Wireless Security

Question 1

Wireless clients identify an AP by it’s IP address, TRUE or FALSE?

Answer 1

FALSE. They identify by the SSID

Question 2

What feature of wireless LAN control protocols help detect rogue APs?

Answer 2

The WLAN controller protocols (LWAPP and CAPWAP) use Radio Resource Management that checks for rogue activity

Question 3

How does Cisco Unified Wireless Network help to defend against unauthorized access to the corporate LAN through insecure ad-hoc networks?

Answer 3

It sends out DEAUTHENTICATION frames to stop ad hoc association

Question 4

How can Management Frame Protection protect from DoS attacks on the wireless network?

Answer 4

Because DoS attacks use association frames to flood the network, and those frames are classed as management frames, MFP can prevent the deluge

Question 5

How do wireless LAN DoS attacks typically work?

Answer 5

By flooding the network with deauthentication or disassociation frames to remove hosts from their networks

Question 6

In infrastructure mode, what does an AP do when it receives an MFP protected frame from an unknown SSID?

Answer 6

It queries the controller for the key. If the BSSID isn’t in recognized by the controller it will drop the frame.

Question 7

Describe the difference between and IDS and IPS

Answer 7

1) IDS purely detects malicious behaviours

2) An IPS will detect and block malicious behaviours

Question 8

What is open authentication?

Answer 8

authenticating by supplying the SSID

Question 9

Why isn’t WEP used in today’s VLANs

Answer 9

Because it sends the challenge in clear-text

Question 10

Which networking access protocol is required under 802.1x to authenticate credentials for WPA/WPA2 Enterprise

Answer 10

RADIUS (Remote Authentication Dial-In User Service)

Question 11

802.1x provides AAA services, true or false?

Answer 11

True

Question 12

Once RADIUS authenticates, what does it allow us to do with those connections?

Answer 12

1) Specify the type of rights a user has
2) Control what they can do on the network
3) Records all access attempts and actions

Question 13

Which two groups created Temporal Key Integrity Protocol?

Answer 13

802.11i and the Wi-Fi Alliance

Question 14

What’s the difference between WPA and WPA2?

Answer 14

WPA2 uses the stronger AES-CCMP encryption

Question 15

What is the PSK and how is it used by TKIP and AES?

Answer 15

Pre-Shared Key. It verifies users on an AP using a passphrase (i.e. the wifi password). The PSK also provides keying material for TKIP and AES to generate keys for each packet transmitted.

Question 16

What 3 things are wireless packet keys made up of?

Answer 16

1) base key
2) transmitting device’s MAC address
3) packet’s serial number

Question 17

What encryption alogorithm does TKIP use?

Answer 17

RC4

Question 18

What’s the difference between WEP and TKIP transmitted packets?

Answer 18

WEP uses the same encryption key for each packet, TKIP encrypts a different key on each packet transmitted. (this is the Temporal part of the acronym)

Question 19

What are nonces and what part of a packet key uses it?

Answer 19

Nonces are an assortment of random numbers gleaned from the workstation. They’re used to construct the base key.

Question 20

How long is the encryption key used in TKIP and AES-CCMP?

Answer 20

TKIP - 128

AES - 256

Question 21

What key feature makes TKIP more secure than WEP?

Answer 21

It changes the key for each packet

Question 22

List in order from most secure 4 wireless security options

Answer 22

1) WPA2-PSK/AES
2) WPA2-PSK/TKIP
3) WPA-PSK/AES (mostly redundant option)
4) WPA-PSK/TKIP

Question 23

Which security protocol should ideally be disabled to prevent hackers gaining the PSK for WPA or WPA2?

Answer 23

Wi-Fi Protected Setup

Question 24

What is the most secure form of authentication and authorization on a WLAN?

Answer 24

WPA2 using Extensible Authentication Protocol to use security certificates to identify devices connecting to the AP

Question 25

What do you need implemented to use EAP and certificates to authenticate devices?

Answer 25

Public Key Infrastructure (Server that issues certificates)

Question 26

List the more secure versions of Extensible Authentication Protocol with most secure first.

Answer 26

1) EAP-TLS (Transport Layer Security) (hardest to implement)
2 EAP-FAST (Flexible Authentication via Secure Tunneling)
3) PEAP

Question 27

You’re configuring PEAP, where do you need to install the PKI certificate?

Answer 27

Server only

Question 28

EAP-TLS needs certificate only on the server side, TRUE or FALSE?

Answer 28

FALSE, both server and client require certificates installed

Question 29

TKIP uses what two things to seed the RC4 algorithm?

Answer 29

1) MAC address

2) Initialization Vector

Question 30

TKIP works with Message Integrity Checks to check the integrity of messages received at the access point. How many MIC CRCs need to fail and within what timer frame and then what happens if they do?

Answer 30

2 or more fail
Within 60 seconds
AP requires TKIP to rekey the RC4 seed value

Question 31

CCMP stands for?

Answer 31

Counter Cipher Mode with Block Chaining Message Authentication Code

Question 32

Which wireless security standard was deprecated in 2006?

Answer 32

WPA

Question 33

What’s the difference between personal mode and enterprise mode?

Answer 33

Authentication method.
Personal mode is for home use and uses a PSK
Enterprise mode is for organizations that can use 802.1x methods to authenticate.

Question 34

EAP-Flexible Authentication via Secure Tunnelling replaced Cisco’s LEAP - TRUE or FALSE

Answer 34

TRUE

Question 35

EAP-FASTs 3 phases involve what

Answer 35

Phase 0 - shared secret (like a key/passphrase) agreed
Phase 1 - secure tunnel established
Phase 2 - Authentication occurs

Question 36

Which version of EAP is an open standard and was defined by the IETF?

Answer 36

EAP-TLS

Question 37

Which EAP method underpins WPA and WPA2 enterprise authentication?

Answer 37

EAP-TLS

Question 38

Why is EAP-TLS harder to manage/implement?

Answer 38

Because it requires certificates on both client and server side

Question 39

Which type of EAP that uses TLS comes built in for support on Windows operating systems?

Answer 39

PEAP

Question 40

Which TLS enabled EAP protocol uses two phases where:
PHASE 1 - establishes an ‘outer’ secure tunnel using EAP-TLS to authenticate the server
PHASE 2 - using an ‘inner’ tunnel to authenticate the client e.g. using EAP-MS-CHAPv2

Answer 40

PEAP

Question 41

What is the bit-length of the WPA pre-shared key (not the encryption)?

Answer 41

256-bit

Question 42

EAP was designed to provide an authentication framework for point-to-point connections and wireless connections - true or false?

Answer 42

TRUE

Question 43

What is the name of the framework who’s purpose is to provide a secure way of transferring keying material and associated parameters for many types of authentication mechanisms?

Answer 43

EAP

Question 44

Which EAP method was developed by Cisco and is widely adopted on 3rd party network vendors? What is the major draw back?

Answer 44

Lightweight-EAP

It uses MS-CHAP which isn’t a very secure way of transferring user credentials

Question 45

What are the two AP control protocols?

Answer 45

*LWAPP = Lightweight Access Point Protocol, Cisco
CAPWAP = Control and Provisioning of Wireless Access Points

Question 46

What is the term used to describe when Access Points split duties between ones running a lightweight operating system and a controller?

Answer 46

Split MAC

Question 47

Which 2 main EAP implementations use tunnelling?

Answer 47

PEAP

EAP-FAST