Chapter 2
Review Questions
1. Each of the following is a category of security protection that can be implemented
using WLANs except
a. access control
b. wired equivalent privacy (WEP
c. access restrictions
d. authentication
2. Each of the following is another name for a MAC address except
a. vendor address
b. Ethernet address
c. physical address
d. Layer 7 address
3. MAC address filtering can be implemented by either permitting or ____ a device.
a. preventing
b. configuring
c. throttling
d. encrypting
4. Cryptography depends upon a process used to encrypt and decrypt messages
based on a procedure called a(n)
a. algorithm
b. key
c. cipher
d. CR4
5. Keys that create a repeating pattern are known as
a. structure algorithms
b. cipher abnormalities (CA)
c. inferior algorithms
d. weak keys
6. A WEP shared secret key is used to encrypt cleartext but not decrypt ciphertext.
True or False?
7. The IEEE standard also specifies that the access points and devices can hold up to
four shared secret keys, one of which must be designated as the default key. True
or False?
8. Another name for the cyclic redundancy check (CRC) is the integrity check value
(ICV). True or False?
9. The initialization vector (IV) is a 24-bit value that changes each time a packet is
encrypted. True or False?
10. The initialization vector (IV) is part of the shared secret key that must be installed
individually on each wireless device. True or False?
11. Wireless authentication requires the _____and not the user to be authenticated
prior to being connected to the network. wireless device
12. An optional authentication method known as ______________ uses the WEP
default key. shared key authentication
13. With _____ scanning a wireless device simply listens for a beacon frame for a set
period of time and once a wireless device receives a beacon frame and the SSID it
can then attempt to join the network. passive
14. _____ is the process of transferring a user from being associated from one access
point to another. Handoff
15. An attacker using a(n) ___ attempts to create every possible key combination by
using a program to systematically change one character at a time in a possible
default key. brute force attack
16. Explain how an attacker can still capture the SSID over the airwaves even if it is
turned off in beaconing frames.
The SSID can be easily discovered even when it is not contained in beacon frames.
Although the SSID can be suppressed from beacon frames, it still is transmitted in
other management frames sent by the AP. Attackers who use wireless tools freely
available on the Internet can easily see the SSID being transmitted. The SSID is also
initially transmitted in cleartext form when the device is negotiating with the access
point. An attacker can easily view the SSID when this process is occurring. If an
attacker cannot capture an initial negotiation process, it can force one to occur. An
attacker can pretend to be an access point and send a disassociation frame to a
wireless device. This will cause the device to disassociate from the access point. The
device will then immediately attempt to reconnect to the AP, at which time the
attacker can capture packets and see the SSID in plaintext.
17. What is a brute force attack?
A brute force attack is when an attacker attempts to create every possible key
combination by using a program to systematically change one character at a time in
a possible default key, and then using each newly generated key to decrypt a
message. For example, if a key contains five numbers, such as 49833, the brute force
attack would start with the combination 00000 and attempt to use that as the
password. If it fails, the next attack is 00001, then 00002, and so on until all possible
combinations are exhausted. Although it may at first appear that a brute force
attack could take a long time, it actually may not. In the 00000 example, if a key
consists of five numbers, then there are 10*10*10*10*10 or 100,000 possible
combinations. A standard personal computer can easily create over 1,000,000
possible password combinations per second.
18. Explain how WEP violates the cardinal rule of cryptography.
WEP implementation violates the cardinal rule of cryptography that anything that
creates a detectable pattern must be avoided at all costs. WEP creates a detectable
pattern for attackers. IV’s are 24-bit numbers, meaning there are 16,777,216
possible values. An AP transmitting at only 11 Mbps can send and receive 700
packets each second. If a different IV were used for each packet, then the IVs would
start repeating in fewer than seven hours (a “busy” AP can produce duplicates in
fewer than five hours). An attacker who captures packets for this length of time can
see the duplication and use it to crack the code.
19. What is a weakness of RC4?
RC4 uses a pseudo-random number generator (PRNG) to create the keystream.
This PRNG does not create a true random number but what appears to be (pseudo)
a random number. Also, difficencies withing RC4 have been identified. For
example, the first 256 bytes of the RC4 cipher can be determined by bytes in the key
itself. Finally, the RC4 source code (or a derivation of it) has been revealed,
allowing attackers to see how the keystream itself is generated. For these reasons
the RC4 cipher is not considered to be the most effective cipher for the task.
20. How did WEP2 attempt to address security vulnerabilities?
WEP2 attempted to overcome the limitations of WEP by adding two new security
enhancements. First, the shared secret key was increased to 128 bits from 64 bits to
address the weakness of encryption. Second, a different authentication system was
used, known as Kerberos.