|
Home > Archive > CWNP > June 2003 > Short WLAN security "test"
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Short WLAN security "test"
|
|
| meijin 2003-06-10, 3:03 pm |
| Here is a short WLAN security test I just found. Grab some paper and jot down your answers. I will post what they say the correct answers are in my next post.
================
1. According to business IT administrators interviewed by Microsoft, the top barrier to WLAN deployment is currently:
a) Speed
b) Support Resources
c) Budget
d) Security
2. War drivers can be prevented from discovering wireless LANs by:
a) Disabling SSID broadcasts
b) Turning on WEP
c) Placing access points indoors
d) All of the above
e) None of the above
3. Controlling WLAN access does NOT address which threat:
a) Unauthorized Resource Consumption
b) Sniffing and Eavesdropping
c) Peer Station Intrusion
d) Internet Access Freeloaders
4. Wireless access points should be deployed:
a) Inside the perimeter firewall
b) In the firewall's demilitarized zone
c) Outside the perimeter firewall
d) On the outside or DMZ
e) On the inside or outside
5. Which of the following is FALSE about 802.11 shared key authentication:
a) Access point is not authenticated
b) Station user is not individually authenticated
c) Authentication keys are different for every station
d) Authentication keys are often static, configured manually
6. MAC address "spoofing" refers to:
a) Configuring a station's MAC addresses
b) Using the MAC address of another station
c) Corrupting a peer station's address
d) Making fun of MAC addresses
7. Rogue access points reported by a WLAN analyzer can refer to:
a) APs owned by neighbors and visitors
b) APs installed by employees without IT approval
c) APs that masquerade as legitimate APs while attacking your network
d) All of the above
8. Which of the following statements is TRUE about WEP:
a) WEP stands for Wireless Ethernet Privacy
b) WEP is enabled by default in most 802.11 products
c) WEP is harder to crack if you use dynamic keys
d) WEP is so vulnerable that it should never be used
9. Surfing the Internet over wireless exposes nothing important, because anything confidential is probably SSL-encrypted anyway:
a) True
b) False
10. The new 802.11i Temporal Key Integrity Protocol (TKIP) is stronger than the original 802.11 WEP because it:
a) Does not use authentication keys directly as encryption keys
b) Uses a longer initialization vector
c) Uses a different cipher for encryption
d) All of the above
e) Answers A and B, but not C
f) Answers B and C, but not A
11. WEP stops man-in-the-middle attacks by detecting changes made to frames in transit.
a) True
b) False
12. Denial-of-service attacks against wireless LANs that cannot be prevented with today's 802.11b products include:
a) Associate floods
b) De-authenticate floods
c) Bluetooth jamming
d) All of the above
13. According to JupiterMedia's survey, which of the following security incident occurs nearly as often as finding rogue access points:
a) Loss of confidential data
b) Clients associating with the wrong access point
c) Bandwidth theft
d) Wireless access point break-in
14. During site surveys, wireless LAN discovery should include:
a) Parking lots
b) Stairwells
c) Bathrooms
d) Floors above and below
e) All of the above
15. Which of the following NOT a common wireless LAN analyzer feature:
a) Use of 802.11 drivers to interact with the link layer
b) Track usage to report statistics and analyze patterns
c) Decode packets to display protocol headers and payload
d) Send SNMP traps to alert the network administrator
16. If a war driver discovers my wireless LAN, he can access the Internet or attack my Intranet servers using 802.11 as a vector.
a) True
b) False | |
| meijin 2003-06-10, 3:05 pm |
| OK...here are what they say the answers are. You didn't peek, right? 
===============
1. d) Security -- Nearly three-quarters of those planning WLANs and half of those with existing WLANs named security as the biggest bugaboo, far over-shadowing other factors. Security is a challenge both during planned deployment and when mopping up after unauthorized installations.
