Term
| 64. List 2 WLAN security issues |
|
Definition
• A wireless sniffer can view all WLAN data packets
• Anyone in AP coverage area can access the WLAN |
|
|
Term
| 65. How does 802.11 WEP solve the issues with WLAN sec issues? |
|
Definition
• Encrypts all data transmitted between client and AP
• Without encryption key, user cannot transmit or receive data |
|
|
Term
| 67. Explain the stages of the WEP encryption process (5) |
|
Definition
• Compute ICV using CRC-32 against plaintext message
• Concatenate ICV to plaintext message
• Choose random IV and concatenate it to the secret key and input it to RC4 to produce pseudo random key sequence
• Encrypt plaintext + ICV by doing bitwise XOR with key sequence to produce ciphertext
• Put IV in front of ciphertext |
|
|
Term
| 68. Explain the stages of the WEP decryption process (4) |
|
Definition
• IV of message used to generate key sequence k
• Ciphertext XOR k -> original plaintext + ICV
• Verify by computing integrity check on plaintext (ICV2) and comparing to recovered ICV.
• If the two don’t match it’s wrong |
|
|
Term
|
Definition
• Forgery
• Replay
• Collision
• Weak key
* FMS |
|
|
Term
| 70. In which way is WEP2 an improvement over WEP |
|
Definition
• 128 bit key
• Kerberos authentication (ticket based) |
|
|
Term
|
Definition
• Rotates WEP key (increases key space)
• Easy deployment – common feature
• Generally support for up to 4 keys per device/AP
• Vendor specific implementations e.g. For 3COM |
|
|
Term
| 73. What does EAP stand for? List 5 variations of EAP |
|
Definition
Extensible Authentication Protocol
• EAP-Transport Layer Security (EAP-TLS)
• Lightweight EAP (LEAP)
• EAP-Tunneled TLS (EAP-TTLS)
• Protected EAP (PEAP)
• Flexible Authentication via Secure Tunneling (FAST) |
|
|
Term
| 74. Why are there different versions of EAP? |
|
Definition
| Each version leads to different logons, credentials and authentication databases |
|
|
Term
|
Definition
| • Temporal Key Integrity Protocol (TKIP) |
|
|
Term
| 76. What does MIC stand for, and what are its goals? |
|
Definition
Message Integrity Check
• Prevents attackers from capturing, altering and resending data packets |
|
|
Term
| 77. How does PSK Authentication function? (2) |
|
Definition
• Uses manually entered passphrase to randomly generate key
• The key is created and entered into the access point before communication can begin |
|
|
Term
| 78. What does TKIP use to address WEP vulnerabilities (3) |
|
Definition
• MIC
• IV sequence
• TKIP key mixing |
|
|
Term
| 79. How does 802.11i implement port security? |
|
Definition
| Blocks traffic port-by-port until the client is authenticated using credentials stored on authentication server |
|
|
Term
| How does 802.11i authenticate users? (5) |
|
Definition
• Device asks to join
• AP asks device to verify identity
• Device sends identity to authentication server
• Authentication server verifies identity
• Device can join wireless LAN |
|
|
Term
| How often does WPA2 change keys? How long (in characters) is the shared secret used to rekey?(2) |
|
Definition
• PSK keys are changed (rekeyed) after a set time / number of packets
• Rekeyed using 20 character shared secret at AP and devices |
|
|
Term
| 83. AES cipher key length can be ___ bits (3) |
|
Definition
|
|
Term
| 84. AES number of rounds can be __ (3) |
|
Definition
|
|
Term
|
Definition
| Counter mode with cipher block Chaining Message Authentication Protocol |
|
|
Term
| 86. A flaw has been discovered with WPS – WiFi protection, which is… |
|
Definition
|
|
Term
| 87. List some alternatives to WPA (8) |
|
Definition
• VPN
• Captive Portal
• VLANs
• WiFi mesh
• 802.16 (WiMax)
• MANET
• Certificate Authority
• Alternative |
|
|
Term
|
Definition
| A web page that wireless users must visit before being allowed onto the internet |
|
|
Term
| A captive portal is used in order to… (3) |
|
Definition
• Identify rules/policies
• Advertise
• Authenticate against a RADIUS server |
|
|
Term
| 90. VLANs combine what and what |
|
Definition
| An unencrypted WLAN with a VPN |
|
|
Term
| 95. What are three possible attacks against a MANET? |
|
Definition
• Packet misrouting
• Impersonation
• Sybil Attack |
|
|
Term
|
Definition
| An impersonation attack where the attacker imitates several nodes – more difficult to detect. |
|
|
Term
|
Definition
Reasonably strong
Self-synching
Computationally efficient
Exportable |
|
|
Term
| What keys and shit does WEP have? |
|
Definition
- Secret key (40/104 bits)
- IV (24bits)
- RC4 PRNG
- Integrity Check Value (ICV) CRC:32 |
|
|
Term
|
Definition
| An authentication process |
|
|
Term
|
Definition
| Client associates with an AP but cannot send data until the EAP authentication is complete. |
|
|
Term
| What key length does 802.1x encrypt with? How many packets are encrypted at a time? |
|
Definition
| • Replaces WEPs encryption key with 128 bit per-packet key |
|
|
Term
| How does 802.1x prevent collisions? |
|
Definition
| Prevents collisions by using a whole new key for each packet |
|
|
Term
| What is MIC designed to prevent? |
|
Definition
| Capturing, altering and resending data packets |
|
|
Term
| What are the two ways that MIC auths? |
|
Definition
|
|
Term
|
Definition
| Simultaneous Authentication of Equals |
|
|
Term
|
Definition
| A peer authentication method? |
|
|
Term
| What is SAE resistant to? |
|
Definition
| Resistant to active, passive, dictionary attack |
|
|
Term
| What is zero knowledge proof and what authentication mechanism uses this? |
|
Definition
interactive method for one party to prove to another that a statement is true, without revealing anything other than the veracity of the statement
SAE uses it |
|
|
Term
| What the devil is extensible? |
|
Definition
| Design with future growth in mind, my good man. |
|
|
Term
| How does forgery work? (vs WEP) |
|
Definition
| Packet headers are unprotected, can fake src and dest addresses. AP will then decrypt data to send to other destinations. |
|
|
