Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through.

Published byNorah Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through."— Presentation transcript:

1 1 Wireless Security

2 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through free space. unlike wired LANs – a wireless LAN can't restrict data transmission to a single designated recipient. Wireless LANs are insecure because wireless devices are portable and therefore are easily lost or stolen.

3 3 Security Definitions Communication from A to B should provide :  Authentication - to prove identity  Integrity - to detect altered packets  Privacy - to prevent eavesdropping

4 4 Wireless LAN Security If unauthorized users gain access to a network, they can  eavesdrop on communications  access or alter data or network set-up  access network services

5 5 Attacks on wireless LAN 1. Passive attacks 2. Active Attacks 3. Jamming attacks 4. Man in the middle attacks

6 6 Passive Attacks In a passive attack, a hacker eavesdrops on a network, but does not interfere with data or devices. Passive attacks are undetectable, because the hacker does not need to connect to a wireless network to receive transmitted data. Hackers can use a directional antenna and devices or programs known as "sniffers" to gather information about a wireless network from a distance (passwords, usernames, MAC addresses, SSID, etc.).

7 7 Active Attacks In an active attack, a hacker accesses a wireless LAN to perform some function on the network., copy the files, change settings, impersonate a user, or even reconfigure the network.

8 8 Jamming Attacks Jamming occurs when a very powerful radio frequency (RF) signal cuts off the signals from access points and clients in a wireless LAN. Jamming can happen unintentionally or deliberate, when signals from other legitimate devices (in the same frequency range) interfere with wireless LAN transmissions. jamming attacks are similar to denial-of-service attacks on servers. jamming equipment is expensive so these attacks are rare. Users need spectrum analyser to find the jamming signal.

9 9 Man in the middle attacks In a man-in-the-middle attack, hackers install their "rogue" access point in a wireless LAN. Wireless clients associate with the rogue access point and the hacker has access to the data they send. To do this, a hacker can use a device to create all-band interference around a legitimate access point, causing wireless clients to disconnect. Wireless clients then roam to find a good signal and associate with the powerful rogue access point.

10 10 Man in the middle attacks To install a rogue access point, a hacker needs to know the SSID and any encryption keys that wireless clients are using. if the access point broadcasts the SSID (or use the default one), a hacker may easily obtain the SSID by using a "sniffer." the IEEE 802.11b standard by default stipulates one-way authentication. That is, an access point authenticates a user, but a user does not authenticate an access point. So a user cannot tell when an access point is not legitimate.

11 11 Wireless Security (Ad-hoc LANs) Wireless Ad-hoc networks (peer-peer) are very insecure. If hackers have a card in ad hoc mode and are within range of an ad-hoc wireless LAN, they are immediately connected to a user's wireless client and can attempt to gain access to the network via the client. Most PC cards are shipped with ad-hoc mode enabled by default. You should disable ad hoc mode on clients whenever possible. Infrastructure Wireless LANs are more secure.

12 12 Security (Solutions) What is your security? WEP WPA Filtering: Mac filtering, SSID filtering, protocol filtering SSID =Service Set Identifier for AP RADIUS server IPsec virtual private networks (VPNs) wireless gateways (and proxy server) to limit the cell size of the access points – that is, to limit the geographical area that wireless signals cover. Directional antennas

13 13 Brief Overview Case Study (how insecure wireless LANs are accessed). Current Wireless Technology Overview  802.11 a/b/g  WEP New Wireless Security Standard  802.1x  WPA, WPA-2

14 14 Basic 802.11b Overview 802.11b was IEEE approved in 1999 Infrastructure Mode or Ad Hoc Utilizes 2.4GHz band on 15 different channels 11Mbps shared among all users on access point )more uses, less bandwidth for you) Cheap!!!

15 15 Basic 802.11g Overview Faster than 802.11b (54Mbps) Backward compatibility with (b) Same interference problem with 802.11b as they use the same frequency (2.4 GHz)

16 16 Filtering Filtering is a security mechanism that allows you to restrict network access based on predefined criteria. In a wireless LAN, you can use the following types of filtering: service set identifier (SSID) filtering media access control (MAC) filtering protocol filtering (e.g. only allow TCP/IP protocol)

17 17 802.11 Built in Security Features Service Set Identifier (SSID) Differentiates one access point from another SSID is broadcasted every few seconds. Beacon frames (broadcast) are in plain text! First layer of security

18 18 SSID Filtering An SSID is a shared network name for devices in a wireless LAN subsystem. In SSID filtering, a wireless client must match the SSID of an access point to access a wireless LAN. SSID filtering is a very basic form of access control. While it is often used to segment the network, it should not be relied upon for wireless LAN security.

19 19 Do’s and Don'ts for SSID’s Default SSID’s are well known (Linksys AP’s default to linksys, CISCO defaults to tsunami, etc) so change them immediately in AP settings when you purchase. Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame (Disable Broadcast).

20 20 Hide the SSID As stated earlier, the SSID is by default broadcast every few seconds. Turning braodcast off makes it harder to figure out a wireless connection is there Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text.

