Module 12 Flashcards
What is a Wireless LAN (WLAN)?
A type of wireless network commonly used in homes, offices, and campus environments.
WLANs enable mobility within home and business environments.
What are the benefits of WLANs?
They enable mobility and adapt to rapidly changing needs and technologies.
WLANs are essential for modern connectivity.
What is the IEEE standard for Wireless Personal-Area Networks (WPAN)?
IEEE 802.15 standard operating at 2.4 GHz frequency.
Examples: Bluetooth and Zigbee.
What is the maximum range of a Wireless LAN (WLAN)?
Up to about 300 feet.
WLANs typically operate on 2.4 or 5.0 GHz frequencies.
What is the role of a Wireless Access Point (AP)?
To allow wireless clients to discover and connect to a network.
APs enable authentication and access to network resources.
Define autonomous APs.
Standalone devices configured manually through a command line interface or GUI.
They operate independently of other APs.
What is the function of a Wireless Home Router?
Acts as an access point, switch, and router to interconnect devices.
It provides wired access and acts as a gateway to other networks.
What are the two topology blocks defined in infrastructure mode?
- Basic Service Set (BSS)
- Extended Service Set (ESS)
BSS uses a single AP; ESS connects multiple BSSs.
What does CSMA/CA stand for?
Carrier Sense Multiple Access with Collision Avoidance.
It is a protocol used in WLANs for managing data transmission.
What is CAPWAP?
A protocol that allows a Wireless LAN Controller (WLC) to manage multiple APs.
It adds security via Datagram Transport Layer Security (DTLS).
What are the two modes of FlexConnect APs?
- Connected mode
- Standalone mode
These modes dictate how APs operate relative to the WLC.
What is the purpose of Direct-Sequence Spread Spectrum (DSSS)?
To spread a signal over a larger frequency band to avoid interference.
Used by 802.11b devices.
What are non-overlapping channels for 802.11b/g/n WLANs?
Channels 1, 6, and 11.
These channels help mitigate interference in the 2.4 GHz band.
What is a rogue access point?
An unauthorized AP connected to a corporate network.
It can be used to capture data or launch attacks.
Define a man-in-the-middle (MITM) attack.
An attack where the hacker intercepts communication between two legitimate parties.
An example is the ‘evil twin AP’ attack.
What is the 802.11 frame structure similar to?
The Ethernet frame structure.
It contains additional fields specific to wireless communication.
What is the role of the Wi-Fi Alliance?
To promote the growth and acceptance of WLANs and improve interoperability of 802.11 products.
It is an association of vendors.
What frequency bands do WLAN networks operate in?
- 2.4 GHz
- 5 GHz
These bands are part of the electromagnetic spectrum.
What is the purpose of DTLS in CAPWAP?
To secure the CAPWAP control channel and encrypt management traffic between AP and WLC.
Data encryption requires a DTLS license.
What is the function of multiple input multiple output (MIMO)?
To use multiple antennas to increase bandwidth.
MIMO can support up to eight antennas.
What does the term ‘active mode’ refer to in wireless client connection?
A scanning process where the client broadcasts a probe request frame.
Requires knowledge of the SSID to initiate.
How does a wireless client authenticate with an AP?
By providing the SSID, password, network mode, security mode, and channel settings.
These parameters must match for successful association.
What is the maximum data rate of 802.11ac?
Up to 1.3 Gb/s.
It operates on the 5 GHz frequency and supports multiple antennas.
What is the split MAC architecture in CAPWAP?
Distributes AP functions between the AP and WLC.
It enhances management and efficiency of WLANs.
What is a man-in-the-middle (MITM) attack?
A MITM attack occurs when a hacker is positioned between two legitimate entities to read or modify data passing between them.
What is the ‘evil twin AP’ attack?
A popular wireless MITM attack where an attacker introduces a rogue AP configured with the same SSID as a legitimate AP.
How can a MITM attack be defeated?
By identifying legitimate devices on the WLAN through user authentication and monitoring for abnormal devices or traffic.
What is SSID Cloaking?
A security feature that disables the SSID beacon frame, requiring manual configuration of the SSID on wireless clients.
What is MAC Address Filtering?
A method where an administrator permits or denies wireless access based on the physical MAC hardware address of clients.
What are the two original authentication methods introduced with the 802.11 standard?
- Open system authentication
- Shared key authentication
What is Open System Authentication?
An authentication method that does not require a password, typically used for free internet access in public areas.
What is Shared Key Authentication?
An authentication method that requires a pre-shared password between the wireless client and AP, utilizing mechanisms like WEP, WPA, WPA2, and WPA3.
What is WEP?
Wired Equivalent Privacy, an original 802.11 specification using RC4 encryption with a static key, no longer recommended.
What is WPA?
Wi-Fi Protected Access, a standard that secures data with TKIP encryption, changing the key for each packet.
What is WPA2?
A standard that uses AES for encryption, considered the strongest encryption protocol.
What is WPA3?
The next generation of Wi-Fi security that includes features like SAE for personal use and requires a 192-bit cryptographic suite for enterprise.
What are the two types of WPA2 authentication methods?
- Personal
- Enterprise
What does WPA2 Personal authentication require?
Users authenticate using a pre-shared key (PSK) with no special authentication server needed.
What does WPA2 Enterprise authentication require?
A RADIUS authentication server and uses the 802.1X standard with EAP for user authentication.
What encryption protocols are used by WPA and WPA2?
- TKIP
- AES
What is the role of a RADIUS server in enterprise authentication?
It handles user authentication and authorization, requiring the RADIUS server’s IP address and shared key.
What UDP port is used for RADIUS Authentication?
UDP port 1812
What does WPA3 Personal include to prevent brute force attacks?
Simultaneous Authentication of Equals (SAE)
What does WPA3 Open Networks use for encryption?
Opportunistic Wireless Encryption (OWE)
What is the main purpose of CAPWAP?
To enable a Wireless LAN Controller (WLC) to manage multiple Access Points (APs) and WLANs.
What are the four main types of Wireless LANs (WLANs)?
- WPAN
- WLAN
- WMAN
- WWAN
Which organizations influence WLAN standards?
- ITU-R
- IEEE
- Wi-Fi Alliance
What frequency bands do WLAN networks operate in?
- 2.4 GHz
- 5 GHz
What are the common wireless threats?
- Data interception
- Wireless intruders
- DoS attacks
- Rogue APs
What is the function of DTLS in WLANs?
Provides security between the Access Point (AP) and the Wireless LAN Controller (WLC).
What are the three main types of channel splitting in wireless communication?
- DSSS
- FHSS
- OFDM
What is the bandwidth allocation for each channel in the 2.4 GHz band?
Each channel is allotted 22 MHz bandwidth and separated by 5 MHz.
What are the key features of WPA3?
- WPA3 Personal
- WPA3 Enterprise
- Open Networks
- IoT Onboarding
Fill in the blank: The Advanced Encryption Standard (AES) is used by _______.
WPA2
True or False: WEP is still recommended for securing wireless networks.
False