Wireless Network Security Overview

Questions and Answers

What is the primary focus of the IEEE 802.11 standards?

Wired network encryption protocols

Wireless Local Area Networks (WLANs) (correct)

Computer network architecture for wired connections

Mobile communication protocols

Which security method is known to have vulnerabilities associated with open system authentication?

WPA2

MAC Address Filtering

WEP

MAC address filtering, and WEP (correct)

What is a significant drawback of using MAC Address Filtering for access control?

It requires extensive administrative resources to manage.

It limits the number of devices that can connect to the network.

It can be easily spoofed by attackers. (correct)

It does not support network encryption.

What was the maximum speed of WLANs developed under the initial IEEE 802.11 standards?

1 and 2 Mbps (D)

What advantage does creating wireless VLANs provide in an organization?

They allow for traffic segmentation and enhanced security. (C)

Which vulnerability is commonly associated with WEP in wireless networks?

Static encryption keys (D)

Which of the following is a tool used for discovering rogue access points?

Wireless protocol analyzer. (B)

What is a limitation of MAC address filtering as a security measure?

MAC addresses can be easily spoofed. (B)

WEP is primarily known for which of the following drawbacks?

Easily exploitable encryption. (D)

What are wireless probes used for in enterprise wireless security?

To monitor RF frequency for unauthorized devices. (C)

Which device is specifically designed to perform centralized management of Thin Access Points?

Wireless controller. (C)

What is one primary purpose of implementing WPA2 Enterprise Security?

To provide robust authentication and encryption. (A)

What is a major vulnerability of Open System Authentication in IEEE 802.11?

It is susceptible to eavesdropping during the authentication process. (D)

Which of the following weaknesses is associated with MAC Address Filtering?

It enables easy spoofing of MAC addresses. (B)

What is a key disadvantage of using WEP for wireless security?

It uses static encryption keys, which can be easily compromised. (C)

Which security protocol is considered an improvement over WEP?

WPA (D)

What is the main purpose of WPA2 in terms of wireless network security?

To enhance data confidentiality and integrity. (B)

What feature distinguishes WPA Personal from WPA2 Personal?

WPA2 Personal utilizes Advanced Encryption Standard (AES). (C)

Which of the following best describes the IEEE 802.11i standard?

It focuses on securing wireless communication through robust protocols. (C)

How does WPA Personal control access to a wireless network?

Through the use of a pre-shared key (PSK). (B)

Study Notes

Wireless Network Security

• Wireless security protections are defined by IEEE 802.11 standards.
• The IEEE 802.11 committee was formed in 1990.
• The committee created standards that operate at speeds of 1 and 2 million bits per second (Mbps).
• IEEE 802.11 WLAN standards were approved in 1997.
• The revisions to these standards are:
  • IEEE 802.11a
  • IEEE 802.11b
  • IEEE 802.11g
  • IEEE 802.11n
• Wireless access can be controlled by limiting a device's access to the access point (AP).
• Implementing access control is not specified in the IEEE 802.11 standard.
• Most wireless AP (access point) vendors use MAC (Media Access Control) address filtering for access control.

Controlling Access

• MAC address filtering permits access rather than preventing it.
• Wired Equivalent Privacy (WEP) is designed to ensure only authorized users can view transmitted wireless information.
• WEP uses encryption to protect traffic.
• WEP criteria: efficient, exportable, optional, self-synchronizing, and reasonably strong.
• Shared secret keys in WEP must be a minimum of 64 bits in length.
  • 64-bit key
  • 128-bit key
  • Passphrase
• The AP and devices can store up to four shared secret keys, one must be the default.

Controlling Access (continued)

• The WEP encryption process involves several steps: initialization vector (IV), secret key, PRNG (pseudorandom number generator) to generate a keystream, XOR operation to generate ciphertext.
• The process is repeated in the receiving device to get back the original data.
• Wireless LANs cannot limit access to the wireless signal by walls or doors. This is known as data emanation.

Controlling Access (continued)

• Device authentication:
  • Open system authentication: based on matching SSIDs (server set identifiers). The easiest way to discover the SSID is by not doing anything and exploiting the beacon frame process.
  • Shared key authentication: the laptop sends an authentication frame. Then, the access point (AP) sends a challenge text which the laptop encrypts. The AP compares this encrypted text with the key it holds
• Passive scanning is a method used to discover available wireless networks.
• Some wireless security sources encourage users to configure their APs to prevent beacon frames from including the SSIDs. Instead, users should require manual entry into the device.

Controlling Access (continued)

• Problems arise when the SSID is not beaconed (hidden). This can affect roaming and devices running Windows XP. SSIDs can still be discovered when they are not contained in beacon frames.
• A WLAN (wireless local area network) can have multiple access points (APs).

MAC Address Filtering Weaknesses

• MAC addresses are initially exchanged in an unencrypted format.
• An attacker can easily see a MAC address whitelist used to determine who is authorized to join the network.
• Managing a large number of MAC addresses for large networks can be challenging.
• MAC address filtering does not offer a way to temporarily allow guest users to access a network without manually adding their MAC address to the access point.

