Lec 10 - Wireless Network Security Quiz

Questions and Answers

What role does the access point (AP) serve in a Basic Service Set (BSS)?

It functions as a bridge and a relay point. (correct)

It directly connects all client stations to each other.

It enhances the signal strength of client stations.

It manages the frequency bands used by the stations.

Which of the following fields in a MAC protocol is responsible for error detection?

MAC Control

Destination MAC Address

MAC Service Data Unit

CRC field (correct)

In a BSS, how do client stations communicate with each other?

Using peer-to-peer connections.

Directly through a shared medium.

Through the access point only. (correct)

By broadcasting messages to all stations.

What does the MAC header in an MPDU contain?

Control information for the MAC protocol.

What is the smallest building block of a wireless LAN, according to the provided content?

Basic Service Set (BSS)

What is one of the main purposes of the access control function?

To enforce the use of authentication and facilitate key exchange

What happens if the calculated CRC value does not match the received CRC value?

The frame is discarded as it is corrupted.

Which protocol is specifically designed to enhance security for older devices using WEP?

Temporal Key Integrity Protocol (TKIP)

What is the primary function of MAC-level data encryption in secure wireless communications?

To ensure data is not altered during transmission

In the context of the MAC protocol, what does the Source MAC Address specify?

The physical address of the originating station.

Which field follows the MAC Service Data Unit (MSDU) in a MAC frame?

MAC Trailer

Which of the following is a characteristic of the Counter Mode-CBC MAC Protocol (CCMP)?

Utilizes the cipher-block chaining method for integrity and AES for confidentiality

In the authentication phase, what does the EAP exchange specifically accomplish?

Authenticates the Station (STA) and the Authentication Server (AS)

What does a cipher suite define in the context of wireless security protocols?

The specific algorithms and key lengths used for both confidentiality and integrity

Which approach is recommended for ensuring multicast/broadcast traffic security in a wireless network?

Using the same protocols and ciphers dictated by the Access Point (AP)

What occurs during the secure key delivery phase of the authentication process?

The AS creates and sends a master session key to the STA

What is the primary purpose of the IEEE 802.1X standard in wireless networks?

To provide port-based network access control

Which statement correctly describes the role of access points (APs) in wireless networks?

APs facilitate communication between wireless stations and can control multicast security protocols

Which of the following would NOT be a recommended method for securing a wireless network?

Broadcast your network identifier

What does the term 'de-perimeterization' refer to?

The elimination of fixed network boundaries

What security threat is associated with using untrusted mobile devices?

Potential unauthorized network access

Which of the following is an authentication mechanism mentioned for preventing unauthorized access?

Wi-Fi Protected Access (WPA)

What is the best practice to protect against eavesdropping in wireless networks?

Use a robust encryption protocol

Which option describes the Wi-Fi Alliance?

A consortium for Wi-Fi certification and interoperability

What would be a consequence of using untrusted networks?

Increased risk of data breaches

Which of the following devices is most vulnerable to network injection attacks?

A device with outdated software

Which IEEE 802.11 standard was the first to gain broad industry acceptance?

802.11b

Study Notes

Wireless Network Security

• Wireless networks have a higher security risk compared to wired networks due to several factors
• Channel: Wireless networks use broadcast communication, making them more susceptible to eavesdropping and jamming. Active attacks exploiting communication protocol vulnerabilities are a risk.
• Mobility: Wireless devices are highly portable, increasing the risk of various threats.
• Resources: Some mobile devices have limited memory and processing power, hindering their ability to effectively handle security threats, like denial-of-service attacks and malware.
• Accessibility: Wireless devices in remote or hostile locations are more vulnerable to physical attacks.

Wireless Network Threats

• Accidental Association: Unintentional connection to a neighboring network exposes resources.
• Malicious Association: A device impersonating a legitimate access point allows attackers to steal passwords and penetrate wired networks.
• Ad Hoc Networks: Peer-to-peer wireless networks lacking central control pose security risks.
• Nontraditional Networks: Personal networks (Bluetooth, barcode readers) introduce vulnerabilities.
• Identity Theft (MAC Spoofing): Attackers gain network privileges by eavesdropping and spoofing MAC addresses.
• Man-in-the-Middle Attacks: Attackers intercept communication between a user and access point.
• Denial-of-Service (DoS) Attacks: Attackers flood a wireless access point with messages to overwhelm and exhaust resources.
• Network Injection: Attackers exploit exposed wireless access points with bogus commands to disrupt router and switch performance.

