Wireless Networks (2.1, 2.4, 4.2, 4.3 & 5.4)

Question 1

Wireless Local Area Network (WLAN)

Answer 1

▪ Allows users to roam within a coverage area
▪ Popularity has increased exponentially
▪ Convenient to use and expand network access throughout a room, floor, or building
▪ IEEE 802.11 is the most common type
▪ Other wireless options exist (used for PAN)
● Bluetooth
● Infrared (IR)
● Near-Field Communications (NFC)
● Ant+
● Z-Wave

Question 2

Ad Hoc

Answer 2

▪ Wireless devices communicate directly with each other without the need for a centralized access point
▪ Peer-to-Peer connections

Question 3

Infrastructure

Answer 3

▪ Wireless devices communicate with other wireless or wired devices through a wireless router or access point
▪ Traditional WiFi in Home and Office networks

Question 4

Wireless Access Point (AP or WAP)

Answer 4

▪ Expands wired LAN into the wireless domain
● Does not interconnect two networks
(not a router)
● Functions as a hub
▪ Connects wired LAN and wireless devices into the same subnet
▪ All clients on an access point are on a single collision domain

Question 5

Wireless Router

Answer 5

▪ Gateway device and base station for wireless devices to communicate with each other and connect to the Internet
▪ Often combines many features into one device:
● Wireless Access Point (WAP or AP)
● Router
● Switch
● Firewall
● Fiber, Cable, or DSL modem

Question 6

Independent Basic Service Set (IBSS)

Answer 6

What is independent basic service set?
A Independent Basic Service Set (IBSS) forms an ad hoc, independent, self-contained network with station-to-station traffic flowing directly, receiving data transmitted by another station, and only filtering traffic based on the MAC address of the receiver

Question 7

Basic Service Set (BSS)

Answer 7

The Basic Service Set is a term used to describe the collection of Stations which may communicate together within an 802.11 network. The BSS may or may not include AP (Access Point) which provide a connection onto a fixed distribution system such as an Ethernet network.

Question 8

Extended Service Set (ESS)

Answer 8

An extended service set (ESS) is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point.

Question 9

Mesh Topology

Answer 9

▪ May not use a centralized control
▪ Range of combined wireless defines network
▪ Uses WiFi, Microwave, Cellular, and more

Question 10

AP Placement

Answer 10

▪ Careful planning is required to prevent the APs from interfering with one another and still maintaining the desired coverage area in ESS
▪ Coverage should overlap between APs to allow uninterrupted roaming from one cell to another but can’t use overlapping frequencies

Question 11

AP Placement (2.4 Ghz)

Answer 11

▪ Non-overlapping coverage cells for 2.4 GHz band should have 10% to 15% coverage overlap in coverage area

Question 12

AP Placement (5 Ghz)

Answer 12

▪ Identical channels should be separated by at least two cells instead of one

Question 13

Site Surveys

Answer 13

▪ Wireless survey to determine coverage areas

▪ Produces a heat map with coverage

Question 14

Wireless Range Extenders

Answer 14

▪ Specialized device that overcomes distance limitations of wireless networks
▪ Amplifies the signal and extends reachability or a wireless cell
▪ Wireless repeater receives signal on one antenna and repeats it on other

Question 15

Antennas

Answer 15

▪ Coverage areas vary based on the type used
▪ Most SOHO wireless APs have fixed antennas
▪ Enterprise-class APs support different types
▪ Factors in antenna effectiveness
● Distance
● Pattern of Wireless Coverage
● Environment (indoor/outdoor)
● Avoiding Interference with other APs

Question 16

Omnidirectional Antenna

Answer 16

Radiates power equally in all directions.

Question 17

Unidirectional Antenna

Answer 17

Focuses power in one direction for covering greater distances.

Question 18

Spread Spectrum Wireless Transmissions

Answer 18

▪ Direct-Sequence Spread Spectrum (DSSS)
▪ Frequency-Hopping Spread Spectrum (FHSS)
▪ Orthogonal Frequency-Division Multiplexing (OFDM)
▪ Only DSS and OFDM are commonly utilized in today’s WLANs

Question 19

Direct-Sequence Spread Spectrum (DSSS)

Answer 19

▪ Modulates data over an entire range of frequencies using a series of signals known as chips
▪ More susceptible to environmental interference
▪ Uses entire frequency spectrum to transmit

Question 20

Frequency-Hopping Spread Spectrum (FHSS)

Answer 20

▪ Devices hop between predetermined frequencies

▪ Increases security as hops occur based on a common timer

Question 21

Orthogonal Frequency Division Multiplexing (OFDM)

Answer 21

▪ Uses slow modulation rate with simultaneous transmission of data over 52 data streams
▪ Allows for higher data rates while resisting interference between data streams

Question 22

Frequencies and Channels

Answer 22

▪ IEEE 802.11 standards are differentiated by their characteristics, such as frequency range used:
● 2.4 GHz band
o 2.4 GHz to 2.5 GHz range
● 5 GHz band
o 5.75 GHz to 5.875 GHz range
▪ Each band has specific frequencies (or channels) to avoid overlapping other signals
▪ Channels 1, 6, and 11 will avoid overlapping frequencies in 2.4 GHz band

