Presentation is loading. Please wait.

Presentation is loading. Please wait.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Published byHeather Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions."— Presentation transcript:

1 Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions

2  Overview of Wireless Technology.  Security and Privacy issues in Wireless Network.  Wireless Security Protocols.  Wireless Equivalent Privacy (WEP).  Wireless Equivalent Privacy (WEP2).  Wireless Equivalent Privacy plus (WEP+).  Wi-Fi Protected Access (WPA).  Temporal Key Integrity Protocol (TKIP).  WPA Pre Shared Key (WPA-PSK).  Wi-Fi Protected Access (WPA2).  Counter-Mode with CBC-MAC Protocol (CCMP).  Wireless Network Threats.  Traffic Analysis.  Passive Eavesdropping.  Active Eavesdropping.  Unauthorized Access.  Man-in-the-middle  Session High-Jacking  Replay  Denial of service (DoS) Contents

3  The wireless networks are based on the IEEE standards belonging to the 802 family.  Following list is a simple overview of the 802.11 family: 802.11b o Most widespread o 11Mb maximum, 2.4 GHZ band 802.11a o Next generation o 54MB maximum, 5GHZ band 802.11g o 54MB maximum, 2.4 GHZ band o Compatible with 802.11b 802.11X o Uses Extensible Authentication Protocol (EAP) o Supports RADIUS m OVERVIEW OF WIRELESS TECHNOLOGY.

4 Security and Privacy issues in Wireless Network.  End users are not security experts, and may not be aware of the risks posed by wireless LANs.  Nearly all of the access points running with default configurations have not activated WEP.  Most of the users does not change access point’s default key used by all the vendor's products out of the box.  The Wireless Access Points who are enabled with WEP can be cracked easily.

5 Wireless Equivalent Privacy (WEP)  WEP is a protocol that adds security to wireless local area networks (WLANs) based on the 802.11 Wi-Fi standard.  WEP algorithm is used to protect wireless communication from eavesdropping and to prevent unauthorized access to a wireless network.  The original implementations of WEP supported so-called 40-bit encryption, having a key of length 40 bits and 24 additional bits of system- generated data (64 bits total).

6  40-bit WEP encryption is too easy to decode.  WEP relies on a secret key.  WEP uses the RC4 encryption algorithm, which is known as a stream cipher. Wireless Equivalent Privacy (WEP) (Cont.)

7 Wireless Equivalent Privacy (WEP2)  A stopgap enhancement to WEP, implement able on some (not all) hardware not able to handle WPA/WPA2, based on:  Enforced 128-bit encryption  WEP2 remains vulnerable to known WEP attacks.  24GB to construct a full table, which would enable the attacker to immediately decrypt each subsequent ciphertext

8 WPA (Wi-Fi Protected Access)  It is also known as WEP+.  WEP plus enhances WEP security by avoiding.  It is only completely effective when WEP plus is used at both ends of the wireless connection.  It remains serious limitation.  WPA use Temporal Key Integrity Protocol (TKIP)to addresses the encryption weaknesses of WEP.  Key component of WPA is built-in authentication that WEP does not offer.  WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

9 WPA (Wi-Fi Protected Access) (Cont.)  One variation of WPA is called WPA Pre Shared Key or WPA-PSK.  To use WPA-PSK, a person sets a static key or "passphrase" as with WEP.  By using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them.  WPA uses the RC4 cipher.  Keys are rotated frequently, and the packet counter prevents packet replay or packet re- injection attacks.

10 WPA2 (Wi-Fi Protected Access)  WPA2 (Wi-Fi Protected Access 2) gives wireless networks both confidentiality and data integrity.  The Layer 2-based WPA2 better protects the network.  WPA2 uses a new encryption method called CCMP (Counter-Mode with CBC-MAC Protocol).  CCMP is based on Advanced Encryption Standard (AES).  AES is stronger algorithm then RC4.

11 Wireless Network Threats  Traffic Analysis.  Passive Eavesdropping.  Active Eavesdropping.  Unauthorized Access.  Man-in-the-middle  Session High-Jacking

12 Traffic Analysis  Traffic analysis allows the attacker to obtain three forms of information. The attacker preliminary identify that there is activity on the network. The identification and Physical location of the Wireless Access Point (AP). The type of protocol being used during the transmission.

13 Passive Eavesdropping Attacker Target  Passive Eavesdropping allows the attacker to obtain two forms of information. The attacker can read the data transmitted in the session. The attacker can read the information i.e source, destination, size, number and time of transmission.

14 Active Eavesdropping  Active Eavesdropping allows the attacker inject the data into the communication to decipher the payload.  Active Eavesdropping can take into two forms. The attacker can modify the packet. The attacker can inject complete packet into the data.  The WEP by using CRC only check the integrity of the data into the packet.

15 Unauthorized Access  Due to physical properties of the WLAN, the attacker will always have access to the Wireless components of the network.  If attacker become successful to get unauthorized access to the network by using brute force attack, man in the middle and denial of service attack, attacker can enjoy the whole network services.

16 Man-in-the-Middle

17 Session Hi-Jacking()

18 Changing Administrator Passwords and Usernames Upgrading your Wifi Encryption MAC Address Filtering You've got a built-in firewall, so use it Positioning of the Router or Access Point When to Turn Off the Network

19  Methodologies of free Wireless Hacking tools over the internet.  NetStumbler  Kismet  Wellenreiter  THC-RUT  Ethereal  AirSnort  HostAP  AirSnarf  SMAC  Aircrack  Aircrack-ng  WepAttack  WEPCrack. Contents

20 THANK YOU ^_^

Download ppt "Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions."

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.

Wireless Insecurity.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Similar presentations

Ads by Google