Securing Wireless Transmissions

• Principal threats: Eavesdropping, message alteration/insertion, and disruption are primary issues
• Countermeasures (eavesdropping): Signal hiding techniques (reducing SSID broadcast, cryptic names, reduced signal strength, indoor placement) and encryption are essential.
• Encryption: Encryption is the standard method for preventing transmission alteration or insertion

Securing Wireless Networks

• The primary threat is unauthorized access.
• Principal Approach: IEEE 802.1X standard for port-based network access control.
• 802.1X: Provides authentication mechanisms for devices connecting to a LAN.
• Rogue Access Points: 802.1X prevents rogue access points and unauthorized devices from becoming insecure backdoors.

Wireless Network Security Techniques

• Encryption: Use encryption protocols (e.g., WPA2).
• Software protection: Install anti-virus and anti-spyware software and firewalls.
• Disable identifier broadcasting: disable SSID broadcasting to reduce visibility
• Change pre-set passwords: Change default router passwords and administration passwords.
• Change identifiers: Change default network identifiers for routers.

Mobile Device Security

• Organizations need to accommodate the growing use of mobile devices, cloud-based applications, and de-perimeterization.
• Multiple network perimeters encompass devices, applications, users and data.
• External business requirements: Businesses require network access from various locations using various devices.

Security Threats

• Lack of physical security controls: Vulnerability to physical attacks.
• Use of untrusted networks: Use of unverified or insecure networks.
• Use of untrusted applications: Use of unverified software or apps.
• Interaction with other systems: Interfacing with other insecure systems.
• Use of location services: Risk associated with the use of location services.
• Use of untrusted mobile devices: Using unsecure mobile devices
• Use of untrusted content: Accessing content from unverified resources.

IEEE 802.11 Terminology

• Access Point (AP): Any entity serving as a wireless access point providing network access.
• Basic Service Set (BSS): A set of stations controlled by one coordination function.
• Coordination Function: The logical function governing station transmission and reception within the BSS.
• Distribution System (DS): Connects BSSs and integrated LANs.
• Extended Service Set (ESS): Multiple interconnected BSSs, appearing as one to the LLC layer.
• MAC Protocol Data Unit (MPDU): The data unit exchanged between MAC entities on the physical layer.
• MAC Service Data Unit (MSDU): Data delivered as a unit between MAC users.
• Station: Any device conforming to IEEE 802.11 MAC and physical layer standards.

Wireless Fidelity (Wi-Fi) Alliance

• 802.11b/g/n: Wi-Fi standards for wireless networks.
• Wi-Fi Alliance: Industry consortium promoting interoperability of wireless products.
• WPA (Wi-Fi Protected Access): A set of security mechanisms to eliminate 802.11 security issues.
• WPA2: Advanced security standard for wireless networks.

IEEE 802.11 Protocols and Formats

• IEEE 802.11 MPDU (MAC Protocol Data Unit) Format: Contains MAC header, data field and MAC footer.
• Physical Layer: Lowest layer in the protocol stack handling, encoding, decoding and transmission signals.
• Logical Link Control (LLC): Logical data transmission within a wireless local area network.

IEEE 802.11 Services

• Services related to network association, authentication, dauthentication, disassociation, integration and privacy between stations, access points and distribution system. This allows data transfer between stations/access point and includes security aspects.

Distribution of Messages Within DS

• Distribution: Primary service handling data transfer between stations in different BSSs via the DS.
• Integration: Enables data transfer between stations on an 802.11 LAN and another integrated 802.11 LAN.

Association Related Services

• No transition: Stations are stationary within a single BSS.
• BSS transition: Stations move within the same ESS.
• ESS transition: Stations move between different BSSs within the same extended service set (ESS).

Services (Association, Reassociation, Disassociation)

• Association: Establishes the initial connection between the station and access point.
• Reassociation: Enables a mobile station to transfer its active association between one access point and another.
• Disassociation: Terminates existing station-to-access point associations either by request from station or AP.

Wireless LAN Security

• Wired Equivalent Privacy (WEP): 802.11 security algorithm.
• Wi-Fi Protected Access (WPA): Security standard addressing vulnerabilities in WEP.
• Robust Security Network (RSN): Advanced security standard based on 802.11i.

Authentication and Key Generation

• A protocol defines an exchange between a user and an authentication server.
• This process verifies user identity and creates temporary keys for wireless communications.

Temporal Key Integrity Protocol (TKIP)

• A security protocol designed to support existing WEP devices without hardware changes.
• Message integrity: Provides message integrity protection for multicast/broadcast.
• Data confidentiality: Encrypts protected data (only traffic between STA and AP).

Counter Mode-CBC MAC Protocol (CCMP)

• CCMP is designed for hardware-supported devices and provides both message integrity and data confidentiality for multicast/broadcast channels.
• Uses cipher-block-chaining message authentication code for integrity, along with block cipher modes of operation to encrypt data.

Description

This quiz explores the various aspects of wireless network security, including risks associated with broadcast communication, mobility, and limited resources of mobile devices. Test your knowledge on the different threats such as accidental and malicious associations that can compromise wireless networks.