Wireless Security Flashcards
Why is security even more important in wireless networks?
Since signals aren’t contained within a wire, any device within range of the signal can receive traffic
While in wired networks, traffic is generally only encrypted when sent over an untrusted network and not within the LAN, what is the case with wireless networks?
Traffic sent between wireless clients and APs should be encrypted as well
T/F: Ideally, clients should also authenticate the AP to avoid associating with a malicious AP
T
In addition to a unique encryption/decryption key used between the AP and each client, there is also a _____ for broadcast messages.
Group key
To help protect message integrity, a ______ is added to wireless messages
MIC
Message Integrity Check
How is a MIC used to ensure message integrity is preserved?
Sender calculates a MIC for a message. When recipient decrypts the message, it calculated the MIC independently. If the calculated MIC is not equal to the MIC included in the message, it is discarded
What are the most common wireless authentication methods?
- Open Authentication
- WEP (Wired Equivalent Privacy)
- EAP (Extensible Authentication Protocol)
- LEAP (Lightweight EAP)
- EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
- PEAP (Protected EAP)
- EAP-TLS (EAP Transport Layer Security)
Describe the wireless authentication method Open Authentication
Client sends auth request, AP accepts it. No questions asked.
Often used in conjecture with another auth method, e.g. airline wifi
Describe the wireless authentication method WEP
Provided both authentication and RC4 encryption of traffic. Shared key protocol. Not secure and can be easily cracked. Don’t use.
AP sends challenge phrase using WEP key, client encrypts it and sends back. If decrypted client message matches, then AP knows client has correct shared key.
EAP and its different variations are all defined in IEEE ______
802.1x
IEEE 802.1x provides:
port-based network access control
In 802.1x, the device that wants to connect to the network is called the:
Supplicant
In 802.1x, the device that provides access to the network is called the:
Authenticator
In 802.1x, the device that receives client credentials and permits/denies access is called the:
Authentication Server
Typically a RADIUS server
In LEAP, clients must provide a _____ and a _____ to authenticate
username and password
In LEAP, both the client and the AP send a _____ to eachother
Challenge phrase.
In LEAP, _____ aer used, meaning that the WEP keys are changed frequently
Dynamic WEP keys
T/F: LEAP is just as vulnerable as WEP and should not be used anymore
T
EAP-FAST consists of three phases:
- PAC (Protected Access Credential) is generated and passed from the server to the client
- A secure TLS tunnel is established between the client and the server
- Inside of the TLS tunnel, the client and the server communciate further to authenticate the client
Compare and contrast EAP-FAST and PEAP
Instead of a PAC, in PEAP the server uses a digital certificate. Client uses the cert to authenticate the server. Cert is also used to establish a TLS tunnel, and client is then authenticated in the secure tunnel.
Both EAP-FAST and PEAP involve establishing a secure tunnel between the client and the device, and then authenticating the client within the tunnel
EAP-TLS requires a certificate on ______
The AS and on every single client
What is a drawback of EAP-TLS
While it is the most secure, it is the most difficult to implement
T/F: EAP-TLS doesn’t authenticate clients within a TLS tunnel
T
A TLS tunnel is used to exchange encryption key info, but since both the client and the server authenticate each other with digital certificates, the tunnel doesn’t need to be used for authenticating the client
What are the three encryption and integrity methods discussed?
- TKIP (Temporal Key Integrity Protocol)
- CCMP (Counter/CBC-MAC Protocol)
- GCMP
Describe TKIP
Temporal Key Integrity Protocol
A temporary solution based on WEP until a new standard and new hardware could be built.
TKIP is essentially a more secure version of WEP.
Describe CCMP
Counter/CBC-MAC Protocol
Used in WPA2. Had to be supported by hardware. Consists of two different algorithms to provide encryption:
- AES used for encryption, most secure protocol currently available
- CBC-MAC used as a MIC for ensuring integrity
Describe GCMP
Galois/Counter Mode Protocol
Used in WPA3. More secure and efficient than CCMP. Two different algorithms used:
- AES counter mode encryption
- GMAC (Galois Message Authentication Code) used as a MIC for ensuring integrity
What are the two authentication modes used in WPA authentication
- Personal Mode: A pre-shared key (PSK) is used for authentication. Common for home networks. PSK is not sent over the air, 4-way handshake is used for authentication, PSK is used to generate encryption keys
- Enterprise Mode: 802.1x is used with an authentication server (RADIUS, etc). No specific EAP method is specified, so all are supported
WPA includes what protocols?
- TKIP
- 802.1x or PSK
WPA2 includes what protocols?
- CCMP
- 802.1x or PSK
WPA3 includes what protocols?
- GCMP
- 802.1x or PSK
What are some new features of WPA3?
- PMF (Protected Management Frames), prevents 802.11 management frames from eavesdropping/forging.
- SAE (Simultaneous Authentication of Equals), protects 4-way handshake when using personal auth mode
- Forward Security: prevents data from being decrypted after transmitted over the air. Attackers can’t capture wireless frames and try and decrypt them later
What does GMAC provide to a secure wireless connection?
a) Encryption
b) MIC
c) Authentication
d) Authorization
b) MIC
Which of the following are part of the 802.1x authentication architecture (pick 3)?
a) Supplicant
b) Verifier
c) Authentication host
d) Authenticator
e) Authentication server
a) Supplicant
d) Authenticator
e) Authentication server
Which of the following encryption/integrity methods is considered most secure?
a) WEP
b) TKIP
c) GCMP
d) CCMP
c) GCMP
Part of WPA3 and newest
Which of the following AES methods requires a certificate on both the supplicant and the AS?
a) EAP-FAST
b) LEAP
c) PEAP
d) EAP-TLS
d) EAP-TLS
Which of the following WPA3 security features protects the 4-way handshake when using personal authentication mode?
a) SAE
b) Forward Security
c) AES
d) PMF
a) SAE
Which of the following is used by WEP to provide encryption?
a) GCMP
b) RC4
c) CCMP
d) AES
e) TKIP
b) RC4
Describe the AAA override feature on a Cisco WLC
Can be used to configure VLAN tagging, QoS, and ACLs to individual clients based on RADIUS attributes
When configuring security on a new WLAN by using a Cisco WLC’s GUI, what security settings are you most likely to configure by using the L3 Security drop down list box on the L3 tab?
VPN Pass-Through
The VPN pass-through setting is only available when you are configuring a _____
WLAN
To minimize the amount of time it takes an 802.1x client to roam between access points, which L2 security method should be used?
802.1x + CCKM
Normally, 802.1x clients need to reauthenticate with each AP they are roaming between. Using 802.1x + CCKM key management eliminated the need to reauthenticate with the RADIUS server, reducing roam time.
