Podcast
Questions and Answers
FlexConnect APs can operate in either Connected mode or Standalone mode.
FlexConnect APs can operate in either Connected mode or Standalone mode.
True
In Standalone mode, the FlexConnect AP can perform all CAPWAP functions.
In Standalone mode, the FlexConnect AP can perform all CAPWAP functions.
False
Direct-Sequence Spread Spectrum (DSSS) is a modulation technique primarily used by 802.11a devices.
Direct-Sequence Spread Spectrum (DSSS) is a modulation technique primarily used by 802.11a devices.
False
Frequency-Hopping Spread Spectrum (FHSS) requires synchronization between sender and receiver.
Frequency-Hopping Spread Spectrum (FHSS) requires synchronization between sender and receiver.
Signup and view all the answers
Channel saturation can degrade the quality of wireless communication.
Channel saturation can degrade the quality of wireless communication.
Signup and view all the answers
Orthogonal Frequency-Division Multiplexing (OFDM) uses only a single frequency channel.
Orthogonal Frequency-Division Multiplexing (OFDM) uses only a single frequency channel.
Signup and view all the answers
Cisco offers techniques to mitigate frequency channel saturation.
Cisco offers techniques to mitigate frequency channel saturation.
Signup and view all the answers
DSSS and FHSS are both modulation techniques used to avoid interference in wireless communications.
DSSS and FHSS are both modulation techniques used to avoid interference in wireless communications.
Signup and view all the answers
In a man-in-the-middle attack, the hacker acts as a legitimate entity between two parties.
In a man-in-the-middle attack, the hacker acts as a legitimate entity between two parties.
Signup and view all the answers
The 'evil twin AP' attack uses a different SSID from the legitimate access point to deceive users.
The 'evil twin AP' attack uses a different SSID from the legitimate access point to deceive users.
Signup and view all the answers
In Connected mode, the FlexConnect AP cannot switch client data traffic locally.
In Connected mode, the FlexConnect AP cannot switch client data traffic locally.
Signup and view all the answers
The original 802.11 standard did not use Frequency-Hopping Spread Spectrum (FHSS).
The original 802.11 standard did not use Frequency-Hopping Spread Spectrum (FHSS).
Signup and view all the answers
Identifying legitimate devices on a WLAN is unnecessary for defending against MITM attacks.
Identifying legitimate devices on a WLAN is unnecessary for defending against MITM attacks.
Signup and view all the answers
MAC address filtering is a method used to enhance WLAN security.
MAC address filtering is a method used to enhance WLAN security.
Signup and view all the answers
Open authentication is a type of secure authentication system for wireless networks.
Open authentication is a type of secure authentication system for wireless networks.
Signup and view all the answers
Authentication and encryption systems are integral components of secure WLANs.
Authentication and encryption systems are integral components of secure WLANs.
Signup and view all the answers
To defeat a MITM attack, network monitoring is the only required step.
To defeat a MITM attack, network monitoring is the only required step.
Signup and view all the answers
SSID cloaking involves hiding the network name from users.
SSID cloaking involves hiding the network name from users.
Signup and view all the answers
A rogue Access Point (AP) does not need to match the SSID of a legitimate AP to be considered a threat.
A rogue Access Point (AP) does not need to match the SSID of a legitimate AP to be considered a threat.
Signup and view all the answers
Monitoring the traffic on the network can help identify unauthorized devices.
Monitoring the traffic on the network can help identify unauthorized devices.
Signup and view all the answers
WLAN networks operate in the 2.4 and 5 GHz frequency bands.
WLAN networks operate in the 2.4 and 5 GHz frequency bands.
Signup and view all the answers
The organization responsible for regulating satellite orbits is the Wi-Fi Alliance.
The organization responsible for regulating satellite orbits is the Wi-Fi Alliance.
Signup and view all the answers
IEEE is involved in specifying how a radio frequency is modulated for information transmission.
IEEE is involved in specifying how a radio frequency is modulated for information transmission.
Signup and view all the answers
The 2.4 GHz band corresponds to the SHF frequency range.
The 2.4 GHz band corresponds to the SHF frequency range.
Signup and view all the answers
The Wi-Fi Alliance aims to improve the interoperability of products based on the IEEE 802.11 standard.
The Wi-Fi Alliance aims to improve the interoperability of products based on the IEEE 802.11 standard.
Signup and view all the answers
The IEEE 802 LAN/MAN family of standards is maintained by the International Telecommunication Union.
The IEEE 802 LAN/MAN family of standards is maintained by the International Telecommunication Union.
Signup and view all the answers
WLAN devices exclusively operate on the frequency of 5 GHz.
WLAN devices exclusively operate on the frequency of 5 GHz.
Signup and view all the answers
The electromagnetic spectrum includes the frequencies utilized by wireless devices.
The electromagnetic spectrum includes the frequencies utilized by wireless devices.
Signup and view all the answers
WPA uses the Advanced Encryption Standard (AES) for encryption.
WPA uses the Advanced Encryption Standard (AES) for encryption.
Signup and view all the answers
The RADIUS server requires the user's authentication information.
The RADIUS server requires the user's authentication information.
Signup and view all the answers
WPA3 is considered less secure than WPA2.
