Sec+ Chapter 13: Wireless and Mobile Security

Question 1

Connectivity modes

Answer 1

1) Cellular

2) Wi-Fi

3) Bluetooth

4) NFC

5) RFID

6) Infrared

7) GPS

8) USB

Question 2

Wi-Fi ad hoc mode

Answer 2

Allows devices to talk directly to each other

Question 3

Wi-Fi infrastructure mode

Answer 3

Sends traffic through a base station or access point

Question 4

SSID

Answer 4

Service set identifier

Identifies the name of a Wi-Fi network

SSIDs are either broadcast or private

Question 5

Point to point network

Answer 5

Connects two nodes and transmissions between them can only be received by the endpoints

Question 6

Point to multipoint network

Answer 6

Wi-Fi, has many nodes receiving information sent by a node

Most common network we use today, like the one in our home

Question 7

Broadcast network

Answer 7

Sends out information on many nodes and doesn’t care about receiving a response

EX: GPS and radio

Question 8

Evil twin

Answer 8

A malicious, fake access point that’s set up to appear to be a legit, trusted network

Once someone connects, attacker will capture all of the victim’s network traffic, present false versions of sites, etc

Question 9

Rogue access point

Answer 9

Access points added to your network either on purpose or unintentionally without your authorization

They offer a point of entry to attackers or other unwanted users

Defense: Monitor your network for added WAPs, range your physical perimeter to look, and use 802.1x to require anyone to authenticate, regardless of connection point

Question 10

Bluejacking

Answer 10

When an attacker sends unsolicited messages to Bluetooth enabled devices

Question 11

Bluesnarfing

Answer 11

Unauthorized access to a Bluetooth device, typically aimed at gathering info from a device like contacts, emails, calendars, etc

Question 12

BIAS

Answer 12

Bluetooth impersonation attacks

Exploits a lack of mutual authentication, authentication procedure downgrade options, and the ability to switch roles

Question 13

Disassociation

Answer 13

When a device disconnects from an access point

Attackers will try to force disassociation to set up more powerful evil twin or capture info as the system tries to reconnect

Question 14

Jamming

Answer 14

Blocks all traffic in the range or frequency it’s conducted against

Attackers can send constant random bits or legit frames to disrupt the normal flow of communication

Question 15

Site survey

Answer 15

Physically walking through a facility or space to determine what existing networks are in place and where the physical structure is for access points

Question 16

2.4 GHz channels

+

Answer 16

11 channels - 20 MHz wide - 5 MHz space between

1, 6, 11 commonly used to avoid overlap

Question 17

How to secure access points?

Answer 17

1) Change default settings

2) Disable insecure protocols and services

3) Set stronger passwords

4) Protect admin interfaces with isolated VLAN

5) Regularly patch and update

6) Turn on monitoring and logging

Question 18

WPA Personal

Answer 18

WPA2 mode that uses preshared key that lets clients authenticate without an authentication server infrastructure

AKA: WPA-PSK (preshared key)

Question 19

WPA Enterprise

Answer 19

WPA2 mode that relies on RADIUS authentication server as part of an 802.1x implementation for authentication

Users have unique credentials and can be individually identified

Question 20

CCMP

Answer 20

Counter mode with cipher block chaining message authentication code protocol

Uses AES in WPA2 to deliver much stronger encryption than WEP and CBC-MAC for message integrity check (MIC)

Question 21

WPA3

Answer 21

Replacement for WPA2, required to be supported in all Wi-Fi devices since 2018

Changes encryption to GCMP (Galois counter moder protocol)

AES, but MIC uses GMAC (Galois message authentication code)

Question 22

SAE

Answer 22

Simultaneous authentication of equals

Used by WPA3 to replace shared keys in WPA2

A Diffie-Hellman derived key exchange with an authentication component

Everyone on the network uses a different session key, even with the same PSK

Question 23

WPA3 personal

Answer 23

Implements perfect forward secrecy, which ensures traffic sent between client and network is secure, even if password has been compromised

Question 24

Perfect forward secrecy

Answer 24

Changes encryption keys on an ongoing basis so a single exposed key won’t expose the entire communication

Question 25

WPA3 enterprise

Answer 25

WPA3-802.1x

Uses authentication server like RADIUS, LDAP, or TACACS to centralize everyone’s username and password

