Lec 10 - Wireless Network Security Quiz

Questions and Answers

What role does the access point (AP) serve in a Basic Service Set (BSS)?

• It functions as a bridge and a relay point. (correct)
• It directly connects all client stations to each other.
• It enhances the signal strength of client stations.
• It manages the frequency bands used by the stations.

Which of the following fields in a MAC protocol is responsible for error detection?

• MAC Control
• Destination MAC Address
• MAC Service Data Unit
• CRC field (correct)

In a BSS, how do client stations communicate with each other?

• Using peer-to-peer connections.
• Directly through a shared medium.
• Through the access point only. (correct)
• By broadcasting messages to all stations.

What does the MAC header in an MPDU contain?

Control information for the MAC protocol. (A)

What is the smallest building block of a wireless LAN, according to the provided content?

Basic Service Set (BSS) (A)

What is one of the main purposes of the access control function?

To enforce the use of authentication and facilitate key exchange (C)

What happens if the calculated CRC value does not match the received CRC value?

The frame is discarded as it is corrupted. (C)

Which protocol is specifically designed to enhance security for older devices using WEP?

Temporal Key Integrity Protocol (TKIP) (D)

What is the primary function of MAC-level data encryption in secure wireless communications?

To ensure data is not altered during transmission (C)

In the context of the MAC protocol, what does the Source MAC Address specify?

The physical address of the originating station. (C)

Which field follows the MAC Service Data Unit (MSDU) in a MAC frame?

MAC Trailer (B)

Which of the following is a characteristic of the Counter Mode-CBC MAC Protocol (CCMP)?

Utilizes the cipher-block chaining method for integrity and AES for confidentiality (B)

In the authentication phase, what does the EAP exchange specifically accomplish?

Authenticates the Station (STA) and the Authentication Server (AS) (D)

What does a cipher suite define in the context of wireless security protocols?

The specific algorithms and key lengths used for both confidentiality and integrity (D)

Which approach is recommended for ensuring multicast/broadcast traffic security in a wireless network?

Using the same protocols and ciphers dictated by the Access Point (AP) (D)

What occurs during the secure key delivery phase of the authentication process?

The AS creates and sends a master session key to the STA (D)

What is the primary purpose of the IEEE 802.1X standard in wireless networks?

To provide port-based network access control (D)

Which statement correctly describes the role of access points (APs) in wireless networks?

APs facilitate communication between wireless stations and can control multicast security protocols (B)

Which of the following would NOT be a recommended method for securing a wireless network?

Broadcast your network identifier (B)

What does the term 'de-perimeterization' refer to?

The elimination of fixed network boundaries (D)

What security threat is associated with using untrusted mobile devices?

Potential unauthorized network access (A)

Which of the following is an authentication mechanism mentioned for preventing unauthorized access?

Wi-Fi Protected Access (WPA) (B)

What is the best practice to protect against eavesdropping in wireless networks?

Use a robust encryption protocol (D)

Which option describes the Wi-Fi Alliance?

A consortium for Wi-Fi certification and interoperability (A)

What would be a consequence of using untrusted networks?

Increased risk of data breaches (B)

Which of the following devices is most vulnerable to network injection attacks?

A device with outdated software (D)

Which IEEE 802.11 standard was the first to gain broad industry acceptance?

802.11b (B)

Flashcards

Access Control

A function that enforces authentication, manages message routing, and facilitates key exchange in a network.

Privacy and Integrity (MAC-level)

Data encryption along with a message integrity code to ensure data hasn't been tampered with.

Wireless Communication Types

Describes three scenarios of wireless communication: two stations in the same BSS, two stations in an ad-hoc network, and two stations across BSSs.

Authentication Phase

The process where a station (STA) and access point determine authentication methods, confidentiality, and key management.

EAP Exchange

The exchange of authentication messages between the station and the authentication server.

Master Session Key

A cryptographic key generated for secure communication session.

Cipher Suite

Specification of a protocol and its associated key length.

TKIP (Temporal Key Integrity Protocol)

A security protocol designed for older wireless LAN devices, requiring less change to existing software.

CCMP (Counter Mode-CBC MAC Protocol)

Security protocol designed for newer wireless devices supporting hardware using AES for encryption.

