Sec+ Chapter 13: Wireless and Mobile Security Flashcards
Connectivity modes
1) Cellular
2) Wi-Fi
3) Bluetooth
4) NFC
5) RFID
6) Infrared
7) GPS
8) USB
Wi-Fi ad hoc mode
Allows devices to talk directly to each other
Wi-Fi infrastructure mode
Sends traffic through a base station or access point
SSID
Service set identifier
Identifies the name of a Wi-Fi network
SSIDs are either broadcast or private
Point to point network
Connects two nodes and transmissions between them can only be received by the endpoints
Point to multipoint network
Wi-Fi, has many nodes receiving information sent by a node
Most common network we use today, like the one in our home
Broadcast network
Sends out information on many nodes and doesn’t care about receiving a response
EX: GPS and radio
Evil twin
A malicious, fake access point that’s set up to appear to be a legit, trusted network
Once someone connects, attacker will capture all of the victim’s network traffic, present false versions of sites, etc
Rogue access point
Access points added to your network either on purpose or unintentionally without your authorization
They offer a point of entry to attackers or other unwanted users
Defense: Monitor your network for added WAPs, range your physical perimeter to look, and use 802.1x to require anyone to authenticate, regardless of connection point
Bluejacking
When an attacker sends unsolicited messages to Bluetooth enabled devices
Bluesnarfing
Unauthorized access to a Bluetooth device, typically aimed at gathering info from a device like contacts, emails, calendars, etc
BIAS
Bluetooth impersonation attacks
Exploits a lack of mutual authentication, authentication procedure downgrade options, and the ability to switch roles
Disassociation
When a device disconnects from an access point
Attackers will try to force disassociation to set up more powerful evil twin or capture info as the system tries to reconnect
Jamming
Blocks all traffic in the range or frequency it’s conducted against
Attackers can send constant random bits or legit frames to disrupt the normal flow of communication
Site survey
Physically walking through a facility or space to determine what existing networks are in place and where the physical structure is for access points
2.4 GHz channels
+
11 channels - 20 MHz wide - 5 MHz space between
1, 6, 11 commonly used to avoid overlap
How to secure access points?
1) Change default settings
2) Disable insecure protocols and services
3) Set stronger passwords
4) Protect admin interfaces with isolated VLAN
5) Regularly patch and update
6) Turn on monitoring and logging
WPA Personal
WPA2 mode that uses preshared key that lets clients authenticate without an authentication server infrastructure
AKA: WPA-PSK (preshared key)
WPA Enterprise
WPA2 mode that relies on RADIUS authentication server as part of an 802.1x implementation for authentication
Users have unique credentials and can be individually identified
CCMP
Counter mode with cipher block chaining message authentication code protocol
Uses AES in WPA2 to deliver much stronger encryption than WEP and CBC-MAC for message integrity check (MIC)
WPA3
Replacement for WPA2, required to be supported in all Wi-Fi devices since 2018
Changes encryption to GCMP (Galois counter moder protocol)
AES, but MIC uses GMAC (Galois message authentication code)
SAE
Simultaneous authentication of equals
Used by WPA3 to replace shared keys in WPA2
A Diffie-Hellman derived key exchange with an authentication component
Everyone on the network uses a different session key, even with the same PSK
WPA3 personal
Implements perfect forward secrecy, which ensures traffic sent between client and network is secure, even if password has been compromised
Perfect forward secrecy
Changes encryption keys on an ongoing basis so a single exposed key won’t expose the entire communication
WPA3 enterprise
WPA3-802.1x
Uses authentication server like RADIUS, LDAP, or TACACS to centralize everyone’s username and password
3 types of Wi-Fi authentication
1) Open networks that use captive portals
2) Preshared keys (PSK), or the shared password
3) RADIUS server and EAP (extensible authentication protocol)
EAP
Extensible authentication protocol
A general protocol that’s used by 802.1x as part of the authentication process with a RADIUS server
PEAP
Protected extensible authentication protocol
Uses TLS to send information, but instead of being based on a shared secret it’s used with a digital cert
Cert is only needed on the server in order to use PEAP
If you’re authenticating to Microsoft, this combines with MS-CHAPv2 (challenge handshake authentication protocol)
PEAP can also be used with GTC (generic token card) or hardware token generator
EAP-FAST
Flexible authentication via secure tunneling extensible authentication protocol
Make sure that authentication server (AS) and supplicant can transfer info between each other over a secure tunnel
Accomplished with shared secret, or PAC (protected access credential)
Supplicant receives PAC, sets up TLS tunnel, and then all authentication is encrypted in the tunnel
EAP-TLS
Extensible authentication protocol transport layer security
Requires digital certs on authentication server (AS) and all devices
Once mutual authentication is complete, TLS tunnel is built for the user authentication process because it uses mutual authentication
Challenging because PKI is needed to manage, deploy, and revoke certs that may be in use in the environment
Plus, older devices might not use digital certs which means they wouldn’t be able to authenticate and connect with EAP-TLS
EAP TTLS
Extensible authentication protocol tunneled transport layer security
Only requires a single digital cert on the AS, not separate digital certs for all devices
You use the digital cert on AS to create and send info over the TLS tunnel
Once the tunnel is up, you can send other authentication protocols across the tunnel: other EAPs, MSCHAPv2, etc
Mobile device deployment methods
1) BYOD: bring your own device
2) CYOD: choose your own device
3) COPE: corporate owned personally enabled
4) Corporate owned
VDI / VMI
Virtual desktop infrastructure / virtual mobile infrastructure
You can separate both apps and data from the mobile device, storing the information somewhere else
Access apps and data with remote access software
MDM
Mobile device management
Targets Android and iOS devices
UEM
Unified endpoint management
An evolution of MDM that allows us to easily manage security posture across multiple devices, use apps from different platform, and maintain security in all environments
MAM
Mobile application management
Manage all the apps running on devices, when they’re updated, what’s allowed to be installed, how they’re used, issues with apps, etc
microSD HSM
microSD hardware security module
Virtually the same as other HSM, just micro
SEAndroid
Security enhancements for android
SELinux (security enhanced) in the android OS
Provides additional access control policies and policies for configuring security of the devices
Prevents direct access to the kernel of the OS by protecting the privileged daemons
Changes how data is accessed from DAC to MAC, which removes user from being able to control access someone has to the system and gives control to admin
WPA2 PSK
Preshared key with WPA2, security issue
Subject to brute force attacks if someone has access to the pre-shared key
Obtaining the hash can be done by listening in on the 4 way handshake when someone connects to WPA2
Once an attacker has the PSK, you have access to all data sent over the wireless comms (no forward secrecy)
802.1x
Port based NAC
You don’t get any access to wired or wireless network unless you present the proper credentials using 802.1x
Used in conjunction with access databases RADIUS, TACACS, LDAP
RADIUS Federaton
Federation is when you link a user’s identity across multiple authentication systems
Commonly used if you’re at a third party location and want to authenticate using credentials created for another location
RADIUS federation uses 802.1x as authentication method, so you use EAP to authenticate and often to a RADIUS server on the back end
MCM
Mobile content management
How you secure the data on a mobile device and ensure its safety
Set policies based on where the data is stored, like on site or in the cloud
DLP on the mobile device can prevent the sending of sensitive data, and encryption ensures sensitive data is securely encrypted
