Wireless LAN Security In a Campus Environment
|
|
- Clara Singleton
- 8 years ago
- Views:
Transcription
1 Wireless LAN Security In a Campus Environment Clark Gaylord and Steven Lee Virginia Tech Introduction With the September 1999 ratification of the b standard by the Institute of Electrical and Electronic Engineers (IEEE), many of the significant operational and interoperability issues with wireless LANs were addressed. Following this, numerous computer and network vendors produced supported hardware to this standard, and, subsequently, wireless LANs have enjoyed considerable popularity. This recent prevalence of wireless LANs has required many organizations to reassess their views regarding computer network security policies. Whereas a wired infrastructure gives some obvious physical access limitations to a network and some degree of privacy, the shared medium of radio creates equally obvious questions regarding how to limit access to this network. This report provides a synopsis of the security mechanisms available for b wireless networks, and how these relate to academic institutions. In particular, we describe and assess some standard methods for implementing access control and privacy in the wireless LAN arena. This report focuses on the LAN aspects of wireless technology, though some of the points here raised may be applicable to fixed wireless installations. Deployment Scenarios The untethered nature of wireless LANs makes them very effective at meeting the needs for an increasingly portable, and somewhat mobile, community of Internet users. Wireless LANs have been shown to be useful in a variety of situations: A small number of peer computers forming an ad hoc network between them, Residential and small offices where one access point typically serves a small number of devices, Enterprise deployments spanning multiple buildings where end-stations are somewhat controlled by the network operator
2 Service providers with numerous access points serving a broad spectrum of customers. These customers typically subscribe to the wireless LAN service in some way and the service provider has very little operational influence over the end-stations beyond basic operating terms of the service. Every wireless LAN has its own set of security policy issues, with these scenarios identifying some commonality between them. In most academic campus environments, the scenario is some mix of enterprise and service provider. A campus is similar to many enterprises in that the institution tends to be the sole provider for a given campus, and most potential users on this campus can be assumed to be associated with the institution. On the other hand, academic institutions tend to have limited influence over the configuration of the endstations and the user base tends to be very heterogeneous, making this environment more similar to a service provider. This blending of enterprise and service provider lends a distinctive character to the management and security of wireless LANs at the academic institution. The typical campus deployment of wireless LAN is to have numerous access points throughout selected campus buildings operated by some telecommunications organization within the institution. The controlling organization may be a central information systems department or a subset of another department or several departments, but there is often some form of planning and coordination, at least throughout selected parts of a campus system. Access Control Access control is concerned with the questions of authentication and authorization. Authentication is the process of determining the identity of the entity attempting access. Authorization is the process of determining that this known entity is allowed such access. In several systems, these principles are trivially identified, but there are approaches to access control that distinguish these principles. Shared key methods Shared key methods are simplistic approaches that consider the authentication and authorization as being equivalent. By knowing the shared key, hosts identify themselves as being in the class of authorized entities. There is nothing unique to the host in the authentication step.
3 The standard defined two types of access control: Open System Authentication and Shared Key Authentication. Open System Authentication is the most trivial of both authentication and authorization; it provides no authentication, and, hence, can distinguish between none of the potential hosts. Using Open System Authentication, any standards compliant device is authorized to associate with the wireless access point. The notable advantage of the Open System approach is its simplicity. Shared Key Authentication is a mechanism whereby any station that knows the shared secret key for the network is authenticated. This method also uses Wired Equivalent Privacy (WEP), an encryption algorithm that will be discussed later in this paper. The secret shared key resides on each station and on the Access Point (AP). A challenge/response handshake occurs between the AP and the station to compare these keys, and the station is authorized to use the network if it proves that it knows the secret key. Lucent Technologies developed an extended access control feature that has been adopted by many b vendors. This mechanism is based on an unencrypted shared secret key, referred to as the network name or Extended Service Set Identifier (SSID) of the wireless network. This method provides a compromise between the Open System and Shared Key methods. While admission to the network still