© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

Security in Wireless Networks Juan Camilo Quintero D
Filtering and Security By Mohammad Shanehsaz June 2004.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Wireless LANs BCMSN Module 6 Lesson 6.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
By Alvin Tse.  FCC – Federal Communications Commission   IETF – Internet Engineering Task Force   IEEE –
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Securing a Wireless Network
Windows 2003 and 802.1x Secure Wireless Deployments.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Course 201 – Administration, Content Inspection and SSL VPN
WIRELESS SECURITY ASHIMA SOOD PEYTON GREENE. OVERVIEW History Introduction to Wireless Networking Wireless Network Security Methods Securing Wireless.
Ch. 5 – Access Points. Overview Access Point Connection.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Wireless Infrastructures Wireless. Wireless Infrastructures Wireless LAN Predominantly IEEE A, B, G, N Wireless MAN WiMax and its.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
WIRELESS LAN SECURITY Using
Certified Wireless Network Administrator (CWNA) PW0-105 Chapter Network Security Architecture.
Network Admin Course Plan Accede Institute Of Science & Technology.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Mod 8.1 – Security Cisco Fundamentals of Wireless LANs version 1.2.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
Securing your wireless LAN Paul DeBeasi VP Marketing
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
WEP Protocol Weaknesses and Vulnerabilities
Wireless Authentication & 802.1X By Gareth Ayres.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless security Wi–Fi (802.11) Security
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Networks and Security Great Demo
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
IFIP-UNU ADVANCED COURSE ON NETWORKING AND SECURITY Module II-Wireless Communications Section 8 Wireless Security.
On and Off Premise Secure Access
Wireless LAN Security 4.3 Wireless LAN Security.
LM 5. Wireless Network Security
Presentation transcript:

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-2 Key terms WEP TKIP MIC EAP 802.1X WPA CCKM RADIUS SSH Encryption RSA RC4 (WEP) DES, 3DES, AES Cipher BKR

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-3 Advanced Security Terms WEP – Wired Equivalent Privacy EAP – Extensible Authentication Protocol TKIP – Temporal Key Integrity Protocol CKIP – Cisco Key Integrity Protocol CMIC – Cisco Message Integrity Check Broadcast Key Rotation – Group Key Update WPA – Wi-Fi Protected Access (WPA)

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-4 Security Fundamentals Balancing Security and Access

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-5 Vulnerabilities Technology –TCP/IP –WEP and Broadcast SSID –Association Process –Wireless Interference Configuration –Default passwords –Unneeded Services enabled –Few or no filters –Poor device maintenance Policy –Weak Security Policy –No Security Policy –Poorly enforced Policy –Physical Access –Poor or no monitoring

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-6 Threats Internal External Structured Unstructured

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-7 The Security Attack—Recon and Access

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-8 The Security Attacks—DoS

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-9 WLAN Security Wheel Always have a good WLAN Security Policy in place. Secure the network based on the policy

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-10 WLAN Security Considerations Authentication – only authorized users and devices should be allowed. Encryption – traffic should be protected from unauthorized access. Administration Security – only authorized users should be able to access and configure the AP configuration interfaces.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-11 Common Protocols which use Encryption When using a public network such as a WLAN, FTP, HTTP, POP3, and SMTP are insecure and should be avoided whenever possible. Utilize protocols with encryption. Traffic No Encryption Encryption Web Browsing HTTPS * HTTP File Transfer TFTP or FTP SCP Remote Mgmt POP3 or SMTP SPOP3 * Telnet SSH * SSL/TLS

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-12 WLAN Security Hierarchy Virtual Private Network (VPN) No Encryption, Basic Authentication Public “Hotspots” Open Access 40-bit or 128-bit Static WEP Encryption Home Use Basic Security 802.1x, TKIP/WPA Encryption, Mutual Authentication, Scalable Key Mgmt., etc. Business Enhanced Security Remote Access Business Traveler, Telecommuter

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-13 Basic WLAN Security Admin Authentication on AP To prevent unauthorized access to the AP configuration interfaces: Configure a secret password for the privileged mode access. (good) Configure local usernames/passwords. (better) Configure AP to utilize a security server for user access. (best)

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-14 User Manager

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-15 Admin Access CLI View

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-16 Console Password

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-17 SSID Manager

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-18 SSID Manager (cont)

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-19 Global SSID Properties

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-20 SSID CLI View

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-21 WEP WEP is a key. WEP scrambles communications between AP and client. AP and client must use same WEP keys. WEP keys encrypt unicast and multicast. WEP is easily attacked

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-22 Supported Devices What can be a client? Client Non-Root bridge Repeater access point Workgroup Bridge Authenticator? Root access point Root bridge ?

