Loading...
Menu

CISA EXAM-Testing Concept-Wireless (Wi-Fi) Security

p={color:#000;}.

Testing Concept-Wireless (Wi-Fi) Security

Hemang Doshi

CISA, ACA,FIII,DISA

Details about this E-Book:

The objective of this e-book is to ensure that CISA candidate get adequate knowledge of Wireless (Wi-Fi) Security and related concepts. Question Answer and Explanation (QAE) are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on concept of wireless security are confidently and correctly.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Points to remember for CISA Exam:

 

(1)In any given scenario, following are the best practises for Wireless (Wi-Fi) security:

 

(a)Enable MAC (Media Access Control) address filtering.

 

(b)Enable Encryption to protect data in transit.

©Disable SSID (service set identifier) broadcasting.

 

(d)Disable DHCP (Dynamic Host Configuration Protocol).

 

 

(2)In any given scenario, ‘War Driving’ technique is used by hacker for for unauthorised access to wireless infrastructure. War driving is a technique in which wireless equipped computer is used to locate and gain access to wireless networks. Same is done by driving or walking in and around building. ‘War Driving’ is also used by auditors to test wireless

 

(3)In any given scenario, WPA-2 (Wi-Fi Protected Access) is the strongest encryption standard for the wireless connection.

 

(5)In any given scenario, confidentiality of the data transmitted in a wireless LAN is BEST protected, if the session is encrypted using dynamic keys (as compared to static keys)

 

Enable MAC (Media Access Control) Filtering:

Every Machine (PC/Laptop/Mobiles) has a unique identification number. That is known as Media Access Control (MAC) address. So through this control, we allow access to only selected devices. Any other device trying to access you network will be rejected by your router.

You can also use Black-list to specifically reject some MAC addresses.

Enable Encryption:

Encryption helps to scrambles the information we send through wireless network into a code so that it’s difficult for other to access. Using encryption is the effective way to secure your network from intruders.

Two main types of encryption are available for this purpose: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). WPA 2 is the strongest encryption standard for wireless connection as on today.

Disable SSID (Service Set Identifier):

A Service Set Identifier (SSID) is the wireless network name broadcast by a router and it is visible for all wireless devices. When a wireless device searches the area for wireless networks it will detect the SSID.

I don’t see any need for such open broadcast unless you want to promote your Wi-Fi (in case of hotel/restaurant/lounge/mall etc). To disable broadcast go to Wi-Fi Profiles and look for SSID Broadcast and select Disable option

[++]

 

Disable DHCP (Dynamic Host Configuration Protocol)

 

Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to anyone

connected to the network. With DHCP disabled, static IP addresses must be used which reduces the risk of unauthorised access.

 

 

Common attack methods and techniques for Wireless Network:

 

War Driving:

 

 

War driving is a term used to describe the process of a hacker who, armed with a laptop or other wireless device along with some hacking tools, traveling via a car, bus or other form of mechanized transport, goes around sniffing for wireless network. Same technique is used by IS auditor to test wireless security of an organization.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

War Walking:

 

 

War walking refers to the same process, commonly in public areas like malls, hotels, or city streets, but walking with his devices instead of driving.

 

 

War Chalking:

 

 

 

War chalking is the drawing of symbols in public places to advertise an open Wi-Fi network. These symbols are subsequently used by others to exploit weak wireless networks.

 

Question, Answer & Explanation:

Below QAE are solely on the concept of Wireless Security. They resemble to the type/nature of questions that are actually asked in CISA exams. Candidates are advised to attempt below questions multiple times. More emphasis to be given on explanation part for better understanding.

 

 

(1)Which of the following should be disabled to increase security of wireless network against unauthorized access?

 

A. MAC (Media Access Control) address filtering

B. Encryption

C. WPA-2 (Wi-Fi Protected Access Protocol)

D. SSID (service set identifier) broadcasting

 

Answer: D. SSID (service set identifier) broadcasting

 

Explanation:

A Service Set Identifier (SSID) is the network name broadcasted by a router and it is visible for all wireless devices. When a device searches the area for wireless networks it will detect the SSID. Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the network.

For better security controls, MAC filtering & WPA-2 should be enabled (and not disabled).

 

(2)Which of the following technique is more relevant to test wireless (Wi-Fi) security of an organization?

 

A. WPA-2

B. War dialling

C. War driving

D. Social Engineering

 

Answer: C. War driving

 

Explanation:

‘War Driving’ technique is used by hacker for unauthorised access to wireless infrastructure. War driving is a technique in which wireless equipped computer is used to locate and gain access to wireless networks. Same is done by driving or walking in and around building. ‘War Driving’ is also used by auditors to test wireless.

