Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Slides:



Advertisements
Similar presentations
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Implementing Wireless LAN Security
Security+ Guide to Network Security Fundamentals, Third Edition
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Module-8 Wireless LAN Security ,Vulnerabilities and Attack Methods
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
1 Wireless Security Update Mark Ciampa Western Kentucky University
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN
Security+ Guide to Network Security Fundamentals, Fourth Edition
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
Wireless Networking.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Security+ Guide to Network Security Fundamentals, Third Edition
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Implementing Wireless and WLAN Chapter 19 powered by DJ 1.
Computer Concepts 2014 Chapter 5 Local Area Networks.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
How are Computers Connected? Chapter 8. How do you connect computers? Run wires between two computers Power Cord Plug into a power outlet Two wires needed.
Chapter 7 Part 2 Networks. Why would I ever consider a wired network connection over a wireless? – Wireless signals are more susceptible to interference.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
CWNA Guide to Wireless LANs, Third Edition Chapter 9: Wireless LAN Security Vulnerabilities.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understand Wireless Security LESSON Security Fundamentals.
Instructor Materials Chapter 6 Building a Home Network
Wireless Technologies
Wireless Protocols WEP, WPA & WPA2.
WEP & WPA Mandy Kershishnik.
Wireless LAN Security 4.3 Wireless LAN Security.
WLAN Security Antti Miettinen.
Presentation transcript:

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security

Security+ Guide to Network Security Fundamentals, Third Edition Objectives Describe the basic IEEE wireless security protections Define the vulnerabilities of open system authentication, WEP, and device authentication Describe the WPA and WPA2 personal security models Explain how enterprises can implement wireless security 2

Security+ Guide to Network Security Fundamentals, Third Edition IEEE Wireless Security Protections Institute of Electrical and Electronics Engineers (_________)  The most widely known and influential standards making organization for ____________________ ____________________________________ In 1990, the IEEE formed a committee to develop a standard for _______________  Operating at a speed of ________ million bits per second (Mbps) within the __________ frequency In 1997, the IEEE approved the IEEE WLAN standard 3

Security+ Guide to Network Security Fundamentals, Third Edition IEEE Wireless Security Protections (continued) Revisions  IEEE __________- operates at ______________ Mbps within the _____________ frequency AKA ____________________  IEEE ____- operates at __________ Mbps within the __________GHZ frequency _______ compatible with b  IEEE _______- operates at ________ Mbps and is ____________________________ compliant devices “best of both worlds”  IEEE _____ – said to increase bandwidth to ________ Mbps and is also _________________ 4

Wireless Security Protections Three categories 1. _________________ 2. Wired equivalent Privacy (_______) encryption 3. ______________________ More to come on each of these…

Security+ Guide to Network Security Fundamentals, Third Edition Controlling Access Controlling wireless access of devices to the WLAN  Accomplished by _____________________ to the access point (AP) By restricting access to the AP, only those devices that are _________________ to the AP and become part of the wireless network The IEEE standard does not specify ______ to implement controlling access Almost all wireless AP vendors implement access control through Media Access Control (_______) __________________________ MAC address filtering is usually implemented by _______________ (instead of preventing) devices to access the network 6

Security+ Guide to Network Security Fundamentals, Third Edition Wired Equivalent Privacy (_________) Designed to ensure that only ____________ _______________ can view transmitted wireless information Uses _______________ to protect traffic Uses ____________________ between wireless device and AP The IEEE committee designed WEP to meet the following criteria:  __________, exportable, optional, self- synchronizing, and ________________________ 7

Security+ Guide to Network Security Fundamentals, Third Edition WEP (continued) IEEE WEP shared secret keys must be a minimum of _______________ in length  The options for creating keys are as follows: 64-bit key 128-bit key Passphrase The AP and devices can hold up to ________ shared secret keys  One of which must be designated as the _______________  _________ must be done with ___________ key, ___________ must be done with the __________ key used for _____________________ 8

Security+ Guide to Network Security Fundamentals, Third Edition9 WEP (continued) Checksum based on text Default key Seed- changes each time so random number can be created = length of text plus the ICV 1 XOR 0 = 1 0 XOR 1 = 1 otherwise 0 value Encrypted text

Security+ Guide to Network Security Fundamentals, Third Edition Device Authentication Wireless LANs cannot limit access to the wireless signal by walls or doors  Sometimes called _________________ Wireless authentication requires the _____________ -not user- to be _________________________ to the network Types of authentication supported by the standard  ________________ authentication See Figure 6-6 – next slide  ____________________ authentication See Figure 6-7 – two slides down 10

Security+ Guide to Network Security Fundamentals, Third Edition11 Contains SSID AFTER comparing the SSID received with the actual SSID of the network

Security+ Guide to Network Security Fundamentals, Third Edition12 Challenge text sent back ? If equivalent

