Wireless Security

Question 1

Why is security even more important in wireless networks?

Answer 1

Since signals aren’t contained within a wire, any device within range of the signal can receive traffic

Question 2

While in wired networks, traffic is generally only encrypted when sent over an untrusted network and not within the LAN, what is the case with wireless networks?

Answer 2

Traffic sent between wireless clients and APs should be encrypted as well

Question 3

T/F: Ideally, clients should also authenticate the AP to avoid associating with a malicious AP

Answer 3

T

Question 4

In addition to a unique encryption/decryption key used between the AP and each client, there is also a _____ for broadcast messages.

Answer 4

Group key

Question 5

To help protect message integrity, a ______ is added to wireless messages

Answer 5

MIC

Message Integrity Check

Question 6

How is a MIC used to ensure message integrity is preserved?

Answer 6

Sender calculates a MIC for a message. When recipient decrypts the message, it calculated the MIC independently. If the calculated MIC is not equal to the MIC included in the message, it is discarded

Question 7

What are the most common wireless authentication methods?

Answer 7

• Open Authentication
• WEP (Wired Equivalent Privacy)
• EAP (Extensible Authentication Protocol)
• LEAP (Lightweight EAP)
• EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
• PEAP (Protected EAP)
• EAP-TLS (EAP Transport Layer Security)

Question 8

Describe the wireless authentication method Open Authentication

Answer 8

Client sends auth request, AP accepts it. No questions asked.

Often used in conjecture with another auth method, e.g. airline wifi

Question 9

Describe the wireless authentication method WEP

Answer 9

Provided both authentication and RC4 encryption of traffic. Shared key protocol. Not secure and can be easily cracked. Don’t use.

AP sends challenge phrase using WEP key, client encrypts it and sends back. If decrypted client message matches, then AP knows client has correct shared key.

Question 10

EAP and its different variations are all defined in IEEE ______

Answer 10

802.1x

Question 11

IEEE 802.1x provides:

Answer 11

port-based network access control

Question 12

In 802.1x, the device that wants to connect to the network is called the:

Answer 12

Supplicant

Question 13

In 802.1x, the device that provides access to the network is called the:

Answer 13

Authenticator

Question 14

In 802.1x, the device that receives client credentials and permits/denies access is called the:

Answer 14

Authentication Server

Typically a RADIUS server

Question 15

In LEAP, clients must provide a _____ and a _____ to authenticate

Answer 15

username and password

Question 16

In LEAP, both the client and the AP send a _____ to eachother

Answer 16

Challenge phrase.

Question 17

In LEAP, _____ aer used, meaning that the WEP keys are changed frequently

Answer 17

Dynamic WEP keys

Question 18

T/F: LEAP is just as vulnerable as WEP and should not be used anymore

Answer 18

T

Question 19

EAP-FAST consists of three phases:

Answer 19

1. PAC (Protected Access Credential) is generated and passed from the server to the client
2. A secure TLS tunnel is established between the client and the server
3. Inside of the TLS tunnel, the client and the server communciate further to authenticate the client

Question 20

Compare and contrast EAP-FAST and PEAP

Answer 20

Instead of a PAC, in PEAP the server uses a digital certificate. Client uses the cert to authenticate the server. Cert is also used to establish a TLS tunnel, and client is then authenticated in the secure tunnel.

Both EAP-FAST and PEAP involve establishing a secure tunnel between the client and the device, and then authenticating the client within the tunnel

Question 21

EAP-TLS requires a certificate on ______

Answer 21

The AS and on every single client

Question 22

What is a drawback of EAP-TLS

Answer 22

While it is the most secure, it is the most difficult to implement

Question 23

T/F: EAP-TLS doesn’t authenticate clients within a TLS tunnel

Answer 23

T

A TLS tunnel is used to exchange encryption key info, but since both the client and the server authenticate each other with digital certificates, the tunnel doesn’t need to be used for authenticating the client

Question 24

What are the three encryption and integrity methods discussed?

