Computer Security Principles and
Practice, 5th Edition by
William Stallings
Complete Chapter Solutions Manual
are included (Ch 1 to 24)
** Immediate Download
** Swift Response
** All Chapters included
,Table of Contents are given below
1.Overview
2.Cryptographic Tools
3.User Authentication
4.Access Control
5.Database and Data Center Security
6.Malicious Software
7.Denial-of-Service Attacs
8.Intrusion Detection
9.Firewalls and Intrusion Prevention Systems
10.Buffer Overflow
11.Software Security
12.Operating Systems Security
13.Cloud and IoT Security
14.IT Security Management and Risk Assessment
15.IT Security Controls, plans, and Procedures
16.Physical and Infrastructure Security
17.Human Resources Security
18.Security Auiditing
19.Legal and Ethical Aspects
20.Symmetric Encryption and Message Confidentiality
21.Public-Key Cryptography and Message Authentication
22.Internet Security Protocols and Standards
23.Internet Authentication Applications
24.Wireless Network Security
,Solutions Manual organized in reverse order, with the last chapter displayed first,
to ensure that all chapters are included in this document. (Complete Chapters
included Ch24-1)
CHAPTER 24 WIRELESS NETWORK
SECURITY
ANSWERS TO QUESTIONS
24.1 Basic service set.
24.2 Two or more basic service sets interconnected by a distribution
system.
24.3 Association: Establishes an initial association between a station and
an AP. Authentication: Used to establish the identity of stations to
each other. Deauthentication: This service is invoked whenever an
existing authentication is to be terminated. Disassociation: A
notification from either a station or an AP that an existing association
is terminated. A station should give this notification before leaving an
ESS or shutting down. Distribution: used by stations to exchange
MAC frames when the frame must traverse the DS to get from a
station in one BSS to a station in another BSS. Integration: enables
transfer of data between a station on an IEEE 802.11 LAN and a
station on an integrated IEEE 802.x LAN. MSDU delivery: delivery of
MAC service data units. Privacy: Used to prevent the contents of
messages from being read by other than the intended recipient.
Reassocation: Enables an established association to be transferred
from one AP to another, allowing a mobile station to move from one
BSS to another.
24.4 It may or may not be.
24.5 Mobility refers to the types of physical transitions that can be made
by a mobile node within an 802.11 environment (no transition,
movement from one BSS to another within an ESS, movement from
one ESS to another). Association is a service that allows a mobile
node that has made a transition to identify itself to the AP within a
BSS so that the node can participate in data exchanges with other
mobile nodes.
-68-
, 24.6 IEEE 802.11i addresses three main security areas: authentication,
access control including key exchange, and data privacy with integrity.
24.7 Discovery: An AP uses messages called Beacons and Probe Responses
to advertise its IEEE 802.11i security policy. The STA uses these to
identify an AP for a WLAN with which it wishes to communicate. The
STA associates with the AP, which it uses to select the cipher suite and
authentication mechanism when the Beacons and Probe Responses
present a choice.
Authentication: During this phase, the STA and AS prove their
identities to each other. The AP blocks non-authentication traffic
between the STA and AS until the authentication transaction is
successful. The AP does not participate in the authentication
transaction other than forwarding traffic between the STA and AS.
Key Management: The AP and the STA perform several operations
that cause cryptographic keys to be generated and placed on the AP
and the STA. Frames are exchanged between the AP and STA only
Protected data transfer: Frames are exchanged between the STA
and the end station through the AP. As denoted by the shading and
the encryption module icon, secure data transfer occurs between the
STA and the AP only; security is not provided end-to-end.
Connection termination: The AP and STA exchange frames. During
this phase, the secure connection is torn down and the connection is
restored to the original state.
24.8 TKIP is designed to require only software changes to devices that are
implemented with the older wireless LAN security approach called
Wired Equivalent Privacy (WEP). CCMP is intended for newer IEEE
802.11 devices that are equipped with the hardware to support this
scheme.
ANSWERS TO PROBLEMS
24.1 a. This scheme is extremely simple and easy to implement. It does
protect against very simple attacks using an off-the-shelf Wi-Fi LAN
card, and against accidental connection to the wrong network.
b. This scheme depends on all parties behaving honestly. The scheme
does not protect against MAC address forgery.
24.2 a. Because the AP remembers the random number previously sent, it
can check whether the result sent back was encrypted with the
correct key; the STA must know the key in order to encrypt the
random value successfully.
