What is the primary characteristic of a wireless deauthentication attack from a user’s perspective?
Sudden and repeated disconnections from the wireless network without warning messages
Users lose internet access and may struggle to maintain a connection, experiencing drops repeatedly.
What specific vulnerability in earlier 802.11 specifications allowed deauthentication attacks to be so effective?
Lack of security for management frames
Management frames were sent across the network ‘in the clear’, meaning they were unencrypted.
Why are management frames sent in the clear in older 802.11 standards a significant security risk?
Anyone close to the access point can view the information and manipulate unencrypted frames
Attackers can send malicious commands, such as deauthentication requests, to connected devices.
Briefly describe the practical steps an attacker would take to perform a deauthentication attack.
Use airodump-ng to discover BSSID and victim’s MAC address, then use aireplay-ng with a -0 flag to send deauthentication frames
This specifies both the access point and the victim’s MAC address.
How did the IEEE 802.11 committee address the deauthentication vulnerability in newer standards?
Incorporated updates in 802.11ac and newer versions that encrypted several management frames
Frames such as disassociate, authenticate, and channel switch announcements are now protected.
Are all management frames encrypted in 802.11ac and newer standards? Explain why or why not.
No, not all management frames are encrypted
Important frames like beacons and probes must remain unencrypted for initial connection processes.
How does an RF jamming attack differ from a deauthentication attack in terms of its target and impact?
RF jamming affects everyone trying to communicate over specific frequencies, while deauthentication targets a single device
Deauthentication manipulates management frames; RF jamming disrupts communication broadly.
What is the main goal of an RF jamming attack, and how does it achieve this?
To decrease the signal-to-noise ratio, making it difficult for devices to distinguish real data
This prevents devices from sending or receiving traffic.
Provide two common, non-malicious examples of devices that can cause RF jamming.
- Microwave ovens
- Fluorescent lights
These can emit signals that disrupt wireless frequencies.
What technique can be used to locate the source of an RF jamming signal?
Fox hunting
This involves using a directional antenna and an attenuator to pinpoint the jammer’s location.
What is the definition of a Deauthentication Attack?
A type of Denial-of-Service attack that disconnects a legitimate user from a wireless network by sending spoofed deauthentication frames
It makes it appear as if the access point requested the disconnection.
What is the purpose of an Attenuator in RF hunting?
To reduce the power or amplitude of a signal without significantly distorting its waveform
This helps locate strong signals by managing signal strength.
What is the function of Airodump-ng?
To capture raw 802.11 frames for monitoring wireless traffic and identifying connected devices
It is also useful for cracking WEP/WPA keys.
What does BSSID stand for and what does it represent?
Basic Service Set Identifier; it is the MAC address of the wireless access point’s radio interface
It uniquely identifies an access point.
What does the acronym ESSID stand for?
Extended Service Set Identifier
It is the user-friendly name of a wireless network, commonly referred to as the Wi-Fi network name.
Define Radio Frequency (RF) Jamming.
A type of Denial-of-Service attack that prevents communication over wireless frequencies by transmitting interfering signals
It aims to decrease the signal-to-noise ratio.
What is the significance of Management Frames in 802.11 wireless networks?
They are used for maintaining communication between a client and an access point
Examples include authentication, association, and deauthentication frames.
What is the role of a Directional Antenna in RF hunting?
To radiate or receive electromagnetic waves more effectively in some directions than others
It helps pinpoint the direction of a signal.
What is the definition of Denial of Service (DoS)?
An attack intended to make a machine or network resource unavailable to its intended users
Typically by temporarily or indefinitely disrupting services of a host connected to the Internet.
What is Signal-to-Noise Ratio (SNR)?
A measure that compares the level of a desired signal to the level of background noise
A high SNR indicates a clear signal, while a low SNR indicates more noise relative to the signal.
What does WLAN0mon represent?
A common naming convention for a wireless network interface set into monitor mode
This allows it to capture all wireless traffic in its vicinity.
What is the main function of Aireplay-ng?
To inject or replay frames into a wireless network
It is commonly used for deauthentication attacks and other wireless security testing.
