Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 6 Wireless Network Security

2 Objectives Describe the basic IEEE wireless security protections Define the vulnerabilities of open system authentication, WEP, and device authentication Describe the WPA and WPA2 personal security models Explain how enterprises can implement wireless security Security+ Guide to Network Security Fundamentals, Third Edition

3 IEEE 802.11 Wireless Security Protections
Institute of Electrical and Electronics Engineers (IEEE) The most widely known and influential organization for computer networking and wireless communications In the early 1980s, the IEEE began work on developing computer network architecture standards This work was called Project 802 In 1990, the IEEE formed a committee to develop a standard for WLANs That operate at a speed of 1 and 2 million bits per second (Mbps) Security+ Guide to Network Security Fundamentals, Third Edition

4 IEEE 802.11 Wireless Security Protections (continued)
In 1997, the IEEE approved the IEEE WLAN standard Revisions IEEE a IEEE b IEEE g IEEE n Security+ Guide to Network Security Fundamentals, Third Edition

5 Controlling Access Controlling wireless access of devices to the WLAN
Accomplished by limiting a device’s access to the access point (AP) By restricting access to the AP, only those devices that are authorized are able to connect to the AP and become part of the wireless network The IEEE standard does not specify how to implement controlling access Almost all wireless AP vendors implement access control through Media Access Control (MAC) address filtering Security+ Guide to Network Security Fundamentals, Third Edition

6 Controlling Access (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

7 Controlling Access (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

8 Controlling Access (continued)
MAC address filtering is usually implemented by permitting instead of preventing Wired Equivalent Privacy (WEP) Designed to ensure that only authorized parties can view transmitted wireless information Uses encryption to protect traffic The IEEE committee designed WEP to meet the following criteria: Efficient, exportable, optional, self-synchronizing, and reasonably strong Security+ Guide to Network Security Fundamentals, Third Edition

9 Controlling Access (continued)
IEEE WEP shared secret keys must be a minimum of 64 bits in length The options for creating keys are as follows: 64-bit key 128-bit key Passphrase The AP and devices can hold up to four shared secret keys One of which must be designated as the default key Security+ Guide to Network Security Fundamentals, Third Edition

10 Security+ Guide to Network Security Fundamentals, Third Edition

11 Controlling Access (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

12 Controlling Access (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

13 Controlling Access (continued)
Device authentication Wireless LANs cannot limit access to the wireless signal by walls or doors Sometimes called data emanation Types of authentication supported by the standard Open system authentication See Figure 6-6 Shared key authentication See Figure 6-7 Security+ Guide to Network Security Fundamentals, Third Edition

14 Security+ Guide to Network Security Fundamentals, Third Edition

15 Security+ Guide to Network Security Fundamentals, Third Edition

16 Vulnerabilities of IEEE 802.11 Security
The primary vulnerabilities are in the areas of open system authentication, MAC address filtering, and WEP Security+ Guide to Network Security Fundamentals, Third Edition

17 Open System Authentication Vulnerabilities
Open system authentication is considered weak because authentication is based on only one factor: A match of SSID The easiest way to discover the SSID is to actually do nothing Exploits the beaconing process Once a wireless device receives a beacon frame, it can attempt to join the network By sending an association request frame back to the AP Security+ Guide to Network Security Fundamentals, Third Edition

18 Open System Authentication Vulnerabilities (continued)
Passive scanning The most common type of scanning A wireless device simply listens for a beacon frame for a set period of time For a degree of protection, some wireless security sources encourage users to configure their APs to prevent the beacon frame from including the SSID But instead require the user to enter the SSID manually on the wireless device Security+ Guide to Network Security Fundamentals, Third Edition

19 Open System Authentication Vulnerabilities (continued)
Problems arise when the SSID is not beaconed Can affect roaming Can also affect devices running Microsoft Windows XP The SSID can be easily discovered even when it is not contained in beacon frames Still is transmitted in other management frames sent by the AP Configuring an access point to not allow the beacon frame to include the SSID provides virtually no protection Security+ Guide to Network Security Fundamentals, Third Edition

20 Security+ Guide to Network Security Fundamentals, Third Edition

21 MAC Address Filtering Weaknesses
MAC addresses are initially exchanged in an unencrypted format through the WLAN An attacker can easily see the MAC address of an approved device and use it to join the network Managing a large number of MAC addresses can pose significant challenges MAC address filtering does not provide a means to temporarily allow a guest user to access the network Other than manually entering the user’s MAC address into the access point Security+ Guide to Network Security Fundamentals, Third Edition

