Ch09 - CST Home

Chapter 9 RQ Answers
Review Questions
1. After the IEEE 802.11 standard was ratified in 1999 independent studies
identified WEP weaknesses by the year
a. 2001
b. 2003
c. 2004
d. 2005
2. The two primary security vulnerabilities of the original 802.11 wireless security
mechanism are
a. speed and data modeling
b. encryption and authentication
c. access codes and passwords
d. tokens and resources
3. WPA and WPA2 were created by which organization?
b. CompTIA
c. Wi-Fi Alliance
d. Wireless Research Resource Group (WRRG)
4. After the security flaws in WEP were publicized, the IEEE TGi task group
released a new proposed implementation known as
a. WPA
b. WEP2
d. Dynamic TKIP
5. _____ is another name for the IEEE 802.11 standard.
a. robust security network (RSN)
b. Wireless Access Protection 2 (WAP2)
c. Encryption Model II
d. Enterprise Standard Security (ESS)
6. Advanced Encryption Standard (AES) is a block cipher. True or False?
7. The IEEE 802.1x standard enforces port security. True or False?
8. Pre-authentication allows a device to become authenticated prior to being turned
on. True or False?
9. Wi-Fi Protected Access (WPA) is a subset of IEEE 802.11i. True or False?
10. MIC performs encryption by using a per-byte key. True or False?
11. The _____replaces the Cyclic Redundancy Check (CRC) function in WEP.
Message integrity check (MIC)
12. Unlike WEP, the _____ is not used for encryption but instead serves as the
starting point (seed) for mathematically generating the encryption keys. Preshared keys (PSK)
13. _____ allows both AES and TKIP clients to operate in the same WLAN, whereas
IEEE 802.11i only recognizes TKIP. WPA2
14. The _____ security model should only be implemented as a temporary solution.
15. Shared key authentication uses _____ keys for authentication. WEP
16. List the three steps that should be taken for implementing the transitional security
There are three important steps that should be taken for authentication under the
transitional security model. These are using shared key authentication, turning off
SSID beaconing, and implementing MAC address filtering.
17. When should the personal security model be implemented?
A dramatically increased level of security can be achieved through using the
personal security model. The personal security model is designed for single users or
small office home office (SOHO) settings of generally ten or fewer wireless devices.
The personal security model is intended for settings in which an authentication
server is unavailable.
18. Why should AES encryption and decryption be performed in hardware instead of
It is recommended that AES encryption and decryption be performed in hardware
because of the computationally intensive nature of AES. Performing AES
encryption in software requires sufficient processing power. If an access point
performed AES encryption/decryption in software while serving several devices, the
AP would not be able to adequately service the devices, especially if that access point
lacked a powerful processor and a large amount of memory.
19. How does a RADIUS server support IEEE 802.1x?
The authentication server in an 802.1x configuration stores the list of the names and
credentials of authorized users in order to verify their user authenticity. Typically a
Remote Authentication Dial-In User Service (RADIUS) server is used. When a user
wants to connect to the wireless network, the request is first sent to authenticator,
which relays the information, such as the username and password, type of
connection, and other information, to the RADIUS server. The server first
determines if the AP itself is permitted to send requests. If so, the RADIUS server
attempts to find the user’s name in its database. It then applies the password to
decide whether access should be granted to this user. Depending upon the
authentication method being used, the server may return a challenge message that
carries a random number. The authenticator relays the challenge to the user’s
computer, which must respond with the correct value to prove its asserted identity.
Once the RADIUS server is satisfied that the user is authentic and authorized to use
the requested service, it returns an “Accept” message to the AP.
20. What is a virtual private network (VPN)?
A virtual private network (VPN) uses a public, unsecured network as if it were a
private, secured network. VPN transmissions are achieved through communicating
with endpoints. An endpoint is the end of the tunnel between VPN devices. An
endpoint can be software on a local computer, a dedicated hardware device such as
a VPN concentrator (which aggregates hundreds or thousands of connections
together), or even a firewall. VPNs can also be used in a wireless LAN setting.
Because of its vulnerabilities a wireless user can “tunnel” through the less-thansecure wireless network using a VPN and rely on its security advantages. For
example, a user may access a public wireless hotspot at an airport or coffee shot and
use VPN to “tunnel” through it to reach the secure corporate network