Which of the following is a passive device that cannot be detected by a wireless intrusion detection system (WIDS)?
A.
MAC spoofing
B.
Spectrum analyzer
C.
Protocol analyzer
D.
Rogue access point
Explanation:
A protocol analyzer is a passive device that captures 802.11 traffic and helps in detecting malicious eavesdropping attacks. It cannot be detected by a wireless intrusion detection system (WIDS). As data streams flow across the network, the protocol analyzer captureseach packet and, if needed, decodes and analyzes its content. Answer option D is incorrect. A Rogue access point (AP) is set up by the attackers in an Enterprise’s network. The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise datA.Answer option B is incorrect. A spectrum analyzer, or spectral analyzer, is a device that is used to examine the spectral composition of some electrical, acoustic, or optical waveform. It may also measure the power spectrum. The analog and digital spectrum analyzers are as follows:
1. An analog spectrum analyzer uses either a variable band-pass filter whose mid-frequency is automatically tuned (shifted, swept) through the range of frequencies of which the spectrum is to be measured.
2. A digital spectrum analyzer computes the discrete Fourier transform (DFT), a mathematical process that transforms a waveform into the components of its frequency spectrum. Answer option A is incorrect. MAC spoofing (or Identity theft) attack occurs when a cracker is able to listen on network traffic and identify the MAC address of a computer with network privileges. Most wireless systems allow some kind of MAC filtering to allow only the authorized computers with specific MAC IDs to gain access and utilize the network. However, a number of programs exist that have network "sniffing" capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires and can easily get around that hurdle. MAC Spoofing is a technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on the servers or routers, either hiding a computer on a network or allowing it, to impersonate another computer.