicated hardware device (a wireless controller), which typically implements the required functionality through additional firmware in a network switch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

fat AP

A

access point whose firmware contains enough processing logic to be able to function autonomously and handle clients without the use of a wireless controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

thin AP

A

one that requires a wireless controller in order to function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

lightweight access point protocol (LWAPP)

A
  • Cisco wireless controllers usually communicate with the access points
  • allows an AP configured to work in lightweight mode to download an appropriate SSID, standards mode, channel, and security configuration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

control and provisioning of wireless access points (CAPWAP)

A

alternatives to LWAPP include the derivative control and provisioning of wireless access points (CAPWAP) protocol or a proprietary protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

VLAN pooling

A
  • automated VLAN pooling ensures that the total number of stations per VLAN is kept within specified limits, reducing excessive broadcast traffic
  • another function of a hardware controller is to supply power to wired access points, using Power over Ethernet (PoE)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

bands

A

Wi-Fi products work in either the 2.4 GHz band or the 5 GHz band

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

802.11a

A

legacy products working in the 5 GHz band only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

802.11bg

A

legacy products working in the 2.4 GHz band only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

802.11n

A

products can be either dual band (supporting both 2.4 GHz and 5 GHz operation) or 2.4 GHz only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

802.11ac

A

Most access points supporting 802.11ac are dual band but use the 2.4 GHz band for legacy clients (802.11bgn) only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

rubber ducky antennas

A

plastic-coated variants often used on access points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

directional antennas

A
  • extend signal range at a particular point (gain, measured in dBi (decibel isotropic)
  • directional antennas:
  • Yagi, bar with fins
  • parabolic (dish or grid) antennas, useful for point-to-point connections (wireless bridge)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

access point and antenna placement considerations

A
  • device supporting the Wi-Fi standard should have a maximum indoor range of up to about 30m (100 feet), though the weaker the signal, the lower the data transfer rate
  • radio signals pass through solid objects, such as ordinary brick or drywall walls, but can be weakened or blocked by particularly dense or thick material and metal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

coverage

A
  • means that the WLAN delivers acceptable data rates to the supported number of devices in all the physical locations expected
  • to maximize coverage and minimize interference, position the AP as high as possible and set the channels of other nearby APs to different settings
  • at least 25 MHz spacing should be allowed between channels to operate without co-channel interference (CCI)
  • 2.4 GHz band no more than three nearby 802.11b/g access points can have non-overlapping channels
  • 5 GHz band for 802.11a or 802.11n/ac, the best option is usually to allow the AP to auto-detect the best channel (can obtain more bandwidth with the option to use two adjacent 20 MHz channels as a single 40 MHz channel (channel bonding))
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

site survey

A
  • process of selecting optimum positions for access points and antennas by analyzing the building infrastructure and testing signal strength at different locations
  • rom a security perspective, an additional step would be to use the plan of WLAN zones to identify areas where there is leakage of signals. Depending on the level of security required, you may then want to install shielding at strategic locations to contain the WLAN zones
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

signal strength

A
  • amount of power used by the radio in an access point or station
  • simply increasing power output is not always reliable. As you increase power, you also increase the chance of the signal bouncing, causing more interference, especially if there are multiple APs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

received signal strength indicator (RSSI)

A
  • shows the strength of the signal from the transmitter

- relative indicator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

war driving

A
  • to turn the power output on an AP down and ensure strategic AP device placement to prevent war driving
  • main problem with this approach is that it requires careful configuration to ensure that there is acceptable coverage for legitimate users
  • can also expose yourself slightly to “evil twin” attacks, as users may expect to find the network at a given location and assume that the rogue AP is legitimate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

MAC filtering

A

means specifying which MAC addresses are allowed to connect to the AP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

data emanation

A

as unguided media, wireless networks are subject to data emanation or signal “leakage.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Wired Equivalent Privacy (WEP)

A
  • original encryption scheme and still supported on old and new devices
  • encryption system, based on the RC4 cipher, is flawed and WEP should no longer be used, if at all possible
  • main problem with WEP is the 24-bit initialization vector (IV). The IV is supposed to change the key stream each time it is used
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

WEP cracking

A
  • laws in WEP allow attackers using WEP cracking tools, such as Aircrack-NG (https://aircrack-ng.org) or AirSnort (https://airsnort.soft112.com), to decrypt and eavesdrop traffic
  • to crack WEP, a type of replay attack is used to make the access point generate lots of packets, usually by replaying ARP packets at it, and cycle through IV values quickly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Wi-Fi Protected Access (WPA)

