Eve is a former wireless network administrator who unfriendly quit her job last month. As her successor, which of the following attacks will you be concerned with most?
B. Ciphertext-only attack
C. Rogue access point
D. Evil twin
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Evil twin.
As security professionals, we should do our best to make risk-aware, informed decisions. Eavesdropping, ciphertext-only attack, rogue access point, and evil twin are common threats to the wireless networks. We can prioritize those threats (or negative risks) with considerations of the risk exposure (the combination/function of uncertainty and effect).
- Uncertainty is the (qualitative) likelihood or (quantitative) possibility of events or conditions that may affect objectives. Easy to install an access point makes the threat to materialize with higher possibility.
- The effect is the consequence or impact of uncertainty on objectives. Given two threats with the same level of uncertainty, the threat impacting the CIA triad has higher risk exposure than the one hindering confidentiality only.
Evil Twin, Easy to Install and Hindering the CIA triad
An evil twin is a fake wireless access point (AP) typically configured with similar or identical SSID and cryptographic settings. It can passively sniff the network traffic and act as a middle man proxying between communication parties. It doesn’t have to connect to the corporate networks, is easy to install, and can play both passive and active roles that hinder the CIA triad.
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications.
Rogue Access Point, Hard to Install (Compared with Evil Twin)
An evil twin can be viewed as a rogue access point, which refers to any unauthorized wireless access point (AP). However, Wikipedia further states that it is installed on a secure network (typically the LAN). It’s more difficult for an ex-employee to sneak into the company to install a rogue access point than an evil twin which doesn’t have to be connected to the corporate networks.
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.
Eavesdropping, Hindering Confidentiality Only
- Eavesdropping is a generic term that refers to “the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information.” (Wikipedia)
- Eavesdropping is a passive approach to capture information, that hinders confidentiality only. Listening through the walls, wiretapping, and sniffing electromagnetic signals are common eavesdropping techniques.
- If eavesdropping is a strategy, the rogue access point and evil twin can be treated as tactics.
WiFi-compliant wireless networks are resistant to ciphertext-only attacks, the most common cryptanalysis scenario, thanks to the strong cryptography, e.g., AES.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.