requires a key, no attempt is made to obscure this key from observers of the medium. Even when this method is combined with WEP to include encryption, management frames usually contain the SSID. AP s and clients broadcast these frames unencrypted; hence the network name is readily available to users with readily available wireless network analysis software. Regardless of the details of the shared key system, they share a common flaw in limiting access to the network, viz., that all users possess the same key with which to authenticate themselves. In a campus deployment model, where most potential users are members of a well-identified and open community, any such shared key must be common knowledge to the entire potential community. Indeed, easy access to this key is essential to cost-effective user support. There is nothing secret about such a key, and, as such, there is no real barrier to being admitted to the network. This is acceptable in certain contexts, but in most of these there is no reason not to make the system open instead. The one case where these shared key systems are useful is where there are multiple wireless networks in the same physical space, and it is important that
4 hosts identify with the correct set of access points regardless of their physical proximity to competing systems. In this case, the key is more to identify the network to the host than the other way around. This is applicable in the academic environment where there may be bona fide research or nonproduction reasons to operate access points outside the campus service, but in these cases the campus service itself would still be an open system. Similarly, this approach may be useful in metropolitan areas where users want to ensure that they associate with the correct wireless network. Host-specific Access Control In contrast to the various shared-key approaches, we now address methods for access control that distinguish between the issues of authentication and authorization. It is worth noting that none of these approaches is addressed in the original b specification. With these methods, the host attempting to gain access to the network is individually identified, often by MAC address or user name, and this identity is then used to determine the authorization rights of the host. By separating these issues, the question of how authentic the credential is can also be addressed. MAC Addresses Authentication Access to a wireless LAN entails at some level access to the LAN infrastructure to which it connects. While most wired LANs have ignored the question of access control, some mechanisms have existed to provide this access control. Most of these methods rely on the host s physical, or MAC, address. The two most common approaches perform this access control at, respectively, layer two and layer three of the OSI model. At layer two, bridges, which include wireless access points, have long had the ability to restrict forwarding based on the source MAC address of the Ethernet frame. At layer three, nodes that wish to operate meaningfully on any LAN normally need to have a network-layer address. DHCP servers commonly have the feature to restrict the service of IP addresses based on MAC addresses being known by the DHCP server. A DHCP server can be used to control access to the wireless network. This is accomplished by creating a client pool of the MAC addresses of registered users and only serving the correct IP configurations to these users. The disadvantage of this approach is that unregistered users can easily determine the network information by sniffing the radio transmissions and then configuring their device with an address within the valid subnet. Coordinating
5 DHCP leases with network access control lists addresses this, but this approach is more difficult to manage. Since wireless access points operate as Ethernet bridges, they can often be configured with a list of allowed MAC addresses on a particular interface, viz., the air interface. This approach is very straightforward to implement and readily supported by all wireless LAN clients, but it suffers from the unauthentic nature of MAC addresses. Although each host has a unique assigned MAC address, this need not be the MAC address actually used on the network. By configuring the driver software with a known authorized MAC address, an otherwise unauthorized user can obtain spurious access to a wireless LAN. Still, most network operators have found this exposure to have minimal impact on unauthorized use of the wireless LAN, so it is often found to be a reasonably effective means of having some access control. This method is also limited in that an AP can only store a given number of MAC addresses and every AP must be configured with these addresses, making a large-scale deployment problematic. An improvement to the list of MAC addresses on the access point is to have a manageable source for the authorized MAC addresses available to the access points. Some vendors have implemented this as a RADIUS client on the access point, though other implementations are also possible. In addition to making the list of authorized MAC addresses manageable, it avoids the problem of the limited size of this list per access point. This maintains the ubiquity and simplicity of the MAC-based access control while making the approach scalable to many access points. These MAC-based options all base the authorization upon the physical address of the client s WLAN hardware and not on the individuals themselves. This may not be considered optimal for many cases, but it is readily supportable for all client systems. User-specific Authentication Disadvantages of MAC-based authentication include its identification with the host rather than the user and the difficulty of authenticating the MAC address to the user in question. On the other hand, authentication credentials which identify the user specifically often have a much stronger nature, using one-time passwords, challenge/response methods, etc, that make unauthentic use more difficult than the MAC-based methods. There are a number of methods that
