Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor

Published byRiley O'Grady Modified over 10 years ago

Similar presentations

Presentation on theme: "Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor"— Presentation transcript:

1 Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com

2 So whats the problem? WEP is a euphemism –Wired –Equivalent –Privacy Actually, its a lie –It isnt equivalent to wired privacy at all! –How can you secure the air? Thus: WEPs v.poor http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

3 WLAN Security Challenges Unsecured WLAN Most wireless LANs are unsecured mailt o:bo ss@ com pany. tld mailto:boss@company.tld WLAN Access Point Company Servers Mobile Employee Evil Hacker

4 WLAN Security Challenges Weak Security in 802.11 Static WEP X7!g%k0j37**54bf(jv&8gF… X7!g %k0j 37**54 bf(jv &8gB) £F..

5 Other 802.11 Challenges Access Points are dim! Key Management (!!!!) –Manual update = never changed! Access Control with MAC address filtering –= NO SECURITY! Neither is scalable Authentication Authorization Data Protection Audit

6 WLAN Security Challenges Weak Security in 802.11 Static WEP Static WEP key easily obtained for encryption / authentication X7!g%k0j37**54bf(jv&8gB)£F.. X7!g%k0j37**54bf(jv&8gF… X7!g %k0j 37**54 bf(jv &8gB) £F..

7 WLAN Security Challenges Weak Security in 802.11 Static WEP Man in the middle attacks are difficult to detect & prevent X7!g%k0j37** Rogue Network X7!g%k0j37**

8 Alternatives to WEP

9 VPNs Pros –Familiarity –Hardware Independent –Proven Security Cons –Lacks user transparency –Only user logon (not computer) –Roaming profiles, logon scripts, GPOs broken, shares, management agents, Remote desktop –No reconnect on resume from standby –Complex network structure

10 VPNs More Cons –No protection for WLAN –Bottleneck at VPN devices –Higher management & hardware cost –Prone to disconnection Yet more cons! (non- MS VPNs) –3 rd party licensing costs –Client compatibility –Many VPN auth schemes (IPsec Xauth) are as bad as WEP!

11 PEAP encapsulation 1. 1. Server authenticates to client 2. 2. Establishes protected tunnel (TLS) 3. 3. Client authenticates inside tunnel to server No cryptographic binding between PEAP tunnel and tunneled authN method Fix: constrain client (in GPO) to trust only a specific corporate root CA –Foils potential MitM attacks

12 EAP architecture TLSTLS GSS_API Kerberos GSS_API Kerberos PEAP IKE MD5 EAP PPP 802.3 802.5 802.11 … Anything… method layer method layer EAPlayerEAPlayer medialayermedialayer MS-CHAPv2 TLS SecurID

13 802.1X over 802.11 Supplicant Authenticator Authentication Server 802.11 association EAPOL-start EAP-request/identity EAP-response/identityRADIUS-access-request EAP-requestRADIUS-access-challenge EAP-response (credentials) RADIUS-access-request EAP-successRADIUS-access-accept Access allowed EAPOW-key (WEP) Gotta get on! Calculating this guys key… Accessblocked Calculating my key… (Wow I just dont understand this new maths!)

14 Session Summary Windows XP has great wireless security features Theres extensive prescriptive guidance available from our website Dont be scared of wireless!

15 Next Steps Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx Sign up for security communications: http://www.microsoft.com/technet/security/signup/ default.mspx Check out Security360 http://www.microsoft.com/seminar/events/series/mikenash.mspx Get additional security tools and content: http://www.microsoft.com/security/guidance

16 Resources Microsoft Wi-Fi Page: http://www.microsoft.com/wifihttp://www.microsoft.com/wifi The Unofficial 802.11 Security Web Page http://www.drizzle.com/~aboba/IEEE/http://www.drizzle.com/~aboba/IEEE/ Intercepting Mobile Communications: The Insecurity of 802.11 http://www.drizzle.com/~aboba/IEEE/wep-draft.zip http://www.drizzle.com/~aboba/IEEE/wep-draft.zip Fluhrer, Mantin, Shamir WEP Paper: http://www.crypto.com/papers/others/rc4_ksaproc.pdf http://www.crypto.com/papers/others/rc4_ksaproc.pdf WiFi Planet: http://www.wi-fiplanet.com/http://www.wi-fiplanet.com/ Microsoft Solution for Securing Wireless LANs with PEAP and Passwords (< 1 week) http://www.microsoft.com/technet/security/guidance/peap_0.mspxhttp://www.microsoft.com/technet/security/guidance/peap_0.mspx Microsoft Solution for Securing Wireless LANs with Certificates http://www.microsoft.com/technet/security/prodtech/win2003/pkiwire/swlan.mspx Wifi for SOHO Environments http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx

17 Credits Thanks to Ian Hellen(MCS) & Steve Riley(Corp) as I borrowed several of their slides!

18 Questions and Answers

Download ppt "Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor"

Similar presentations

Authentication.

Authentication.
802.1x What it is, How it’s broken, and How to fix it.

802.1x What it is, How it’s broken, and How to fix it.
Securing Your Wireless Network

Securing Your Wireless Network
Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,
Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.

Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Network Security.

Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Attacks and defense strategies in a wireless local area network Course: CSCI5235 Instructor: Dr. Andrew T. Yang Student: Fan Yang.

Attacks and defense strategies in a wireless local area network Course: CSCI5235 Instructor: Dr. Andrew T. Yang Student: Fan Yang.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
Implementing Security for Wireless Networks Presenter Name Job Title Company.

Implementing Security for Wireless Networks Presenter Name Job Title Company.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Similar presentations

Ads by Google