PrepAway - Latest Free Exam Questions & Answers

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryp

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS
encryption?

PrepAway - Latest Free Exam Questions & Answers

A.
HTTPS

B.
WEP

C.
WPA

D.
WPA 2

Explanation:
WEP offers no end-to-end TLS encryption.
The WEP process consists of a series of steps as follows:
The wireless client sends an authentication request.
The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge text.
The client takes the challenge text received and encrypts it using a static WEP key.
The client sends the encrypted authentication packet to the AP.
The AP encrypts the challenge text using its own static WEP key and compares the result to the
authentication packet sent by the client. If the results match, the AP begins the association process for
the wireless client.
The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The
attacker captures the clear-text challenge and then the authentication packet reply. The attacker then
reverses the RC4 encryption in order to derive the static WEP key. Yikes!
As you might guess, the designers attempted to strengthen WEP using the approach of key lengths. The
native Windows client supported a 104-bit key as opposed to the initial 40-bit key. The fundamental
weaknesses in the WEP process still remained however.
Incorrect Answers:
A: HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer
Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user
page requests as well as the pages that are returned by the Web server. The use of HTTPS protects
against eavesdropping and man-in-the-middle attacks.C: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium.
WiFi compliance ensures interoperability between different manufacturer’s wireless equipment. WPA is a
much improved encryption standard that delivers a level of security beyond anything that WEP can offer.
It bridges the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol
(TKIP), which is designed to allow WEP to be upgraded through corrective measures that address the
existing security problems. WPA is able to achieve over 500 trillion possible key combinations and rekeying of global encryption keys is required. The encryption key is changed after every frame using TKIP.
This allows key changes to occur on a frame by frame basis and to be automatically synchronized
between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one
used by WEP. WPA is compatible with many older access points and network cards.
WPA uses TKIP to provide TLS encryption.
D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access
control. It provides WiFi users with a higher level of assurance that only authorized users can access their
wireless networks. WPA2 is based on the IEEE 802.11i standard and provides government grade security.
802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless
LANs. It defines new encryption key protocols including the Temporal Key Integrity Protocol (TKIP) and
Advanced Encryption Standard (AES).
WPA2 uses TKIP or AES to provide TLS encryption.

http://blog.ine.com/2010/10/16/wlan-security-wep/
http://searchsoftwarequality.techtarget.com/definition/HTTPS
http://www.onlinecomputertips.com/networking/wep_wpa.html


Leave a Reply