Wireless

Security
 Wireless Terminologies
Bandwidth: It describes the amount of information that may be broadcast over a connection.

Access point (AP): An AP is used to connect wireless devices to a wireless/wired network.

Basic service set identifier (BSSID): It is the media access control (MAC) address of an access point (AP) or
base station that has set up a basic service set (BSS).

Hotspot: These are places where wireless networks are available for public use.

Association: It refers to the process of connecting a wireless device to an AP.

Service set identifier (SSID): An SSID is a 32-alphanumeric-character unique identifier given to a wireless
local area network (WLAN) that acts as a wireless identifier of the network

Antenna: Converts electrical impulses into radio waves and vice versa. Include omnidirectional, yagi, dipole,
reflector, directional and parabolic
Synopsis
The first security protocol for wireless was Wireless Equivalent Privacy (WEP). However, although WEP used
encryption, it was implemented very poorly and could easily be defeated.

In 2003 the Wi-Fi Protected Access Protocol (WPA) was introduced, which had better encryption. WPA evolved
through WPA2, which uses Advanced Encryption Standard (AES) encryption to WPA3, which is now
considered the best practice.

Most organizations and vendors now use either WPA2 or WPA3 for wireless security.

Wireless protected setup (WPS) is a feature on some wireless access points that provides a shortcut during
the setup process when connecting new devices to the access point. The feature allows the user to simply
press a button and enter a personal identification number (PIN) for the devices to authenticate to each other.

This method, while convenient, is inherently nonsecure and should not be used. WPS should be disabled
WEP: An encryption algorithm for IEEE 802.11 wireless networks.

Wifi Protected Access (WPA): An advanced wireless encryption protocol using Temporal Key Integrity
Protocol (TKIP) and Message Integrity Check - (MIC) to provide stronger encryption and authentication

TKIP: A security protocol used in WPA as a replacement for WEP

WPA2: An upgrade to WPA using AES and Counter Mode Cipher Block Chaining Message Authentication
Code Protocol - (CCMP) for wireless data encryption. WPA2 offers 2 modes;

- WPA2-Personal (Uses PSK - Pre-Shared Key)

- WPA2-Enterprise (uses EAP or RADIUS for centralized client authentication using multiple
authentication methods, such as token cards, Kerberos, and certificates. Users are allocated login
credentials by a centralized server, which they must present when connecting to the network.
AES: A symmetric-key encryption, used in WPA2 as a replacement for TKIP

RADIUS: A centralized authentication and authorization management system

WPA3: A third-generation Wi-Fi security protocol that uses GCMP-256 for encryption and HMAC-SHA-384 for
authentication. It provides cryptographic consistency and network resilience through Protected Management
Frames (PMF) that deliver a high level of protection against eavesdropping and forging attacks. WPA3 also
disallows outdated legacy protocols. Supports 2 modes:

- WPA3-Personal: This mode is mainly used to deliver password-based authentication. WPA3 is more
rigid to attacks than WPA2 because it uses a modern key establishment protocol called the
Simultaneous Authentication of Equals (SAE), also known as Dragonfly Key Exchange, which replaces
the PSK concept used in WPA2-Personal.
- WPA3-Enterprise: Offers better security due to authenticated encryption offered by 256-bit
Galois/Counter Mode Protocol (GCMP-256) and other cutting-edge technologies.
 Authenticating Wi-Fi Users
- Preshared Keys
Preshared keys (PSK) are the simplest kind of wireless authentication and are commonly used on
home Wi-Fi networks.

- Enterprise Authentication
The more common way to approach wireless authentication is through the use of enterprise
authentication. In this approach, the organization runs an authentication server that verifies user
credentials and ensures that only authorized users access the network.

- Captive Portals
When a user connects to a network using a captive portal, they are redirected to a web page that
requires them to authenticate before gaining access to the network. This authentication may be as
simple as accepting the terms of service, or it may require an account password or even a credit card
payment to escape the captive portal and use the Internet.
Wifi Standards
Cloud
Concepts
 Cloud Concepts
Cloud computing is an on-demand delivery of IT capabilities in which an IT infrastructure and applications are
provided to subscribers as metered services over a network.

Cloud service provider - The cloud service provider (CSP) is the organization that provides the cloud
service/resources that are consumed by the cloud service customer.

Cloud service customer - The cloud service customer (CSC) is the entity that has a relationship with the cloud
service provider to use their cloud service.

A cloud access security broker (CASB) is enterprise management software designed to mediate access to
cloud services by users across all types of devices. It monitors activity between cloud service consumers and
cloud applications and provides enforcement of security policies.

Cloud computing is enabled by virtualization, which is a technology that allows hardware equipment to run
many virtual instances (such as virtual operating systems, applications, storage, networking, etc.).

Service Level Agreement: A service level agreement (SLA) is a legal contractual agreement between a service
provider or supplier and a customer that defines the level of service the customer can expect. These include
provisions around things like performance, availability, security, response times, and accountability, as well as
metrics by which the service can be measured to ensure the provider is adhering to stated requirements.
 Cloud Characteristics
The following are the five essential characteristics of cloud computing as defined in NIST Special
Publication 800-145, The NIST Definition of Cloud Computing:

• On-demand self-service - A type of service rendered by cloud service providers that provides on-demand
cloud resources such as computing power, storage, and network, without the need for human interaction with
service providers.

