Paper Network Security

WLAN Security

WLAN hadir di tengah-tengah kita memberikan beberapa keleihan yang tidak dimiliki oleh

jaringan kabel. Di antaranya memungkinkan pergerakan komputer dalam area jangkauan sinyal,

namun tetap tersambung dengan jaringan sehingga sangat mendukung berbagai aktivitas yang

memerlukan mobilitas. Di balik kelebihannnya, WLAN memiliki kelemahan terutama terkait

keamanannya. Diperlukan beberapa langkah untuk mengatasi masalah tersebut sehingga WLAN

tetap dapat dinikmati kelebihannya.

1. Serangan Terhadap WLAN

Jaringan berbasis gelombang radio bersifat terbuka, artinya semua orang yang berada dalam

jangkauannya dapat berupaya untuk terhubung ke dalam jaringan meskipun sebenarnya tidak

berhak. Dikenal istilah wardriving (wireless footprinting) yang menyatakan aktivitas untuk

memperoleh informasi terkait suatu WLAN dan kemudian berupaya untuk mengaksesnya.

Kebanyakan adalah untuk mendapatkan akses internet gratis. Namun ada yang melakukannya

karena rasa ingin tahu, mencoba-coba hingga ada yang memang berniat jahat. Tools yang

dipakai antara lain: NetStumbler, Kismet, Dstumbler, StumbVerter, GPSMap, JiGLE,

Prism2dump, Tcpdump, Ethereal, AiroPeek NX, AirSnort, WLAN-Tools dan lain-lain.

Kelemahan yang ada pada WLAN antara lain adalah:

a. Kelemahan konfigurasi

Berbagai fasilitas disediakan oleh vendor perangkat untuk mempermudah konfigurasi, termasuk default konfigurasi yang bisa dipakai membuat WLAN dengan sedikit atau tanpa melakukan konfigurasi. Perangkat yang dibiarkan memakai konfigurasi default dari vendor, akan sangat mudah diserang karena informasi terkait konfigurasi tersebut sangat mudah ditemukan di internet seperti SSID, IP address yang dipakai, remote manajemen, DHCP enable, kanal frekuensi, user/password administrator perangkat.

b. Kelemahan enkripsi

WEP (Wired Equivalent Privacy) yang dipakai sebagai standar keamanan wireless

sebelumnya, saat ini dapat dengan mudah dipecahkan dengan tools yang bisa dicari

internet yang mampu memecahkan algoritma key-scheduling RC4, yang dipakai dalam

Which of the following is an example of an ultimate data owner?

Keamanan Sistem dan Jaringan Komputer

Lesson/Domain 2: Access control

Dosen : Hadi Syahrial, M.Kom

Nama : Fransiscus Xaverius Eko Budi Kristanto NIM : 1111600126 Kelas : XA MAGISTER ILMU KOMPUTER UNIVERSITAS BUDI LUHUR JAKARTA 2012

Quiz 2

Quiz Lesson/Domain 2: Access control 2012

1

Quiz Lesson/Domain 2: Access control

1. Brute-force attacks are used most often against which types of access control? (Choose two.)

A. Biometrics B. Passwords C. Cognitive passwords D. Cryptographic keys

Answer: B. Passwords and D. Cryptographic keys

2. Passwords are one of many types of authentication mechanisms. Which is not true of a password?

A. Can be automatically created by a password generator B. Rely heavily on the discipline of the user and the administrator C. Is the most insecure of access controls D. Is moderately used

Answer: D. Is moderately used

3. A single sign-on technology that offers symmetric and asymmetry keys for encryption and uses privileged attribute certificates for authentication is called ___________.

A. Thin clients B. SESAME C. Kerberos D. Cryptographic keys E. Directory Services

Answer: B. SESAME

4. Which of the following biometric methods obtain the patterns and colors around a person’s pupil?

A. Iris scan B. Palm scan C. Retina pattern D. Fingerprint

Answer: A. Iris scan

5. Security labels are used in what type of model?

A. Role-based access control model B. Mandatory access control model C. Discretionary access control model

Quiz Lesson/Domain 2: Access control 2012

2

D. Military access control model

Answer: B. Mandatory access control model

6. Companies have different ways of coming up with passwords to be used for authentication. Which of the following best describes a password advisor?

A. A potential attack using a dictionary program B. An automated system that creates long-stringed passwords for use, which are difficult

to remember C. A list of questions for the user to answer D. A program that provides users with passwords that are easy to remember and difficult

to crack

Answer: D. A program that provides users with passwords that are easy to remember and difficult to crack

7. Which of the following centralized access control protocols would a security professional choose if his or her network consisted of multiple protocols and had users connecting via wireless and wired transmissions?

A. RADIUS B. TACACS+ C. Diameter D. Kerberos

Answer: C. Diameter

8. Passwords are one of the most sought-after items by attackers because of the level of access they can provide. Which of the following is the least effective when trying to protect against password attacks?

A. Ensure six characters are used B. Do not allow passwords to be shown in cleartext C. Use dictionary attack tools to identify weaknesses D. Implement encryption and hashing algorithms

Answer: A. Ensure six characters are used

9. There are security issues when a company allows users to have too many rights and permissions. Allowing a user the absolute minimum rights necessary when accessing a network is referred to as what?

A. Separation of duties B. Least privilege C. Full disclosure

Quiz Lesson/Domain 2: Access control 2012

3

D. Discretionary access control

Answer: B. Least privilege

10. Which of the following access control types is considered a “soft” measure at protecting an organization as a whole?

A. Preventive – Administrative B. Preventive – Physical C. Predictive D. Corrective

Answer: A. Preventive - Administrative

11. Which of the following best describes Extended TACACS (XTACACS)?

A. An Internet standard B. Combines authentication and authorization C. Separates authentication, authorization, and auditing processes D. Has three-factor user authentication

Answer: C. Separates authentication, authorization, and auditing processes

12. Katie is an IT administrator who needs to set up an access control system that designates users’ permission to control some files but keeps database and network resource permissions in the hands of the IT organization. What type of access control administration would she employ?

A. Hybrid B. Decentralized C. Centralized D. Security labels

Answer: A. Hybrid

13. Guard dogs and closed-circuit television would be examples of what type of access control?

A. Recovery B. Corrective C. Preventive – Technical D. Preventive – Physical

Answer: D. Preventive – Physical

Quiz Lesson/Domain 2: Access control 2012

4

14. There are several different types of single sign-on technologies. Which is the simplest technology?

A. Kerberos B. Scripting C. SESAME D. KDC

Answer: B. Scripting

15. A dynamic password is another name for what authentication mechanism?

A. Cognitive password B. Smart card C. Passphrase D. One-time password

Answer: D. One-time password