Question 26

3 types of Wi-Fi authentication

Answer 26

1) Open networks that use captive portals

2) Preshared keys (PSK), or the shared password

3) RADIUS server and EAP (extensible authentication protocol)

Question 27

EAP

Answer 27

Extensible authentication protocol

A general protocol that’s used by 802.1x as part of the authentication process with a RADIUS server

Question 28

PEAP

Answer 28

Protected extensible authentication protocol

Uses TLS to send information, but instead of being based on a shared secret it’s used with a digital cert

Cert is only needed on the server in order to use PEAP

If you’re authenticating to Microsoft, this combines with MS-CHAPv2 (challenge handshake authentication protocol)

PEAP can also be used with GTC (generic token card) or hardware token generator

Question 29

EAP-FAST

Answer 29

Flexible authentication via secure tunneling extensible authentication protocol

Make sure that authentication server (AS) and supplicant can transfer info between each other over a secure tunnel

Accomplished with shared secret, or PAC (protected access credential)

Supplicant receives PAC, sets up TLS tunnel, and then all authentication is encrypted in the tunnel

Question 30

EAP-TLS

Answer 30

Extensible authentication protocol transport layer security

Requires digital certs on authentication server (AS) and all devices

Once mutual authentication is complete, TLS tunnel is built for the user authentication process because it uses mutual authentication

Challenging because PKI is needed to manage, deploy, and revoke certs that may be in use in the environment

Plus, older devices might not use digital certs which means they wouldn’t be able to authenticate and connect with EAP-TLS

Question 31

EAP TTLS

Answer 31

Extensible authentication protocol tunneled transport layer security

Only requires a single digital cert on the AS, not separate digital certs for all devices

You use the digital cert on AS to create and send info over the TLS tunnel

Once the tunnel is up, you can send other authentication protocols across the tunnel: other EAPs, MSCHAPv2, etc

Question 32

Mobile device deployment methods

Answer 32

1) BYOD: bring your own device

2) CYOD: choose your own device

3) COPE: corporate owned personally enabled

4) Corporate owned

Question 33

VDI / VMI

Answer 33

Virtual desktop infrastructure / virtual mobile infrastructure

You can separate both apps and data from the mobile device, storing the information somewhere else

Access apps and data with remote access software

Question 34

MDM

Answer 34

Mobile device management

Targets Android and iOS devices

Question 35

UEM

Answer 35

Unified endpoint management

An evolution of MDM that allows us to easily manage security posture across multiple devices, use apps from different platform, and maintain security in all environments

Question 36

MAM

Answer 36

Mobile application management

Manage all the apps running on devices, when they’re updated, what’s allowed to be installed, how they’re used, issues with apps, etc

Question 37

microSD HSM

Answer 37

microSD hardware security module

Virtually the same as other HSM, just micro

Question 38

SEAndroid

Answer 38

Security enhancements for android

SELinux (security enhanced) in the android OS

Provides additional access control policies and policies for configuring security of the devices

Prevents direct access to the kernel of the OS by protecting the privileged daemons

Changes how data is accessed from DAC to MAC, which removes user from being able to control access someone has to the system and gives control to admin

Question 39

WPA2 PSK

Answer 39

Preshared key with WPA2, security issue

Subject to brute force attacks if someone has access to the pre-shared key

Obtaining the hash can be done by listening in on the 4 way handshake when someone connects to WPA2

Once an attacker has the PSK, you have access to all data sent over the wireless comms (no forward secrecy)

Question 40

802.1x

Answer 40

Port based NAC

You don’t get any access to wired or wireless network unless you present the proper credentials using 802.1x

Used in conjunction with access databases RADIUS, TACACS, LDAP

Question 41

RADIUS Federaton

Answer 41

Federation is when you link a user’s identity across multiple authentication systems

Commonly used if you’re at a third party location and want to authenticate using credentials created for another location

RADIUS federation uses 802.1x as authentication method, so you use EAP to authenticate and often to a RADIUS server on the back end

Question 42

MCM

Answer 42

Mobile content management

How you secure the data on a mobile device and ensure its safety

Set policies based on where the data is stored, like on site or in the cloud

DLP on the mobile device can prevent the sending of sensitive data, and encryption ensures sensitive data is securely encrypted