A
  • first version of Wi-Fi Protected Access (WPA) was designed to fix the security problems with WEP
  • version 1 of WPA still uses the RC4 cipher but adds a mechanism called the Temporal Key Integrity Protocol (TKIP) to make it stronger
  • TKIP fixes the checksum problem in WEP (Message Integrity Check), uses a larger IV (48-bit) to ensure a unique keystream, transmits it as an encrypted hash rather than in plaintext, and adds a sequence counter to resist replay attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

WPA2

A
  • fully compliant with the 802.11i WLAN security standard
  • main difference to the original iteration of WPA is the use of Advanced Encryption Standard (AES) for encryption
  • AES is stronger than RC4/TKIP
  • AES is deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
  • AES replaces RC4 and CCMP replaces TKIP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Pre-Shared Key (PSK)

A
  • means using a passphrase to generate the key that is used to encrypt communications
  • also referred to as group authentication because a group of users share the same secret
29
Q

open authentication

A
  • means that the client is not required to authenticate
  • this mode would be used on a public AP (or “hotspot”)
  • data sent over the link is unencrypted
  • open authentication may be combined with a secondary authentication mechanism managed via a browser
  • when the client associates with the open hotspot and launches the browser, the client is redirected to a captive portal or splash page
  • will allow the client to authenticate to the hotspot provider’s network (over HTTPS, so the login is secure)
  • portal may also be designed to enforce terms and conditions and/or take payment to access the Wi-Fi service
30
Q

Virtual Private Network (VPN)

A
  • user would associate with the open hotspot then start the VPN connection
  • creates an encrypted “tunnel” between the user’s computer and the VPN server
  • allows the user to browse the web or connect to email services without anyone eavesdropping on the open Wi-Fi network being able to intercept those communications
31
Q

Wi-Fi Protected Setup (WPS)

A
  • to use WPS, both the access point and wireless station (client device) must be WPS-capable
  • devices will have a pushbutton
  • activating this on the access point and the adapter simultaneously will associate the devices using a PIN, then associate the adapter with the access point using WPA2
  • system generates a random SSID and PSK
  • vulnerable to a brute force attack
32
Q

Extensible Authentication Protocol (EAP)

A
  • designed to support different types of authentication within the same overall topology of devices
  • EAP framework involves three components
    • Supplicant—this is the client requesting authentication.
  • Authenticator—this is the device that receives the authentication request (such as a remote access server or wireless access point). The authenticator establishes a channel for the supplicant and authentication server to exchange credentials using the EAP over LAN (EAPoL) protocol. It blocks any other traffic.
  • Authentication Server—the server that performs the authentication (typically an AAA server)
33
Q

EAP-TLS

A
  • currently considered the strongest type of authentication and is very widely supported
  • an encrypted Transport Layer Security (TLS) tunnel is established between the supplicant and authentication server using public key certificates on the authentication server and supplicant
  • as both supplicant and server are configured with certificates, this provides mutual authentication
  • supplicant will typically provide a certificate using a smart card or a certificate could be installed on the client PC, possibly in a Trusted Platform Module (TPM)
34
Q

Protected Extensible Authentication Protocol (PEAP)

A
  • in Protected Extensible Authentication Protocol (PEAP), as with EAP-TLS, an encrypted tunnel is established between the supplicant and authentication server, but PEAP only requires a server-side public key certificate
  • supplicant does not require a certificate
  • with the server authenticated to the supplicant, user authentication can then take place through the secure tunnel with protection against sniffing, password-guessing/dictionary, and Man-in-the-Middle attacks
35
Q

EAP-Tunneled TLS (EAP-TTLS)

A
  • similar to PEAP
  • uses a server-side certificate to establish a protected tunnel through which the user’s authentication credentials can be transmitted to the authentication server
  • main distinction from PEAP is that EAP-TTLS can use any inner authentication protocol (PAP or CHAP, for instance), while PEAP must use EAP-MSCHAP or EAP-GTC
36
Q

Lightweight EAP (LEAP)

A
  • tries to resolve weaknesses in Wired Equivalent Privacy (WEP) and represents a very early implementation of EAP
  • when a client connects to an access point (the authenticator), it enables EAPoL and the client authenticates to the server and the server to the client
  • server and client then calculate a transport encryption session key, which the server sends to the access point
  • key is used to encrypt the rest of the session
  • LEAP relies on MS-CHAP to transmit authentication credentials | means that LEAP is vulnerable to password cracking, as demonstrated by the ASLEAP cracking tool
37
Q

Flexible Authentication via Secure Tunneling (EAP-FAST)

