Wireless Security Technology
Section 3 Quiz

By now you have the ability to setup WPA under RADIUS. RADIUS can be setup under Linux or Windows, or even within your access point.

One of my favorite set of guidelines is COBiT. Currently version 4.1 is available after you register for free. COBiT is something huge, so the focus will be on some very specific items. All the following questions are based on the 4.1 Version.

COBiT is business oriented, as it provides a line of thinking that relates business goals to IT goals, COBiT also provides a guideline for assigning ownership to each process. At this point we are moving away from the technical area and into the management process.

  1. What is the purpose of COBiT?
  2. What are the 4 main domains within the COBiT framework?
  3. Figure 9 on page 14 describes a control model. To what Norms/Standards/objectives should an access point be compared/evaluated? (This is a very open ended question; the answers can range from wireless speed standards to security feature implementations) In our case, and for the following questions, "process" is now defined as the interrelationship that can be established between an access point and a given node.
  4. Looking at item PO2.3, what would be your scheme to classify the data that travels through the access point? Hint 1: In these kinds of questions, detail is the crux of the matter. Hint 2: Keep in mind that access points are bidirectional devices, and can reveal the inner workings of the network behind them. (Answer: Due to the legalities of this, a user can browse through anything, and if something is going to be recorded, the user has to be warned. Any protocol that is supported by the browser can travel through the AP, and depending on the type of AP and setup, it can also broadcast information regarding routing protocols, VLANs, etc.)
  5. From question 4, which items would you consider high risk?
  6. Looking at PO3.3, how would you establish the process to monitor future trends and regulations?
  7. Looking at PO5.3, how would you start the process of coming up with the budget to implement a RADIUS server to manage 10 AP? From where can you find current benchmarks that show the load that can be handled by a RADIUS server?
  8. Let’s say you have now implemented the RADIUS system. How would you implement PO7.5? How would you make sure that you have minimized the dependence upon individuals?
  9. AI2.6 relates to upgrades. What would be the process to perform any kind of upgrade on any section of the system (RADIUS server, AP, interconnecting subsystems, etc,) Hint 1: This relates to question 3.
  10. Describe/elaborate about the importance of the AI4 process. How can AI4 be implemented? You can come up with your own scenario, but it must be feasible and technically accurate.