Lesson 4 Quiz Answers

1.) d. All of the above
A WIPS may gather information from all of these sources, including purpose-built hardware sensors, conventional APs operating in full-time monitor-only mode, conventional APs that perform part-time background monitoring and rogue connectivity checks that are performed over the wired network.

<< Back to quiz

2.) c. Rogue containment
Many enterprise APs can be configured to discover nearby wireless devices and detect at least some wireless rogue attacks. Most (but not all) can provide input useful for location tracking, implemented by a WLAN controller, a WIPS, or an upstream locationing system. What really differentiates a WIPS from a WIPS sensor is the ability to take preventative actions, like invoking a containment method to stop stations from talking to rogue APs.

<< Back to quiz

3.) a. Signature matching
Many WIPS recognize common war driving and attack tools like NetStumbler by matching observed traffic to a known pattern (i.e., signature).

<< Back to quiz

4.) a. Placing a cardboard box over the rogue to conceal it
An intruder might try to hide a rogue from view, but a cardboard box is not an effective method of containing the rogue -- that is, preventing the rogue from doing harm. Wireless transmissions pass through cardboard, drywall, wood, brick and other building materials, which is why a rogue can wreak havoc even when located outside your facility.

<< Back to quiz

5.) d. Site calibration
Of these methods, nearest sensor yields the largest search area, but requires the least effort to set up. At the opposite end of the spectrum, site calibration can produce estimates accurate to within a few feet, but achieving that accuracy requires taking painstaking measurements throughout the WLAN's entire footprint to enable later comparison.

>> Take the final exam

<< Return to Lesson 4 quiz

<< Return to Wireless Security Lunchtime Learning

This was last published in March 2006

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)