CHAPTER 5: Wireless Networking 226 incorporates a checksum in each frame. Any frame not found to be valid through the checksum is discarded. Used on its own, WEP does not provide adequate WLAN security. WEP must be implemented on every client as well as every AP to  be effective. WEP keys are user definable and unlimited. They do not have to be  predefined and can and should be changed often. Despite its drawbacks, you should implement the strongest ver- sion of WEP available and keep abreast of the latest upgrades to the standards. The IEEE 802.1x specification uses the Extensible Authentication  Protocol (EAP) to provide for client authentication. Common Exploits of Wireless Networks Examining the common threats to both wired and wireless  networks provides a solid understanding in the basics of security principles and allows the network administrator to fully assess the risks associated with using wireless and other technologies. Threats can come from simple design issues, where multiple  devices utilize the same setup, or intentional denial of service attacks which can result in the corruption or loss of data. Malicious users aren’t the source of all threats. Problems can also  be caused by a conflict of similar resources, such as with 802.11b networks and cordless telephones. With wireless networks going beyond the border of the office or  home, chances are greater that users’ actions might be monitored by a third party. Electronic eavesdropping, or sniffing, is passive and undetectable to  intrusion detection devices. Tools that can be used to sniff networks are available for Windows  (such as Ethereal and AiroPeek) and UNIX (such as TCPDump and ngrep). Sniffing traffic allows attackers to identify additional resources that  can be compromised. Exam Objectives Fast Track 227 Even encrypted networks have been shown to disclose vital infor- mation in cleartext, such as the network name, that can be received by attackers sniffing the WLAN. Any authentication information that is broadcast can often be sim- ply replayed to services requiring authentication (NT Domain, WEP authentication, and so on) to access resources. The use of VPNs, SSL, and SSH helps protect against wireless  interception. Because of the design of Transmission Control Protocol/Internet  Protocol (TCP/IP), there is little that you can do to prevent MAC/ IP address spoofing. Static definition of MAC address tables can prevent this type of attack. However, due to significant overhead in management, this is rarely implemented. Wireless network authentication can be easily spoofed by sim- ply replaying another node’s authentication back to the AP when attempting to connect to the network. Many wireless equipment providers allow for end users to redefine  the MAC address for their cards through the configuration utilities that come with the equipment. External two-factor authentication such as Remote Access Dial-In  User Service (RADIUS) or SecurID should be implemented to addi- tionally restrict access requiring strong authentication to access the wireless resources. Because of the design of TCP/IP, some spoof attacks allow for  attackers to hijack or take over network connections established for other resources on the wireless network. If an attacker hijacks the AP, all traffic from the wireless network  gets routed through the attacker, so the attacker can then identify passwords and other information that other users are attempting to use on valid network hosts. Many users are susceptible to MITM attacks, often entering their  authentication information even after receiving many notifications that SSL or other keys are not what they should be. Rogue APs can assist the attacker by allowing remote access from  wired or wireless networks. These attacks are often overlooked as just faults in the user’s machine, allowing attackers to continue hijacking connections with little fear of being noticed. CHAPTER 5: Wireless Networking 228 Many wireless networks that use the same frequency within a  small space can easily cause network disruptions and even denial of service (DoS) for valid network users. If an attacker hijacks the AP and does not pass traffic on to the  proper destination, all users of the network will be unable to use the network. Flooding the wireless network with transmissions can prevent  other devices from utilizing the resources, making the wireless net- work inaccessible to valid network users. Wireless attackers can utilize strong and directional antennas to  attack the wireless network from a great distance. An attacker who has access to the wired network can flood the  wireless AP with more traffic than it can handle, preventing wire- less users from accessing the wired network. Many new wireless products utilize the same wireless frequencies  as 802.11 networks. A simple cordless telephone can create a DoS situation for the network. Configuring Windows Client Computers for Wireless Network Security Windows XP and Vista provide support for 802.1x protection on  wireless networking connections. Windows XP and Vista integrated wireless networking into the OS  to a high degree. Windows XP and Vista take control of your net- work connection in most cases. Both Windows Vista and Windows XP can support WEP 64 and  WEP 128, WPA and WPA2 as well as any third-party solutions on the market. Site Surveys Tools used in site surveys include wireless sniffers, directional