WPA3 is considered less secure than WPA2.
Signup and view all the answers
UDP port 1812 is used for RADIUS Authentication.
UDP port 1812 is used for RADIUS Authentication.
Signup and view all the answers
TKIP encrypts the Layer 2 payload without using WEP.
TKIP encrypts the Layer 2 payload without using WEP.
Signup and view all the answers
The shared key in RADIUS authentication is used to decrypt the messages.
The shared key in RADIUS authentication is used to decrypt the messages.
Signup and view all the answers
The Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is used by WPA.
The Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is used by WPA.
Signup and view all the answers
WPA3 offers improved security features compared to WPA2.
WPA3 offers improved security features compared to WPA2.
Signup and view all the answers
UDP ports 1645 and 1646 are the only ports used by RADIUS servers.
UDP ports 1645 and 1646 are the only ports used by RADIUS servers.
Signup and view all the answers
802.1X standard ensures centralized authentication of end users.
802.1X standard ensures centralized authentication of end users.
Signup and view all the answers
WPA3 - Enterprise requires the use of a 192-bit cryptographic suite and employs 802.1X/EAP authentication.
WPA3 - Enterprise requires the use of a 192-bit cryptographic suite and employs 802.1X/EAP authentication.
Signup and view all the answers
Opportunistic Wireless Encryption (OWE) is used to provide authentication in Open Networks.
Opportunistic Wireless Encryption (OWE) is used to provide authentication in Open Networks.
Signup and view all the answers
WLAN networks can only operate in the 5 GHz frequency band.
WLAN networks can only operate in the 5 GHz frequency band.
Signup and view all the answers
Simultaneous Authentication of Equals (SAE) helps protect against brute force attacks in WPA3 - Personal.
Simultaneous Authentication of Equals (SAE) helps protect against brute force attacks in WPA3 - Personal.
Signup and view all the answers
DTLS is a protocol that provides encryption between access points (AP) and wireless controller (WLC).
DTLS is a protocol that provides encryption between access points (AP) and wireless controller (WLC).
Signup and view all the answers
Study Notes
Wireless Radio Frequencies
- Wireless devices operate within the electromagnetic spectrum, specifically in the 2.4 GHz (UHF) and 5 GHz (SHF) frequency bands.
- WLAN standards include 802.11b/g/n/ax for 2.4 GHz and 802.11a/n/ac/ax for 5 GHz.
Wireless Standards Organizations
- ITU: Regulates radio spectrum allocation and satellite orbits.
- IEEE: Specifies modulation techniques and maintains IEEE 802 LAN/MAN family of standards.
- Wi-Fi Alliance: Promotes WLAN growth and product interoperability based on the 802.11 standard.
CAPWAP Operation
- FlexConnect allows AP configuration over a WAN link with two main modes:
- Connected mode: AP has CAPWAP tunnel connectivity with WLC, performing all functions.
- Standalone mode: AP operates without WLC connection, handling data traffic and client authentication locally.
Channel Management
- Channel saturation occurs when wireless demand exceeds capacity, degrading communication quality.
- Mitigation techniques include:
- DSSS: Spreads signal over larger frequency bands to avoid interference.
- FHSS: Rapidly switches carriers among frequency channels, requiring synchronization.
- OFDM: Uses multiple sub-channels on adjacent frequencies, improving efficiency.
WLAN Threats
- Man-in-the-Middle Attack (MITM): An attacker intercepts communication between legitimate entities. Commonly executed via "evil twin AP" attacks.
- Prevention strategies include authenticating devices and monitoring for abnormal network traffic.
Secure WLANs
Security Measures
- SSID Cloaking and MAC Address Filtering protect network access.
- Authentication systems include Open and Shared Key Authentication.
Encryption Methods
- WPA and WPA2 use TKIP (for legacy support) and AES (provides robust encryption) respectively.
- TKIP encrypts the Layer 2 payload, while AES relies on CCMP for data integrity.
Authentication in the Enterprise
- Requires a RADIUS server for AAA, mandating:
- RADIUS server IP address.
- UDP ports (1812 for Authentication; 1813 for Accounting, also 1645/1646).
- Shared key for device authentication.
WPA3 Features
- WPA3 replaces WPA2 as a more secure protocol:
- WPA3-Personal: Prevents brute force through Simultaneous Authentication of Equals (SAE).
- WPA3-Enterprise: Uses 802.1X/EAP, mandates a 192-bit cryptographic suite.
- Open Networks: Enforces Opportunistic Wireless Encryption (OWE) for traffic encryption.
- IoT Onboarding: Employs Device Provisioning Protocol (DPP) for rapid IoT device integration.
Summary of Wireless LANs
- WLAN types include WPAN, WLAN, WMAN, and WWAN, utilizing unlicensed radio spectrum.
- Standard protocols like CAPWAP manage multiple APs through a central controller.
- Wireless LAN devices operate using transmitters and receivers aligned to specific radio frequencies, employing DSSS, FHSS, and OFDM channel techniques for communication.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the fundamentals of wireless radio frequencies, including 2.4 GHz and 5 GHz bands. Learn about major wireless standards organizations such as ITU and IEEE, as well as the CAPWAP operation modes. Understand channel management techniques to optimize communication quality.