Unicast Traffic Security

Security protocols for communication between a specific station (STA) and its access point (AP).

Wireless Network Security

Protecting wireless networks from unauthorized access and threats.

IEEE 802.1X

A standard for network access control, used to authenticate devices connecting to a wireless network.

Unauthorized Access

Gaining entry to a network or system without permission.

Rogue Access Points

Unauthorized wireless access points that can be used to compromise a network.

Network Encryption

Using codes to protect data transmitted over a wireless network.

Mobile Device Security

Protecting mobile devices and their access to corporate resources.

De-perimeterization

The blurring of traditional network boundaries.

Wi-Fi Alliance

Industry group focusing on Wi-Fi interoperability and security.

802.11 Terminology

Describes how different wireless standards (Wi-Fi) work.

Physical Security Controls

Measures to protect physical access to network equipment and resources.

MAC Header

The control information preceding the data field in a MAC frame. It includes fields like Destination MAC Address, Source MAC Address, and MAC Control.

MAC Trailer

The control information following the data field in a MAC frame. It contains the CRC for error detection.

CRC (Cyclic Redundancy Check)

An error detection code calculated based on the entire MAC frame. It helps detect if data has been corrupted during transmission.

Basic Service Set (BSS)

The smallest building block of a wireless LAN, consisting of wireless stations sharing the same wireless medium and using the same MAC protocol.

Access Point (AP)

A device in a wireless network that acts as a bridge between wireless stations and the wired network, and also relays data between stations within the BSS.

Distribution System (DS)

The backbone network connecting multiple BSSs, enabling communication between stations in different BSSs.

Cell (in wireless LAN)

A wireless LAN area, also known as a BSS, defined by the coverage of a single access point.

Relay Point

The role of an Access Point (AP) in sending MAC frames between stations in the same BSS or between different BSSs.

Study Notes

Wireless Network Security

• Wireless networks have a higher security risk compared to wired networks due to several factors
• Channel: Wireless networks use broadcast communication, making them more susceptible to eavesdropping and jamming. Active attacks exploiting communication protocol vulnerabilities are a risk.
• Mobility: Wireless devices are highly portable, increasing the risk of various threats.
• Resources: Some mobile devices have limited memory and processing power, hindering their ability to effectively handle security threats, like denial-of-service attacks and malware.
• Accessibility: Wireless devices in remote or hostile locations are more vulnerable to physical attacks.

Wireless Network Threats

• Accidental Association: Unintentional connection to a neighboring network exposes resources.
• Malicious Association: A device impersonating a legitimate access point allows attackers to steal passwords and penetrate wired networks.
• Ad Hoc Networks: Peer-to-peer wireless networks lacking central control pose security risks.
• Nontraditional Networks: Personal networks (Bluetooth, barcode readers) introduce vulnerabilities.
• Identity Theft (MAC Spoofing): Attackers gain network privileges by eavesdropping and spoofing MAC addresses.
• Man-in-the-Middle Attacks: Attackers intercept communication between a user and access point.
• Denial-of-Service (DoS) Attacks: Attackers flood a wireless access point with messages to overwhelm and exhaust resources.
• Network Injection: Attackers exploit exposed wireless access points with bogus commands to disrupt router and switch performance.

Securing Wireless Transmissions

• Principal threats: Eavesdropping, message alteration/insertion, and disruption are primary issues
• Countermeasures (eavesdropping): Signal hiding techniques (reducing SSID broadcast, cryptic names, reduced signal strength, indoor placement) and encryption are essential.
• Encryption: Encryption is the standard method for preventing transmission alteration or insertion

Securing Wireless Networks

• The primary threat is unauthorized access.
• Principal Approach: IEEE 802.1X standard for port-based network access control.
• 802.1X: Provides authentication mechanisms for devices connecting to a LAN.
• Rogue Access Points: 802.1X prevents rogue access points and unauthorized devices from becoming insecure backdoors.

Wireless Network Security Techniques

• Encryption: Use encryption protocols (e.g., WPA2).
• Software protection: Install anti-virus and anti-spyware software and firewalls.
• Disable identifier broadcasting: disable SSID broadcasting to reduce visibility
• Change pre-set passwords: Change default router passwords and administration passwords.
• Change identifiers: Change default network identifiers for routers.