21 21 MAC Address Filtering To implement MAC filtering, you program a filter list of permitted MAC addresses into each access point in a wireless LAN. If a PC card with a MAC address that is not on the filter list tries to associate with an access point, the access point denies access to the client programming every access point with the MAC addresses of all the wireless clients can be impractical.

22 22 MAC address filtering MAC address filtering works by only allowing specific hardware (within MAC list) to connect to the AP Management on large networks unfeasible Using a packet sniffer software, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted May be good for small networks Prevents casual hacking..

23 23 MAC Filtering Not a good solution, for example if a computer is stolen, Until the theft is reported, a hacker can use the NIC card to access a wireless LAN. It is especially dangerous if static WEP key is used (the encryption key used is fixed and within the computer).

24 24 MAC Filtering you can program access points to disallow the MAC address of the employee's card that has left (reverse MAC filtering) for added security.

25 25 RADIUS Servers A more scalable security solution is to implement MAC filters on some Remote Authentication Dial-in User Service (RADIUS) servers. When users log in to a network, the RADIUS server checks their MAC address along with their user identification information.

26 26 WEP All IEEE 802.11x wireless LAN standards employ an encryption algorithm known as Wired Equivalent Privacy (WEP) to protect data from eavesdropping over the wireless segment of the LAN. WEP uses keys for authenticating users and for encrypting data. You need to set the authentication method for each wireless client and it must match the setting of the access point with which it associates.

27 27 WEP (Wired Equivalent Privacy) (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. WEP uses preshared keys that are entered manually at both ends (static keys). Using the RC4 encryption algorithm, WEP originally specified a WEP-64 had 40-bit key, but was later boosted to a 104-bit key (WEP-128). WEP is inadequate (cannot be relied on)

28 28 Associating with the AP Access points have two ways of initiating communication with a client Shared Key or Open Key authentication Open key (Open Access) allows anyone to start a conversation with the AP (no encryption). Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates

29 29 How Shared Key Authentication Works ? Client begins by sending an association request to the AP. AP does not ask client to send the key to check it as it is insecure, instead: AP responds with a ‘challenge text’ (unencrypted) Client, using the proper WEP key, encrypts text and sends it back to the AP AP check this (de-encrypts), if properly encrypted, and the results matched the ‘challenge text’, AP allows communication with the client.

30 30 Shared Key Problems Using passive sniffing software, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text. By using sniffing software key can be found (monitoring the wireless link)

31 31 Open Authentication (open key) Open authentication is the default mode for access points. Clients associate with an access point using unencrypted text and no WEP keys are required for access. Default is therefore no WEP.

32 32 Shared Key Allocation Shared Key allocation can be static or dynamic : In static key allocation: Because each client must be manually configured with WEP keys and because the keys never change, this presents an inherent security risk. It is also impractical for big networks due to many computers involved.

33 33 Dynamic Key Allocation (Key changes) Per-packet WEP key distribution calls for a new WEP key to be assigned to both ends of the connection for every packet sent. This will add a significant traffic overhead to the network but more security. Per-session WEP key distribution uses a new WEP key for each new session between nodes. Centralized dynamic encryption key servers provide significant advantage over static keys. The WEP-keys continually change and are valid only for the predetermined interval of time or transmission.

34 34 WEP WEP employs the RC4 algorithm for encryption purposes and the CRC-32 checksum for transmission integrity. WEP can be implemented as a very basic security solution on most wireless LANs, but you should be aware of the inherent flaws that leave it vulnerable to attack. Cannot be relied on.

35 35 WEP Encryption

36 36 WEP Problems (with static key allocation) Once again, passively monitoring the network for a few hours (or even minutes) can be enough time to gather enough information to figure out the WEP key (when static key is used) The time needed to deploy the attack is linearly proportional to the key length.

37 37 Virtual Private Networks (VPN) When a client associates with an access point using VPN technology, the client uses off-the-shelf VPN software that uses protocols such as IPSec (or L2TP for PPP protocol) to form a tunnel (commonly across internet) to the access point in order to transmit data. All data that passes through the access point travels via the tunnel and encrypted.

38 38 Virtual Private Networks (VPN) Deploying a secure VPN over a wireless network can greatly increase the security of your data Idea behind this is to treat the wireless network the same as an insecure wired network (the internet).

39 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session. IPSec is a set of protocols to provide various types of protection an IP network. IPSec works at the network layer to provide protections for any higher layer TCP/IP application or protocol without additional security methods, which is a major strength. 39

40 40 IPSec (IP Security) IPSec is a framework of standards for ensuring data privacy over Internet Protocol (IP) networks. Used in VPN Works at layer 3 (IP), designed for IP. You can use IPSec to secure wireless LAN communications by placing an IPSec client on every computer connected to the wireless network. Users must establish an IPSec tunnel to transmit any traffic to the wired LAN. IPSec encrypts data using a standard that encrypts data three times with up to three different keys.

