Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
70 CHAPTER 4 Wireless Networking<br />
site survey uses the same tools an attacker uses, such as a sniffer and a WEP<br />
cracking tool (for 802.<strong>11</strong> network site surveys).<br />
Summary of <strong>Exam</strong> Objectives<br />
WLANs are inherently insecure because of their very nature; the fact that they radiate<br />
radio signals–containing network traffic that can be viewed and potentially<br />
compromised by anyone within range of the signal. With the proper antennas,<br />
the range of WLANs is much greater than is commonly assumed.<br />
There are a number of different types of wireless networks that can be potentially<br />
deployed. These include HomeRF, Bluetooth, 802.<strong>11</strong>n, 802.<strong>11</strong>g, 802.<strong>11</strong>b, and<br />
802.<strong>11</strong>a networks. The most common type of WLAN in use today is based on the<br />
IEEE 802.<strong>11</strong>g standard.<br />
The 802.<strong>11</strong> standard defines the 64-bit Wired Equivalent Privacy (WEP) protocol<br />
as an optional component to protect wireless networks from eavesdropping. WEP<br />
is insecure because it encrypts well-known and deterministic IP traffic in layer 3,<br />
and it is vulnerable to plaintext attacks. That is, it is relatively easy for an attacker<br />
to figure out what the plaintext traffic is (for example, a DHCP exchange) and<br />
compare that with the ciphertext, providing a powerful clue for cracking the<br />
encryption.<br />
Another problem with WEP is that it uses a relatively short (24-bit) IV to encrypt<br />
the traffic and WEP uses RC4 as the encryption algorithm, which is well known<br />
and recently it was discovered that it uses a number of weak keys. AirSnort<br />
and WEPCrack are well-known open-source tools that exploit the weak key<br />
vulnerability of WEP. The response to the weaknesses in WEP is the use of Wi-<br />
Fi Protected Access (WPA) which has a longer IV, a stronger algorithm, and a<br />
longer key.<br />
MAC filtering is another defensive tactic that can be employed to protect wireless<br />
networks from unwanted intrusion. Only the wireless station that possess<br />
adaptors that have valid MAC addresses are allowed to communicate with the<br />
AP. However, MAC addresses can be easily spoofed and maintaining a list of valid<br />
MAC addresses may be impractical in a large environment.<br />
Top Five Toughest Questions<br />
1. You are a corporate user trying to connect to the company’s wireless network.<br />
When you look at the list of available networks, you do not find the<br />
corporate network listed. What is most likely the cause<br />
A. Wireless is turned off<br />
B. Incorrect mode<br />
C. Beaconing is turned off<br />
D. Interference<br />
2. You are a corporate user trying to connect to the company’s wireless network.<br />
You are within the distance limit of the wireless network yet you