Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.11 Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Published byAda Hunt Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.11 Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network."— Presentation transcript:

1

2 1 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.11 Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network for servers (usually 802.3 Ethernet)  Wireless stations with wireless NICs  Access points  Access points are bridges that link 802.11 LANs to 802.3 Ethernet LANs

3 2 Figure 2-12: 802.11 Wireless LAN Notebook With PC Card Wireless NIC Ethernet Switch Access Point Server 802.11 Frame Containing Packet 802.3 Frame Containing Packet (2) (3) Client PC (1)

4 3 Figure 2-12: 802.11 Wireless LAN Notebook With PC Card Wireless NIC Ethernet Switch Access Point Server 802.11 Frame Containing Packet 802.3 Frame Containing Packet (2) (1) Client PC (3)

5 4 Figure 2-11: 802.11 Wireless LAN (WLAN) Security Basic Operation  Propagation distance: farther for attackers than users Attackers can have powerful antennas and amplifiers Attackers can benefit even if they can only read some messages Don’t be lulled into complacency by internal experiences with useable distances

6 5 Figure 2-13: 802.11 Wireless LAN Standards Standard Rated Speed (a) Unlicensed Radio Band Effective Distance (b) 802.11b11 Mbps2.4 GHz~30-50 meters 802.11a54 Mbps5 GHz~10-30 meters 802.11g54 Mbps2.4 GHz? Notes: (a) Actual speeds are much lower and decline with distance. (b) These are distances for good communication; attackers can read some signals and send attack frames from longer distances.

7 6 Figure 2-11: 802.11 Wireless LAN (WLAN) Security Apparent 802.11 Security  Spread spectrum transmission does not provide security Signal is spread over a broad range of frequencies Methods used by military are hard to detect 802.11 spread spectrum methods are easy to detect so devices can find each other Used in 802.11 to prevent frequency-dependent propagation problems rather than for security

8 7 Figure 2-11: 802.11 Wireless LAN (WLAN) Security Apparent 802.11 Security  SSIDs Mobile devices must know the access point’s service set identifier (SSID) to talk to the access point Usually broadcast frequently by the access point for ease of discovery, so offers no security. Sent in the clear in messages sent between stations and access points

9 8 Figure 2-11: 802.11 Wireless LAN (WLAN) Security Wired Equivalent Privacy (WEP)  Biggest security problem: Not enabled by default  40-bit encryption keys are too small Nonstandard 128-bit (really 104-bit) keys are reasonable interoperable  Shared passwords Access points and all stations use the same password Difficult to change, so rarely changed People tend to share shared passwords too widely  Flawed security algorithms Algorithms were selected by cryptographic amateurs

10 9 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.1x and 802.11i (Figure 2-14)  Authentication server  User data server  Individual keys give out at access point

11 10 Figure 2-14: 802.1x Authentication for 802.11i WLANs Access Point Applicant (Lee) 1. Authentication Data 2. Pass on Request to RADIUS Server 3. Get User Lee’s Data (Optional; RADIUS Server May Store This Data) 4. Accept Applicant Key=XYZ 5. OK Use Key XYZ Directory Server or Kerberos Server RADIUS Server

12 11 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.1x and 802.11  Multiple authentication options (EAP) TLS  In strongest option, both client and access point must have digital certificates  Difficult to create public key infrastructure of digital certificates to implement this.  Option for only access point to have a digital certificate; no authentication for station. No protection against attacker!

13 12 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.1x and 802.11  Multiple authentication options TTLS  Access point must have digital certificate  Station authenticated with password or other approach that is only moderately strong but better than nothing MD5 CHAP authenticates only wireless station, with reusable password  Attacker can pretend to be an access point

14 13 Figure2-11: 802.11 Wireless LAN (WLAN) Security 802.1x and 802.11i (Figure 2-14)  Apparent security weaknesses in 802.11i; severity or ease of exploitation is not known  Temporal Key Integrity Protocol (TKIP) Temporary stopgap method; many older systems can be upgraded Key changed every 10,000 frames to foil data collection for key guessing

15 14 Figure2-11: 802.11 Wireless LAN (WLAN) Security Virtual Private Networks (VPNs)  Add security on top of network technology to compensate for WLAN weaknesses  Discussed in Chapter 8 WLAN, etc. VPN

16 15 Wi-Fi and WPA Wi-Fi Alliance  Industry group that certifies 802.11 systems  For 2003, will require WPA for Wi-Fi certification Wi-Fi Protected Access Temporal Key Integrity Protocol (TKIP) EAP 802.1x authentication Mutual client and access point authentication Key management Eventually, products will have to ship with WPA turned on New: Not in Book

17 16 The Situation Today in Wireless Security Wireless security is poor in most installations today The situation is improving, and technology will soon be good But old installations are likely to remain weak links in corporate security

Download ppt "1 Figure 2-11: 802.11 Wireless LAN (WLAN) Security 802.11 Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network."

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.

Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Access Control and Site Security (Part 2) (Tuesday, January 22, 2008) © Abdou Illia – Spring 2008.

Access Control and Site Security (Part 2) (Tuesday, January 22, 2008) © Abdou Illia – Spring 2008.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Access Control and Site Security (Part 2) (January 28, 2015) © Abdou Illia – Spring 2015.

Access Control and Site Security (Part 2) (January 28, 2015) © Abdou Illia – Spring 2015.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Wireless Security Chapter 12.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Wireless Security Chapter 12.
Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.

Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.

Similar presentations

Ads by Google