Podcast
Questions and Answers
What role does the access point (AP) serve in a Basic Service Set (BSS)?
What role does the access point (AP) serve in a Basic Service Set (BSS)?
Which of the following fields in a MAC protocol is responsible for error detection?
Which of the following fields in a MAC protocol is responsible for error detection?
In a BSS, how do client stations communicate with each other?
In a BSS, how do client stations communicate with each other?
What does the MAC header in an MPDU contain?
What does the MAC header in an MPDU contain?
Signup and view all the answers
What is the smallest building block of a wireless LAN, according to the provided content?
What is the smallest building block of a wireless LAN, according to the provided content?
Signup and view all the answers
What is one of the main purposes of the access control function?
What is one of the main purposes of the access control function?
Signup and view all the answers
What happens if the calculated CRC value does not match the received CRC value?
What happens if the calculated CRC value does not match the received CRC value?
Signup and view all the answers
Which protocol is specifically designed to enhance security for older devices using WEP?
Which protocol is specifically designed to enhance security for older devices using WEP?
Signup and view all the answers
What is the primary function of MAC-level data encryption in secure wireless communications?
What is the primary function of MAC-level data encryption in secure wireless communications?
Signup and view all the answers
In the context of the MAC protocol, what does the Source MAC Address specify?
In the context of the MAC protocol, what does the Source MAC Address specify?
Signup and view all the answers
Which field follows the MAC Service Data Unit (MSDU) in a MAC frame?
Which field follows the MAC Service Data Unit (MSDU) in a MAC frame?
Signup and view all the answers
Which of the following is a characteristic of the Counter Mode-CBC MAC Protocol (CCMP)?
Which of the following is a characteristic of the Counter Mode-CBC MAC Protocol (CCMP)?
Signup and view all the answers
In the authentication phase, what does the EAP exchange specifically accomplish?
In the authentication phase, what does the EAP exchange specifically accomplish?
Signup and view all the answers
What does a cipher suite define in the context of wireless security protocols?
What does a cipher suite define in the context of wireless security protocols?
Signup and view all the answers
Which approach is recommended for ensuring multicast/broadcast traffic security in a wireless network?
Which approach is recommended for ensuring multicast/broadcast traffic security in a wireless network?
Signup and view all the answers
What occurs during the secure key delivery phase of the authentication process?
What occurs during the secure key delivery phase of the authentication process?
Signup and view all the answers
What is the primary purpose of the IEEE 802.1X standard in wireless networks?
What is the primary purpose of the IEEE 802.1X standard in wireless networks?
Signup and view all the answers
Which statement correctly describes the role of access points (APs) in wireless networks?
Which statement correctly describes the role of access points (APs) in wireless networks?
Signup and view all the answers
Which of the following would NOT be a recommended method for securing a wireless network?
Which of the following would NOT be a recommended method for securing a wireless network?
Signup and view all the answers
What does the term 'de-perimeterization' refer to?
What does the term 'de-perimeterization' refer to?
Signup and view all the answers
What security threat is associated with using untrusted mobile devices?
What security threat is associated with using untrusted mobile devices?
Signup and view all the answers
Which of the following is an authentication mechanism mentioned for preventing unauthorized access?
Which of the following is an authentication mechanism mentioned for preventing unauthorized access?
Signup and view all the answers
What is the best practice to protect against eavesdropping in wireless networks?
What is the best practice to protect against eavesdropping in wireless networks?
Signup and view all the answers
Which option describes the Wi-Fi Alliance?
Which option describes the Wi-Fi Alliance?
Signup and view all the answers
What would be a consequence of using untrusted networks?
What would be a consequence of using untrusted networks?
Signup and view all the answers
Which of the following devices is most vulnerable to network injection attacks?
Which of the following devices is most vulnerable to network injection attacks?
Signup and view all the answers
Which IEEE 802.11 standard was the first to gain broad industry acceptance?
Which IEEE 802.11 standard was the first to gain broad industry acceptance?
Signup and view all the answers
Study Notes
Wireless Network Security
- Wireless networks have a higher security risk compared to wired networks due to several factors
- Channel: Wireless networks use broadcast communication, making them more susceptible to eavesdropping and jamming. Active attacks exploiting communication protocol vulnerabilities are a risk.
- Mobility: Wireless devices are highly portable, increasing the risk of various threats.
- Resources: Some mobile devices have limited memory and processing power, hindering their ability to effectively handle security threats, like denial-of-service attacks and malware.
- Accessibility: Wireless devices in remote or hostile locations are more vulnerable to physical attacks.
Wireless Network Threats
- Accidental Association: Unintentional connection to a neighboring network exposes resources.
- Malicious Association: A device impersonating a legitimate access point allows attackers to steal passwords and penetrate wired networks.
- Ad Hoc Networks: Peer-to-peer wireless networks lacking central control pose security risks.
- Nontraditional Networks: Personal networks (Bluetooth, barcode readers) introduce vulnerabilities.
- Identity Theft (MAC Spoofing): Attackers gain network privileges by eavesdropping and spoofing MAC addresses.
- Man-in-the-Middle Attacks: Attackers intercept communication between a user and access point.
- Denial-of-Service (DoS) Attacks: Attackers flood a wireless access point with messages to overwhelm and exhaust resources.
