Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
Cellular |
Provides connectivity for mobile devices. 5G connections are becoming more popular with the capability of greater bandwidth and throughput, but has to have a greater antenna density. Normally provided by a cellular carrier which offloads security to a third party, which means it should be treated the same way you would treat an external connection. |
|
Wi-Fi |
Covers a range of wireless protocols that are used to provide wireless networking. Uses radio bands 2.4GHz and 5GHz. The different standards are 802.11b and now more common 802.11ac or 802.11x (WiFi 6). Signal strength can be impeded by walls, trees, or other objects. It has 2 different security protocols WPA2 and WPA3. Service set identifiers (SSID) are used to identify the network name and can be public or private |
|
Bluetooth |
Short range wireless system. Operates on the same radio band as WiFi (2.4 GHz) and is considered low power, short range (<100m) and low bandwidth needs. Connected peer to peer most of the time. Relatively easy to attack unless the default PIN is changed, if not eavesdropping is a likelihood |
|
NFC |
Near Field Communication, used for very short range communication. Used at payment terminals for Apple Pay. Limited to 4 inches of range, with low bandwidth, device to device purposes. Threats to NFC will typically be in close proximity to the NFC device. Attacks include spoofing, interception, and replay. They must be configured to not respond to queries except when desired. |
|
RFID |
Radio Frequency Identification, is short range (<1ft) that uses tag and receiver to exchange information. There are several types of tags: Active (have their own power source and always send signals) Semi-Active (battery powered but only activated by receiver) Passive (powered by the receiver) 3 Frequencies Low: short range, low power, used for entry access and identification High: longer range (1m) and faster communication Ultra High: longest range, fastest to read, used for inventory Attacks include destruction, cloning, reprogramming, or spoofing |
|
IR |
Infrared only works in line of sight and can be captured by anything with a line of sight. Most frequently used for point to point connections, but not commonly found in modern systems |
|
GPS |
Global Positioning System, it is not used to create a network where devices transmit, only receives. Uses a constellation of satellites that send out GPS signals to receivers. Used to help navigate devices within a foot accuracy used for geofencing. It also is used for network time systems from its time signal. Attacks include jamming or spoofing but are uncommon |
|
USB |
Connections with USB can be considered a significant risk with them connecting to mobile devices. Organizations should consider limiting capabilities to charge only cables. The risk of data collection and even software or firmware changes can be significant risks |
|
Wireless Network Models |
Point to Point: connects two nodes and transmissions between them can only be received by the endpoints Point to Multipoint: like WiFi have many nodes receiving the information sent by a node Broadcast: send out information on many nodes and typically do not care about receiving a response like Radio and GPS |
|
Rogue Access Points |
Access points (AP) added to your network either intentionally or unintentionally. Once they are connected to your network they can provide point of entry to attackers and other unwanted users. It is important to monitor your network with wireless controller systems that detect new access points and log traffic |
|
WLAN |
Wireless Local Area Network controllers help manage access points and an organization’s wireless network. They also offer monitoring and blended roaming of WiFi and 5G. They still need to be properly configured by changing the default settings, disable insecure protocols and services, setting strong passwords, and placing them on isolated VLAN’s. They should also be regularly patched and updated along with monitoring and logging enabled. |
|
WPA2 |
WiFi Protected Access 2 is widely used and has two usage modes. WPA-Personal: uses a pre shared key and is called WPA-PSK. This allows clients to authenticate without an authentication server. WPA-Enterprise: relies on a RADIUS authentication server and users have a unique credentials. |
|
CCMP |
Counter Mode Cipher Block Chaining Message Authentication Code Protocol, which uses AES encryption to provide confidentiality by delivering stronger encryption. It also provides authentication for users and access control features |
|
WPA3 |
Improves on WPA2 and provides additional protection for password based authentication by using SAE (Simultaneous Authentication of Equals) which replaces pre shared keys and requires interaction between both the client and network to validate both sides. This slows down brute force attack. Users also don’t have the same password and it has perfect forwarded secrecy even if a client’s password is compromised |
|
Captive Portal |
Used on open networks that do not require authentication, to gather some information from users who want to use them. They redirect traffic to a website before allowing access to the network |
|
PSK |