6 use user-based authentication to control network access. The most common approach is the authenticating firewall. There are numerous implementations of these firewalls, but they share some way for the user to present authentication credentials, usually a username/password pair, prior to being authorized for some level of network access. The variety of these strategies reflects numerous details regarding how the credential is entered (e.g., web browser vs. proprietary interface) and how network access is controlled (e.g., Ethernet port vs. router access control). There are a similar variety of standards vs. proprietary solutions in this approach. A developing standard for controlling access to a local network infrastructure that applies to wired or wireless Ethernet is 802.1x port-based access control. While the availability of Ethernet devices and client operating systems that support 802.1x is scarce, this is an area of active development and considerable promise. The 802.1x standard defines a method for Ethernet switches to compare authentication credentials provided by supported end-stations to a RADIUS server. This standard stands to fill the need for user-level authentication for wireless networks as well as switched Ethernet networks, but will not be useful in campus environments until the wider availability of 802.1x clients and network devices. In environments where a particular vendor s equipment and end-station operating systems can be specified by a controlling organization, certain limited solutions (e.g., Cisco s LEAP) can be used. More suitable at the current time is web-based authentication to a firewall. In this scenario, the user is admitted to the wireless network and receives an IP address, but their traffic is blocked by a firewall until they have established authentic authorization for access. There are numerous products to provide this service, or the reasonably savvy network operator can readily build such a solution. Some firewall-based approaches also require client software on the end-station. These proprietary software clients are common for VPN solutions, with corresponding operating system restrictions, making them problematical for any service-provider model of operation. The common disadvantage to user-based authentication is that usually the user is impeded from using the network each time they wish to join it. In MACbased solutions, the user automatically has access once they have subscribed to the service. On the other hand, user-based solutions require that the user login to the network each time, which many users find cumbersome. Still, many environments find this approach acceptable.
7 Encryption and Privacy Just as the question of access control becomes more obviously relevant for wireless LANs than wired, so too the question of the obscurity of the data transmitted on the network becomes more obvious. Traditional wired LANs generally have the benefit of being somewhat secured within a building. Wireless LANs do not have this advantage since their transmissions can penetrate walls. The approaches to encryption in the wireless environment mirror those approached already discussed for access control. Some rely upon shared keys, while others use user-specific keys, with similar advantages and disadvantages to these approaches in the wired environment. Wired Equivalent Privacy Another shared key In order to appreciate the applicability of the IEEE Wired Equivalent Privacy, one must recognize what wire it is that the system is being made equivalent to. The original Ethernet specification was for strands of coaxial cable where electrical signals of modulated Ethernet data propagate to all stations on the cable. Stations not attached to this coaxial cable cannot see the transmissions of stations on the wire, and all stations on the cable can see all transmissions by all other stations. It is this shared, broadcast medium that WEP is attempting to replicate in the wireless arena. With switched Ethernet, on the other hand, the only stations that share the actual electrical signals are the end-station and the Ethernet switch. While the one-dimensional propagation along coaxial cable is considerably more restricted than the three-dimensional propagation of radio signals, it is still much broader than switched Ethernet. To accomplish this coaxial cable equivalence, operators of wireless LANs distribute a single key to all stations. This key may be either 40-bit or 128-bit, depending on implementation. Those stations with the key can see all traffic by others with the key that are within radio range, but any stations operating in the area without the key cannot readily determine the content of the data in the Ethernet frames. This shared-key method for encrypting data on the wireless medium creates a systematic problem for operators and users concerned with data privacy. In a campus deployment, all would-be snooping parties are likely to be members of the community with the WEP key, making the data readily available to collection methods.
