IT-241 Appendix G
Associate Program Material
Appendix G
Wireless LAN Vulnerabilities Matrix
Complete the following matrix by filling in the blank boxes in the table.
Security protection
Brief description
Vulnerabilities
Prevention (if any)
MAC address filtering
Only allows access to a device if its MAC address matches that of a pre-approved list on the router.
MAC Spoofing
Don’t rely on MAC filtering alone.
Open system authentication (SSID beaconing)
Disables SSID from being broadcast so wireless networks are harder to detect.
A spectrum analyzer can still be used to find the network name.
Create a more complex SSID and password settings in your AP
WEP
Stands for Wired Equivalency Privacy. Uses 64 bit or 128 bit encryption. (including 24-bit IV)
In larger networks, IV’s can be duplicated and cause collisions, which are easy to detect by outside influences
Use WPA2 with AES or similar instead on larger, enterprise deployments.
Of the six categories of attackers, the one I would most want to break into my network would be hackers, as they attempt to penetrate your network and expose vulnerabilities, then inform you of them. This is opposed to a cracker, which will do the same thing, only steal the data and attempt to sell it. A script kiddie is very dangerous, as they are generally under-experienced hackers and crackers who use someone else’s codes and almost always have malicious intent.
Between MAC filtering, WEP, and authentication, I believe that WEP is the most secure of the three. MAC filtering can be easily overcome by MAC spoofing, and is not part of the 802.11 standard. Authentication is somewhat weaker than WEP, as someone could capture the cleartext challenge phrase and the encrypted response frame and gain access to the network. WEP is the strongest of the 3, but is still weak due to IV collisions which can be monitored and the hacker can recover the security key during those collisions. In fact, hackers can even cause massive IV
Appendix G
Wireless LAN Vulnerabilities Matrix
Complete the following matrix by filling in the blank boxes in the table.
Security protection
Brief description
Vulnerabilities
Prevention (if any)
MAC address filtering
Only allows access to a device if its MAC address matches that of a pre-approved list on the router.
MAC Spoofing
Don’t rely on MAC filtering alone.
Open system authentication (SSID beaconing)
Disables SSID from being broadcast so wireless networks are harder to detect.
A spectrum analyzer can still be used to find the network name.
Create a more complex SSID and password settings in your AP
WEP
Stands for Wired Equivalency Privacy. Uses 64 bit or 128 bit encryption. (including 24-bit IV)
In larger networks, IV’s can be duplicated and cause collisions, which are easy to detect by outside influences
Use WPA2 with AES or similar instead on larger, enterprise deployments.
Of the six categories of attackers, the one I would most want to break into my network would be hackers, as they attempt to penetrate your network and expose vulnerabilities, then inform you of them. This is opposed to a cracker, which will do the same thing, only steal the data and attempt to sell it. A script kiddie is very dangerous, as they are generally under-experienced hackers and crackers who use someone else’s codes and almost always have malicious intent.
Between MAC filtering, WEP, and authentication, I believe that WEP is the most secure of the three. MAC filtering can be easily overcome by MAC spoofing, and is not part of the 802.11 standard. Authentication is somewhat weaker than WEP, as someone could capture the cleartext challenge phrase and the encrypted response frame and gain access to the network. WEP is the strongest of the 3, but is still weak due to IV collisions which can be monitored and the hacker can recover the security key during those collisions. In fact, hackers can even cause massive IV