A
  • Cisco’s replacement for LEAP. EAP-FAST
  • similar to PEAP, but instead of using a certificate to set up the tunnel, it uses a Protected Access Credential (PAC), which is generated for each user from the authentication server’s master key
  • problem with EAP-FAST is in distributing (provisioning) the PAC securely to each user requiring access
38
Q

EAP-MD5

A
  • secure hash of a user password

- cannot provide mutual authentication (that is, the authenticator cannot authenticate itself to the supplicant)

39
Q

RADIUS federation

A
  • eduroam network allows students of universities from several different countries to log on to the networks of any of the participating institutions using the credentials stored by their “home” university
40
Q

rogue AP

A

one that has been installed on the network without authorization, whether with malicious intent or not

41
Q

evil twin or sometimes wiphishing

A
  • rogue AP masquerading as a legitimate one is called an evil twin or sometimes wiphishing
  • evil twin might just have a similar name (SSID) to the legitimate one
  • attacker might use some DoS technique to overcome the legitimate AP
  • attacker might use some DoS technique to overcome the legitimate AP
42
Q

wireless intrusion detection system (WIDS) or wireless intrusion prevention system (WIPS)

A

as well as rogue access points, WIPS can detect and prevent attacks against WLAN security, such as MAC spoofing and DoS

43
Q

deauthentication attack

A

sends a stream of spoofed deauth frames to cause a client to deauthenticate from an AP

44
Q

disassociation

A

disassociated station is not completely disconnected, but neither can it communicate on the network until it reassociates

45
Q

jamming (interference)

A
  • wireless network can be disrupted by interference from other radio sources
  • might be done simply to disrupt services or to position an evil twin AP on the network with the hope of stealing data
  • Wi-Fi jamming attack can be performed by setting up an AP with a stronger signal
46
Q

spectrum analyzer

A
  • source of interference can be detected using a spectrum analyzer
  • unlike a Wi-Fi analyzer, a spectrum analyzer must use a special radio receiver (Wi-Fi adapters filter out anything that isn’t a Wi-Fi signal)
47
Q

Personal Area Networks (PANs)

A

PAN usually provides connectivity between a host and peripheral devices but can also be used for data sharing between hosts

48
Q

Bluetooth

A
  • short-range (up to about 10m) radio link, working at a nominal rate of up to about 3 Mbps (for v2.0 + EDR)
  • bluetooth security issues:
    • Device discovery—a device can be put into discoverable mode meaning that it will connect to any other Bluetooth devices nearby. Unfortunately, even a device in non-discoverable mode is quite easy to detect.
  • Authentication and authorization—devices authenticate (“pair”) using a simple passkey configured on both devices. This should always be changed to some secure phrase and never left as the default. Also, check the device’s pairing list regularly to confirm that the devices listed are valid.
  • Malware—there are proof-of-concept Bluetooth worms and application exploits, most notably the BlueBorne exploit (http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf), which can compromise any active and unpatched system regardless of whether discovery is enabled and without requiring any user intervention
49
Q

Bluesnarfing

A

refers to using an exploit in Bluetooth to steal information from someone else’s phone

50
Q

Radio Frequency ID (RFID)

A
  • means of encoding information into passive tags, which can be easily attached to devices, structures, clothing, or almost anything else
  • RFID attack:
  • skimming–here an attacker uses a fraudulent RFID reader to read the signals from a contactless bank card
51
Q

Near Field Communications (NFC)

A
  • very short-range radio link based on RFID
  • NFC transaction is sometimes known as a bump, named after an early mobile sharing app, later redeveloped as Android Beam, to use NFC
52
Q

physical access controls

A
  • security measures that restrict, detect, and monitor access to specific physical areas or assets
  • depend on the same access control fundamentals as network or operating system security
  • Authentication—create access lists and identification mechanisms to allow approved persons through the barriers.
  • Authorization—create barriers around a resource so that access can be controlled through defined entry and exit points.
  • Accounting—keep a record of when entry/exit points are used and detect security breaches.
  • physical security can be thought of in terms of zones
53
Q

barricade

A
  • something that prevents access
  • purpose of barricades is to channel people through defined entry and exit points
  • each entry point should have an authentication mechanism so that only authorized persons are allowed through
  • effective surveillance mechanisms ensure that attempts to penetrate a barricade by other means are detected
54
Q

fencing

A
  • exterior of a building may be protected by fencing
  • security fencing needs to be transparent (so that guards can see any attempt to penetrate it), robust (so that it is difficult to cut), and secure against climbing (which is generally achieved by making it tall and possibly by using razor wire)
55
Q

security lighting

A

security lighting also acts as a deterrent by making intrusion more difficult and surveillance (whether by camera or guard) easier.