WPA-2 is an encryption standard and not a technique to test the security.

War dialling is a technique for gaining access to a computer or a network through the dialling of defined blocks of telephone numbers.

 

 

 

 

(3) Which of the following should be a concern to an IS auditor reviewing a wireless network?

 

A. System hardening of all wireless clients.

B. SSID (service set identifier) broadcasting has been enabled.

C. WPA-2 (Wi-Fi Protected Access Protocol) encryption is enabled.

D. DHCP (Dynamic Host Configuration Protocol) is disabled at all wireless access points.

 

Answer : B. SSID (Service Set IDentifier) broadcasting has been enabled.

 

Explanation:

Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the network.

In any given scenario, following are the best practises for wireless (wi-fi) security :

(a)Enable MAC (Media Access Control) address filtering.

(b)Enable Encryption to protect data in transit.

©Disable SSID (service set identifier) broadcasting.

(d)Disable DHCP (Dynamic Host Configuration Protocol).

 

(4) Dynamic Host Configuration Protocol (DHCP)is disabled at all wireless access points. Which of the following statement is true when DHCP is disabled for wireless networks?

 

A. increases the risk of unauthorized access to the network.

B. decreases the risk of unauthorized access to the network.

C. automatically provides an IP address to anyone.

D. it disables SSID (Service Set Identifier).

 

 

Answer: B. decreases the risk of unauthorized access to the network.

 

Explanation:

Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to anyone

connected to the network. With DHCP disabled, static IP addresses must be used and hence risk of unauthorized access can be reduced.

Option C is incorrect because DHCP does not provide IP addresses when disabled.

Option D is incorrect because disabling of the DHCP will not automatically disables SSID.

 

(5) Best method to ensure confidentiality of the data transmitted in a wireless LAN is to:

 

A. restrict access to predefined MAC addresses.

B. protect the session by encrypting with use of static keys.

C. protect the session by encrypting with use dynamic keys.

D. initiate the session by encrypted device.

 

Answer: C. protect the session by encrypting with use dynamic keys.

 

Explanation:

In any given scenario, confidentiality of the data transmitted in a wireless LAN is BEST protected, if the session is encrypted using dynamic keys (as compared to static keys). When using dynamic keys, the encryption key is changed frequently, thus reducing the risk of the key being compromised and the message being decrypted

 

Option A & D will not ensure data confidentiality during transit. Encryption of the data on the connected device addresses the confidentiality of the data on the device, not the wireless session.

When using dynamic keys, the encryption key is changed frequently, thus reducing the risk of

the key being compromised and the message being decrypted. Limiting the number of devices

that can access the network does not address the issue of encrypting the session.

(6)Usage of wireless infrastructure for use of mobile devices within the organization, increases risk of which of the following attacks?

 

A. Port scanning

B. Social Engineering

C. Piggybacking

D. War driving

 

Answer: D. War driving

 

Explanation:

‘War Driving’ technique is used by hacker for unauthorised access to wireless infrastructure. War driving is a technique in which wireless equipped computer is used to locate and gain access to wireless networks. Same is done by driving or walking in and around building. A war driving attack uses a wireless Ethernet card, set in promiscuous mode, and a powerful antenna to penetrate wireless systems from outside.

 

(7)For man-in-the-middle attach, which of the following encryption techniques will BEST protect a wireless network?

 

A. Wired equivalent privacy (WEP)

B. MAC-based pre-shared key (PSK)

C. Randomly generated pre-shared key (PSK)

D. Service set identifier (SSID)

 

Answer: Randomly generated pre-shared key (PSK)

 

Explanation:

SSID is not an encryption technique.MAC address of a computer is fixed and often accessible. A randomly generated PSK is stronger than a MAC-based PSK. WEP has been shown to be a very weak encryption technique and can be cracked within minutes. The SSID is broadcast on the wireless network in plaintext.


CISA EXAM-Testing Concept-Wireless (Wi-Fi) Security

Every CISA Exam will have atleast 2 questions on wireless security i.e on SSID, MAC filtering, WPA-2 and War driving. This book explains all the concept in a simple way and layman language. The objective of this e-book is to ensure that CISA candidate get adequate knowledge of Wireless (Wi-Fi) Security and related concepts. Question Answer and Explanation (QAE) are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on concept of wireless security are confidently and correctly.

  • ISBN: 9781370588527
  • Author: Hemang Doshi
  • Published: 2016-07-19 19:45:07
  • Words: 1510
CISA EXAM-Testing Concept-Wireless (Wi-Fi) Security CISA EXAM-Testing Concept-Wireless (Wi-Fi) Security