8 To make matters worse for the WEP approach, researchers at the University of California, Berkeley (2) and at the University of Maryland (3) separately proved that the keys could be compromised in a matter of hours. However, this result has little relevance for the campus deployment, because the shared-key approach is inappropriate for providing any real privacy. In cases where the shared-key approach is more appropriate, such as home or small-business offices, this is an important matter to bear in mind; in no case does WEP provide strong encryption of the data on the network. A proposed extension to WEP allows for Fast Packet Keying, where the actual key changes over time. This proposal will make WEP more useful in contexts where it is applicable, but it does not alter the (lack of) applicability of WEP to campus deployments. Another disadvantage of WEP is that network performance is degraded by up to 30%. These two facts discourage the implementation of WEP in a University environment. User-specific Keys Since it is the shared-key nature of WEP that makes it unsuitable for campus deployments, it is reasonable to consider whether user-specific encryption keys might address concerns of open data being transmitted on the wireless medium. Such an approach is considered with the Extensible Authentication Protocol (EAP) entailed with 802.1x and is implemented in Cisco s pre-802.1x LEAP approach. VPN approaches Whether based on a shared key or user-specific keys, the above privacy approaches share that they are only concerned with encrypting the wireless medium, leaving the traffic unencrypted on the wired LAN. The Virtual Private Network approach takes this one step farther by encrypting the traffic further into the wired LAN. A Virtual Private Network establishes an encrypted tunnel between the end-station and some other point on the globally routed Internet. The efficacy of this approach depends upon the trustability of the communications channel between the terminus of the VPN and the ultimate destination of the traffic. When the VPN terminus is far from the traffic destination, this efficacy is probably low, but communication with destinations near the tunnel terminus may have reasonably good privacy. Unfortunately,
9 most VPN products available today are proprietary and generally have poor interoperability. End-to-end Encryption The problem with the efficacy of VPNs in providing privacy for data communications is that the intended destination of the traffic may be far from the VPN terminus. The only way to ensure that encryption is maintained to a point close to the desired destination, for all such possible destinations, is to use applications that encrypt traffic end-to-end. Given that end-to-end encryption is the only means to ensure privacy, this begs the question of the usefulness of any of the other approaches for privacy. In spite of any vulnerability that may exist in WEP, for example, if the data being transmitted within the Ethernet frame is itself encrypted, the would-be WEP cracker gets no information. Is there any reason not to use whatever encryption exists at all points, recognizing that end-to-end encryption is the only approach that actually provides reasonably assured privacy? Why not use WEP and VPN and end-to-end methods? Firstly, each of the privacy methods has significant support costs. Arguably, WEP and VPN are considerably more involved to support, for example, than SSH or SSL. Second, the fact that users are aware of WEP and/or VPN attempts for privacy may make them more lax in ensuring that applications they use have appropriate encryption. Finally, the cost in bandwidth for this approach is substantial. A modest cost for encryption is 20% of bandwidth, resulting in only 83% of the capacity being unencrypted payload. Using thrice encryption at this cost results in the unencrypted payload being less than 58% of the total transmission bandwidth. Authenticating the Network Much emphasis has been placed upon the ability of end-stations to be authenticated to a wireless network. An aspect of wireless network access control that is often over-looked is the ability for the network to authenticate itself to the end-station. The only means to do this with most systems is with the shared-key SSID method, as mentioned above. While this is at least some credential, it suffers from being readily available to the would-be malicious access point operator. This issue has potentially serious security implications, as users will send all traffic to the access point. While there are seldom good solutions to defeating a dedicated malicious user, this example highlights that fact.
10 Conclusion We have discussed how different approaches to wireless network security are applicable in different contexts, but that certain commonalities exist for many campus environments. Notable points we express are: 1. Most of the issues commonly express with wireless networking are not germane to the wireless context but exist in all LANs. 2. Controlling access to the network is more relevant to wireless networking than attempting to ensure privacy. 3. MAC-based methods for access control are easy to implement and support, yet provide a reasonable level of control. 4. The best method for privacy assurance is end-to-end; the network cannot provide effective privacy. 5. WEP has little applicability for campus deployments. The cracking of WEP is irrelevant. 6. The only reasonably secured host is one that is kept turned unplugged in a bank vault.
11 References 1. Link to standard 2. Link to UC Berkeley WEP crack paper 3. Link to MD WEP crack paper Tgi x ( 17.txt) 7. Wireless VPN Performance Tests
12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationLink Layer and Network Layer Security for Wireless Networks
Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.
More informationEnabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches
print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationEbonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science
Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationINFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG ITMC TECH TIP ROB COONCE, MARCH 2008
INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG What is wireless technology? ITMC TECH TIP ROB COONCE, MARCH 2008 In our world today, this may mean sitting down at a coffee
More informationComputer Networking Networks
Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office
More informationWireless Network Policy
Wireless Network Policy Purpose Guide the deployment and integrity of wireless networking on the Kettering University campus to ensure reliable, compatible, and secure operation Protect the security of
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More informationEnterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003
Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationChapter 2 Configuring Your Wireless Network and Security Settings
Chapter 2 Configuring Your Wireless Network and Security Settings This chapter describes how to configure the wireless features of your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router. For a wireless
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationRunning Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS
Wireless Data Network Security 1 Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security for Hospitals: Various Solutions to Meet HIPAA Requirements. Jody Barnes East
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationSecuring your Linksys Wireless Router BEFW11S4 Abstract
Securing your Linksys Wireless Router BEFW11S4 Abstract Current implementations of the 802.11b wireless LAN standards have several potential pitfalls for security. However, built in security mechanisms
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationConfiguring Security Solutions
CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from
More informationWIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS
January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are
More informationSecure Network Design: Designing a DMZ & VPN
Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network
More informationHIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper
HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate
More informationHughesNet Broadband VPN End-to-End Security Using the Cisco 87x
HughesNet Broadband VPN End-to-End Security Using the Cisco 87x HughesNet Managed Broadband Services includes a high level of end-to-end security features based on a robust architecture designed to meet
More informationWireless Ethernet LAN (WLAN) General 802.11a/802.11b/802.11g FAQ
Wireless Ethernet LAN (WLAN) General 802.11a/802.11b/802.11g FAQ Q: What is a Wireless LAN (WLAN)? Q: What are the benefits of using a WLAN instead of a wired network connection? Q: Are Intel WLAN products
More informationNetworks. The two main network types are: Peer networks
Networks Networking is all about sharing information and resources. Computers connected to a network can avail of many facilities not available to standalone computers: Share a printer or a plotter among
More informationm-trilogix White Paper on Security in Wireless Networks
m-trilogix White Paper on Security in Wireless Networks Executive Summary Wireless local area networks (WLANs) based on IEEE 802.11b (Wi-Fi) will ship, according to a Cahners- Instat study, 23.6 million
More informationLink Layer and Network Layer Security for Wireless Networks
White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationRobust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been
Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationExam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: 646-151 Doc Type: Q & A with Explanations Total Questions: 50
Question: 1 Which network security strategy element refers to the deployment of products that identify a potential intruder who makes several failed logon attempts? A. test the system B. secure the network
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationWi-Fi and security Wireless Networking and Security by Alain RASSEL
Wi-Fi and security Wireless Networking and Security by Alain RASSEL 1 23.11.04 Overview: Simple configuration example Obvious simple protection means Change Administrator Password Restrict administrator
More informationWireless Network Standard and Guidelines
Wireless Network Standard and Guidelines Purpose The standard and guidelines listed in this document will ensure the uniformity of wireless network access points and provide guidance for monitoring, maintaining
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationAccess Point Configuration
Access Point Configuration Developed by IT +46 Based on the original work of: Onno Purbo and Sebastian Buettrich Goals Provide a general methodology to installation and configuration of access points Give
More informationNetwork Security Best Practices
CEDIA WHITE PAPER Network Security Best Practices 2014 CEDIA TABLE OF CONTENTS 01 Document Scope 3 02 Introduction 3 03 Securing the Router from WAN (internet) Attack 3 04 Securing the LAN and Individual
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationRAP Installation - Updated
RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationBest Practices for Deploying Wireless LANs
Best Practices for Deploying Wireless LANs An overview of special considerations in WLAN implementations As wireless LANs (WLANs) continue to grow in popularity, particularly in enterprise networks, the
More informationComputer Networking. Definitions. Introduction
Computer Networking Definitions DHCP Dynamic Host Configuration Protocol It assigns IP addresses to client devices, such as desktop computers, laptops, and phones, when they are plugged into Ethernet or
More informationYour 802.11 Wireless Network has No Clothes
Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract
More informationParticularities of security design for wireless networks in small and medium business (SMB)
Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationTech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
More informationWireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter
Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter Introduction Who are we? Matt Moore, Senior Consultant @ PenTest Ltd. Mark Rowe, Technical Director @ PenTest Ltd. What