56
Q

gateway

A
  • in order to secure such a gateway, it must be fitted with a lock (or door access system)
  • secure gateway will normally be self-closing and self-locking, rather than depending on the user to close and lock it
  • lock types can be categorized as follows:
  • Conventional—a conventional lock prevents the door handle from being operated without the use of a key. More expensive types offer greater resistance against lock picking.
  • Deadbolt—this is a bolt on the frame of the door, separate to the handle mechanism.
  • Electronic—rather than a key, the lock is operated by entering a PIN on an electronic keypad. This type of lock is also referred to as cipher, combination, or keyless.
  • Token-based—a smart lock may be opened using a magnetic swipe card or feature a proximity reader to detect the presence of a wireless key fob or one-time password generator (physical tokens) or smart card.
  • Biometric—a lock may be integrated with a biometric scanner.
  • Multifactor—a lock may combine different methods (for example, smart card with PIN).
  • turnstile (a type of gateway that only allows one person through at a time)
  • mantrap is where one gateway leads to an enclosed space protected by another barrier
57
Q

alarm types

A
  • Circuit—a circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm. This could be caused by a door or window opening or by a fence being cut. A closed-circuit alarm is more secure because an open circuit alarm can be defeated by cutting the circuit.
  • Motion detection—a motion-based alarm is linked to a detector triggered by any movement within an area (defined by the sensitivity and range of the detector), such as a room. The sensors in these detectors are either microwave radio reflection (similar to radar) or Passive Infrared (PIR), which detect moving heat sources.
  • Duress—this type of alarm is triggered manually by staff if they come under threat. There are many ways of implementing this type of alarm, including wireless pendants, concealed sensors or triggers, and DECT handsets or smartphones. Some electronic entry locks can also be programmed with a duress code that is different from the ordinary access code. This will open the gateway but also alert security personnel that the lock has been operated under duress.
  • Silent alarm alerts security personnel rather than sounding an audible alarm
58
Q

CCTV (closed circuit television)

A
  • cheaper means of providing surveillance than maintaining separate guards at each gateway or zone, though still not cheap to set up if the infrastructure is not already in place on the premises
  • movement and access can be recorded
  • main drawback compared to the presence of security guards is that response times are longer, and security may be compromised if not enough staff are in place to monitor the camera feeds
  • CCTV network are typically connected to a multiplexer using coaxial cabling
59
Q

access list

A

each secure gateway records who is allowed to enter

60
Q

ID badge

A

photographic ID badge showing name and (perhaps) access details is one of the cornerstones of building security

61
Q

secure cabinets/enclosures

A
  • can be supplied with key-operated or electronic locks
  • some data centers may contain racks with equipment owned by different companies (colocation)
  • racks can be installed inside cages so that technicians can only physically access the racks housing their own company’s servers and appliances
62
Q

hardware locks

A

cable hardware locks for use with portable devices such as laptops

63
Q

privacy filter or screen filter

A

prevents anyone but the user from reading the screen (shoulder surfing)

64
Q

protected distribution system (PDS) risks

A
  • An intruder could attach eavesdropping equipment to the cable (a tap).
  • An intruder could cut the cable (Denial of Service).
65
Q

TEMPEST (Transient Electromagnetic Pulse Emanation Standard)

A

leakage of electromagnetic signals was investigated by the US DoD who defined TEMPEST (Transient Electromagnetic Pulse Emanation Standard) as a means of shielding the signals

66
Q

Faraday cage

A

cage is a charged conductive mesh that blocks signals from entering or leaving the area

67
Q

hot aisle/ cold aisle

A
  • data center or server room should be designed in such a way as to maximize air flow across the server or racks. If multiple racks are used, install equipment so that servers are placed back-to-back not front-to-back, so that the warm exhaust from one bank of servers is not forming the air intake for another bank
  • in order to prevent air leaks from the hot aisle to the cold aisle, ensure that any gaps in racks are filled by blank panels and use strip curtains or excluders to cover any spaces above or between racks
68
Q

fire suppression

A
  • systems work on the basis of the Fire Triangle

- Fire Triangle works on the principle that a fire requires heat, oxygen, and fuel to ignite and burn

69
Q

several types of fire detection systems

A
  • Photoelectric smoke detector—measures the integrity of an internal beam of light. The alarm will sound if the beam degrades (for example, if it is obscured by smoke).
  • Ionization smoke detector—a radioactive source creates a regular movement of ionized particles, which can be disrupted by smoke.
  • Heat detector—these alarms sound if heat rises to a certain point or if the rate of temperature increase exceeds the defined limit.
  • Flame detector—these use infrared sensors to detect flames, and are the most effective (and expensive) type.

COMPTIA - Sec+ Textbook (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions