Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gary Zavitz Wireless LAN Site Surveys and Security Considerations Site Surveys and Security Considerations eLearning…Wired and Wirelessly!

Published byLogan James Modified over 8 years ago

Similar presentations

Presentation on theme: "Gary Zavitz Wireless LAN Site Surveys and Security Considerations Site Surveys and Security Considerations eLearning…Wired and Wirelessly!"— Presentation transcript:

1 Gary Zavitz gaz@interbeach.com Wireless LAN Site Surveys and Security Considerations Site Surveys and Security Considerations eLearning…Wired and Wirelessly!

2 Experience  WBT and ILT training experience  Producer, Developer of Virtual Webinars  Wireless Computing Instructor  Telecom Management Certification  Chair of Sheridan College Telecom Alumni Association

3 eLearning…Wired and Wirelessly! A Warehouse Without Wires The client has expanded warehouse operations into a large area, that lacks existing wiring. The ceiling is very high, and the floor is thick concrete. It will be quite expensive to install traditional data wiring. They have some fork lifts whose operators use mobile terminals which need LAN connectivity. Think about what type of area this represents, and what design considerations might need to be made.

4 eLearning…Wired and Wirelessly! Why a site survey?  Determine actual coverage area  Determine number of wireless cells needed  Determine location of access point and/or wireless servers

5 eLearning…Wired and Wirelessly! Wireless – planning considerations  Number of total and simultaneous users  Average and maximum bandwidth needed  Degree of user roaming  Site survey input  Location of AP’s to maximize connectivity and bandwidth (distance/density/overlap)  Frequency/channel usage (1,6,11 non- overlapping)  Redundancy

6 eLearning…Wired and Wirelessly! RF Barrier description RF Barrier severityExamples Air Minimal WoodLowpartitions PlasterLowinner walls Synthetic materialLowpartitions AsbestosLowceilings GlassLowwindows WaterMediumdamp wood, aquarium BricksMediuminner and outer walls MarbleMediuminner walls Paper rollsHighpaper on a roll ConcreteHighfloors, outer walls Bulletproof glassHighsecurity booths MetalVery highdesks, metal partitions Barriers and attenuation of signals

7 eLearning…Wired and Wirelessly! Security Concerns We are concerned and need what ever wireless solution is deployed to be secure. We’d like to have an easy to manage, centralized system for updating keys, and validating AP’s and clients. Using MAC based filters at each of the AP’s is too much of a hassle.

8 eLearning…Wired and Wirelessly! wLAN Security - Wired Equivalency Privacy  WEP : symmetric encryption (shared key), defines method but not how to share and distribute/manage keys  RC4 algorithm (40+24 bits keys) WIFI compliant  104 + 24 bits proprietary (non IEEE standard/non WiFi scope) but interoperable implementations (i.e. Lucent/Cisco, others) Phy- Header MAC Header and Payload Preamble PLCP Header MAC Header CRC Payload Encrypted Init Vector 24 bits ICV 32 bits Cyphertext

9 eLearning…Wired and Wirelessly! wLAN Security - WEP issue?  Goal was to address equivalent physical security as with fixed network  Should be used with other measures above and beyond to achieve data privacy  40 or 104 bit encryption, length of 24 bit init vector, sent as clear text, was concern of Berkeley article  Single Key per Network –multiple keys for Receive to allow key change-over  Most AP (Cisco, etc.) products support Radius based MAC authentication

10 eLearning…Wired and Wirelessly! Encryption Wired Equivalent Privacy  “64 WEP” standard available –40-bit secret key + 24-bits Initialization Vector (IV) –IEEE 802.11 standard  “128RC4” available –104-bit secret key + 24-bits Initialization Vector (IV) –Not IEEE 802.11 compliant  When WEP is enabled, Shared Key Authentication is enabled

11 eLearning…Wired and Wirelessly! Overview of 802.11b Security Vulnerabilities  Compromise of encryption key  Theft of hardware is equivalent to theft of key  Packet spoofing, disassociation attack  Rogue AP  Known plain-text attack  Brute force attack  Passive monitoring  Replay attack

12 eLearning…Wired and Wirelessly! Wireless – Security Recommendations  Change default SSID, password, SNMP settings  Avoid temping SSID names that identify hacker targets  Configure as “Closed System” to not broadcast SSID beacons or answer probes from clients set to “ANY”  Minimize coverage beyond desired areas  Use tools for periodic site surveys to spot “rogue” AP’s  Consider limiting access based on MAC if practical  Place APs in DMZ based VLAN and have clients VPN in  Consider IPSec  AP’s not in public accessible areas  Address WEP Weaknesses via Key Rotation, 802.1x, WEP 2 (802.11i),VPN Overlay

13 eLearning…Wired and Wirelessly! 802.1x, Security and Encryption  802.1x is purely an authentication standard and is a “Standard for Port Based Network Access Control”  802.1x applies to wired and wireless networks  802.1x defines methods for authentication and key distribution plus other things  802.1x is usable with currently standardized authentication/key distribution schemes (i.e. - RADIUS/ Kerberos)  802.1x is a work in progress  Usable with currently standardized authentication/key distribution schemes (i.e. - RADIUS/ Kerberos)  Does not specify MAC level encryption type (I.e. WEP40/104 or other), so independent of it  However, 802.1x can be used to set WEP keys –Addresses Key Distribution problem –Permits rapidly changing, individual WEP keys –WEP is still required for encryption

14 eLearning…Wired and Wirelessly! Access Control RADIUS Access Control (RAC)  Extension to existing Access Control system to make it more usable for large networks  Access Control table does not reside in each Access Point but in a RADIUS server: –Server device that communicates with APs using RFC 2138 defined RADIUS protocol definition. (RADIUS = Remote Authentication Dial-In User Service)  Network administrator needs to manage one Access Control table which rather then one for each AP  RAC will overcome the limitation of the 497 entries that an AP-based Access Control Table can hold at maximum

15 eLearning…Wired and Wirelessly! Secure Wireless LAN Architecture

16 eLearning…Wired and Wirelessly! And if you don’t believe secure wireless communications is important…

17 eLearning…Wired and Wirelessly!

18 Gary Zavitz gaz@interbeach.com 416-347-9251 Thank You Gary Zavitz gaz@interbeach.com 416-347-9251 gaz@interbeach.com

Download ppt "Gary Zavitz Wireless LAN Site Surveys and Security Considerations Site Surveys and Security Considerations eLearning…Wired and Wirelessly!"

Similar presentations

Site survey. Why a site survey determine actual coverage area determine number of wireless cells needed determine location of access point and/or wireless.

Site survey. Why a site survey determine actual coverage area determine number of wireless cells needed determine location of access point and/or wireless.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through.

1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Similar presentations

Ads by Google