Which of the following is where an unauthorized device is found allowing access to a network?
A.
Bluesnarfing
B.
Rogue access point
C.
Honeypot
D.
IV attack
Explanation:
A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network
administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large
organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that
can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual
authentication (client-server server- client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network.
To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized
access points.
Incorrect Answers:
A: Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless
technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the
way Bluetooth is implemented on a mobile phone, an attacker can access information — such as the user’s calendar, contact list and e-mail and text messages —
without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by
virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled. This is not
what is described in this question. Therefore, this answer is incorrect.
C: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. A
Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system. By studying the activities of hackers, designers can better create more
secure systems that are potentially invulnerable to future hackers.
This is not what is described in this question. Therefore, this answer is incorrect.
D: An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce,
or “number occurring once,” as an encryption program uses it only once per session.
An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the
exchanged encrypted message by discovering a pattern. This is known as an IV attack.
A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. Forexample if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a
meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence
corresponding to each letter.
Using an initialization vector changes the binary sequence corresponding to each letter, enabling the letter “a” to be represented by a particular sequence in the first
instance, and then represented by a completely different binary sequence in the second instance. This is not what is described in this question. Therefore, this
answer is incorrect.http://en.wikipedia.org/wiki/Rogue_access_point
http://searchmobilecomputing.techtarget.com/definition/bluesnarfing http://www.techopedia.com/definition/26858/initialization-vector