Security+ Guide to Network Security Fundamentals, Third Edition Vulnerabilities of IEEE Security IEEE standard turned out to be very _________________ The primary vulnerabilities are in the areas of:  Open system authentication  MAC address filtering  WEP More to come on each of these…. 13

Security+ Guide to Network Security Fundamentals, Third Edition Open System Authentication Vulnerabilities Open system authentication is considered weak because authentication is based on only _______________:  A _______________________ An attacker can easily discover a valid SSID by doing nothing  Exploits the ___________________________ Once a wireless device receives a beacon frame, it can attempt to join the network by sending an association request frame back to the AP 14

Security+ Guide to Network Security Fundamentals, Third Edition Open System Authentication Vulnerabilities (continued) _______________ scanning  The most common type of scanning  A wireless device _____________________ frame for a set period of time AP can be configured to prevent the beacon frame from including the SSID  Problems arise when the SSID is not beaconed  Provides ___________________________  User must ________________________ 15

Security+ Guide to Network Security Fundamentals, Third Edition Problems That can Arise when the SSID is not beaconed… 1. Can affect roaming causing an ______________ ____________________ Devices are not able to automatically switch from AP to AP when beaconing is turned off 2. Can also ___________________________ Microsoft Windows ______________ Devices using XP always connect to an access point that is broadcasting its SSID 3. The SSID can be _____________ even when it is not contained in beacon frames Still is transmitted in other management frames sent by the AP 16

Security+ Guide to Network Security Fundamentals, Third Edition MAC Address Filtering Weaknesses MAC addresses are initially exchanged in an __________________ through the WLAN  An attacker can easily see the MAC address of an approved device and use it to join the network  ___________________________________ Managing a large number of MAC addresses can pose significant challenges MAC address filtering does _____ provide an automatic means to __________________ user to access the network 17

Security+ Guide to Network Security Fundamentals, Third Edition Weaknesses in WEP 1. When encrypting packets with either a 64-bit or 128- bit number the initialization vector (_________) remains at ____________________  The short length of the default key ______________ The shorter the easier to break 2. WEP implementation violates the cardinal rule of cryptography:  Anything that creates a __________________ must be ____________________________ Patterns provide an attacker with valuable info  ______________________ in fewer than seven hours 18

Weaknesses in WEP (continued) Possible for an attacker to identify two packets derived from the same IV (called a collision)  Attacker could then launch a ________________ A method of determining the keystream by analyzing two packets that were created from the same IV Attacker can work backwards  Once the plaintext of one packet has been discovered, ___________ with that same IV can also be ______________________ Security+ Guide to Network Security Fundamentals19

Security+ Guide to Network Security Fundamentals, Third Edition Personal Wireless Security Designed for SOHO’s or consumer use The wireless security requirements for _________________ are most often based on two models promoted by the Wi-Fi Alliance:  _________ Personal Security 20

Security+ Guide to Network Security Fundamentals, Third Edition WPA Personal Security Wireless Ethernet Compatibility Alliance (___________)  A consortium of wireless equipment manufacturers and software providers formed to promote wireless network technology In 2002, the WECA organization changed its name to _____________ (Wireless Fidelity) _________________ 21

Security+ Guide to Network Security Fundamentals, Third Edition WPA Personal Security (continued) In October 2003 the Wi-Fi Alliance introduced Wi-Fi Protected Access (_____)  WPA addresses __________________________ _______________________ _________ addresses ________________ __________ addresses _______________________ 22

Security+ Guide to Network Security Fundamentals, Third Edition WPA Personal Security (continued) Preshared key (PSK) authentication uses a ____________________  which is used to __________________________  PSK serves as the starting point (seed) for mathematically generating the encryption keys  PSK used to authenticate user The __________ is created and must be entered into __________________ and ___ ____________________ prior to the devices communicating with the AP 23

Security+ Guide to Network Security Fundamentals, Third Edition WPA Personal Security (continued) Temporal Key Integrity Protocol (TKIP) is the encryption technology used by WPA TKIP has several _____________________:  TKIP uses a longer ________ key- called the _________ key  TKIP keys are known as ________________ which are _________________ for each packet created  When coupled with other technologies, TKIP provides an even greater level of security WPA also replaces the (CRC) function in WEP with the Message Integrity Check (______________)  Designed to prevent an attacker from _____________________ _________________________________  A MIC key, the sender and receiver’s MAC and the text create the MIC  ______________________ each _________________ the MIC then the __________________ 24

Security+ Guide to Network Security Fundamentals, Third Edition WPA2 Personal Security Wi-Fi Protected Access 2 (__________)  Introduced by the Wi-Fi Alliance in September 2004  Still uses _______________ but instead of TKIP encryption it uses _____________________________________ PSK Authentication  Intended for personal and small office home office users who ________________________________________  PSK keys are __________________________________ _______________________ after a specified period of time known as the ____________________  Like PSK in the original WPA, keys must be entered in both access point and the wireless devices 25