22 WEP To encrypt packets WEP can use only a 64-bit or 128-bit number
Which is made up of a 24-bit initialization vector (IV) and a 40-bit or 104-bit default key The relatively short length of the default key limits its strength WEP implementation violates the cardinal rule of cryptography: Anything that creates a detectable pattern must be avoided at all costs IVs would start repeating in fewer than seven hours Security+ Guide to Network Security Fundamentals, Third Edition

23 WEP (continued) Because of the weaknesses of WEP Keystream attack
Possible for an attacker to identify two packets derived from the same IV (called a collision) Keystream attack A method of determining the keystream by analyzing two packets that were created from the same IV Security+ Guide to Network Security Fundamentals

24 WEP (continued) Security+ Guide to Network Security Fundamentals, Third Edition

25 WEP (continued) Security+ Guide to Network Security Fundamentals, Third Edition

26 Personal Wireless Security
The wireless security requirements for personal wireless security are most often based on two models promoted by the Wi-Fi Alliance: WPA Personal Security WPA2 Personal Security Security+ Guide to Network Security Fundamentals, Third Edition

27 WPA Personal Security Wireless Ethernet Compatibility Alliance (WECA)
A consortium of wireless equipment manufacturers and software providers formed to promote wireless network technology WECA goals: To encourage wireless manufacturers to use the IEEE technologies To promote and market these technologies To test and certify that wireless products adhere to the IEEE standards to ensure product interoperability Security+ Guide to Network Security Fundamentals, Third Edition

28 WPA Personal Security (continued)
In 2002, the WECA organization changed its name to Wi-Fi (Wireless Fidelity) Alliance In October 2003 the Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA) WPA had the design goal to protect both present and future wireless devices, addresses both wireless authentication and encryption PSK addresses authentication and TKIP addresses encryption Security+ Guide to Network Security Fundamentals, Third Edition

29 WPA Personal Security (continued)
Preshared key (PSK) authentication Uses a passphrase to generate the encryption key When using PSK, a key must be created and entered into both the access point and all wireless devices Prior to the devices communicating with the AP The PSK is not used for encryption Instead, it serves as the starting point (seed) for mathematically generating the encryption keys Security+ Guide to Network Security Fundamentals, Third Edition

30 WPA Personal Security (continued)
WPA replaces WEP with an encryption technology called Temporal Key Integrity Protocol (TKIP) TKIP has several advantages over WEP: TKIP uses a longer 128-bit key TKIP keys are known as per-packet keys When coupled with other technologies, TKIP provides an even greater level of security WPA also replaces the (CRC) function in WEP with the Message Integrity Check (MIC) Designed to prevent an attacker from capturing, altering, and resending data packets Security+ Guide to Network Security Fundamentals, Third Edition

31 WPA2 Personal Security PSK Authentication
Wi-Fi Protected Access 2 (WPA2) Introduced by the Wi-Fi Alliance in September 2004 The second generation of WPA security Still uses PSK authentication but instead of TKIP encryption it uses enhanced data encryption PSK Authentication Intended for personal and small office home office users who do not have advanced server capabilities PSK keys are automatically changed and authenticated between devices after a specified period of time known as the rekey interval Security+ Guide to Network Security Fundamentals, Third Edition

32 WPA2 Personal Security (continued)
PSK key management weaknesses: The distribution and sharing of PSK keys is performed manually without any technology security protections PSK only uses a single key Changing the PSK key requires reconfiguring the key on every wireless device and on all access points In order to allow a guest user to have access to a PSK WLAN, the key must be given to that guest A second area of PSK vulnerability is the use of passphrases Security+ Guide to Network Security Fundamentals, Third Edition

33 WPA2 Personal Security (continued)
A PSK is a 64-bit hexadecimal number The most common way in which this number is generated is by entering a passphrase Consisting of letters, digits, punctuation, etc. that is between 8 and 63 characters in length PSK passphrases of fewer than 20 characters can be subject to a specific type of attack and broken AES-CCMP Encryption Encryption under the WPA2 personal security model is accomplished by AES-CCMP Security+ Guide to Network Security Fundamentals, Third Edition