• Rapid elasticity - The cloud offers instant provisioning of capabilities to rapidly scale up or down according
to demand.

• Resource pooling/multi-tenancy - Computing resources of the CSP are pooled and shared across multiple
consumers in a manner that abstracts the consumer from the underlying implementation.

• Measured service - Cloud systems employ the “pay-per-use” metering method.

• Broad network access - Cloud access is enabled over the network and supported by many different client
platforms running on a wide variety of endpoint devices (e.g., laptops, desktops, mobile phones).
 Cloud Computing Limitations
● Organizations have limited control and flexibility
● Prone to outage and other technical issues
● Security, privacy, and compliance issues
● Contracts and lock-ins
● Dependence on network connections
 Cloud Service Models
The cloud service model describes the category of service provided by the CSP. The primary cloud service
models are:

● Infrastructure as a service (IaaS) : Provides virtual machines and other abstracted hardware and
operating systems which may be controlled through a service API
● Platform as a service (PaaS) : Offers development tools, configuration management, and deployment
platforms on-demand that can be used by subscribers to develop custom applications
● Software as a service (SaaS) : Offers software to subscribers on-demand over the Internet
Cloud Shared Responsibility Matrix
 Cloud Deployment Models
Public Cloud: Services are rendered over a network that is open for public use

Private Cloud - Cloud infrastructure is operated for a single organization only

Community Cloud - Shared infrastructure between several organizations from a specific community with
common concerns (security, compliance, jurisdiction, etc.)

Hybrid Cloud - Combination of two or more clouds (private, community, or public) that remain unique entities
but are bound together, thereby offering the benefits of multiple deployment models
 Cloud Deployment Models
Public Cloud: Services are rendered over a network that is open for public use. Public cloud services may be
free or based on a pay-per-usage model.

o Advantages:

● Simplicity and efficiency

● Low cost
● Reduced time (when server crashes, needs to restart or reconfigure cloud)
● No maintenance (public cloud service is hosted off-site)
● No contracts (no long-term commitments)

o Disadvantages:

● Security is not guaranteed

● Lack of control (third-party providers are in charge)
● Slow speed (relies on Internet connections; the data transfer rate is limited)
 Cloud Deployment Models
Private Cloud - Cloud infrastructure is operated for a single organization only

o Advantages:

● Security enhancement (services are dedicated to a single organization)

● Increased control over resources (organization is in charge)
● High performance (cloud deployment within the firewall implies high data transfer rates)
● Customizable hardware, network, and storage performances (as the organization owns private cloud)
● Sarbanes Oxley, PCI DSS, and HIPAA compliance data are much easier to attain

o Disadvantages:
● High cost
● On-site maintenance
 Cloud Deployment Models
Community Cloud - Shared infrastructure between several organizations from a specific community with common
concerns (security, compliance, jurisdiction, etc.). The community cloud can be either on- or off-premises and governed
by the participated organizations or by a third-party managed service provider.
o Advantages:
● Less expensive compared to the private cloud
● Flexibility to meet the community’s needs
● Compliance with legal regulations
● High scalability
● Organizations can share a pool of resources from anywhere via the Internet
o Disadvantages:
● Competition between consumers in resource usage
● Inaccurate prediction of required resources
● Lack of legal entity in case of liability
● Moderate security (other tenants may be able to access data)
● Trust and security concerns between tenants
 Cloud Deployment Models
Hybrid Cloud - It is a cloud environment comprised of two or more clouds (private, public, or community) that remain unique
entities but are bound together to offer the benefits of multiple deployment models. In this model, the organization makes
available and manages some resources in-house and provides other resources externally.
Example: An organization performs its critical activities on the private cloud (e.g., operational customer data) and non-critical
activities on the public cloud.
o Advantages:
● High scalability (contains both public and private clouds)
● Offers both secure and scalable public resources
● High level of security (comprises private cloud)
● Allows to reduce and manage the cost according to requirements
o Disadvantages:
● Communication at the network level may be conflicted as it uses both public and private clouds
● Difficult to achieve data compliance
● Organization reliant on the internal IT infrastructure in case of outages (maintain redundancy across data centers to
overcome)
● Complex service level agreements (SLAs)
 Cloud Service Providers
Major providers include:

● Amazon web services

● Microsoft Azure
● Google cloud platform
● IBM cloud
 Relationships & Agreements
As organizations seek to outsource components of their technology infrastructure, they often turn to
managed service providers (MSPs) to perform tasks that they either consider commodities or believe
can be more efficiently and effectively performed by a third party.

Vendors that provide security services for other organizations are known as managed security service
providers (MSSPs). MSSPs vary widely in the scope of their services and can perform different
services for different clients.

Non-disclosure agreements (NDAs) are typically the first document signed as two organizations
explore a business partnership. These documents assure the firms that they will keep each other's
information confidential.

A memorandum of understanding (MOU) is simply a letter written to document aspects of the

relationship. MOUs are commonly used when a legal dispute is unlikely but the customer and vendor
still want to document their relationship to avoid future misunderstandings.