or  parabolic dish antennas, and GPS receivers. Wireless sniffers that can be used in a site survey include the  Windows-based NetStumbler and the UNIX/Linux-based Kismet or ethereal. Exam Objectives Frequently Asked Questions 229 Site surveys are used to map out the extent to which wireless net- works are visible outside the physical boundaries of the buildings in which their components are installed. EXAM OBJECTIVES FREQUENTLY ASKED QUESTIONS Do I really need to understand the fundamentals of security to Q: prepare for the Network exam? Yes. While you might be able to utilize the configuration options A: available to you from your equipment provider without a full understanding of security fundamentals to implement a wireless network, without a solid background in how security is accom- plished, you will never be able to protect your assets from the unknown threats that will come against your network. Is 128-bit WEP more secure than 64-bit WEP?Q: Yes, but only to a small degree. This is because the WEP vulner-A: ability has more to do with the 24-bit IV than the actual size of the WEP key. Where can I find more information on WEP vulnerabilities?Q: Besides being one of the sources that brought WEP vulnerabilities A: to light, www.isaac.cs.berkeley.edu has links to other Web sites that cover WEP insecurities. If I have enabled WEP, am I now protected?Q: No. Certain tools can break all WEP keys by simply monitoring the A: network traffic (generally requiring less than 24 hours to do so). How can I protect my wireless network from eavesdropping by Q: unauthorized individuals? Because wireless devices are half-duplex devices, you cannot wholly A: prevent your wireless traffic from being listened to by unauthorized individuals. The only defense against eavesdropping is to encrypt Layer 2 and higher traffic whenever possible. Are wireless networks secure?Q: By their very nature and by definition, wireless networks are not A: secure. They can, however, be made relatively safe from the point of view of security through administrative effort to encrypt traffic, to implement restrictive methods for authenticating and associat- ing with wireless networks, and so on. CHAPTER 5: Wireless Networking 230 My AP does not support the disabling of SSID broadcasts. Should Q: I purchase a new one? Disabling SSID broadcasts adds only one barrier for the potential A: hacker. Wireless networks can still be made relatively safe even if the AP does respond with its SSID to a beacon probe. Disabling SSID broadcasts is a desirable feature. However, before you go out and purchase new hardware, check to see if you can update the firmware of your AP. The AP vendor may have released a more recent firmware version that supports the disabling of SSID broad- casts. If your AP doesn’t support firmware updates, consider replac- ing it with one that does. Why is WEP insecure?Q: WEP is insecure for a number of reasons. The first is that 24-bit IV A: is too short. Because a new IV is generated for each frame and not for each session, the entire IV key space can be exhausted on a busy network in a matter of hours, resulting in the reuse of IVs. Second, the RC4 algorithm used by WEP has been shown to use a number of weak keys that can be exploited to crack the encryption. Third, because WEP is implemented at Layer 2, it encrypts TCP/IP traffic, which contains a high percentage of well-known and predictable information, making it vulnerable to plaintext attacks. How can I prevent unauthorized users from authenticating and as-Q: sociating with my AP? There are a number of ways to accomplish this. You can config-A: ure your AP as a closed system by disabling SSID broadcasts and choosing a hard-to-guess SSID. You can configure MAC filtering to allow only those clients that use valid MAC addresses access to the AP. You can enable WEP and Shared Key authentication. However, all of these methods do not provide acceptable levels of assurance for corporate networks that have more restrictive security require- ments than are usually found in SOHO environments. For corpo- rate environments that require a higher degree of assurance, you should configure 802.1X authentication. SELF TEST You have a wireless network that has been in place for several 1. years. Your users still are using 802.11b network cards in several systems to connect to this wireless network. Your company has Self Test 231 decided to update the wireless network to accommodate higher speeds. Which one of the following standards could you implement in your upgrade? A. 802.11a B. 802.11b C. 802.11g D. 802.11n What technology does the 802.11n network use to achieve great 2. speed? A. WPA B. 802.1X C. WEP D. MIMO (Multiple Input/Multiple Output) You are running a wireless network using 802.11g. You fear that 3. someone might eavesdrop on your confidential information. What protocols could you use to protect your wireless network? A. WPA B. 802.1X C. WEP D. MIMO (Multiple Input/Multiple Output) You are about to implement a new wireless network. Your company 4. has a whole room filled with 2.4 GHz cordless phones. What stan- dard of 802.11 would you implement to reduce interference? A. 802.11a B. 802.11b C. 802.11g D. 802.11n You are a user in a company that would like to connect to the 5. company’s wireless network. What information must you know in order to connect to the wireless network? A. Username B. Password C. SSID