-
1.1 Security Control Types and Categories31
-
1.2 The CIA Triad: A Study Guide22
-
1.2 Digital Signatures: Ensuring Integrity and Origin - Study Guide25
-
1.2 AAA Framework and Authorization26
-
1.2 IT Security Gap Analysis: A Comprehensive Study23
-
1.2 Zero Trust Networks and Adaptive21
-
1.2 Physical Security Controls: Methods and Technologies26
-
1.2 IT Security Deception and Disruption: Honeypots, Honeyfiles, and Honeytokens18
-
1.3 Formal Change Control Processes: A Study Guide21
-
1.3 The Technician's Role in Change Control Implementation33
-
1.4 Cybersecurity Cryptography: Encryption and Public Key Infrastructure23
-
1.4 Data Encryption and Its Algorithms31
-
1.4 Secure Key Exchange Methods22
-
1.4 Cryptography's Guardians: TPM, HSM, and Secure Enclaves10
-
1.4 Obfuscation and Hidden Data Techniques21
-
1.4 Cryptographic Hashes and Digital Signatures25
-
1.4 Blockchain Essentials21
-
1.4 Digital Certificates18
-
2.1 Understanding Threat Actors18
-
2.2 Navigating Threat Vectors and Attack Paths26
-
2.2 The Art of Phishing: Recognizing and Avoiding Scams17
-
2.2 The Impersonation Playbook: Scams, Fraud, and Prevention18
-
2.2 Cybersecurity Fundamentals: Watering Hole Attacks and Layered Defense20
-
2.2 The Digital Deception Playbook24
-
2.3 Malware Memory Injection: Understanding the Threat20
-
2.3 Buffer Overflow Attacks23
-
2.3 Race Conditions and TOCTOU Attacks20
-
2.3 Secure Software Updates32
-
2.3 Operating System Patching15
-
2.3 Understanding Code and SQL Injection Attacks19
-
2.3 Code Injection Attack20
-
2.3 Understanding Cross-Site Scripting (XSS) Attacks27
-
2.3 IoT Firmware and Device Lifecycle Security17
-
2.3 Virtual Machine Security Vulnerabilities21
-
2.3 Cloud Security: Understanding Threats and Vulnerabilities31
-
2.3 Supply Chain Security and Third-Party Risk29
-
2.3 Cybersecurity Vulnerabilities and Countermeasures25
-
2.3 Mobile Device Security: Risks and Countermeasures17
-
2.3 Zero-Day Vulnerabilities and Attacks23
-
2.4 Understanding Malware26
-
2.4 Understanding Computer Viruses and Worms27
-
2.4 Digital Intruders: Spyware and Bloatware19
-
2.4 Cybersecurity Threats: Keyloggers, Logic Bombs, and Rootkits22
-
2.4 DNS Poisoning and URL Hijacking27
-
2.4 Wireless Network Attacks: Deauthentication and RF Jamming22
-
2.4 Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks21
-
2.4 On-Path and Man-in-the-Middle Attacks21
-
2.4 Replay Attacks and Session Hijacking24
-
2.4 Malicious Code Attacks and Defenses17
-
2.4 Application Security Fundamentals20
-
2.4 Cryptography's Vulnerabilities28
-
2.4 Password Hashes and Brute Force Attacks24
-
2.4 Indicators of Compromise and Security Best50
-
2.5 Network Segmentation and Access17
-
2.5 Cybersecurity Mitigation Techniques and Best Practices29
-
2.5 System and Endpoint Hardening Fundamentals28
-
3.1 Cloud Infrastructure11
-
3.1 Network Isolation, Virtualization, and Cloud Infrastructure22
-
3.1 IT Security Considerations and Infrastructure Technologies24
-
3.1 IT Infrastructure and Operational Resilience16
-
3.2 Network Security Zones and Attack Surfaces23
-
3.2 Intrusion Prevention and Detection Systems21
-
3.2 Network Appliances:16
-
3.2 Port Security25
-
3.2 Network Firewall Concepts23
-
3.2 Secure Network Communication Technologies (VPN, SD-WAN, and SASE)20
-
3.3 Data Types and Classifications17
-
3.3 States of Data, Security, and Sovereignty19
-
3.3 Data Protection Methods and Security Techniques22
-
3.4 High Availability and Resilience Architectures18
-
3.4 Cryptography's Vulnerabilities: Birthday Attacks and SSL Stripping19
-
3.4 A Beginner's Guide to Keeping Systems Running: Understanding Disaster Recovery16
-
3.4 Backup Strategies and Recovery21
-
3.4 Data Center Power and Backup Systems16
-
4.1 Application Security Baselines and Deployment10
-
4.1 System and Device Hardening22
-
4.1 Wireless Site Surveys and Mobile Device Management21
-
4.1 Wireless Network Security Protocols and Authentication17
-
4.1 Application Security Development and Testing24
-
4.2 Asset Management26
-
4.3 Vulnerability Scanning15
-
4.3 Threat Intelligence17
-
4.3 Penetration Testing20
-
4.3 Analyzing Vulnerabilities19
-
4.3 Vulnerability Remediation17
-
4.4 Security Monitoring21
-
4.4 Security Tools37
-
4.5 Firewalls32
-
4.5 Web Filtering22
-
4.5 Operating System Security11
-
4.5 Secure Protocols14
-
4.5 Email Security18
-
4.5 Monitoring Data19
-
4.5 Endpoint Security27
-
4.6 Identity and Access Management29
-
4.6 Access Controls17
-
4.6 Multifactor Authentication17
-
4.6 Password Security18
-
4.7 Scripting and Automation27
-
4.8 Incident Response20
-
4.8 Incident Planning17
-
4.8 Digital Forensics17
-
4.9 Log Data31
-
5.1 Security Policies18
-
5.1 Security Standards20
-
5.1 Security Procedures24
-
5.1 Security Considerations17
-
5.1 Data Roles and Responsibilities10
-
5.2 Risk Management14
-
5.2 Risk Analysis20
-
5.2 Risk Management Strategies24
-
5.2 Business Impact Analysis12
-
5.3 Third-party Risk Assessment24
-
5.3 Agreement Types12
-
5.4 Compliance20
-
5.4 Privacy15
-
5.5 Audits and Assessments11
-
5.5 Penetration Tests18
-
5.6 Security Awareness19
-
5.6 User Training22