34 WPA2 Personal Security (continued)
CCMP is based upon the Counter Mode with CBC-MAC (CCM) Of the Advanced Encryption Standard (AES) encryption algorithm CCM is the algorithm providing data privacy While the Cipher Block Chaining Message Authentication Code (CBCMAC) component of CCMP provides data integrity and authentication Security+ Guide to Network Security Fundamentals, Third Edition

35 WPA2 Personal Security (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

36 Enterprise Wireless Security
The enterprise wireless security options can be divided into those that follow the IEEE i standard and those that follow the WPA and WPA2 models Security+ Guide to Network Security Fundamentals, Third Edition

37 IEEE i The IEEE i wireless security standard Addresses the two main weaknesses of wireless networks: encryption and authentication Encryption is accomplished by replacing WEP’s original PRNG RC4 algorithm With a stronger cipher that performs three steps on every block (128 bits) of plaintext IEEE i authentication and key management is accomplished by the IEEE 802.1x standard Security+ Guide to Network Security Fundamentals, Third Edition

38 IEEE i (continued) Security+ Guide to Network Security Fundamentals, Third Edition

39 IEEE 802.11i (continued) Key-caching Pre-authentication
Stores information from a device on the network so if a user roams away from a wireless access point and later returns, he does not need to re-enter all of the credentials Pre-authentication Allows a device to become authenticated to an AP before moving into range of the AP Security+ Guide to Network Security Fundamentals, Third Edition

40 WPA Enterprise Security
The WPA Enterprise Security model is designed for medium to large-size organizations Provides improved authentication and encryption over the personal model on a wireless LAN The authentication used is IEEE 802.1x and the encryption is TKIP Security+ Guide to Network Security Fundamentals, Third Edition

41 WPA Enterprise Security (continued)
IEEE 802.1x Authentication Provides an authentication framework for all IEEE 802-based LANs Uses port-based authentication mechanisms Does not perform any encryption TKIP Encryption An improvement on WEP encryption Designed to fit into the existing WEP procedure Security+ Guide to Network Security Fundamentals, Third Edition

42 WPA Enterprise Security (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

43 WPA2 Enterprise Security
Provides the highest level of secure authentication and encryption on a wireless LAN Authentication used is IEEE 802.1x and the encryption is AES-CCMP IEEE 802.1x authentication provides the most robust authentication for a WPA2 enterprise model WLAN Encryption is based on the stronger AES-CCMP Only the 128-bit key and 128-bit block are mandatory for WPA2 Security+ Guide to Network Security Fundamentals, Third Edition

44 WPA2 Enterprise Security (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

45 Enterprise Wireless Security Devices
Thin Access Point An access point without the authentication and encryption functions These features reside on the wireless switch Advantages The APs can be managed from one central location All authentication is performed in the wireless switch Security+ Guide to Network Security Fundamentals, Third Edition

46 Enterprise Wireless Security Devices (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

47 Enterprise Wireless Security Devices (continued)
Wireless VLANs Can be used to segment traffic and increase security The flexibility of a wireless VLAN depends on which device separates the packets and directs them to different networks See Figures 6-14 and 6-15 For enhanced security many organizations set up two wireless VLANs One for employee access One for guest access Security+ Guide to Network Security Fundamentals, Third Edition

48 Security+ Guide to Network Security Fundamentals, Third Edition

49 Security+ Guide to Network Security Fundamentals, Third Edition

50 Enterprise Wireless Security Devices (continued)
Rogue Access Point Discovery Tools Wireless protocol analyzer Allows auditing the airwaves for rogue access points Monitoring the RF frequency requires a special sensor called a wireless probe Types of wireless probes: Wireless device probe Desktop probe Access point probe Dedicated probe Security+ Guide to Network Security Fundamentals, Third Edition

51 Security+ Guide to Network Security Fundamentals, Third Edition

52 Summary The initial IEEE standard contained security controls for protecting wireless transmissions from attackers The Wi-Fi Alliance has introduced two levels of personal security Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) Enterprise wireless security requires different security models from personal wireless security Additional wireless security devices can be used to defend against attackers Security+ Guide to Network Security Fundamentals, Third Edition

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition"

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Review of Wireless LAN Security Chapter-9

Review of Wireless LAN Security Chapter-9
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Module-8 Wireless LAN Security ,Vulnerabilities and Attack Methods

Module-8 Wireless LAN Security ,Vulnerabilities and Attack Methods
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Similar presentations

Ads by Google