wireless security facts

Question 1

Wireless networks are everywhere. When a user connects to a wireless network, the expectation is that the connection is secure and the data is protected. Because the wireless signal is an unbounded medium, anyone can intercept the data if it is not properly secured. (true/false)

Answer 1

true

Question 2

A user must first be _____ before connecting to the wireless network.

Answer 2

authenticated

Question 3

Authentication

Answer 3

is the process of proving the user’s identity and proving that the user is allowed to be on the network.

Question 4

_____ is a passphrase a user enters to access the wireless network. This is probably the most commonly used access method.

Answer 4

A pre-shared key (psk)

Question 5

Wi-Fi Protected Setup (WPS)

Answer 5

works only on a network that uses a PSK and an appropriate encryption protocol, such as Wi-Fi Protected Access 2 (WPA2) or Wi-Fi Protected Access 3 (WPA3).

Question 6

WPS allows a device to securely connect to a wireless network without entering the PSK. (true/false)

Answer 6

true

Question 7

To connect to a device on a wifi protected setup:

Answer 7

-You first press the button on the access point that initiates a search for devices in range.
-The connecting device may have a WPS button that will automatically join it to the access point.
-If there is no button, you enter (on the device) the eight-digit pin unique to the access point.

Question 8

Some devices and access points can also use NFC during the WPS process to connect to each other.

Answer 8

facts

Question 9

open network

Answer 9

-has no authentication
-It allows anyone to connect to the network.
-This access method should be used only in public places that want to offer free wireless access

Question 10

Many open networks implement a _____.

Answer 10

captive portal

Question 11

After a device connects to the wireless network but before it can access the internet, the user is redirected to a _____.

Answer 11

captive portal page.

Question 12

(Captive Portal)
The user might be prompted to agree to the terms and conditions of using the network or even asked to pay a fee before being granted internet access. (true/false)

Answer 12

true

Question 13

Enterprise level networks need a high level of security. Many enterprise networks use the _____ protocol to authenticate users to the wireless network.

Answer 13

802.1x

Question 14

_____ is a standard for local area networks created by The Institute of Electrical and Electronics Engineers Standards Association (IEEE-SA). This standard is often labeled IEEE _____.

Answer 14

802.1x

Question 15

On a wired network, user authentication activates the port the user is connected to. If the user activation fails, the port remains off. You implement the 802.1x protocol in a wireless network by enabling a virtual port when the user is authenticated.

Answer 15

facts

Question 16

There are three components in a wireless 802.1x setup:

Answer 16

1) Supplicant – The wireless client.
2) Authenticator – This device responsible for handling the communications between the supplicant and authentication server.
3) Authentication server – The server that contains the centralized database for user authentication.

Question 17

802.1x implementations on wireless networks often use _____.

Answer 17

Remote Authentication Dial-In Service (RADIUS).

Question 18

Remote Authentication Dial-In Service (RADIUS)

Answer 18

-started in 1991
-It was originally used to authenticate users to the remote network over a dial-up network.
-known as a triple-A protocol.
-This means it provides authentication, authorization, and accounting management.

Question 19

When using 802.1x authentication for wireless networks with RADIUS, keep in mind: (1/5)

Answer 19

A RADIUS server is required to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells and authenticate using the same account information.

Question 20

When using 802.1x authentication for wireless networks with RADIUS, keep in mind: (2/5)

Answer 20

A PKI is required for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate.

Question 21

When using 802.1x authentication for wireless networks with RADIUS, keep in mind: (3/5)

Answer 21

The wireless access point is a RADIUS client.

Question 22

When using 802.1x authentication for wireless networks with RADIUS, keep in mind: (4/5)

Answer 22

The wireless access point forwards the wireless device’s credentials to the RADIUS server for authentication.

Question 23

When using 802.1x authentication for wireless networks with RADIUS, keep in mind: (5/5)

Answer 23

A RADIUS federation is multiple RADIUS servers that communicate with each other after establishing a trust relationship. These servers may be on different networks and could span multiple organizations.

Question 24

Enabling the proper encryption protocol is perhaps the most important security setting for a wireless network. For most users, WPA2 or WPA3 will be the best option. (true/false)

Answer 24

true

Question 25

WPA2

Answer 25

-is the implementation name for wireless security that adheres to the 802.11i specifications.
- introduced in 2004 and is still heavily used in today’s networks.

Question 26

There are two version of WPA2 available:

Answer 26

-WPA2-Personal
-WPA2-Enterprise

Question 27

• Also known as WPA2-PSK
• This version uses a pre-shared key (passphrase) to protect the network.

Answer 27

WPA2-Personal

Question 28

WPA2-PSK uses Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code (AES-CCMP) to encrypt all data. (true/false)

Answer 28

true

Question 29

_____ is the encryption algorithm

Answer 29

AES

Question 30

_____ uses a 128-bit key and a 128-bit block size.

Answer 30

AES-CCMP

Question 31

When a device connects to the access point, a 4-way handshake occurs to authenticate the device.
The process uses the pre-shared key and SSID to generate a session key during this process.
The handshake does have some vulnerabilities that a hacker can use to intercept the data and perform offline password attacks against.

Answer 31

facts

Question 32

This version uses a RADIUS server to authenticate users to the network.

Answer 32

WPA2-Enterprise

Question 33

_____ was introduced in 2018 to address the vulnerabilities inherent in the WPA2 handshake and to support newer technologies.

Answer 33

WPA3

Question 34

Instead of using the pre-shared key, WPA 3 implements the Simultaneous Authentication of Equals (SAE) standard. (true/false)

Answer 34

true

Question 35

_____ uses a 128-bit key and perfect forward secrecy to authenticate users (WPA-3)

Answer 35

SAE

Question 36

Perfect forward secrecy

Answer 36

-is a cryptography method that generates a new key for every transmission.
-This makes the handshake much more secure from hackers.
-If any portion of the handshake is intercepted, the key is still unable to be cracked.

Question 37

Additional security measures you can set up on all wireless networks include: (1/5)

Answer 37

Change the default username and password for the wireless access point.
The default username and passwords for many wireless access points are readily available on the internet.
A potential attacker will typically attempt to use these credentials first.

Question 38

Additional security measures you can set up on all wireless networks include: (2/5)

Answer 38

Disabling the SSID broadcast will help hide the network from the casual observer. A potential attacker can still easily discover the SSID, but disabling the SSID broadcast creates an extra step.

Question 39

Additional security measures you can set up on all wireless networks include: (3/5)

Answer 39

-Enable MAC address filtering.
-This setting allows access only to devices with the specified MAC addresses.
-A potential attacker is still able to intercept the signal and identify the MAC address of an allowed device and then spoof that MAC address to gain access.
-However, enabling MAC address filtering creates an additional barrier for the attacker.

Question 40

Additional security measures you can set up on all wireless networks include: (4/5)

Answer 40

-Update the wireless access point firmware.
-As security threats become known, manufacturers often release fixes to address known issues to prevent attacks.

Question 41

Additional security measures you can set up on all wireless networks include: (5/5)

Answer 41

Enable and properly configure the firewall. The firewall will help in stopping an attacker from gaining access through open ports.

Question 42

While there is no one definitive method to secure a wireless network, implementing multiple security measures make it more difficult for an attacker to gain access.

Answer 42

facts