- Network Injection: Attackers exploit exposed wireless access points with bogus commands to disrupt router and switch performance.
Securing Wireless Transmissions
- Principal threats: Eavesdropping, message alteration/insertion, and disruption are primary issues
- Countermeasures (eavesdropping): Signal hiding techniques (reducing SSID broadcast, cryptic names, reduced signal strength, indoor placement) and encryption are essential.
- Encryption: Encryption is the standard method for preventing transmission alteration or insertion
Securing Wireless Networks
- The primary threat is unauthorized access.
- Principal Approach: IEEE 802.1X standard for port-based network access control.
- 802.1X: Provides authentication mechanisms for devices connecting to a LAN.
- Rogue Access Points: 802.1X prevents rogue access points and unauthorized devices from becoming insecure backdoors.
Wireless Network Security Techniques
- Encryption: Use encryption protocols (e.g., WPA2).
- Software protection: Install anti-virus and anti-spyware software and firewalls.
- Disable identifier broadcasting: disable SSID broadcasting to reduce visibility
- Change pre-set passwords: Change default router passwords and administration passwords.
- Change identifiers: Change default network identifiers for routers.
Mobile Device Security
- Organizations need to accommodate the growing use of mobile devices, cloud-based applications, and de-perimeterization.
- Multiple network perimeters encompass devices, applications, users and data.
- External business requirements: Businesses require network access from various locations using various devices.
Security Threats
- Lack of physical security controls: Vulnerability to physical attacks.
- Use of untrusted networks: Use of unverified or insecure networks.
- Use of untrusted applications: Use of unverified software or apps.
- Interaction with other systems: Interfacing with other insecure systems.
- Use of location services: Risk associated with the use of location services.
- Use of untrusted mobile devices: Using unsecure mobile devices
- Use of untrusted content: Accessing content from unverified resources.
IEEE 802.11 Terminology
- Access Point (AP): Any entity serving as a wireless access point providing network access.
- Basic Service Set (BSS): A set of stations controlled by one coordination function.
- Coordination Function: The logical function governing station transmission and reception within the BSS.
- Distribution System (DS): Connects BSSs and integrated LANs.
- Extended Service Set (ESS): Multiple interconnected BSSs, appearing as one to the LLC layer.
- MAC Protocol Data Unit (MPDU): The data unit exchanged between MAC entities on the physical layer.
- MAC Service Data Unit (MSDU): Data delivered as a unit between MAC users.
- Station: Any device conforming to IEEE 802.11 MAC and physical layer standards.
Wireless Fidelity (Wi-Fi) Alliance
- 802.11b/g/n: Wi-Fi standards for wireless networks.
- Wi-Fi Alliance: Industry consortium promoting interoperability of wireless products.
- WPA (Wi-Fi Protected Access): A set of security mechanisms to eliminate 802.11 security issues.
- WPA2: Advanced security standard for wireless networks.
IEEE 802.11 Protocols and Formats
- IEEE 802.11 MPDU (MAC Protocol Data Unit) Format: Contains MAC header, data field and MAC footer.
- Physical Layer: Lowest layer in the protocol stack handling, encoding, decoding and transmission signals.
- Logical Link Control (LLC): Logical data transmission within a wireless local area network.
IEEE 802.11 Services
- Services related to network association, authentication, dauthentication, disassociation, integration and privacy between stations, access points and distribution system. This allows data transfer between stations/access point and includes security aspects.
Distribution of Messages Within DS
- Distribution: Primary service handling data transfer between stations in different BSSs via the DS.
- Integration: Enables data transfer between stations on an 802.11 LAN and another integrated 802.11 LAN.
Association Related Services
- No transition: Stations are stationary within a single BSS.
- BSS transition: Stations move within the same ESS.
- ESS transition: Stations move between different BSSs within the same extended service set (ESS).
Services (Association, Reassociation, Disassociation)
- Association: Establishes the initial connection between the station and access point.
- Reassociation: Enables a mobile station to transfer its active association between one access point and another.
- Disassociation: Terminates existing station-to-access point associations either by request from station or AP.
Wireless LAN Security
- Wired Equivalent Privacy (WEP): 802.11 security algorithm.
- Wi-Fi Protected Access (WPA): Security standard addressing vulnerabilities in WEP.
- Robust Security Network (RSN): Advanced security standard based on 802.11i.
Authentication and Key Generation
- A protocol defines an exchange between a user and an authentication server.
- This process verifies user identity and creates temporary keys for wireless communications.
Temporal Key Integrity Protocol (TKIP)
- A security protocol designed to support existing WEP devices without hardware changes.
- Message integrity: Provides message integrity protection for multicast/broadcast.
- Data confidentiality: Encrypts protected data (only traffic between STA and AP).
Counter Mode-CBC MAC Protocol (CCMP)
- CCMP is designed for hardware-supported devices and provides both message integrity and data confidentiality for multicast/broadcast channels.
- Uses cipher-block-chaining message authentication code for integrity, along with block cipher modes of operation to encrypt data.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz explores the various aspects of wireless network security, including risks associated with broadcast communication, mobility, and limited resources of mobile devices. Test your knowledge on the different threats such as accidental and malicious associations that can compromise wireless networks.