NIS Chapter 08 Flashcards
What are rouge access devices?
this is a WLAN radio that is connected to the wired infrastructure but is not managed by the network administrators
In simple terms?
Any device with unauthorised WLAN portal to network resources
What is the mosr overlooked rogue access device?
the IBSS or ad hoc WN
Why are even printers a risk of being a rogue device?
they now come with 802.11 radios with adhoc mode and hackers can connect to these printers
What are the 5 risks associated with rogue devices?
- Data theft
- data destruction: db being erased
- loss of services: disabling services
- Malicious data insertion: uploading viruses and malicious sw
Third-PartyAttacks: the attacker can use the rogue AP as a lauching pad for 3rd party attacks
How can rogue APs be prevented?
- banning the use of ad hoc networks
- settings to diable adhoc on enterprise client devices
- wired port control using 802.1X/EAP : (does not allow upper layer communication unless credentials are provided in the 2nd layer)
Why are WIDS/WIPS used in businesses?
- most businesses do not use 802.1X/EAP wired port control. Gives more information
What is port suppression
Another method of restriction rogue APs by using SNMP to disable the switch port connected to the rogue AP
What are the 2 types of eaves dropping?
casual and malicious
How does C.E happen?
it is often referred to as WLAN discovery. This discovery can either be passive or active.
Active: have a probe request and listening back for a response
Passive: listening for beacon managment frames being broadcasted by APs
What information can be found from the beacon management frames?
service set identifier (SSID), MAC
addressing, supported data rates, and other basic service set (BSS) capabilities
Give names of tools used to discover WLAN networks
- NetStumbler
What is malicious eavesdropping
this is the the use of protocol analysers to capture communication without authority. It is illegal
What is a protocol analyser?
it is a passive devuces that operates in an RF monitoring mode and captures 802.11 frames within its range.
- can also be used to listen in on exchanges like the 4way handshake
What are the risks associated with ED?
- because it is passive, it cannot be picked up by WIPS/WIDS therefore the attack can not be stopped neither can the attacker be located
- All layer 2 data is in clear text and that can be a passage way to an attack. Even layer 3-7 data can be revealed if encryption is not used
What is wired leakage?
This is a security risk associated with ed. It is a type of info an attacker can use to gain access to your network or data. It can reveal information about
the wired network as well as what can be seen wirelessly
How can ed be controlled? (4)
- By using encryption to protect the MSDU
- RFID shielding can be used. Mylar films can be put on windows to stop signals from escaping
- Special paint/ wallpapers
- faraday cage:expensive
What is the most deployed 802.1X/EAP solution and what is the problem with it?
LEAP, offline dictionary attacks because hashed pwd is crackable
What are the risks associated with auth attakcs
- Data theft
- Data destruction
- Loss of services
- Malicious data
- Third - party attacks
how can these risks be mitigated?
- secure the corporate WLAN
infrastructure properly with an 802.1X/EAP solution that uses a RADIUS server and the
tunneled authentication EAP protocols - Multifactor authentication,
also known as two - factor authentication
What attack is PSK with WPA/WPA2Personal vulnerable
offline brute-force dictionary attacks
What can be to mitigate these risks?
- policy mandating 20 char pswd
- only admins to knoe static pphrase
What are the 2 divisions of layer 1 DoS attacks?
- intentional
-unintentiona
what are dos unintentional attacks?
through devices like baby monitors, microwaves 2.4GHz waves are transmitted and cause interference
Intentional?
- wide or narrow band jamming devices are used 4 this.
- ## normally to kickstart other attacks
What can be used to find causes of interference in your network?
- spectrum analyser
WHat are layer 2 Dos?
- they are most often are a result of attacks capturing and retransimitting 802.11 frames using disocc or deauth management frames
Why are these attacks possible?
deauth or disocc is not a negotiation, but a notification. Since auth has already be done, the reverse is done without a second verification
WHat is illegal channel beaconing
this is where a spoofed beaxon is transmitted into a legit channel
probe response flood?
this is where an attacker sends probe response frames to a victim station even when it is alread assoc with an AP it will still attempt to connect to that AP even though it did not send a probe requests
what is an assoc flood?
looding an AP with bogus assoc request frames to fill up its assoc table. When a legit client attempts to connect, it will be denied for capacity reasons
FakeAP?
this falsely adverts many fake SSID and BSSIDS so that victim waste time trying to find legit AP
What is MAC spoofing
impersination of mac address for malicious purposes mostly to bypass mac filtering
how can one spoof a mac adress
by editing WCard or registry edit
How can WIPS mitigate spoofing
sequencing frames to keep track of frames sent by a station
What is MAC piggy-backing
a way to deceive the hospot captive portal login creds in order to gain free internet access
How does it occur?
an attakcer willl use a protoco; analyse to detemrnign which stations are passing frames to this ap, this would mean they have already been approved by the captive portal. The attacker then clones the MAC of the approved to their wireless card. This is theft if there is payment required to access the wifi
What is the evil twin attack?
this is where an attacker impersonates an AP
How does this attack take place?
the attacker will turn their wifi clinet card into an AP transmitting on a different channel and configure it with the same SSID that is being used in the public area. Then they will send disocc or deauth frames and when the clients roam, they will connect to the evil twin
How will the Evil twin issue IP address to the clients?
configuring a DHCP, at this point the clints are hijacked at a layer 3 level and is free to perform peer or peer attacks
What is this DHCP attack that clients can fall pray to?
THis is where the attacker exploits the dhcp rocess to dumo rootkits and malware on the victims computer in addition to giving them IPs as expected
How can a MITM attack stem from this?
SInce bridging of wifi cards is possible, they can bridge a second card to the evil twin. Traffic is then routed from evil twin through the 2nd card back to the original AP and they can sit there undetected
What is Wi-Fi phishing
After the users
have been hijacked to the evil twin access point, they will be redirected to a login web page
that looks exactly like the hotspot ’ s login page. Then the attacker ’ s fake login page may
request a credit card number from the hijacked user
How can all the above mentioned be prevented?
- The only way to prevent a hijacking, man - in - the - middle, or Wi - Fi phishing attack is to
use a mutual authentication solution - t also validate the network to which the user is
connecting. 802.1X/EAP authentication solutions require that mutual authentication
credentials be exchanged before a user can be authorized
