Management Frame Protection is available in two deployment modes, Infrastructure and Client.
Which three statements describe the differences between these modes? (Choose three.)
Management Frame Protection (MFP) is a security feature available in Wi-Fi networks to protect against various types of attacks that exploit vulnerabilities in the Wi-Fi protocol. MFP provides cryptographic protection to the management frames used for various operations in a Wi-Fi network, including association, disassociation, reassociation, and authentication. MFP is available in two deployment modes, Infrastructure and Client.
Here are the differences between Infrastructure and Client deployment modes of MFP:
Infrastructure mode appends a MIC to management frames: In Infrastructure mode, MFP appends a Message Integrity Check (MIC) to the management frames to ensure the integrity of the frame. The MIC is a cryptographic checksum that is computed over the contents of the frame and appended to the frame. The receiving end can use the MIC to verify the integrity of the frame and discard any frame that fails the verification.
Client mode encrypts management frames: In Client mode, MFP encrypts the management frames using the Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES). The encryption provides confidentiality to the frame and prevents eavesdropping attacks.
Infrastructure mode can detect and prevent common DoS attacks: In Infrastructure mode, MFP can detect and prevent common Denial of Service (DoS) attacks such as deauthentication and disassociation attacks. MFP uses a mechanism called Protected Management Frames (PMF) to prevent such attacks. PMF ensures that only authorized clients can send management frames, and any unauthorized management frame is discarded.
Client mode can detect and prevent common DoS attacks: In Client mode, MFP can also detect and prevent common DoS attacks, including deauthentication and disassociation attacks. However, the protection mechanism is different from that of Infrastructure mode. Client mode uses a mechanism called Unicast Management Action Frames (U-MAFs) to detect and prevent DoS attacks. U-MAFs are special management frames that are sent to the access point to confirm the authenticity of the frames received from the access point. If the access point does not receive the U-MAFs within a specified time period, it assumes that the client is no longer available and stops sending frames to the client.
Infrastructure mode requires Cisco Compatible Extensions version 5 support on clients: In Infrastructure mode, MFP requires that the clients support Cisco Compatible Extensions version 5 (CCXv5) to enable PMF. CCXv5 is a proprietary protocol developed by Cisco that provides enhanced security features to Wi-Fi networks. If the clients do not support CCXv5, they cannot use PMF and are vulnerable to DoS attacks.
In summary, MFP is a security feature available in Wi-Fi networks to protect against various types of attacks that exploit vulnerabilities in the Wi-Fi protocol. MFP is available in two deployment modes, Infrastructure and Client, each with its own protection mechanism and requirements for client support.