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-23 Enabling LEAP on the Client

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-24 Configuring LEAP on the Client

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-25 WEP Encryption Keys

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-26 Enterprise WLAN Authentication Authentication Types Open Authentication to the Access Point Shared Key Authentication to the Access Point EAP Authentication to the Network MAC Address Authentication to the Network Combining MAC-Based, EAP, and Open Authentication Using CCKM for Authenticated Clients Using WPA Key Management

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-27 WLAN Security: 802.1X Authentication Mutual Authentication EAP-TLS EAP-Transport Layer Security Mutual Authentication implementation Used in WPA interoperability testing LEAP “Lightweight” EAP Nearly all major OS’s supported: –WinXP/2K/NT/ME/98/95/CE, Linux, Mac, DOS PEAP “Protected” EAP Uses certificates or One Time Passwords (OTP) Supported by Cisco, Microsoft, & RSA GTC (Cisco) & MSCHAPv2 (Microsoft) versions Client AP Radius Server

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-28 EAP Extensible Authentication Protocol (802.1x authentication) Provides dynamic WEP keys to user devices. Dynamic is more secure, since it changes. Harder for intruders to hack…by the time they have performed the calculation to learn the key, they key has changed!

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-29 Basic RADIUS Topology RADIUS can be implemented: Locally on an IOS AP Up to 50 users On a ACS Server

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-30 Local Radius Server

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-31 Local Radius Server Statistics

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-32 Radius Server User Groups

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-33 ACS Server Options Cisco Secure ACS Software Cisco ACS Solution Engine

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-34 Backup Security Server Manager

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-35 Global Server Properties

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-36 Enterprise Encryption WPA Interoperable, Enterprise-Class Security

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-37 Cipher “Suite” Cipher suites are sets of encryption and integrity algorithms. Suites provide protection of WEP and allow use of authenticated key management. Suites with TKIP provide best security. Must use a cipher suite to enable: WPA – Wi-Fi Protected Access CCKM – Cisco Centralized Key Management

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-38 Configuring the Suite Create WEP keys Enable Cipher “Suite” and WEP Configure Broadcast Key Rotation Follow the Rules

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-39 WEP Key Restrictions Security ConfigurationWEP Restriction CCKM or WPA key mgt.No WEP in slot 1 LEAP or EAPNo WEP in slot 4 40-bit WEPNo 128-bit key 128-bit WEPNo 40-bit key TKIPNo WEP keys TKIP and 40 or 128 WEPNo WEP in slot 1 and 4 Static WEP w/MIC or CMIC WEP and slots must match on AP & client Broadcast key rotationKeys in slots 2 & 3 overwritten

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-40 Security Levels

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-41 Enterprise WLAN Security Evolution TKIP/WPA Successor to WEP Cisco’s pre-standard TKIP has been shipping since Dec.’01 Cisco introduced TKIP into i committee i-standardized TKIP part of Wi-Fi Protected Access (WPA) WPA software upgrade now available for AP1100 & AP1200 AES The “Gold Standard” of encryption AES is part of i standard –- AES will be part of WPA2 standard (expected in 2004)

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-42 Encryption Modes

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-43 Encryption Global Properties

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-44 Matching Client to AP

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-45 Matching Client to AP

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-46 Matching Client to AP

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-47 Matching Client to AP

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-48 Matching Client to AP

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-49 Matching Client to AP

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-50 Advanced Security: MAC Authentication

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-51 Adv. Security: EAP Authentication

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-52 Adv. Security: Timers

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-53 VLANs Configuring your access point to support VLANs is a three-step process: Assign SSIDs to VLANs. Assign authentication settings to SSIDs. Enable the VLAN on the radio and Ethernet ports.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-54 Using VLANs for Security SSID: data Security: PEAP + AES 802.1Q wired network w/ VLANs SSID: visitor Security: None AP Channel: 6  SSID “data” = VLAN 1  SSID “voice” = VLAN 2  SSID “visitor” = VLAN 3 SSID: voice Security: LEAP + WPA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.