D. Frequency CHAPTER 5: Wireless Networking 232 You are a user in a company that would like to connect to the com-6. pany’s wireless network. The company uses APs for connection to the corporate LAN. What mode should your wireless connection be set to attach to WAPs? A. Ad-Hoc B. Secure C. Infrastructure D. WPA You and a friend are at home and would like to share a few files 7. between your two computers. What mode should you set your wire- less card to make the connection? A. Ad-Hoc B. Secure C. Infrastructure D. WPA You have heard that there is a way to make a connection to a 8. network printer without using a cable. You would like to make this connection not using radio waves but instead using light pulses. What technology could allow you to make a connection to a printer this way? A. 802.11b B. IrDA C. Bluetooth D. 802.11g You are a user who would like to connect your PDA to your com-9. puter using a wireless technology. The PDA has several different types of networks available. You would like to use the technology that only allows for a short distance connection. A. 802.11b B. IrDA C. Bluetooth D. 802.11g You would like to make a secure connection to the corporate wire-10. less network. What must you possess to implement WEP for your machine? You are a user that would like to connect your PDA to Self Test 233 your computer using a wireless technology. The PDA has several different types of networks available. You would like to use the technology that only allows for a short distance connection. A. Username B. Password C. PassKey D. Certificate You are troubleshooting a wireless 802.11b connection. Periodi-11. cally, your computer loses connection. What could be the cause of this issue? A. Interference B. Incorrect username C. Incorrect encryption type D. Incorrect mode You are a corporate user trying to connect to the company’s wire-12. less network. When you look at the list of available networks, you do not find the corporate network listed. What is most likely the cause? A Wireless is turned off B. Incorrect mode C. Beaconing is turned off D. Interference You are having interference problems with devices that are using 13. the 2.4 Ghz frequency range. Which standard would you choose to avoid this interference? A. 802.11a B. 802.11b C. 802.11g D. 802.11n You are a corporate user trying to connect to the company’s wire-14. less network. When you attempt to connect to the network, you are denied being able to connect, what could be the cause? A. Wrong 802.11 standard B. Incorrect encryption type CHAPTER 5: Wireless Networking 234 C. Bad username D. Interference You are a corporate user trying to connect to the company’s wire-15. less network. You are within the distance limit of the wireless network yet you are unable to find the network. When you move closer, the network then shows up. What could be the cause? A. Structural interference between the AP and you machine. B. Environmental interference such as electromagnetic interference. C. RF interference from other devices. D. All of the above. SELF TEST QUICK ANSWER KEY C and D1. D2. A and C3. A4. C5. C6. A7. B8. C9. 10. C 11. A 12. C 13. A 14. B 15. D 235 CHAPTER 6 EXAM OBJECTIVES IN THIS CHAPTER THE OSI MODEL 237 THE DOD NETWORKING MODEL 257 NETWORKING PROTOCOLS 265 INTRODUCTION To prepare for the CompTIA Network exam, you should begin by reviewing the foundations of networking. Among these, you must understand the logi- cal models on which networks are designed and created, the protocols they use to communicate, the addressing schemes by which they identify indi- vidual devices on the network, and the technologies they use to ensure that data reach their destination. In this chapter, we cover the Open Systems Interconnection (OSI) model in depth and then the networking protocols. Both are covered in great detail on the exam and need to be completely understood before sitting the exam if you want success. The vast majority of networks today (including the Internet) use Transmission Control Protocol/Internet Protocol (TCP/IP) to transmit information among computers and networks in a wide area network (WAN). Together, TCP and IP are referred to as a protocol stack or as network/trans- port protocols because they work together at two different levels (called the network and transport layers) to enable computers to communicate with each other. This is important because TCP/IP, like other protocol suites (groupings) such as Internet Packet Exchange/Sequenced Packet Exchange (IPX/SPX), are arranged as suites of protocols that provide different func- tionality. If you want to send an e-mail to someone today, you will need IP communications to establish communication and complete the transmis- sion of the message. The models and the protocols (as you will see) tie very The OSI Model and Networking Protocols . OBJECTIVES IN THIS CHAPTER THE OSI MODEL 237 THE DOD NETWORKING MODEL 257 NETWORKING PROTOCOLS 265 INTRODUCTION To prepare for the CompTIA Network exam, you should begin by reviewing the foundations. Windows Vista and Windows XP can support WEP 64 and  WEP 128, WPA and WPA2 as well as any third-party solutions on the market. Site Surveys Tools used in site surveys include wireless sniffers,. of the office or  home, chances are greater that users’ actions might be monitored by a third party. Electronic eavesdropping, or sniffing, is passive and undetectable to  intrusion detection