Wireless Radio Frequencies and Standards

Questions and Answers

FlexConnect APs can operate in either Connected mode or Standalone mode.

True

In Standalone mode, the FlexConnect AP can perform all CAPWAP functions.

False

Direct-Sequence Spread Spectrum (DSSS) is a modulation technique primarily used by 802.11a devices.

False

Frequency-Hopping Spread Spectrum (FHSS) requires synchronization between sender and receiver.

True

Channel saturation can degrade the quality of wireless communication.

True

Orthogonal Frequency-Division Multiplexing (OFDM) uses only a single frequency channel.

False

Cisco offers techniques to mitigate frequency channel saturation.

True

DSSS and FHSS are both modulation techniques used to avoid interference in wireless communications.

True

In a man-in-the-middle attack, the hacker acts as a legitimate entity between two parties.

True

The 'evil twin AP' attack uses a different SSID from the legitimate access point to deceive users.

False

In Connected mode, the FlexConnect AP cannot switch client data traffic locally.

False

The original 802.11 standard did not use Frequency-Hopping Spread Spectrum (FHSS).

False

Identifying legitimate devices on a WLAN is unnecessary for defending against MITM attacks.

False

MAC address filtering is a method used to enhance WLAN security.

True

Open authentication is a type of secure authentication system for wireless networks.

False

Authentication and encryption systems are integral components of secure WLANs.

True

To defeat a MITM attack, network monitoring is the only required step.

False

SSID cloaking involves hiding the network name from users.

True

A rogue Access Point (AP) does not need to match the SSID of a legitimate AP to be considered a threat.

False

Monitoring the traffic on the network can help identify unauthorized devices.

True

WLAN networks operate in the 2.4 and 5 GHz frequency bands.

True

The organization responsible for regulating satellite orbits is the Wi-Fi Alliance.

False

IEEE is involved in specifying how a radio frequency is modulated for information transmission.

True

The 2.4 GHz band corresponds to the SHF frequency range.

False

The Wi-Fi Alliance aims to improve the interoperability of products based on the IEEE 802.11 standard.

True

The IEEE 802 LAN/MAN family of standards is maintained by the International Telecommunication Union.

False

WLAN devices exclusively operate on the frequency of 5 GHz.

False

The electromagnetic spectrum includes the frequencies utilized by wireless devices.

True

WPA uses the Advanced Encryption Standard (AES) for encryption.

False

The RADIUS server requires the user's authentication information.

True

WPA3 is considered less secure than WPA2.

False

UDP port 1812 is used for RADIUS Authentication.

True

TKIP encrypts the Layer 2 payload without using WEP.

False

The shared key in RADIUS authentication is used to decrypt the messages.

False

The Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is used by WPA.

False

WPA3 offers improved security features compared to WPA2.

True

UDP ports 1645 and 1646 are the only ports used by RADIUS servers.

False

802.1X standard ensures centralized authentication of end users.

True

WPA3 - Enterprise requires the use of a 192-bit cryptographic suite and employs 802.1X/EAP authentication.

True

Opportunistic Wireless Encryption (OWE) is used to provide authentication in Open Networks.

False

WLAN networks can only operate in the 5 GHz frequency band.

False

Simultaneous Authentication of Equals (SAE) helps protect against brute force attacks in WPA3 - Personal.

True

DTLS is a protocol that provides encryption between access points (AP) and wireless controller (WLC).

True

Study Notes

Wireless Radio Frequencies

• Wireless devices operate within the electromagnetic spectrum, specifically in the 2.4 GHz (UHF) and 5 GHz (SHF) frequency bands.
• WLAN standards include 802.11b/g/n/ax for 2.4 GHz and 802.11a/n/ac/ax for 5 GHz.

Wireless Standards Organizations

• ITU: Regulates radio spectrum allocation and satellite orbits.
• IEEE: Specifies modulation techniques and maintains IEEE 802 LAN/MAN family of standards.
• Wi-Fi Alliance: Promotes WLAN growth and product interoperability based on the 802.11 standard.

CAPWAP Operation

• FlexConnect allows AP configuration over a WAN link with two main modes:
  • Connected mode: AP has CAPWAP tunnel connectivity with WLC, performing all functions.
  • Standalone mode: AP operates without WLC connection, handling data traffic and client authentication locally.

Channel Management

• Channel saturation occurs when wireless demand exceeds capacity, degrading communication quality.
• Mitigation techniques include:
  • DSSS: Spreads signal over larger frequency bands to avoid interference.
  • FHSS: Rapidly switches carriers among frequency channels, requiring synchronization.
  • OFDM: Uses multiple sub-channels on adjacent frequencies, improving efficiency.

WLAN Threats

• Man-in-the-Middle Attack (MITM): An attacker intercepts communication between legitimate entities. Commonly executed via "evil twin AP" attacks.
• Prevention strategies include authenticating devices and monitoring for abnormal network traffic.

Secure WLANs

Security Measures

• SSID Cloaking and MAC Address Filtering protect network access.
• Authentication systems include Open and Shared Key Authentication.

Encryption Methods

• WPA and WPA2 use TKIP (for legacy support) and AES (provides robust encryption) respectively.
• TKIP encrypts the Layer 2 payload, while AES relies on CCMP for data integrity.

Authentication in the Enterprise

• Requires a RADIUS server for AAA, mandating:
  • RADIUS server IP address.
  • UDP ports (1812 for Authentication; 1813 for Accounting, also 1645/1646).
  • Shared key for device authentication.

WPA3 Features

• WPA3 replaces WPA2 as a more secure protocol:
  • WPA3-Personal: Prevents brute force through Simultaneous Authentication of Equals (SAE).
  • WPA3-Enterprise: Uses 802.1X/EAP, mandates a 192-bit cryptographic suite.
  • Open Networks: Enforces Opportunistic Wireless Encryption (OWE) for traffic encryption.
  • IoT Onboarding: Employs Device Provisioning Protocol (DPP) for rapid IoT device integration.

Summary of Wireless LANs

• WLAN types include WPAN, WLAN, WMAN, and WWAN, utilizing unlicensed radio spectrum.
• Standard protocols like CAPWAP manage multiple APs through a central controller.
• Wireless LAN devices operate using transmitters and receivers aligned to specific radio frequencies, employing DSSS, FHSS, and OFDM channel techniques for communication.

Description

Explore the fundamentals of wireless radio frequencies, including 2.4 GHz and 5 GHz bands. Learn about major wireless standards organizations such as ITU and IEEE, as well as the CAPWAP operation modes. Understand channel management techniques to optimize communication quality.