Mobile Device Security

• Organizations need to accommodate the growing use of mobile devices, cloud-based applications, and de-perimeterization.
• Multiple network perimeters encompass devices, applications, users and data.
• External business requirements: Businesses require network access from various locations using various devices.

Security Threats

• Lack of physical security controls: Vulnerability to physical attacks.
• Use of untrusted networks: Use of unverified or insecure networks.
• Use of untrusted applications: Use of unverified software or apps.
• Interaction with other systems: Interfacing with other insecure systems.
• Use of location services: Risk associated with the use of location services.
• Use of untrusted mobile devices: Using unsecure mobile devices
• Use of untrusted content: Accessing content from unverified resources.

IEEE 802.11 Terminology

• Access Point (AP): Any entity serving as a wireless access point providing network access.
• Basic Service Set (BSS): A set of stations controlled by one coordination function.
• Coordination Function: The logical function governing station transmission and reception within the BSS.
• Distribution System (DS): Connects BSSs and integrated LANs.
• Extended Service Set (ESS): Multiple interconnected BSSs, appearing as one to the LLC layer.
• MAC Protocol Data Unit (MPDU): The data unit exchanged between MAC entities on the physical layer.
• MAC Service Data Unit (MSDU): Data delivered as a unit between MAC users.
• Station: Any device conforming to IEEE 802.11 MAC and physical layer standards.

Wireless Fidelity (Wi-Fi) Alliance

• 802.11b/g/n: Wi-Fi standards for wireless networks.
• Wi-Fi Alliance: Industry consortium promoting interoperability of wireless products.
• WPA (Wi-Fi Protected Access): A set of security mechanisms to eliminate 802.11 security issues.
• WPA2: Advanced security standard for wireless networks.

IEEE 802.11 Protocols and Formats

• IEEE 802.11 MPDU (MAC Protocol Data Unit) Format: Contains MAC header, data field and MAC footer.
• Physical Layer: Lowest layer in the protocol stack handling, encoding, decoding and transmission signals.
• Logical Link Control (LLC): Logical data transmission within a wireless local area network.

IEEE 802.11 Services

• Services related to network association, authentication, dauthentication, disassociation, integration and privacy between stations, access points and distribution system. This allows data transfer between stations/access point and includes security aspects.

Distribution of Messages Within DS

• Distribution: Primary service handling data transfer between stations in different BSSs via the DS.
• Integration: Enables data transfer between stations on an 802.11 LAN and another integrated 802.11 LAN.

Association Related Services

• No transition: Stations are stationary within a single BSS.
• BSS transition: Stations move within the same ESS.
• ESS transition: Stations move between different BSSs within the same extended service set (ESS).

Services (Association, Reassociation, Disassociation)

• Association: Establishes the initial connection between the station and access point.
• Reassociation: Enables a mobile station to transfer its active association between one access point and another.
• Disassociation: Terminates existing station-to-access point associations either by request from station or AP.

Wireless LAN Security

• Wired Equivalent Privacy (WEP): 802.11 security algorithm.
• Wi-Fi Protected Access (WPA): Security standard addressing vulnerabilities in WEP.
• Robust Security Network (RSN): Advanced security standard based on 802.11i.

Authentication and Key Generation

• A protocol defines an exchange between a user and an authentication server.
• This process verifies user identity and creates temporary keys for wireless communications.

Temporal Key Integrity Protocol (TKIP)

• A security protocol designed to support existing WEP devices without hardware changes.
• Message integrity: Provides message integrity protection for multicast/broadcast.
• Data confidentiality: Encrypts protected data (only traffic between STA and AP).

Counter Mode-CBC MAC Protocol (CCMP)

• CCMP is designed for hardware-supported devices and provides both message integrity and data confidentiality for multicast/broadcast channels.
• Uses cipher-block-chaining message authentication code for integrity, along with block cipher modes of operation to encrypt data.

Description

This quiz explores the various aspects of wireless network security, including risks associated with broadcast communication, mobility, and limited resources of mobile devices. Test your knowledge on the different threats such as accidental and malicious associations that can compromise wireless networks.