Wireless Network Security Overview

Questions and Answers

What is the primary focus of the IEEE 802.11 standards?

• Wired network encryption protocols
• Wireless Local Area Networks (WLANs) (correct)
• Computer network architecture for wired connections
• Mobile communication protocols

Which security method is known to have vulnerabilities associated with open system authentication?

• WPA2
• MAC Address Filtering
• WEP
• MAC address filtering, and WEP (correct)

What is a significant drawback of using MAC Address Filtering for access control?

• It requires extensive administrative resources to manage.
• It limits the number of devices that can connect to the network.
• It can be easily spoofed by attackers. (correct)
• It does not support network encryption.

What was the maximum speed of WLANs developed under the initial IEEE 802.11 standards?

1 and 2 Mbps (D)

What advantage does creating wireless VLANs provide in an organization?

They allow for traffic segmentation and enhanced security. (C)

Which vulnerability is commonly associated with WEP in wireless networks?

Static encryption keys (D)

Which of the following is a tool used for discovering rogue access points?

Wireless protocol analyzer. (B)

What is a limitation of MAC address filtering as a security measure?

MAC addresses can be easily spoofed. (B)

WEP is primarily known for which of the following drawbacks?

Easily exploitable encryption. (D)

What are wireless probes used for in enterprise wireless security?

To monitor RF frequency for unauthorized devices. (C)

Which device is specifically designed to perform centralized management of Thin Access Points?

Wireless controller. (C)

What is one primary purpose of implementing WPA2 Enterprise Security?

To provide robust authentication and encryption. (A)

What is a major vulnerability of Open System Authentication in IEEE 802.11?

It is susceptible to eavesdropping during the authentication process. (D)

Which of the following weaknesses is associated with MAC Address Filtering?

It enables easy spoofing of MAC addresses. (B)

What is a key disadvantage of using WEP for wireless security?

It uses static encryption keys, which can be easily compromised. (C)

Which security protocol is considered an improvement over WEP?

WPA (D)

What is the main purpose of WPA2 in terms of wireless network security?

To enhance data confidentiality and integrity. (B)

What feature distinguishes WPA Personal from WPA2 Personal?

WPA2 Personal utilizes Advanced Encryption Standard (AES). (C)

Which of the following best describes the IEEE 802.11i standard?

It focuses on securing wireless communication through robust protocols. (C)

How does WPA Personal control access to a wireless network?

Through the use of a pre-shared key (PSK). (B)

Flashcards

IEEE (Institute of Electrical and Electronics Engineers)

Organization responsible for establishing standards for computer networking and wireless communications, including the 802.11 standard for WLANs.

IEEE 802.11 Standards

A set of standards developed by the IEEE that define various aspects of wireless local area networks (WLANs), including physical layer, data link layer, and security.

CRC (Cyclic Redundancy Check)

A security mechanism that validates the integrity of data packets by calculating a checksum based on the packet contents.

ICV (Integrity Check Value)

A security mechanism that verifies the authenticity and integrity of data packets by calculating a checksum that's encrypted with a shared secret key.

Wireless Authentication

A method of authentication that validates the identity of a wireless client before granting access to a wireless network.

Wireless Access Control

The process of ensuring that only authorized wireless clients can access a wireless network.

WEP (Wired Equivalent Privacy)

A security method that uses a shared secret key to encrypt data packets transmitted over a wireless network.

WPA (Wi-Fi Protected Access)

A security method that uses an algorithm called RC4 for data encryption and AES for key creation and distribution.

What is Open System Authentication?

Open System Authentication allows any device to connect to the wireless network without requiring authentication. It's fundamentally insecure as it relies on a pre-shared key.

What is WPA-PSK?

WPA Personal Security (WPA-PSK) uses a pre-shared key (PSK) for network access. It's more secure than WEP, but still vulnerable to attacks like dictionary attacks.

What is WPA2?

WPA2 uses the Advanced Encryption Standard (AES) for stronger encryption and provides more robust security than WEP or WPA.

What are MAC Address Filtering Weaknesses?

MAC address filtering blocks devices based on their MAC addresses. However, it's ineffective against attackers who can spoof their MAC addresses.

What is WEP?

WEP (Wired Equivalent Privacy) was the first standard for wireless security in 802.11 networks. WEP is considered severely insecure due to its weak encryption and inherent vulnerabilities.

What is the weakness with the WEP 40-bit key?

