Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
66 CHAPTER 4 Wireless Networking<br />
using a unicast session key, and then sent from the AP to the client in a much<br />
more secure manner.<br />
Mutual Authentication<br />
802.1x and EAP provide for a mutual authentication capability. This makes the<br />
clients and the authentication servers mutually authenticating end points, and<br />
assists in the mitigation of attacks from man-in-the-middle (MITM) types of<br />
devices. Any of the following EAP methods provide for mutual authentication:<br />
■<br />
■<br />
■<br />
TLS requires that the server supply a certificate and establish that it has<br />
possession of the private key.<br />
IKE requires that the server show possession of a preshared key or private<br />
key (this can be considered certificate authentication).<br />
GSS_API (Kerberos) requires that the server can demonstrate knowledge<br />
of the session key.<br />
Per-Packet Authentication<br />
EAP can support per-packet authentication and integrity protection, but it is<br />
not extended to all types of EAP messages. For example, negative acknowledgment<br />
(NACK) and notification messages cannot use per-packet authentication<br />
and integrity. Per-packet authentication and integrity protection works for the<br />
following (packet is encrypted unless otherwise noted):<br />
■<br />
■<br />
■<br />
■<br />
■<br />
TLS and IKE derive session key<br />
TLS cipher suite negotiations (not encrypted)<br />
IKE cipher suite negotiations<br />
Kerberos tickets<br />
Success and failure messages that use a derived session key (through WEP)<br />
COMMON EXPLOITS OF WIRELESS NETWORKS<br />
In general, attacks on wireless networks fall into four basic categories: passive,<br />
active, MITM, and jamming.<br />
Passive Attacks on Wireless Networks<br />
A passive attack occurs when someone listens to or eavesdrops on network traffic.<br />
Passive attacks on wireless networks are extremely common, almost to the point<br />
of being ubiquitous. Detecting and reporting on wireless networks has become<br />
a popular hobby for many wireless war-driving enthusiasts.<br />
■<br />
Detecting wireless networks Utilizing new tools created for wireless<br />
networks and the existing identification and attack techniques and utilities<br />
originally designed for wired networks, attackers have many avenues<br />
into a wireless network. The first step in attacking a wireless network<br />
involves finding a network to attack. The most popular software<br />
developed to identify wireless networks is the Windows-based NetStumbler