41 IPSec Tunnel Mode and Transport Mode 1. Transport Mode Transport mode is the default mode for IPSec, and it used for end-to-end communications. In transport mode, IPSec encrypts only the IP payload. Typical IP payloads are TCP segments, a UDP message or an ICMP message. the IP header is neither modified nor encrypted, the routing is intact.. 41

42 2. IPSec Tunnel Mode Tunnel mode is used to create virtual private networks for network-to-network, host-to- network, and host-to-host communications. When IPSec tunnel mode is used, IPSec encrypts the IP header and the payload, whereas transport mode only encrypts the IP payload. 42

43 43 IEEE 802.1X 802.1X is a port-based, layer 2 authentication framework on IEEE 802 networks. Not limited or specific to 802.11 networks, originally for campus networks, extended to wireless. Uses EAP (Extensible Authentication Protocol ) for authentication implementation with clients. Provides means for key transport

44 44 802.1x-EAP client authentication A security approach for wireless LANs that provides a framework for centralized authentication and dynamic key distribution uses the following elements: the IEEE 802.1x standard the Extensible Authentication Protocol (EAP)

45 45 IEEE 802.1x The IEEE 802.1x standard provides specifications for port-based network access control where the port is placed in blocking mode until a backend system has authenticated the user.

46 46 EAP EAP negotiates an authentication method. It allows wireless client adaptors that may support different authentication types to communicate with Remote Access Dial-In User Service (RADIUS) server.

47 47 How 802.1x functions ? Using EAP and 802.1x, the client and the RADIUS server perform mutual authentication through the access point. When mutual authentication is successfully completed, the RADIUS server and the client determine a key that is specific to the client. This key is known as a session key. The client loads the session key and prepares to use it for the logon session with the access point. The RADIUS server sends the session key over the wired LAN to the access point. Once the access point receives the session key, it uses the session key to encrypt the broadcast key, which it sends to the client. The client uses its session key to decrypt the broadcast key that is used to encrypt the data being broadcasted (sent). The above will avoid the broadcast key to be sent down the line (can be found out quickly, insecure).

48 48 802.1x 802.1x capable Access Points  Cisco  Lucent

49 49

50 50 Pre-Authentication State (802.1x)

51 51 Post-Authentication State

52 52 more benefits of choosing 802.1X… 802.1x integrates well with other open standards such as RADIUS RADIUS is de-facto Software upgrade  Access points only need a firmware upgrade to enable 802.1X. firm·ware ( Computer programming instructions that are stored in a read-only memory unit rather than being implemented through software.)  On the client side, 802.1X can be enabled with an updated driver for the NIC Depending on the EAP you choose, you can have a very secure authentication scheme! dynamic key management available

53 53 Wireless gateways (esp. Proxy server) Enterprise wireless gateways sit on a wired network segment between the access point and the wired network. The gateway controls access from the wireless LAN to the wired LAN. If a hacker gains access to a wireless LAN, the wireless gateway prevents the hacker from accessing the wired network.

54 54 Summary of Security Solutions What is your security? WEP improvements (dynamic key allocation) WPA Mac filtering SSID filtering, Protocol filtering RADIUS server IPsec virtual private networks (VPNs) wireless gateways (and proxy server) to limit the cell size of the access points – that is, to limit the geographical area that wireless signals cover. Directional antennas (to limit the signal to special area) Use WiFi Manager to spot the hackings.

55 55 WiFi Manager Server WiFi Manager Software installed on LAN and used to monitor/manage the security of wireless and identify if the WLAN is being hacked: Identify rogue AP To identify any hackings by monitoring the network Monitor who is using your network Monitor the AP bandwidth utilisation Monitor WLAN equipments (APs connected) Can also be used to configure the APs.

56 56 Review: WPA A central key distribution system is available that dynamically assigns per- session or per-packet keys. A new WPA key to a client and an access point for each session or for each data packet sent between them.

57 57 WPA (WiFi Protected Access) To supersede WEP because of its problems Generates a new key for encryption each time a wireless client establishes access to AP (sophisticated encryption). RADIUS, 802.1x are used for central authentication for all of the network. Key is generated by RADIUS authentication server. WPA uses 128 bit key while WEP-128 used 104 bit key.

58 WPA-2 Later version of WPA 128 bit Key used to encrypt/de-encrypyt data Supports IEEE 802.11i encryption standards to secure wireless LANs. Can use RADIUS server for central authentication. WPA-2 uses Advanced Encryption Standard (AES) wherseas WEP and WPA used RC4 algorithm. 58

59 59 Links to the some sites used to get info on Wireless links: Airsnort http://airsnort.shmoo.com http://airsnort.shmoo.com Netstumbler http://www.netstumbler.com http://www.netstumbler.com Ethereal http://www.ethereal.com http://www.ethereal.com tinyPEAP http://www.tinypeap.com

60 60

Download ppt "1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through."

Similar presentations

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.

Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Similar presentations

Ads by Google