The 40-bit WEP key is considered weak and vulnerable to attacks where attackers can simply guess the keys and gain access to unauthorized data.

What is the vulnerability of WEP relies on a shared secret key?

WEP relies on a shared secret key for encryption. Shared secrets are vulnerable to attacks, especially when there are multiple users sharing a single key.

What is IEEE 802.11i?

The IEEE 802.11i standard is also known as WPA2. It's designed to improve security and address the weaknesses found in WEP and WPA.

Thin Access Point

A type of access point where authentication and encryption functions are handled by a separate device, typically a wireless switch.

Thick Access Point

A wireless access point that handles both authentication and encryption functions.

Hybrid Network

A network that uses both wired and wireless connections.

WPA Enterprise Security

A security protocol requiring authentication and encryption between wireless clients and a wireless access point.

WPA2 Enterprise Security

An advanced security protocol using AES encryption and 802.1x authentication to secure wireless networks.

Wireless VLANs

A method of segmenting a wireless network into separate virtual networks, enhancing security by separating traffic based on user type.

Wireless Protocol Analyzer

A tool used to scan wireless networks for rogue access points, unauthorized devices, or other wireless security vulnerabilities.

Wireless Probe

A specialized device that monitors the RF frequency to identify rogue access points and other wireless security threats.

Study Notes

Wireless Network Security

• Wireless security protections are defined by IEEE 802.11 standards.
• The IEEE 802.11 committee was formed in 1990.
• The committee created standards that operate at speeds of 1 and 2 million bits per second (Mbps).
• IEEE 802.11 WLAN standards were approved in 1997.
• The revisions to these standards are:
  • IEEE 802.11a
  • IEEE 802.11b
  • IEEE 802.11g
  • IEEE 802.11n
• Wireless access can be controlled by limiting a device's access to the access point (AP).
• Implementing access control is not specified in the IEEE 802.11 standard.
• Most wireless AP (access point) vendors use MAC (Media Access Control) address filtering for access control.

Controlling Access

• MAC address filtering permits access rather than preventing it.
• Wired Equivalent Privacy (WEP) is designed to ensure only authorized users can view transmitted wireless information.
• WEP uses encryption to protect traffic.
• WEP criteria: efficient, exportable, optional, self-synchronizing, and reasonably strong.
• Shared secret keys in WEP must be a minimum of 64 bits in length.
  • 64-bit key
  • 128-bit key
  • Passphrase
• The AP and devices can store up to four shared secret keys, one must be the default.

Controlling Access (continued)

• The WEP encryption process involves several steps: initialization vector (IV), secret key, PRNG (pseudorandom number generator) to generate a keystream, XOR operation to generate ciphertext.
• The process is repeated in the receiving device to get back the original data.
• Wireless LANs cannot limit access to the wireless signal by walls or doors. This is known as data emanation.

Controlling Access (continued)

• Device authentication:
  • Open system authentication: based on matching SSIDs (server set identifiers). The easiest way to discover the SSID is by not doing anything and exploiting the beacon frame process.
  • Shared key authentication: the laptop sends an authentication frame. Then, the access point (AP) sends a challenge text which the laptop encrypts. The AP compares this encrypted text with the key it holds
• Passive scanning is a method used to discover available wireless networks.
• Some wireless security sources encourage users to configure their APs to prevent beacon frames from including the SSIDs. Instead, users should require manual entry into the device.

Controlling Access (continued)

• Problems arise when the SSID is not beaconed (hidden). This can affect roaming and devices running Windows XP. SSIDs can still be discovered when they are not contained in beacon frames.
• A WLAN (wireless local area network) can have multiple access points (APs).

MAC Address Filtering Weaknesses

• MAC addresses are initially exchanged in an unencrypted format.
• An attacker can easily see a MAC address whitelist used to determine who is authorized to join the network.
• Managing a large number of MAC addresses for large networks can be challenging.
• MAC address filtering does not offer a way to temporarily allow guest users to access a network without manually adding their MAC address to the access point.

WEP

• To encrypt packets, WEP can only use 64-bit or 128-bit numbers.
• These numbers are made up of a 24-bit initialization vector and 40-bit or 104-bit default key.
• The short length of the default key reduces the strength of WEP.
• WEP implementations violate cryptography cardinal rules by creating detectable patterns and IVs would start repeating in fewer than seven hours.
• WEP weakness allows for keystream attacks to determine the keystream by analyzing two packets with the same IV.