Question 23

Channel Bonding

Answer 23

▪ Allows you to create a wider channel by merging neighboring channels into one

Question 24

802.11 Wireless Standards

Answer 24

▪ 802.11 ax
● 6 Ghz spectrum
● Can reach speeds of up to 9.6 Gbps using MU-MIMO technology
● Fully backward compatible with Wireless A, B, G, N, and AC devices

Question 25

Radio Frequency Interference (RFI)

Answer 25

▪ Caused by using similar frequencies to WLAN
▪ Common sources of interference:
● Other wifi devices (overlapping channels)
● Cordless phones and baby monitors (2.4 GHz)
● Microwave ovens (2.4 Ghz)
● Wireless security systems (2.4 GHz)
● Physical obstacles (Walls, appliances, cabinets)
● Signal strength (Configurable on some devices)

Question 26

Carrier Sense Multiple Access/Collision (Avoidance/ Detection)

Answer 26

▪ WLAN uses CSMA/CA to control access to medium, where wires Ethernet uses CSMA/CD
▪ Listens for transmission to determine if safe to transmit
● If channel is clear, transmits Request to Send (RTS)
● Device waits for acknowledgment
● If received an RTS, responds with Clear to Send (CTS)
● If not received, device starts random back off timer

Question 27

Wireless Security

Answer 27

o Wireless networks offer convenience, but also many security risks
▪ Encryption of data transferred is paramount to increasing security

Question 28

Pre-Shared Key

Answer 28

▪ Both AP and client uses same encryption key
▪ Problems:
● Scalability is difficult if key is compromised
● All clients must know the same password

Question 29

Wired Equivalent Privacy

Answer 29

▪ Original 802.11 wireless security standard
● Claimed to be as secure as wired networks
▪ Static 40-bit pre-shared encryption key
● Upgraded to 64-bit and 128-bit key over time
▪ Uses 24-bit Initialization Vector (IV)
● Sent in clear text
▪ Brute Force Attack within minutes using AirCrack-ng and other tools

Question 30

Wi-Fi Protected Access (WPA)

Answer 30

▪ Replaced WEP and its weaknesses
▪ Temporal Key Integrity Protocol (TKIP)
● 48-bit Initialization Vector (IV) instead of 24-bit IV
● Rivest Cipher 4 (RC4) used for encryption
▪ Uses Message Integrity Check (MIC)
● Confirms data was not modified in transit
▪ Enterprise Mode WPA
● Users can be required to authenticate before exchanging keys
● Keys between client and AP are temporary

Question 31

Wi-Fi Protected Access 2 (WPA2)

Answer 31

▪ Created as part of IEEE 802.11i standard
● Requires stronger encryption and integrity checks
● Integrity checking through CCMP
o Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
▪ Uses Advanced Encryption Standard (AES)
● 128-bit key or above
▪ Supports two modes
● Personal mode with pre-shared keys
● Enterprise mode with centralized authentication

Question 32

WiFi Exam Tips

Answer 32

If you are asked about / Look for the answer with:
Open = No security or protection 
WEP = IV
WPA = TKIP and RC4
WPA2 = CCMP and AES

Question 33

WiFi Exam Tips

Answer 33

If you are asked about / Look for the answer with:
Open = No security or protection 
WEP = IV
WPA = TKIP and RC4
WPA2 = CCMP and AES

Question 34

WEP and WPA/WPA2 Security Cracking

Answer 34

▪ Utilities can capture wireless packets and run mathematical algorithms to determine the pre-shared key

Question 35

Network Authentication 802.1x

Answer 35

▪ Each wireless user authenticates with their own credentials
▪ Used also in wired networks

Question 36

Extensible Authentication Protocol (EAP)

Answer 36

▪ Authentication performed using 802.1x
▪ EAP-FAST
● Flexible Authentication via Secure Tunneling
▪ EAP-MD5
▪ EAP-TLS

Question 37

MAC Address Filtering

Answer 37

▪ Configures an AP with a listing of permitted MAC addresses (like an ACL)
▪ Problems:
● Knowledgeable users can falsify their MAC easily using freely available tools
● Examples:
o MAC Address Changer (Windows)
o MacDaddyX (OSX)
o Macchanger (Linux)

Question 38

Network Admission Control (NAC)

Answer 38

▪ Permits or denies access to the network based on characteristics of the device instead of checking user credentials
▪ Conducts a posture assessment of client
● Checks the OS and antivirus version of client

Question 39

Captive Portals

Answer 39

▪ Web page that appears before the user is able to access the network resources
▪ Webpage accepts the credentials of the user and presents them to the authentication server

Question 40

Geofencing

Answer 40

▪ GPS or RFID defines real-world boundaries
▪ Barriers can be active or passive
▪ Device can send alerts if it leaves area
▪ Network authentication can use it to determine access

Question 41

Disable SSID Broadcast

Answer 41

▪ Configures an AP to not broadcast the name of the wireless LAN
▪ Problem:
● Knowledgeable users can still easily find the SSID using wireless sniffing tools

Question 42

Rogue Access Point

Answer 42

▪ Malicious users set up an AP to lure legitimate users to connect to the AP
▪ Malicious users can then capture all the packets (data) going through the rogue access point

Question 43

Unsecured Wireless Networks

Answer 43

▪ War Driving
● Occurs when users perform reconnaissance looking for unsecured wireless networks
▪ War Chalking
● Occurs when users write symbols on a wall to notify others of AP characteristics