A security administrator discovered that all communication over the company’s encrypted wireless network is being captured by savvy employees with a wireless
sniffing tool and is then being decrypted in an attempt to steal other employee’s credentials. Which of the following technology is MOST likely in use on the
company’s wireless?
A.
WPA with TKIP
B.
VPN over open wireless
C.
WEP128-PSK
D.
WPA2-Enterprise
Explanation:
WEP’s major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your
network to encrypt every packet that’s transmitted. But the fact that packets are encrypted doesn’t prevent them from being intercepted, and due to some esoterictechnical flaws it’s entirely possible for an eavesdropper to intercept enough WEP-encrypted packets to eventually deduce what the key is. This problem used to be
something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this
because changing WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on every device that connects to it. As a
result, most people just set up a single key and then continue using it ad infinitum.
Even worse, for those that do change the WEP key, new research and developments reinforce how even changing WEP keys frequently is no longer sufficient to
protect a WLAN. The process of ‘cracking’ a WEP key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time and
computing power. Researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP- protected
network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three
seconds.
Incorrect Answers:
B: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different
manufacturer’s wireless equipment. WPA is a much improved encryption standard that delivers a level of security beyond anything that WEP can offer. It bridges
the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded through
corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global
encryption keys is required. The encryption key is changed after every frame using TKIP. This allows key changes to occur on a frame by frame basis and to be
automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is
compatible with many older access points and network cards. WPA with TKIP is considered more secure than WEP. Therefore, this answer is incorrect.
C: It’s very unlikely that each computer connected to the wireless access point is configured to use a VPN connection. Furthermore, VPN connections are secure.
Therefore, this answer is incorrect.
D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of
assurance that only authorized users can access their wireless networks. WPA2 is based on the IEEE 802.11i standard and provides government grade security.
802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including
the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
There are two versions of WPA2:
WPA2 Personal and WPA2 Enterprise. WPA2 Personal protects unauthorized network access by utilizing a setup password. WPA2 Enterprise verifies network
users through a server. WPA2 is much more secure than WEP. Therefore, this answer is incorrect.http://www.webopedia.com/DidYouKnow/Computer_Science/WEP_WPA_wireless_security.as p
http://www.onlinecomputertips.com/networking/wep_wpa.html