Preshared Keys, requires a pass phrase or key that is shared with anyone who wants to use the network. It allows traffic to be encrypted but does not allow users to be uniquely identified |
|
PEAP |
Protected Extensible Authentication Protocol, authenticates servers using a certificate and wraps EAP using TLS tunnel to keep it secure. Devices on the network use unique encryption keys and Temporal Key Integrity Protocol (TKIP) is implemented to replace keys on a regular basis |
|
EAP-FAST |
Flexible Authentication via Secure Tunneling Extensible Authentication Protocol, is a Cisco protocol to improve upon LEAP. It provides faster reauthentication while devices are roaming. It works around the public key exchanges that slow down LEAP by using symmetric keys for reauthentication. It can also use either pre-shared keys or dynamic keys established using public key authentication. |
|
EAP-TLS |
Extensible Authentication Protocol - Transport Layer Security, certificate-based authentication along with mutual authentication of a device. Uses certificates to generate keys that are used for communication. Less frequently used due to certificate management challenges |
|
EAP-TTLS |
EAP Tunneled Transport Layer Security, adds onto EAP-TLS by not requiring certificates to create a secure session but does require additional software to be installed |
|
Evil Twin |
A malicious fake access point that is set up to appear to be a legitimate, trusted network. Attacks will use more powerful AP’s or place them closer to the target to make the AP more likely be associated with the target |
|
Federating RADIUS Servers |
Establishes trust between RADIUS servers that are a part of a federation. EDUroam is an example of this by allowing connection to devices at any university that has EDUroam servers. |
|
BYOD |
Bring Your Own Device, the user owns, controls, and maintains it. It provides the owner with freedom and lower cost to the organization. It has the greatest risk since the organization does not control, secure, or manage the device |
|
CYOD |
Choose Your Own Device, the organization owns the device but the user controls and maintains it. Support is easier along with the security model and has better security than BYOD |
|
COPE |
Corporate Owned Personally Enabled, organization owns and controls device. Offers the greatest control but the least flexibility and user friendly |
|
VDI |
Virtual Desktop Infrastructure, allows low security devices to access a secured, managed environment |
|
MDM |
Mobile Device Management, also known as Unified Endpoint Management (UEM) specifically targets Android and iOS devices and combines all of them into a single management platform |
|
MAM |
Mobile Application Management, tool that focuses on application that are deployed on mobile devices. |
|
Mobile Management Tool capabilities |
Application management Content Management Remote-wipe capabilities Geolocation and geofencing Screen locks, passwords, and PINs Biometrics Context-aware authentication (behavior elements) Containerization Storage segmentation Full device encryption Push notifications |
|
Carrier Unlocking |
Phones to be used with other cellular providers |
|
SEAndriod |
A version of Security Enhanced Linux for Android devices. It provides the ability to enforce mandatory access control on Android devices utilizing deny by default. |
|
Bluejacking |
Sending unsolicited messages to Bluetooth enabled devices |
|
Bluesnarfing |
Unauthorized access to a Bluetooth device, typically aimed at gathering information like contact lists or other details the device contains |
|
Disassociation |
What happens when a device disconnects from an access point. Many attacks work better when the device attempts to reconnect giving the attacker a window of opportunity to try and capture information while the system tries to reconnect. The best way to force disassociation is to send a deauthentication frame which spoofs the victim’s wireless MAC address. Since most networks use WPA2 which is often not encrypted it is relatively easy to attack. WPA3 got rid of this vulnerability |
|
Jamming |
Will block all the traffic in the range or frequency it is conducted against. It is essentially wireless interference, it is sometimes not intentional and is common since signals can often be sent with the same frequency of other devices |
|
IV Attack |
Initialization Vector attack was only a vulnerability on WPA where the 24-bit initialization vector could be reverse engineered when captured and a RC4 key stream could be derived. WPA2 and WPA3 have fixes for this |
|
Site Survey |
Involve moving throughout the entire facility to determine what existing networks are in place and to look at the physical structure for the location options for your access points. In new construction network design is often included in the overall design of r the facility. |
|
Heatmap |
A test of wireless signal strength as you walk. Allowing you to use GPS and physically marking your position on a floor plan or map as you go to show where the wireless connection is weak or strong. |
|
WiFi Analyzer Software |
Used to gather all the data you need to survey and plan networks, creat heat maps, identify the best channel, conduct speed tests, and perform wireless client information |