7.1 In IEEE 802.11, open system authentication is accomplished via a simple two-way communication. The client requests authentication, which includes the station ID, which is provided by the server (typically the MAC address). A successful or unsuccessful authentication response from the AP/router is received in response to the previous request from the client. For instance, if the client's MAC address has been expressly omitted from the AP/router setup, a failure may occur. a. What are the advantages of using this kind of authentication scheme? b. What are the security flaws in this authentication method and how may they be mitigated?

7.1 In IEEE 802.11, open system authentication is accomplished via a simple two-way communication. The client requests authentication, which includes the station ID, which is provided by the server (typically the MAC address). A successful or unsuccessful authentication response from the AP/router is received in response to the previous request from the client. For instance, if the client's MAC address has been expressly omitted from the AP/router setup, a failure may occur. a. What are the advantages of using this kind of authentication scheme? b. What are the security flaws in this authentication method and how may they be mitigated?

Principles of Information Security (MindTap Course List)

6th Edition

ISBN:9781337102063

Author:Michael E. Whitman, Herbert J. Mattord

Publisher:Michael E. Whitman, Herbert J. Mattord

Chapter6: Security Technology: Access Controls, Firewalls, And Vpns

Section: Chapter Questions

Problem 2RQ

See similar textbooks

Similar questions

In IEEE 802.11, two-way communication is used to authenticate an open system. In order to authenticate the client, the server must give the station ID (typically the MAC address). Response to the client's previous request is either a successful or failed authentication response from the access point/router. An error may arise if, for example, an AP/router configuration does not include the client's MAC address.In what ways is it advantageous to use this kind of authentication scheme?In what ways does this authentication technique have security vulnerabilities that might be mitigated?
22. A datagram subnet allows routers to drop packets whenever they need to. The probability of a router discarding a packet is p. Consider the case of a source host connected to the source router, which is connected to the destination router, and then to the destination host. If either of the routers discards a packet, the source host eventually times out and tries again. If both host-router and router-router lines are counted as hops, what is the mean number of a. (a) hops a packet makes per transmission? b. (b) transmissions a packet makes? (c) hops required per received packet?
22. A datagram subnet allows routers to drop packets whenever they need to. The probability of a router discarding a packet is p. Consider the case of a source host connected to the source router, which is connected to the destination router, and then to the destination host. If either of the routers discards a packet, the source host eventually times out and tries again. If both host-router and router-router lines are counted as hops, what is the mean number of a. (a) hops a packet makes per transmission? b. (b) transmissions a packet makes? c. (c) hops required per received packet?
55. The problem with unicast delivery is that the : a. memory allocation is difficult b. server must establish a seperate unicast session for each client c. the routers must support unicasting d. the clients must be close to the server
(ESP) Consider that we protect a TCP SYN packet using the ESP in the transport mode. A TCP SYN packet just comprises a TCP header which is 20 bytes (i.e., without TCP option). The IP packet header is also 20 bytes long (i.e., without IP option). Moreover, the block size for encryption is 256 bits (e.g., using AES-256), and the hash output’s size for message authentication is 512 bits (e.g., using SHA-1). What is the minimum amount of padding required?
Host A and B are communicating over a TCP connection. Host B has already received from Host A all bytes up through byte 23. Suppose Host A then sends two segments to Host B back-to-back. The first and the second segments contain 30 and 50 bytes of data, respectively. In the first segment, the sequence number is 24, the source port number is 3000, and the destination port number is 80. Host B sends an acknowledgment whenever it receives a segment from Host A. A. In the second segment sent from Host A to B, what arethe sequence number_________,source port number __________,and destination port number__________?B. If the second segment arrives after the first segment, in the acknowledgment of the second segment, what arethe acknowledgment number___________,the source port number__________,and the destination port number __________?C. If the second segment arrives before the first segment, in the acknowledgment of the first arriving segment,what is the acknowledgment number ___________?D.…
(a) Where might a datagram be queued inside a router to wait for further processing? (b) How does the head-of-the-line blocking occur?
We explore whether either UDP or TCP offers any level of end-point authentication in this problem. a. Consider a server that accepts a request via UDP and responds via UDP (for example, as done by a DNS server). Where would the server give its answer if a client with IP address X spoofs it with address Y? b. Assume a server receives a SYN with IP source address Y and responds with SYNACK. The server then receives an ACK with IP source address Y and the right acknowledgmentamount. Assuming the server selects a random initial sequence number and there is no "man-in-the-middle," how can the server be confident that the recipient is really at Y (and not at any other address X that spoofs Y)?
Consider incoming TCP and UDP segments arriving at a server, and suppose that we see that 100 different destination port numbers are being used. The server acts only as a server (that is, in the socket sense, it does not initiate communication with any other computers as a client; it only responds to incoming segments). Describe the number of sockets being used at this server and justify your answer
Assume that a client can use UDP to obtain a file from a distant server at a known address. The client initiates the request for a file name, and the server responds with a sequence of data packets containing various file components. To ensure delivery reliability, the client and server use a stop-and-wait protocol. Is there anything else wrong with this protocol aside apparent performance issues? Consider the possibility of process failure.
P27. Host A and B are communicating over a TCP connection, and Host B has already received from A all bytes up through byte 126. Suppose Host A then sends two segments to Host B back-to-back. The first and second segments contain 80 and 40 bytes of data, respectively. In the first segment, the sequence number is 127, the source port number is 302, and the destination port number is 80. Host B sends an acknowledgment whenever it receives a segment from Host A. In the second segment sent from Host A to B, what are the sequence number, source port number, and destination port number? If the first segment arrives before the second segment, in the acknowledgment of the first arriving segment, what is the acknowledgment number, the source port number, and the destination port number? If the second segment arrives before the first segment, in the acknowledgment of the first arriving segment, what is the acknowledgment number? Suppose the two segments sent by A arrive in order at B.…
Consider the following scenario in which host A is sending a file to host B over a TCP connection. Assuming that the sequence number of the first data byte sent by A is 0 and every segment always includes 1000 bytes of data, excluding the TCP header. At some point of time, bytes up to 6400 have been written into the sender’s buffer. Bytes up to 4999 have been sent out but the segment which contains bytes 2000~2999 has not arrived at host B yet. At the receiver’s side, all bytes up to 3999 have been received except for bytes 2000~2999. Bytes up to 499 have been read from the buffer by the application. Assume that the maximum size of the sender’s buffer is large enough. Consider the sliding window algorithm in TCP and answer the following questions. 1) What are the values for LastByteAcked, LastByteSent, and LastByteWritten? 2) What are the values for LastByteRead, NextByteExpected, and LastByteRcvd? 3) Assuming that the maximum size of the receiver’s buffer is 4000 byte, what would…