2. e) None of the above -- Eliminating SSID from beacon frames does not stop the AP from sending beacons. Enabling WEP scrambles data but does not stop frame transmission. Placing APs to reduce leakage is unlikely to completely prevent signal from reaching public areas. You can't stop war drivers from discovering your WLAN, but you can take steps to prevent them from using your network.
3. b) Sniffing and Eavesdropping -- Payload encryption is required to prevent eavesdropping on confidential data. Sniffing is passive and does not require the attacker to get through your WLAN's access control measures – anyone within physical proximity has access to the air!
4. d) On the outside or DMZ -- Wireless networks are inherently untrustworthy and therefore should never be placed inside the perimeter firewall (i.e., inside trusted territory).
5. c) Authentication keys are different for every station -- With 802.11, the same authentication key is used by all stations in the wireless LAN. Four WEP keys can usually be configured for encryption, but only one key is used for authentication.
6. b) Using the MAC address of another station -- In the realm of network security, "spoofing" means assuming the identity of another device (e.g., an IP or MAC address) and attempting to masquerade as that device.
7. d) All of the above -- Any AP that is not in the WLAN analyzer's list of authorized devices will be reported as a possible rogue AP. These alerts need to be further investigated to determine the location of the AP and the actual threat posed to your WLAN.
8. c) WEP is harder to crack if you use dynamic keys -- The initialization vector used by WEP is too short to prevent keystream reuse, and any two frames encrypted with the same keystream can be XORed to decrypt the payload. You cannot make the WEP IV longer, but you can reduce keystream reuse by changing the key frequently. Short-lived keys, therefore, make WEP harder to crack.
9. b.) False -- Many Web sites do pass confidential data without SSL – assuming otherwise is risky. But even if you did visit only Web sites using SSL to protect HTTP, header information is still passed as cleartext over the air. Source and destination IP addresses and URLs can be analyzed to learn about your behavior or launch attacks. Depending upon authentication method, station credentials may also be revealed or left vulnerable to dictionary attack.
10. e) Answers A and B, but not C -- TKIP benefits from derived crypto keys and longer IVs, but still uses the same RC4 cipher employed by WEP so that upgrades can be applied with firmware instead of requiring new hardware.
11. b.) False -- The CRC used by WEP can detect transmission errors, but can't stop attackers from modifying frames without invalidating the CRC. TKIP detects forgery by using a real message integrity check instead of a cyclic redundancy check.
12. d) All of the above -- Any radio can transmit in an unlicensed band and there's nothing you can do to stop that. Floods and jamming by devices sharing the ISM band are still unresolved threats. However, using the UNII band occupied by 802.11a can eliminate competition with Bluetooth or potentially evade 802.11b-based DoS attacks.
13. b) Clients associating with the wrong access point -- Privacy may be a top concern, but studies like the one published by JupiterMedia suggest that relatively few companies report losing confidential data due to wireless. In contrast, clients accidentally associating with the wrong AP and finding rogue access points were each reported by 17% of those surveyed.
14. e) All of the above -- All locations in and around the site should be surveyed to identify and reduce windows of opportunity for unauthorized use or malicious attacks.
15. d) Send SNMP traps to alert the network administrator -- WLAN analyzers focus on passively scanning channels, recording traffic, crunching the collected data and presenting it in many different ways. Analyzers may perform expert analysis to generate alerts, but they don't typically act as SNMP agents.
16. b) False -- Just because someone can detect the presence of your AP does not necessarily mean they can penetrate your AP to take advantage of or attack your network. You can't stop war drivers from finding your AP, but you can take appropriate countermeasures to block access to destination networks and servers. | |
| meijin 2003-06-10, 3:07 pm |
| Here is a link for an on-demand web cast with the young lady that did the little quiz or test. I have not tried it out myself yet. Probably tonight.
Note, I do not have any affiliation with any of these folks. Just passing along some info.
================
http://webevents.broadcast.com/tech...ndex.asp?loc=01 |
|
|
|
|