Wireless Security Flashcards

1
Q

Detail Wireless Access Point Security

A

Default Wireless Administrator Passwords
WiFi Protected Access
Cloak SSID ( Disable Broadcast ) - Only someone who knows name of network can connect to it
MAC Address filtering - Network admin manually adds mac address of device that tries to connect to network
Firewall
Strategically positioning access point (Router in centre of home)
Search for rogue access points - Used by hacker to visit blocked websites - DHCP protocol very useful
Assign static IP addresses (Enhanced security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe WiFi Pineapple

A

Network Security and penetration testing tool -> Hack 5
Can use as a rogue access point to conduct MITM attack
Can broadcast fake SSID
Eavesdrop on wireless traffic on any device that connects to it
VPN can improve security of comms being sent
Turning off WiFi on device improves security
Use websites that use https

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Router Connection/ Logs

A

Type 192.168.1.1

www.routerlogin.net

www.routerlogin.com

Ethernet cable to router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe DHCP (Dynamic Host Configuration Protocol)

A

It is the dynamic assignment of IP addresses
Typically a client server protocol that provides an IP host with an IP address and other config info ( subnet mask or default gateway)
Static IP addresses are assigned to networking equipment like routers, firewalls and servers.
Host comps like tablets and smartphones are generally assigned a dynamic IP address
DHCP - Router or Server Function - Ports 67 & 68
View DHCP activity in Windows Event Viewer
MAC addresses of devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do I find DHCP events

A

Search box -> Event
Events: C:\Windows\System32\winevt\Logs

Eric Zimmerman: EVTX Parser

DHCP Logging Events for DNS Registrations

DHCP Server Operational Events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How to find Forensic Evidence on different devices

A

WiFi Connections
Windows:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Signatures\Unmanaged
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkCards

MacOS:
/Library/Preferences/SystemConfiguration/com.apple.airport.preferences

iPhone (iOS):
com.apple.wifi.plist
/private/var/preferences/SystemConfiguration/

Android:
wpa_supplicant.conf
com.google.android.gms/databases/herrevad

Herrevad:
SSID
BSSID
WiFi Security Protocol - WPA/WPA2/WPA3
Time Stamp (Device time)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Smartphone Security

A

Avoid Public WiFi at all costs
Prevent autoconnect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe WEP Wireless Encryption

A

Wired Equivalent Privacy (WEP)
Original WLAN Encryption Protocol
Challenging to configure
Significant vulnerabilities

WEP Attacks:
Packet Injections
Fake authentication
FMS Attack, statistical, 2001
KoreK Attack, statistical, 2004
ChopChop Attack, fake ARP, 2004
Fragmentation Attack, fragmentation, 2005
PTW Attack (Pychkine, Tews, Weinmann), statistical, 2007

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe WPA Wireless Encryption

A

WiFi Protected Access (WPA)
Interim fix for WEP
WPA used a Pre-Shared Key (PSK) & Temporal Key Integrity Protocol (TKIP)
WPA –> Handshake and Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe WPA2 Wireless Encryption

A

WiFi Protected Access Version 2
Based on 802.11i Wireless Security Protocol
Utilizes Advanced Encryption Standard (AES)
Unique Encryption Keys Created for each client
KRACKs (Key Reinstallation AttaCKs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe WPA3 Wireless Encryption

A

WiFi Protected Access version 3
No offline dictionary attack
Forward Secrecy - Only recent transmissions can be decrypted
WiFi easy connect - QR code activation on Iot device
Public WiFi Hotspots -> All traffic encrypted with WPA3
Safer Enterprise and Home Networks - compatible WPA3 router req

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe Dragonfly Handshake

A

Dragonblood Hack
WPA3 - Personal
Recovery Network Key
Downgrade Security
Launch DoS (Denial of Service) Attack
Abuse Timing or Cache based Side channel Leaks
wpa3.mathyvanhoef.com*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly