CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [77]
Understand Wireless
Hacking Techniques
Most wireless hacking attacks can be categorized as follows:
Cracking encryption and authentication mechanisms These mechanisms include cracking WEP, WPA preshared key authentication passphrase, and Cisco's Lightweight EAP authentication (LEAP). Hackers can use them to connect to the WLAN using stolen credentials or can capture other users' data and decrypt/encrypt it.
Eavesdropping or sniffing This involves capturing passwords or other confidential information from an unencrypted WLAN or hotspot.
Denial of Service DoS can be performed at the physical layer by creating a louder RE signature than the AP with an RE transmitter, causing an approved AP to fail so users connect to a rogue AP. DoS can be performed at the Logical Link Control (LLC) layer by generating deauthentication frames (deauth attacks) or by continuously generating bogus frames (Queensland attack).
AP masquerading or spoofing Rogue APs pretend to be legitimate APs by using the same configuration SSID settings or network name.
MAC spoofing The hacker pretends to be a legitimate WLAN client and bypasses MAC filters by spoofing another user's MAC address.
Wireless networks give a hacker an easy way into the network if the AP isn't secured properly. There are many ways to hack or exploit the vulnerabilities of a WLAN.
Describe the Methods Used to Secure
Wireless Networks
Because wireless networking is a relatively new technology compared to wired networking technologies, fewer security options are available. Security methods can be categorized by the applicable layer of the OSI model.
Layer 2 or MAC layer security options are as follows:
■ WPA
■ WPA2
■ 802.11i
Layer 3 or Network layer security options are as follows:
■ IPSec or SSL VPN
Layer 7 or Application layer security options are as follows:
■ Secure applications such as Secure Shell (SSH), HTTP Over SSL (HTTPS), and FTP/SSL (FTPS)
Exam Essentials
Understand the inherent security vulnerabilities of using a WLAN. RF is a broadcast medium, and therefore all traffic is able to be captured by a hacker.
Understand the security solutions implemented in the IEEE 802.11 standard. WEP, shared key, and MAC filters are security solutions offered in the original IEEE 802.11 standard.
Understand the security solutions offered by the Wi-Fi Alliance. WPA and WPA2 are Wi-Fi Alliance equipment security certifications.
Know what an SSID is used for on a WLAN. The SSID identifies the network name and shouldn't be used as a security mechanism.
Know what security mechanisms should not be used for WLAN security. WEP and MAC filters shouldn't be used as the sole means to secure the WLAN.
Because of its numerous weaknesses, WEP shouldn't be used as the sole security mechanism for a WLAN.
Review Questions
1. Which of the following security solutions uses the same key for both encryption and authentication?
A. WPA
B. WPA2
C. WEP
D. 802.11i
2. WEP stands for what?
A. Wireless Encryption Protocol
B. Wired Equivalent Privacy
C. Wireless Encryption Privacy
D. Wired Encryption Protocol
3. What makes WEP crackable?
A. Same key used for encryption and authentication
B. Length of the key
C. Weakness of IV
D. RC4
4. Which form of encryption does WPA use?
A. AES
B. TKIP
C. LEAP
D. Shared key
5. Which form of authentication does WPA2 use?
A. Passphrase only
B. 802.1 x/EAP/RADIUS
C. Passphrase or 802.lx/EAP/RADIUS
D. AES
6. 802.111 is most similar to which wireless security standard?
A. WPA2
B. WPA
C. TKIP
D. AES
7. Which of the following is a layer 3 security solution for WLANs?
A. MAC filter
B. WEP
C. WPA
D. VPN
8. A device that sends deauth frames is performing which type of attack against the WLAN?
A. Denial of Service
B. Cracking
C. Sniffing
D. MAC spoofing
9. The most dangerous type of attack against a WLAN is
A. WEP cracking
B. Rogue access point
C. Eavesdropping
D. MAC spoofing
10. 802.11i is implemented at which layer of the OSI model?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 7
Answers to Review Questions