ISM 4323 Chapter 07

Distinguish between war drivers and drive-by hackers in terms of what they do.
War drivers merely locate unprotected access points. Drive-by hackers actually break into the firm’s WLAN
Are war drivers illegal? Why or why not?
No. The information being read is public.
Are drive-by hackers illegal? Why or why not?
Yes. They are intercepting private communication and perhaps initiating attacks.
) What cryptographic protections does 802.11i provide?
Confidentiality, authentication, and message integrity.
?What were the two earlier 802.11 security standards?
WEP and WPA
) When offered the choice while configuring a wireless access point, which WLAN security standard should you choose?
802.11i (WPA2)
For what use scenario was 802.11i PSK mode created?
Homes or small offices with a single access point.
How does a user authenticate his or her device to the access point?
By sending the pre-shared key too show that it knows it.
What kind of key does a host use after initial authentication?
A session key, which will be unique for communication between that single wireless client and the access point, for that particular session.
) What device or devices know this key?
The access point and that particular wireless client.
After authentication, can hosts using an access point understand the messages that other hosts using the access point are sending?
No.
If a firm has many access points, which 802.11i mode must it use?
802.1X mode.
What mode or modes of 802.11i operation use a central authentication server?
802.1X mode; not PSK mode.
What does the Wi-Fi Alliance call 802.1X mode?
Enterprise mode
In 802.1X operation, what device acts as the authenticator in Ethernet?
The workgroup switch.
What device acts as the 802.1X authenticator in Wi-Fi?
The wireless access point.
) In Ethernet, why does 802.1X not need security between the authenticator and the host before 802.1X authentication is done?
The wired communication between the supplicant host and the workgroup switch is difficult to intercept, making 802.1X communication difficult to compromise.
Why does 802.1X mode in 802.11i need security between the authenticator and the host before 802.1X authentication?
The wireless communication between the supplicant host and the access point is easy to intercept, making 802.1X communication easy to compromise.
What is the most common protocol for providing this initial security?
PEAP.
) What is a rogue access point?
An unauthorized access point
b) Who creates a rogue access point?
An employee.
) Why is a rogue access point dangerous?
It is likely to have weak or no security. This compromises comprehensive security.
What kind of device is an evil twin access point?
An evil twin access point is a notebook computer configured to act like a real access point. It entices internal hosts to associate with it by operating at very high power.
) A company uses 802.11i. How many 802.11i connections will the evil twin access point set up when a victim client wishes to connect to a legitimate access point?
Two—one between the victim client and the evil twin and one between the evil twin and the access point.
What does the evil twin do when the client transmits subsequently to the legitimate access point?
It intercepts messages from the client, decrypts them with the key it shares with the client, and reads them. It then encrypts them with the key it shares with the access point and sends them to the access point.
Distinguish between evil twin access points and rogue access points. (The answer is not explicitly in the text.)
The rogue access point is created within the company premises by an employee and connected directly to the wired LAN. Its danger is that it may lack security.
The evil twin is a notebook computer of an attacker outside the company premises. The danger is that it may read all communication and send attacks posing as a legitimate wireless client.
Why are VPNs called “private networks?”
They appear to be private to the user, who seems to have a dedicated network for himself or herself because unauthorized parties cannot interfere with the traffic.
How are VPNs able to defeat evil twin attacks?
They can create an encrypted path between the wireless client and the access point. The evil twin cannot break this encryption.
Why must the VPN key be pre-shared to thwart a VPN attack?
This way, a man-in-the-middle attacker cannot intercept and read the key.
) Why is centralized access point management desirable?
Administrators do not have to travel to diagnose remote access point problems, and they can adjust access points remotely. This reduces labor costs.
What functions should remote access point management systems provide?
Notify the WLAN administrators of failures immediately.
Provide continuous transmission quality monitoring.
Provide indications of security problems.
Support remote access point adjustment.
Allow software updates to be pushed out to all access points or WLAN switches.
Work automatically whenever possible.
Why should they provide these functions as automatically as possible?
To reduce labor costs.
What are the security benefits from centralized access point management?
Wireless intrusion detection.
What is a PAN? (Do not just spell out the abbreviation.)
Personal area network—a collection of devices around a desk or a person’s body.
) What organization creates Bluetooth standards?
The Bluetooth Special Interest Group.
Compare the relative benefits of classic Bluetooth and high-speed Bluetooth.
Classic Bluetooth uses little battery power.
High-speed Bluetooth provides faster communication.
Would two devices typically use high-speed Bluetooth during their total communication time? Explain.
Typically they will only use it when they want to transmit a great deal of data.
) What does it mean that Bluetooth uses one-to-one operation?
A connection will be between one master and one slave.
A connection will be between one master and one slave.— Is this still true if a master communicates with four slaves?
Yes, each slave will have a separate connection.
c) What does master-slave operation mean?
One device is in command; the other follows its commands.
) Can a Bluetooth master have multiple slaves?
Yes.
e) Can a Bluetooth slave have two masters?
Yes.
f) Can a Bluetooth device be both a master and a slave?
Yes.
g) At the beginning of a telephone call placed through a Bluetooth headset, which device is initially the master?
Headset
h) Which usually becomes the master later?
Phone
) Why did the Bluetooth SIG have to develop Bluetooth profiles?
No application protocol existed for PAN applications.
) What profile would a Bluetooth-enabled notebook use to print to a nearby printer?
Basic printing profile.
) What profile would a tablet use with a Bluetooth keyboard?
Human Interface Device Profile
d) What profile can a mobile phone use to communicate with a headset?
The Headset Profile (HSP).
e) Why will Bluetooth Smart extend the types of devices that can communicate wirelessly?
Bluetooth Smart allows devices without full operating systems to work together. This will be important in tomorrow’s Internet of Things.
What is the distance limit for NFC?
4 cm
) Why is bumping done?
To bring the device very close to the reader.
) What factors account for NFC’s low transmission power requirements?
Small distance and slow transmission.
Passive RFID chips have no batteries. How can they transmit when queried?
RFID tags transmits information using absorbed energy from the command pulse.
Compare normal Wi-Fi with Wi-Fi Direct
Wi-Fi normally uses an access point.
Wi-Fi Direct provides direct host-to-host communication.
) With what two transmission standards does Wi-Fi Direct compete?
NFC and Bluetooth.
Why is short transmission range protection against eavesdroppers?
Eavesdropper will not have enough power at their location to read the signals.
b) Describe the state of cryptographic security for new transmission standards.
Not strong enough but improving rapidly.
c) Why is device theft or loss a serious risk?
Devices may have sensitive personal or corporate information.