-69-
Practice, 5th Edition by
William Stallings
Complete Chapter Solutions Manual
are included (Ch 1 to 24)
** Immediate Download
** Swift Response
** All Chapters included
,Table of Contents are given below
1.Overview
2.Cryptographic Tools
3.User Authentication
4.Access Control
5.Database and Data Center Security
6.Malicious Software
7.Denial-of-Service Attacs
8.Intrusion Detection
9.Firewalls and Intrusion Prevention Systems
10.Buffer Overflow
11.Software Security
12.Operating Systems Security
13.Cloud and IoT Security
14.IT Security Management and Risk Assessment
15.IT Security Controls, plans, and Procedures
16.Physical and Infrastructure Security
17.Human Resources Security
18.Security Auiditing
19.Legal and Ethical Aspects
20.Symmetric Encryption and Message Confidentiality
21.Public-Key Cryptography and Message Authentication
22.Internet Security Protocols and Standards
23.Internet Authentication Applications
24.Wireless Network Security
,Solutions Manual organized in reverse order, with the last chapter displayed first,
to ensure that all chapters are included in this document. (Complete Chapters
included Ch24-1)
CHAPTER 24 WIRELESS NETWORK
SECURITY
ANSWERS TO QUESTIONS
24.1 Basic service set.
24.2 Two or more basic service sets interconnected by a distribution
system.
24.3 Association: Establishes an initial association between a station and
an AP. Authentication: Used to establish the identity of stations to
each other. Deauthentication: This service is invoked whenever an
existing authentication is to be terminated. Disassociation: A
notification from either a station or an AP that an existing association
is terminated. A station should give this notification before leaving an
ESS or shutting down. Distribution: used by stations to exchange
MAC frames when the frame must traverse the DS to get from a
station in one BSS to a station in another BSS. Integration: enables
transfer of data between a station on an IEEE 802.11 LAN and a
station on an integrated IEEE 802.x LAN. MSDU delivery: delivery of
MAC service data units. Privacy: Used to prevent the contents of
messages from being read by other than the intended recipient.
Reassocation: Enables an established association to be transferred
from one AP to another, allowing a mobile station to move from one
BSS to another.
24.4 It may or may not be.
24.5 Mobility refers to the types of physical transitions that can be made
by a mobile node within an 802.11 environment (no transition,
movement from one BSS to another within an ESS, movement from
one ESS to another). Association is a service that allows a mobile
node that has made a transition to identify itself to the AP within a
BSS so that the node can participate in data exchanges with other
mobile nodes.
-68-
, 24.6 IEEE 802.11i addresses three main security areas: authentication,
access control including key exchange, and data privacy with integrity.
24.7 Discovery: An AP uses messages called Beacons and Probe Responses
to advertise its IEEE 802.11i security policy. The STA uses these to
identify an AP for a WLAN with which it wishes to communicate. The
STA associates with the AP, which it uses to select the cipher suite and
authentication mechanism when the Beacons and Probe Responses
present a choice.
Authentication: During this phase, the STA and AS prove their
identities to each other. The AP blocks non-authentication traffic
between the STA and AS until the authentication transaction is
successful. The AP does not participate in the authentication
transaction other than forwarding traffic between the STA and AS.
Key Management: The AP and the STA perform several operations
that cause cryptographic keys to be generated and placed on the AP
and the STA. Frames are exchanged between the AP and STA only
Protected data transfer: Frames are exchanged between the STA
and the end station through the AP. As denoted by the shading and
the encryption module icon, secure data transfer occurs between the
STA and the AP only; security is not provided end-to-end.
Connection termination: The AP and STA exchange frames. During
this phase, the secure connection is torn down and the connection is
restored to the original state.
24.8 TKIP is designed to require only software changes to devices that are
implemented with the older wireless LAN security approach called
Wired Equivalent Privacy (WEP). CCMP is intended for newer IEEE
802.11 devices that are equipped with the hardware to support this
scheme.
ANSWERS TO PROBLEMS
24.1 a. This scheme is extremely simple and easy to implement. It does
protect against very simple attacks using an off-the-shelf Wi-Fi LAN
card, and against accidental connection to the wrong network.
b. This scheme depends on all parties behaving honestly. The scheme
does not protect against MAC address forgery.
24.2 a. Because the AP remembers the random number previously sent, it
can check whether the result sent back was encrypted with the
correct key; the STA must know the key in order to encrypt the
random value successfully.
-69-