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationDSL-2600U. User Manual V 1.0
DSL-2600U User Manual V 1.0 CONTENTS 1. OVERVIEW...3 1.1 ABOUT ADSL...3 1.2 ABOUT ADSL2/2+...3 1.3 FEATURES...3 2 SPECIFICATION...4 2.1 INDICATOR AND INTERFACE...4 2.2 HARDWARE CONNECTION...4 2.3 LED STATUS
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationComputer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationSetting up of a Wireless Distribution System (WDS)
Setting up of a Wireless Distribution System (WDS) - a user s perspective Sudipto Das Co worker: Rajesh Roy Department of Computer Science & Engineering Jadavpur University Kolkata 32 {sudipto.das,rajesh.roy}@rediffmail.com
More informationInformation Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014
QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location
More informationNetworking Devices. Lesson 6
Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationLucent VPN Firewall Security in 802.11x Wireless Networks
Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationHow To Manage An 802.11 Wireless Network At A University
WIRELESS POLICY 1 INTRODUCTION 1.1 Wireless networking is a fast emerging technology and is set to continue to grow for the foreseeable future. It is recognised that wireless networking could offer benefits
More informationProCurve Secure Access 700wl Series Wireless Data Privacy Technical Brief
ProCurve Networking by HP ProCurve Secure Access 700wl Series Wireless Data Privacy Technical Brief Introduction... 2 The Data Security Problem in the Wireless World... 2 ProCurve 700wl Series Wireless
More information1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network
Review questions 1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network B Local area network C Client/server
More informationGPRS / 3G Services: VPN solutions supported
GPRS / 3G Services: VPN solutions supported GPRS / 3G VPN soluti An O2 White Paper An O2 White Paper Contents Page No. 3 4-6 4 5 6 6 7-10 7-8 9 9 9 10 11-14 11-12 13 13 13 14 15 16 Chapter No. 1. Executive
More informationAuthentication and Security in IP based Multi Hop Networks
7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security
More informationApple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4
1. APPLE AIRPORT EXTREME 1.1 Product Description The following are device specific configuration settings for the Apple Airport Extreme. Navigation through the management screens will be similar but may
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationLogical & Physical Security
Building a Secure Ethernet Environment By Frank Prendergast Manager, Network Certification Services Schneider Electric s Automation Business North Andover, MA The trend toward using Ethernet as the sole
More informationTHE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING
International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=9
More informationWiNG5 CAPTIVE PORTAL DESIGN GUIDE
WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated
More informationThis KnowledgeShare document addresses the main types of wireless networking today based on the IEEE 802.11 standard.
Wireless Networking Q&A Increased use of laptop computers within the enterprise, and increase in worker mobility have fuelled the demand for wireless networks. Up until recently, wireless technology was
More informationMN-700 Base Station Configuration Guide
MN-700 Base Station Configuration Guide Contents pen the Base Station Management Tool...3 Log ff the Base Station Management Tool...3 Navigate the Base Station Management Tool...4 Current Base Station
More informationCisco RV215W Wireless-N VPN Router
Data Sheet Cisco RV215W Wireless-N VPN Router Simple, Secure Connectivity for the Small Office and Home Office Figure 1. Cisco RV215W Wireless-N VPN Router The Cisco RV215W Wireless-N VPN Router provides
More information1.1.1 Security The integrated model will provide the following capabilities:
1. CISCO 1.1 Product Description Because Cisco Systems is a major supplier of enterprise level wireless products, which meet the benchmark requirements for the high sensitivity environment, this section
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationGPRS and 3G Services: Connectivity Options
GPRS and 3G Services: Connectivity Options An O2 White Paper Contents Page No. 3-4 5-7 5 6 7 7 8-10 8 10 11-12 11 12 13 14 15 15 15 16 17 Chapter No. 1. Executive Summary 2. Bearer Service 2.1. Overview
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationHow To Configure a Wireless Distribution System
How To Configure a Wireless Distribution System Introduction This How to Note provides a brief description of the Wireless Distribution System (WDS) technology along with a simple configuration example.
More informationDesign and Implementation Guide. Apple iphone Compatibility
Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new
More informationAPPENDIX 3 LOT 3: WIRELESS NETWORK
APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop
More informationUnited States Trustee Program s Wireless LAN Security Checklist
United States Trustee Program s Wireless LAN Security Checklist In support of a standing trustee s proposed implementation of Wireless Access Points (WAP) in ' 341 meeting rooms and courtrooms, the following
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationCisco Virtual Office Express
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
More informationWLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.
Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised
More informationWHITE PAPER. WEP Cloaking for Legacy Encryption Protection
WHITE PAPER WEP Cloaking for Legacy TM Encryption Protection Introduction Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area
More informationThe Wireless Security Survey of London Final Report Commissioned by RSA Security, Inc.
Survey of London Final Report Commissioned by RSA Security, Inc. One year on from our first survey of wireless network (WLAN) security in the heart of London, we revisited the same locations to discover
More informationHughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by
More informationWhite paper. Wireless Security: It s Like Securing Your Home
White paper Wireless Security: It s Like Securing Your Home WLAN SECURITY IS JUST LIKE YOUR HOUSE Imagine your home, filled with the people you love and your prized possessions. You open all the windows
More information