WEP

• To encrypt packets, WEP can only use 64-bit or 128-bit numbers.
• These numbers are made up of a 24-bit initialization vector and 40-bit or 104-bit default key.
• The short length of the default key reduces the strength of WEP.
• WEP implementations violate cryptography cardinal rules by creating detectable patterns and IVs would start repeating in fewer than seven hours.
• WEP weakness allows for keystream attacks to determine the keystream by analyzing two packets with the same IV.

WEP (continued)

Personal Wireless Security

• Wireless security requirements for personal devices are based on WPA Personal Security and WPA2 Personal Security models.

WPA Personal Security

• The Wireless Ethernet Compatibility Alliance (WECA).
• WECA goals: encourage use of IEEE 802.11 technologies.
• WPA had a design goal to address present and future wireless devices, and to address authentication and encryption.
• Two main components working together to secure wireless networks include PSK (pre-shared key) authentication and TKIP (Temporal Key Integrity Protocol).

WPA Personal Security (continued)

• Preshared key (PSK) authentication uses a passphrase to generate the encryption key.
• A key is created and entered into both the access point and the wireless devices.
• The PSK is not used for encryption. Instead, it serves as the starting point (seed) for mathematically generating the encryption keys.
• WPA replaces WEP's encryption with TKIP.
• TKIP has several advantages: longer 128-bit key; TKIP keys are per-packet (unique); and stronger when coupled with other technologies.
• WPA also replaces WEP's CRC (Cyclic Redundancy Check) function with the MIC (Message Integrity Check).

WPA2 Personal Security

• WPA2 was introduced in September 2004 as an improvement on WPA.
• PSK authentication: intended for personal and small office home office users.
• Authentication changes in WPA2 happens after a specific period of time called the rekey interval.
• PSK key management weaknesses: Manually distributed keys, PSK only uses a single key, changing the PSK requires reconfiguration on every device, guest access requires supplying the key

WPA2 Personal Security (continued)

• A PSK is a 64-bit hexadecimal number usually generated by entering a passphrase.
• Passphrases of fewer than 20 characters can be vulnerable.
• AES-CCMP Encryption for encryption.

WPA2 Personal Security (continued)

• CCMP is based on Counter Mode with CBC-MAC (CCMP:block cipher contains counter mode and cbc mac), using the Advanced Encryption Standard (AES) encryption algorithm.
• CCM is the algorithm providing data privacy, also using Cipher Block Chaining Message Authentication Code (CBC-MAC).
• CCMP provides data integrity and authentication.

Enterprise Wireless Security

• The enterprise wireless security options can be grouped into those that follow IEEE 802.11i standard and those following WPA and WPA2.
• IEEE 802.11i addresses the weakness of wireless networks in encryption and authentication by replacing WEP's original PRNG RC4 with a stronger cipher. 
• The cipher performs three steps on every block of 128 bits of plaintext.
• IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard

Enterprise Wireless Security (continued)

• Key-caching stores information from devices on the network for users roaming away and returning, avoiding re-entry of credentials.
• Pre-authentication allows devices to authenticate to an access point (AP) before the device is in range.

WPA Enterprise Security

• The WPA Enterprise security model is designed for medium- to large-sized organizations.
• It provides improved authentication and encryption compared to the personal model.
• Authentication uses IEEE 802.1x, and encryption uses TKIP.

WPA Enterprise Security (continued)

• IEEE 802.1x authentication provides an authentication framework for IEEE 802-based LANs. It uses port-based authentication and does not perform encryption.
• TKIP is an improvement on WEP. It is designed for use with existing WEP procedures.

WPA2 Enterprise Security

• WPA2 enterprise security provides the highest level of secure authentication and encryption on wireless LANs.
• It uses IEEE 802.1x authentication and AES-CCMP encryption.
• Uses 128-bit key and 128-bit block.

Enterprise Wireless Security Devices

• Thin Access Point: access points without authentication and encryption functionality, these functions take place on the wireless switch. 
• The access points (AP) can be managed from one central location, where authentication happens.
• Wireless VLANS can be used to segment traffic and increase security. The flexibility of a wireless VLAN depends on the device that separates packets and directs them to different networks.

Enterprise Wireless Security Devices (continued)

• Rogue Access Point Discovery Tools use wireless protocol analyzers to audit the RF airwaves for rogue access points.
• Monitoring RF (radio frequency) requires specialized sensors called wireless probes.
• Different types of wireless probes include wireless device probes, desktop probes, access point probes, and dedicated probes.

Network Vulnerabilities

• Two broad categories of network vulnerabilities: those based on network transport media and those found in the network devices themselves.

Media-Based Vulnerabilities

• Monitoring network traffic helps identify and troubleshoot problems.
• Use a switch with port mirroring to redirect traffic to designated monitoring ports.
• Use a network tap to monitor traffic between two network devices (switch, router, or firewall).

Description

This quiz covers the fundamental concepts of wireless network security, focusing on IEEE 802.11 standards and various security revisions. It also discusses access control methods like MAC address filtering and the role of WEP encryption in securing wireless networks. Test your knowledge on how these elements work together to protect wireless communications.