CND (312-38) Network Defense Simulation

Welcome, Network Defender. You are analyzing alerts from the corporate Wireless Intrusion Prevention System (WIPS). Identifying physical layer characteristics of wireless networks is crucial for detecting rogue access points and legacy hardware vulnerabilities.

Network Scenario

During a routine wireless sweep of the enterprise campus, the WIPS sensor grid detects a new, unauthorized Access Point (AP) broadcasting near the loading dock. To assess the threat level and physical capabilities of this rogue device, you must analyze its Radio Frequency (RF) characteristics.

The device is using highly outdated modulation techniques, which may indicate an employee plugging in an old consumer-grade router (shadow IT) or an attacker setting up a disposable, legacy rogue AP to bypass modern 5GHz-only wireless security controls.

Traffic & Logs

[09:15:02] WIPS-ALERT: Rogue AP Detected - BSSID: 00:14:22:A1:B2:C3
[09:15:04] RF-SENSOR: Band: 2.4 GHz | Channel: 6 | Channel Width: 22 MHz
[09:15:05] RF-SENSOR: Modulation scheme identified: DSSS (Direct-Sequence Spread Spectrum)
[09:15:05] PHY-STAT: Max Supported Rate observed: 11 Mbps
[09:15:08] PHY-STAT: Active beacon stream rate: 2 Mbps

*Analysis note: Pay strict attention to the 2.4 GHz band and specifically the DSSS modulation type. Modern standards utilize OFDM or OFDMA.

Question

Which protocol could choose the network administrator for the wireless network design, if he need to satisfied the minimum requirement of 2.4 GHz, 22 MHz of bandwidth, 2 Mbits/s stream for data rate and use DSSS for modulation.

Defensive Hint: Look at the modulation type in the logs. 802.11a, g, and n primarily rely on Orthogonal Frequency-Division Multiplexing (OFDM). Which legacy standard operating strictly in the 2.4 GHz range used Direct-Sequence Spread Spectrum (DSSS)?

Expert Analysis

1. What is happening in the network

The WIPS sensors have picked up 2.4 GHz RF transmissions characterized by a 22 MHz channel width, a maximum data rate of 11 Mbps (operating currently at 2 Mbps), and DSSS modulation. This exactly matches the physical layer signature of legacy 802.11b hardware.

2. Identify attack or behavior

This behavior indicates a rogue AP. Attackers or negligent employees often use legacy 802.11b/g routers because they are cheap, easily hidden, and natively fall back to highly insecure encryption protocols like WEP or WPA-TKIP. Furthermore, introducing an 802.11b device into a modern wireless environment can force legitimate APs into "backward compatibility mode," causing severe network degradation.

3. Why the correct answer is correct (Option C)

802.11b is the only standard listed that operates in the 2.4 GHz band using DSSS (Direct-Sequence Spread Spectrum) for modulation, supporting data rates of 1, 2, 5.5, and 11 Mbps over a 22 MHz channel width.

4. Why others are wrong

A. 802.11n: Operates on both 2.4 and 5 GHz, but uses MIMO and OFDM (Orthogonal Frequency-Division Multiplexing), supporting vastly higher data rates (up to 600 Mbps).
B. 802.11g: Operates on 2.4 GHz but uses OFDM to achieve data rates up to 54 Mbps. It only falls back to DSSS for backward compatibility with 'b'.
D. 802.11a: Operates exclusively in the 5 GHz band using OFDM, achieving data rates up to 54 Mbps.

5. Defensive action

First, physically locate the rogue AP using RF triangulation via the WIPS management console and disconnect it from the wired network. As a proactive defense measure, configure the corporate wireless LAN controllers (WLCs) to explicitly disable 802.11b data rates (1, 2, 5.5, 11 Mbps). This prevents legacy devices from associating with your corporate network, hardening the environment against legacy encryption downgrade attacks.

MINI LESSON: Wireless Modulation & Security

Understanding wireless physical layers is critical for network defense:

  • DSSS vs. OFDM: Early standards (b) used DSSS to spread the signal over a wider frequency band to resist interference. Modern standards (a, g, n, ac, ax) use OFDM to divide the channel into numerous subcarriers, allowing for massively higher throughput.
  • Performance Degradation: If a corporate network permits 802.11b devices, modern APs must send protection frames (CTS-to-Self) so the 'b' devices don't transmit over 'g/n' devices, severely crippling overall network speed.
  • Rogue AP Profiling: Defenders must be able to read RF footprints. Seeing a 22 MHz channel width instead of modern 20/40/80 MHz widths is a massive anomaly indicating legacy, potentially insecure hardware.

Ready to master Network Defense?

Enhance your traffic analysis and defensive architecture skills with full CND practice environments.

Explore more CND simulations