Answer 24

• TKIP (Temporal Key Integrity Protocol)
• CCMP (Counter/CBC-MAC Protocol)
• GCMP

Question 25

Describe TKIP

Answer 25

Temporal Key Integrity Protocol

A temporary solution based on WEP until a new standard and new hardware could be built.

TKIP is essentially a more secure version of WEP.

Question 26

Describe CCMP

Answer 26

Counter/CBC-MAC Protocol

Used in WPA2. Had to be supported by hardware. Consists of two different algorithms to provide encryption:
- AES used for encryption, most secure protocol currently available
- CBC-MAC used as a MIC for ensuring integrity

Question 27

Describe GCMP

Answer 27

Galois/Counter Mode Protocol

Used in WPA3. More secure and efficient than CCMP. Two different algorithms used:
- AES counter mode encryption
- GMAC (Galois Message Authentication Code) used as a MIC for ensuring integrity

Question 28

What are the two authentication modes used in WPA authentication

Answer 28

• Personal Mode: A pre-shared key (PSK) is used for authentication. Common for home networks. PSK is not sent over the air, 4-way handshake is used for authentication, PSK is used to generate encryption keys
• Enterprise Mode: 802.1x is used with an authentication server (RADIUS, etc). No specific EAP method is specified, so all are supported

Question 29

WPA includes what protocols?

Answer 29

• TKIP
• 802.1x or PSK

Question 30

WPA2 includes what protocols?

Answer 30

• CCMP
• 802.1x or PSK

Question 31

WPA3 includes what protocols?

Answer 31

• GCMP
• 802.1x or PSK

Question 32

What are some new features of WPA3?

Answer 32

• PMF (Protected Management Frames), prevents 802.11 management frames from eavesdropping/forging.
• SAE (Simultaneous Authentication of Equals), protects 4-way handshake when using personal auth mode
• Forward Security: prevents data from being decrypted after transmitted over the air. Attackers can’t capture wireless frames and try and decrypt them later

Question 33

What does GMAC provide to a secure wireless connection?

a) Encryption
b) MIC
c) Authentication
d) Authorization

Answer 33

b) MIC

Question 34

Which of the following are part of the 802.1x authentication architecture (pick 3)?

a) Supplicant
b) Verifier
c) Authentication host
d) Authenticator
e) Authentication server

Answer 34

a) Supplicant
d) Authenticator
e) Authentication server

Question 35

Which of the following encryption/integrity methods is considered most secure?

a) WEP
b) TKIP
c) GCMP
d) CCMP

Answer 35

c) GCMP

Part of WPA3 and newest

Question 36

Which of the following AES methods requires a certificate on both the supplicant and the AS?

a) EAP-FAST
b) LEAP
c) PEAP
d) EAP-TLS

Answer 36

d) EAP-TLS

Question 37

Which of the following WPA3 security features protects the 4-way handshake when using personal authentication mode?

a) SAE
b) Forward Security
c) AES
d) PMF

Answer 37

a) SAE

Question 38

Which of the following is used by WEP to provide encryption?

a) GCMP
b) RC4
c) CCMP
d) AES
e) TKIP

Answer 38

b) RC4

Question 39

Describe the AAA override feature on a Cisco WLC

Answer 39

Can be used to configure VLAN tagging, QoS, and ACLs to individual clients based on RADIUS attributes

Question 40

When configuring security on a new WLAN by using a Cisco WLC’s GUI, what security settings are you most likely to configure by using the L3 Security drop down list box on the L3 tab?

Answer 40

VPN Pass-Through

Question 41

The VPN pass-through setting is only available when you are configuring a _____

Answer 41

WLAN

Question 42

To minimize the amount of time it takes an 802.1x client to roam between access points, which L2 security method should be used?

Answer 42

802.1x + CCKM

Normally, 802.1x clients need to reauthenticate with each AP they are roaming between. Using 802.1x + CCKM key management eliminated the need to reauthenticate with the RADIUS server, reducing roam time.