Security+ Guide to Network Security Fundamentals, Third Edition WPA2 Personal Security (continued) First PSK _______________________:  The distribution and sharing of PSK keys is performed ____________ without any technology security protections  PSK only uses a _____________ (WEP can use four keys)  PSK key must be changed regularly and requires _____________________________ on every wireless _______________ and on all _________________  In order to allow a guest user to have access to a PSK WLAN, the key must be given to that guest, then changed on all devices once guest departs 26

Security+ Guide to Network Security Fundamentals, Third Edition WPA2 Personal Security (continued) A second area of PSK vulnerability is the use of _______________________  Consisting of letters, digits, punctuation, etc. that is between 8 and 63 characters in length  PSK passphrases of fewer than __ characters can be subject to a specific type of _______________ WPA2 encryption - AES-CCMP  Different parts of the algorithm provide ________ ______________________________________ 27

Security+ Guide to Network Security Fundamentals, Third Edition _____________ Wireless Security The enterprise wireless security options can be divided into those that follow:  IEEE i standard or  WPA and WPA2 models More to come on both… 28

Security+ Guide to Network Security Fundamentals, Third Edition IEEE i The IEEE i wireless security standard addresses the two main weaknesses of wireless networks: ___________ and __________________ Encryption is accomplished by replacing WEP’s original PRNG RC4 algorithm w ith a ____________  Much more difficult for attackers to break IEEE i _____________ and ______________ is accomplished by the IEEE ___________________  Greater degree of security by using ___________________ All traffic blocked on port-by-port base until client is authenticated  Authentication verified using credentials stored on an __________________________________  Provides a _______ way to _______________ used for encryption  Software, known as ________________, is a required installation on all __________________ using the 802.1x protocol 29

Security+ Guide to Network Security Fundamentals, Third Edition IEEE i Authentication Procedure 30 WLAN of client & AP which sends info to sends info back to AP and begin transferring data

Security+ Guide to Network Security Fundamentals, Third Edition IEEE i (continued) i includes _________________  Stores information from a device on the network so if a user roams away from a wireless access point and later returns, he ________________ ________________ all of the credentials i includes ____________________  Allows a device to become ______________ to an AP _________________________ of that AP Allows for faster roaming between AP’s 31

Security+ Guide to Network Security Fundamentals, Third Edition WPA Enterprise Security The WPA Enterprise Security model is designed for ______________________ organizations  Provides _____________________________ over the personal model on a wireless LAN ______________ used is ______________ (same authentication used in the IEEE i standard) _______________ is _______________ (used in WPA Personal Security model as well) 32

Security+ Guide to Network Security Fundamentals, Third Edition WPA Enterprise Security (continued) IEEE 802.1x Authentication  Gaining in popularity  Provides an authentication framework for all _____ _______________ IEEE 802-based LANs Described earlier… TKIP Encryption  An improvement on WEP encryption  Uses existing WEP engine Described earlier… 33

Security+ Guide to Network Security Fundamentals, Third Edition WPA2 Enterprise Security Provides the ________________________ _________________ on a wireless LAN  ________________ used is _______________  ______________ is _____________________ Both Described Earlier… 34

Enterprise Wireless Security Devices/Tools Additional wireless security devices and tools are used by organizations to defend against attackers. Three examples are:

Security+ Guide to Network Security Fundamentals, Third Edition Enterprise Wireless Security Devices/Tools _______ Access Point  An access point _________________________ ________________________ These features reside on the __________________  Advantages All APs can be _____________________________ simplifying wireless network management All ______________ is performed in the wireless ________ allowing configuration to be done in one central location  Downside- AP’s and wireless switches are ________________ so they must both come from the ____________________ 36

Security+ Guide to Network Security Fundamentals, Third Edition Wireless Switch and Thin AP Figure 37

Security+ Guide to Network Security Fundamentals, Third Edition Enterprise Wireless Security Devices/Tools (continued) Wireless VLANs  Can be used to ___________________________  The flexibility of a wireless VLAN depends on which device separates the packets and directs them to different networks See Figures 6-14 and 6-15 For enhanced security many organizations set up _________ wireless VLANs  One for ___________ access  One for ____________ access 38

Security+ Guide to Network Security Fundamentals, Third Edition39

Security+ Guide to Network Security Fundamentals, Third Edition40

Security+ Guide to Network Security Fundamentals, Third Edition Enterprise Wireless Security Devices/Tools (continued) Two Rogue Access Point Discovery Tools 1. ___________________________________ Allows manual auditing the airwaves for rogue access points 2. Continuously monitoring the RF frequency using a special sensor called a _______________ Four types of wireless probes:  ________________ probe  _____________________ probe  _________________________ probe 41

Security+ Guide to Network Security Fundamentals, Third Edition Summary The initial IEEE standard contained security controls for protecting wireless transmissions from attackers The Wi-Fi Alliance has introduced two levels of personal security  Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) Enterprise wireless security requires different security models from personal wireless security Additional wireless security devices can be used to defend against attackers 42

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.