Page 244 - StudyBook.pdf
P. 244

228    Chapter 4 • Communication Security: Wireless

                 This is one of those times when it is valid to use NetStumbler in a nonhacking
             context. Using NetStumbler, administrators can identify other networks that may
             be in conflict. However, NetStumbler will not identify other DoS attacks or other
             non-networking equipment that is causing conflicts (such as wireless telephones,
             wireless security cameras, amateur TV (ATV) systems, RF-based remote controls,
             wireless headsets, microphones and audio speakers, and other devices that use the
             2.4 GHz frequency).



              TEST DAY TIP
                  For more information regarding wireless security attack methods, visit
                  Searchsecurity.com. They list the most current wireless attack methods
                  from A-Z. This is a great refresher list to take a look at before
                  attempting the Security+ exam. See: http://searchsecurity.techtarget.
                  com/generic/0,295582,sid14_gci1167611,00.html





             IEEE 802.1x Vulnerabilities

             The IEEE 802.1x standard is still relatively new in relation to the IEEE 802.11
             standard, and the security research community is only recently beginning to seri-
             ously evaluate the security of this standard. One of the first groups to investigate
             the security of the 802.1x standard was the Maryland Information Systems Security
             Lab (MISSL) at the University of Maryland at College Park.This group, led by Dr.
             William Arbaugh, was the first to release a paper
             (www.missl.cs.umd.edu/Projects/wireless/ix.pdf) documenting flaws in the IEEE
             802.1x standard. In this paper, the group noted that 802.1x is susceptible to several
             attacks, due to the following vulnerabilities:
                  ■   The lack of the requirement of strong mutual authentication.While EAP-
                      TLS does provide strong mutual authentication it is not required and can
                      be overridden.
                  ■   The vulnerability of the EAP Success message to a MITM attack.

                  ■   The lack of integrity protection for 802.1x management frames.
                 These flaws provide for avenues of attack against wireless networks.While the
             networks are not as vulnerable as they would be without EAP and 802.1x, the
             “silver-bullet” fix which designers had hoped for was not provided in the form of
             802.1x.

          www.syngress.com
   239   240   241   242   243   244   245   246   247   248   249