What type of sensitive information might be obtained from a configured wireless LAN profile on a compromised machine?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What type of sensitive information might be obtained from a configured wireless LAN profile on a compromised machine?

Explanation:
Saved wireless profiles contain the credentials needed to connect to those networks. When a network uses a pre-shared key (WEP, WPA, or WPA2-PSK), that key is stored with the profile so the device can automatically join the network. If a machine is compromised, an attacker can extract that key from the profile and reuse it to access the same networks or others that use the same key. That’s why the most sensitive information you can get from a configured wireless LAN profile is the pre-shared key. In contrast, user emails, BIOS passwords, and SSL certificates live in other parts of the system—the mail client, firmware/secure storage, and certificate stores respectively—not in the wireless profile itself.

Saved wireless profiles contain the credentials needed to connect to those networks. When a network uses a pre-shared key (WEP, WPA, or WPA2-PSK), that key is stored with the profile so the device can automatically join the network. If a machine is compromised, an attacker can extract that key from the profile and reuse it to access the same networks or others that use the same key. That’s why the most sensitive information you can get from a configured wireless LAN profile is the pre-shared key. In contrast, user emails, BIOS passwords, and SSL certificates live in other parts of the system—the mail client, firmware/secure storage, and certificate stores respectively—not in the wireless profile itself.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy