Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted."— Presentation transcript:

1 11 WIRELESS SECURITY by Prof. Russell Jones

2 WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted using radio waves.  Physical security is no longer sufficient.  Transmissions can be intercepted outside the building where the data originates.  Wireless connections are becoming popular.  Network data is transmitted using radio waves.  Physical security is no longer sufficient.  Transmissions can be intercepted outside the building where the data originates.

3 HOW WIRELESS NETWORKING WORKS  Institute of Electrical and Electronics Engineers (IEEE) 802.11 is the standard  802.11b & 802.11g  Security Standard  802.1x & 802.11i (June 2004)  Can use various upper-layer protocols  Institute of Electrical and Electronics Engineers (IEEE) 802.11 is the standard  802.11b & 802.11g  Security Standard  802.1x & 802.11i (June 2004)  Can use various upper-layer protocols

4 WIRELESS INFRASTRUCTURE MODE NETWORKING

5 WIRELESS THREATS  Theft of service  Free use of Internet access  Free use of applications  Eavesdropping  Confidential Information  Financial & Health Security Laws  Unauthorized access  Change of Data, insert viruses, disable system  Theft of service  Free use of Internet access  Free use of applications  Eavesdropping  Confidential Information  Financial & Health Security Laws  Unauthorized access  Change of Data, insert viruses, disable system

6 WIRED EQUIVALENCY PRIVACY (WEP)  Provides encryption and access control  Media Access Control  Uses the RC4 encryption algorithm  Originally - 24-bit and 40-bit encryption  New versions support 128-bit encryption  Provides encryption and access control  Media Access Control  Uses the RC4 encryption algorithm  Originally - 24-bit and 40-bit encryption  New versions support 128-bit encryption

7 WEP KEYS  An attacker can discover the WEP key by using a brute-force attack.  All computers use a single shared WEP key.  WEP does not define a secure means to distribute the key.  WEP designed to use manual distribution of keys  An attacker can discover the WEP key by using a brute-force attack.  All computers use a single shared WEP key.  WEP does not define a secure means to distribute the key.  WEP designed to use manual distribution of keys

8 ADVANTAGES OF WEP  All messages are encrypted.  Privacy is maintained.  WEP is easy to implement.  WEP provides a basic level of security.  Keys are user definable and unlimited.  All messages are encrypted.  Privacy is maintained.  WEP is easy to implement.  WEP provides a basic level of security.  Keys are user definable and unlimited.

9 DISADVANTAGES OF WEP  A hacker can easily discover the shared key.  You must tell users about key changes.  WEP alone does not provide sufficient wireless local area network (WLAN) security.  WEP must be implemented on every client and AP.  A hacker can easily discover the shared key.  You must tell users about key changes.  WEP alone does not provide sufficient wireless local area network (WLAN) security.  WEP must be implemented on every client and AP.

10 WiFi Protected Access (WPA)  Improved encryption using Temporal Key (TKIP)  Provides integrity testing  Scrambles the key fields  Use of smart card devices with EAP  Allows for MAC filtering  Improved encryption using Temporal Key (TKIP)  Provides integrity testing  Scrambles the key fields  Use of smart card devices with EAP  Allows for MAC filtering

11 802.11i PROTOCOL (June 2004)  Improved authentication (PEAP, EAP)  Certificate-based (client and RADIUS)  Do not use EAP-MD5 (No protection to client password)  Requires authentication before access  Dynamic key assignment (Every 10 minutes)  Increased encryption (128-bit)  Adding preferred networks to clients  Improved authentication (PEAP, EAP)  Certificate-based (client and RADIUS)  Do not use EAP-MD5 (No protection to client password)  Requires authentication before access  Dynamic key assignment (Every 10 minutes)  Increased encryption (128-bit)  Adding preferred networks to clients

12 Authentication Process 1. Wireless client contacts uncontrolled AP port 2. The AP requests identity of client 3. AP create a RADIUS request and transmits 4. RADIUS checks to see if AP is approved 5. Checks credentials and policies on client 6. If ok, AP generates WEP key and passed to client 7. Client access controlled port with WEP key 1. Wireless client contacts uncontrolled AP port 2. The AP requests identity of client 3. AP create a RADIUS request and transmits 4. RADIUS checks to see if AP is approved 5. Checks credentials and policies on client 6. If ok, AP generates WEP key and passed to client 7. Client access controlled port with WEP key

13 Wireless Threats  Attack by intruder with wireless connection  Use Switches instead of Hubs  ARP Spoofing  Warn client not to accept credential changes  Evil Twin Attack  Authentication of Access Points  WEP Attacks  www.airsnort.com & www.netstumbler.com www.airsnort.com  Attack by intruder with wireless connection  Use Switches instead of Hubs  ARP Spoofing  Warn client not to accept credential changes  Evil Twin Attack  Authentication of Access Points  WEP Attacks  www.airsnort.com & www.netstumbler.com www.airsnort.com

14 BASIC DEFENSES AGAINST WIRELESS ATTACKS  Limit the range of radio transmissions.  Change the default SSID.  Disable SSID broadcast.  Use newer Access Points  Search for unauthorized access points (APs).  Restrict access by limiting access to specific media access control (MAC) addresses.  Separate the wireless segment from the rest of the network.  Limit the range of radio transmissions.  Change the default SSID.  Disable SSID broadcast.  Use newer Access Points  Search for unauthorized access points (APs).  Restrict access by limiting access to specific media access control (MAC) addresses.  Separate the wireless segment from the rest of the network.

15 BASIC DEFENSES AGAINST WIRELESS ATTACKS  Increase WEP encryption levels.  Change the default WEP keys.  Measure the signal strength.  Protect SNMP.  Do not use Shared Key Authentication  Secure clients  Use honeypots  Increase WEP encryption levels.  Change the default WEP keys.  Measure the signal strength.  Protect SNMP.  Do not use Shared Key Authentication  Secure clients  Use honeypots

16 CONCLUSION  Access your particular security needs  Determine efficiency versus security trade-off  Any key is hackable  Use longest key feasible (not necessarily available)  Change as often as feasible  Remember the Wireless Rule  The more flexible access to a network is made, the less secure the environment  Access your particular security needs  Determine efficiency versus security trade-off  Any key is hackable  Use longest key feasible (not necessarily available)  Change as often as feasible  Remember the Wireless Rule  The more flexible access to a network is made, the less secure the environment

Download ppt "11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Similar presentations

Ads by Google