WIRELESS LAN SECURITY Using

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

Implementing Security for Wireless Networks Presenter Name Job Title Company.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Implementing Wireless LAN Security

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

802.1x EAP Authentication Protocols

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Protected Extensible Authentication Protocol

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

IEEE Wireless Local Area Networks (WLAN’s).

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

KIRAN CHAMARTHI NETWORK SECURITY

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

.  Define authentication  Authentication credentials  Authentication models  Authentication servers  Extended authentication protocols  Virtual.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

What about 802.1X? An overview of possibilities for safe access to fixed and wireless networks Amsterdam, October Erik Dobbelsteijn.

Windows 2003 and 802.1x Secure Wireless Deployments.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.

Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Mobile and Wireless Communication Security By Jason Gratto.

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Wireless Networking.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Securing your wireless LAN Paul DeBeasi VP Marketing

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.

Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

CompTIA Security+ Study Guide (SY0-401)

On and Off Premise Secure Access

Presentation transcript:

WIRELESS LAN SECURITY Using EAP - TTLS

Security - In the Broad Sense Focuses on network security, system security, information security, and physical security Made up of a suite of multiple technologies that solve authentication, information integrity, and identification problems. Includes technologies – firewalls, authentication servers, biometrics, cryptography, intrusion detection, virus protection, and VPNs.

Wireless Network Security Issues Security is an even greater problem for wireless networks Use radio frequency (RF) technology, to transmit and receive data over the air Authentication of network users is not strong Unauthorized users can access network resources. Traffic encryption is also weak, so attackers are able to recover transmissions

IEEE 802.11 Standard Wired Equivalent Privacy (WEP) Static WEP Key Open and Shared Authentication MAC address matches an address in an authentication table used by the access point. It can be forged or NIC stolen One Way Authentication (Client to AP) 15 min to crack a 40-bits key (45 min to crack 128-bits)

802.1x - Authentication Methods EAP defines a standard message exchange that allows a server to authenticate a client based on an authentication protocol agreed upon by both parties. The access points defer to the Remote Authentication Dial-In User Service (RADIUS) server to authenticate users and to support particular EAP authentication types.

802.1x EAP – Authentication Types EAP-Transport Layer Security (EAP-TLS) Tunneled Transport Layer Security (TTLS) Cisco Light Weighted EAP (LEAP) Protected EAP (PEAP).

EAP – TLS and its Disadvantages In EAP-TLS, certificates are used to provide authentication in both directions. The server presents a certificate to the client, and, after validating the server's certificate the client presents a client certificate. Requires each user to have a certificate. Imposes substantial administrative burden in operating a certificate authority to distribute, revoke and manage user certificates

EAP- Tunneled Transport Layer Security (EAP- TTLS) EAP - TTLS protocol developed in response to the PKI barrier in EAP-TLS. Developed by Funk and Certicom. TTLS a two-stage protocol - establish security in stage one, exchange authentication in stage two. RADIUS servers, not the users, are required to have certificates The user’s identity and password-based credentials are tunneled during authentication

Advantages of Using EAP – TTLS Users to be authenticated with existing password credentials, and, using strong public/private key cryptography Prevents dictionary attacks, man-in-the-middle attacks, and hijacked connections by wireless eavesdroppers. Does not require the use of client certificates. Requires little additional administration unlike EAP-TLS Dynamic per-session keys are generated to encrypt the wireless connection and protect data privacy

Situations when EAP – TTLS can Fail User's identity is not hidden from the EAP-TTLS server and may be included in the clear in AAA messages between the access point, the EAP-TTLS server, and the AAA/H server. Server certificates within EAP-TTLS makes EAP-TTLS susceptible to attack. EAP – TTLS is vulnerable to attacks by rogue EAP-TTLS servers

Comparison of EAP- TTLS and PEAP Protocols Microsoft, Cisco and RSA Security developed Protected Extensible Authentication Protocol (PEAP) over 802.11 WLANs Windows XP is currently the only operating system that supports PEAP. Only EAP - generic token card Funk Software and Interlink Networks added support for the proposed wireless security protocol, developed by Funk and Certicom, Linux, Mac OS X, Windows 95/98/ME, and Windows NT/2000/XP. Any Authentication Method - CHAP, PAP, MS-CHAP, and MS-CHAPv2 and EAP

Conclusions Selection of an authentication method is the key decision in securing a wireless LAN deployment. EAP-TLS is best suited under situations when a well configured PKI is already deployed TTLS slight degree of flexibility at the protocol level and supports wider of client operating systems. No single security solution is likely to address all security risks. Hence should implement multiple approaches to completely secure wireless application access

Future Areas of Research Implement TTLS in a Wireless LAN. Develop test benches to compare the two 802.1x standards EAP-TTLS and PEAP. Implement PEAP for other operating systems other than Windows – XP. Develop ways to protect security between the access point, the EAP-TTLS server, and the AAA/H server by implementing firewalls or other such viable security techniques. Alternative ways to protect the private key in EAP –TTLS servers as they are susceptible to attacks in the case where the EAP-TTLS certificates are lost or are to be compromised.

References www.ietf.org/internet-drafts/draft-ietf-pppext-eap-ttls-02.txt http://www.nwfusion.com/research/2002/0506ilabwlan.html http://www.oreillynet.com/pub/a/wireless/2002/10/17/peap.html http://www.nwfusion.com/news/2002/1111funk.html http://www.nwfusion.com/news/2002/0923peap.html