WEP (continued)

Personal Wireless Security

• Wireless security requirements for personal devices are based on WPA Personal Security and WPA2 Personal Security models.

WPA Personal Security

• The Wireless Ethernet Compatibility Alliance (WECA).
• WECA goals: encourage use of IEEE 802.11 technologies.
• WPA had a design goal to address present and future wireless devices, and to address authentication and encryption.
• Two main components working together to secure wireless networks include PSK (pre-shared key) authentication and TKIP (Temporal Key Integrity Protocol).

WPA Personal Security (continued)

• Preshared key (PSK) authentication uses a passphrase to generate the encryption key.
• A key is created and entered into both the access point and the wireless devices.
• The PSK is not used for encryption. Instead, it serves as the starting point (seed) for mathematically generating the encryption keys.
• WPA replaces WEP's encryption with TKIP.
• TKIP has several advantages: longer 128-bit key; TKIP keys are per-packet (unique); and stronger when coupled with other technologies.
• WPA also replaces WEP's CRC (Cyclic Redundancy Check) function with the MIC (Message Integrity Check).

WPA2 Personal Security

• WPA2 was introduced in September 2004 as an improvement on WPA.
• PSK authentication: intended for personal and small office home office users.
• Authentication changes in WPA2 happens after a specific period of time called the rekey interval.
• PSK key management weaknesses: Manually distributed keys, PSK only uses a single key, changing the PSK requires reconfiguration on every device, guest access requires supplying the key

WPA2 Personal Security (continued)

• A PSK is a 64-bit hexadecimal number usually generated by entering a passphrase.
• Passphrases of fewer than 20 characters can be vulnerable.
• AES-CCMP Encryption for encryption.

WPA2 Personal Security (continued)

• CCMP is based on Counter Mode with CBC-MAC (CCMP:block cipher contains counter mode and cbc mac), using the Advanced Encryption Standard (AES) encryption algorithm.
• CCM is the algorithm providing data privacy, also using Cipher Block Chaining Message Authentication Code (CBC-MAC).
• CCMP provides data integrity and authentication.

Enterprise Wireless Security

• The enterprise wireless security options can be grouped into those that follow IEEE 802.11i standard and those following WPA and WPA2.
• IEEE 802.11i addresses the weakness of wireless networks in encryption and authentication by replacing WEP's original PRNG RC4 with a stronger cipher. 
• The cipher performs three steps on every block of 128 bits of plaintext.
• IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard

Enterprise Wireless Security (continued)

• Key-caching stores information from devices on the network for users roaming away and returning, avoiding re-entry of credentials.
• Pre-authentication allows devices to authenticate to an access point (AP) before the device is in range.

WPA Enterprise Security

• The WPA Enterprise security model is designed for medium- to large-sized organizations.
• It provides improved authentication and encryption compared to the personal model.
• Authentication uses IEEE 802.1x, and encryption uses TKIP.

WPA Enterprise Security (continued)

• IEEE 802.1x authentication provides an authentication framework for IEEE 802-based LANs. It uses port-based authentication and does not perform encryption.
• TKIP is an improvement on WEP. It is designed for use with existing WEP procedures.

WPA2 Enterprise Security

• WPA2 enterprise security provides the highest level of secure authentication and encryption on wireless LANs.
• It uses IEEE 802.1x authentication and AES-CCMP encryption.
• Uses 128-bit key and 128-bit block.

Enterprise Wireless Security Devices

• Thin Access Point: access points without authentication and encryption functionality, these functions take place on the wireless switch. 
• The access points (AP) can be managed from one central location, where authentication happens.
• Wireless VLANS can be used to segment traffic and increase security. The flexibility of a wireless VLAN depends on the device that separates packets and directs them to different networks.

Enterprise Wireless Security Devices (continued)

• Rogue Access Point Discovery Tools use wireless protocol analyzers to audit the RF airwaves for rogue access points.
• Monitoring RF (radio frequency) requires specialized sensors called wireless probes.
• Different types of wireless probes include wireless device probes, desktop probes, access point probes, and dedicated probes.

Network Vulnerabilities

• Two broad categories of network vulnerabilities: those based on network transport media and those found in the network devices themselves.

Media-Based Vulnerabilities

• Monitoring network traffic helps identify and troubleshoot problems.
• Use a switch with port mirroring to redirect traffic to designated monitoring ports.
• Use a network tap to monitor traffic between two network devices (switch, router, or firewall).