Chapter 2 Review Questions 1. Each of the following is a category of security protection that can be implemented using WLANs except a. access control b. wired equivalent privacy (WEP c. access restrictions d. authentication 2. Each of the following is another name for a MAC address except a. vendor address b. Ethernet address c. physical address d. Layer 7 address 3. MAC address filtering can be implemented by either permitting or ____ a device. a. preventing b. configuring c. throttling d. encrypting 4. Cryptography depends upon a process used to encrypt and decrypt messages based on a procedure called a(n) a. algorithm b. key c. cipher d. CR4 5. Keys that create a repeating pattern are known as a. structure algorithms b. cipher abnormalities (CA) c. inferior algorithms d. weak keys 6. A WEP shared secret key is used to encrypt cleartext but not decrypt ciphertext. True or False? 7. The IEEE standard also specifies that the access points and devices can hold up to four shared secret keys, one of which must be designated as the default key. True or False? 8. Another name for the cyclic redundancy check (CRC) is the integrity check value (ICV). True or False? 9. The initialization vector (IV) is a 24-bit value that changes each time a packet is encrypted. True or False? 10. The initialization vector (IV) is part of the shared secret key that must be installed individually on each wireless device. True or False? 11. Wireless authentication requires the _____and not the user to be authenticated prior to being connected to the network. wireless device 12. An optional authentication method known as ______________ uses the WEP default key. shared key authentication 13. With _____ scanning a wireless device simply listens for a beacon frame for a set period of time and once a wireless device receives a beacon frame and the SSID it can then attempt to join the network. passive 14. _____ is the process of transferring a user from being associated from one access point to another. Handoff 15. An attacker using a(n) ___ attempts to create every possible key combination by using a program to systematically change one character at a time in a possible default key. brute force attack 16. Explain how an attacker can still capture the SSID over the airwaves even if it is turned off in beaconing frames. The SSID can be easily discovered even when it is not contained in beacon frames. Although the SSID can be suppressed from beacon frames, it still is transmitted in other management frames sent by the AP. Attackers who use wireless tools freely available on the Internet can easily see the SSID being transmitted. The SSID is also initially transmitted in cleartext form when the device is negotiating with the access point. An attacker can easily view the SSID when this process is occurring. If an attacker cannot capture an initial negotiation process, it can force one to occur. An attacker can pretend to be an access point and send a disassociation frame to a wireless device. This will cause the device to disassociate from the access point. The device will then immediately attempt to reconnect to the AP, at which time the attacker can capture packets and see the SSID in plaintext. 17. What is a brute force attack? A brute force attack is when an attacker attempts to create every possible key combination by using a program to systematically change one character at a time in a possible default key, and then using each newly generated key to decrypt a message. For example, if a key contains five numbers, such as 49833, the brute force attack would start with the combination 00000 and attempt to use that as the password. If it fails, the next attack is 00001, then 00002, and so on until all possible combinations are exhausted. Although it may at first appear that a brute force attack could take a long time, it actually may not. In the 00000 example, if a key consists of five numbers, then there are 10*10*10*10*10 or 100,000 possible combinations. A standard personal computer can easily create over 1,000,000 possible password combinations per second. 18. Explain how WEP violates the cardinal rule of cryptography. WEP implementation violates the cardinal rule of cryptography that anything that creates a detectable pattern must be avoided at all costs. WEP creates a detectable pattern for attackers. IV’s are 24-bit numbers, meaning there are 16,777,216 possible values. An AP transmitting at only 11 Mbps can send and receive 700 packets each second. If a different IV were used for each packet, then the IVs would start repeating in fewer than seven hours (a “busy” AP can produce duplicates in fewer than five hours). An attacker who captures packets for this length of time can see the duplication and use it to crack the code. 19. What is a weakness of RC4? RC4 uses a pseudo-random number generator (PRNG) to create the keystream. This PRNG does not create a true random number but what appears to be (pseudo) a random number. Also, difficencies withing RC4 have been identified. For example, the first 256 bytes of the RC4 cipher can be determined by bytes in the key itself. Finally, the RC4 source code (or a derivation of it) has been revealed, allowing attackers to see how the keystream itself is generated. For these reasons the RC4 cipher is not considered to be the most effective cipher for the task. 20. How did WEP2 attempt to address security vulnerabilities? WEP2 attempted to overcome the limitations of WEP by adding two new security enhancements. First, the shared secret key was increased to 128 bits from 64 bits to address the weakness of encryption. Second, a different authentication system was used, known as Kerberos.