Wireless LAN Security
|
|
- Joanna Freeman
- 7 years ago
- Views:
Transcription
1 Wireless LAN Security Chris Johnson CSE - Cisco Federal chrisj@cisco.com Course Number Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 1
2 Agenda Standards WLAN Security Solutions WLAN Design Concepts Conclusion Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 2
3 WLAN Changing how we Work, Live Play and, Learn In-Building Wireless LANs Campus Networking Public Access Hot Spots Home Networking Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 3
4 Comparing Standards b 2.4Ghz 11Mb (auto stepdown) Available today WiFi Interoperability Security WEP, WPA i (Q12004) Cisco Aironet 340/350/1100/ a 5 Ghz 54Mb (auto stepdown) Available today WiFi Interoperability Security WEP, WPA i (Q1 2004) Cisco Aironet g 2.4Ghz 54 Mb (auto stepdown) Ratified June 2003 Compatible w/802.11b Security WEP, WPA i (Q1 2004) Cisco Products Q4CY03 Cisco Aironet 1200, 1100 Aironet 340/350 Aironet 1200 Aironet 1100 Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 4
5 WLAN Security Overview & Directions Network Security WLAN Security Issues WLAN Security Components IPSec WLANs Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 5
6 WLAN Security is not an End Point It s a Journey! There are solutions to today s threats There will be threats to today s solutions Many security issues can be resolved by awareness, good implementation & good design Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 6
7 Key Components of a Secure Network Wired or Wireless Secure Connectivity Perimeter Security Security Monitoring Identity Security Management VPN Tunneling Encryption ACLs Firewalls Intrusion Detection Scanning Authentication Policy Mgmt Digital Certificates Device Mgmt Directory Svcs WLAN Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 7
8 WLAN Security Issues Authentication Data Privacy Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 8
9 IEEE Security Authentication (Pre WPA) Open No Authentication Issue Anyone can be authenticated Shared Use WEP Key to encrypt AP Challenge Issue Easy to determine WEP Key Assumed Authentication Methods - SSID, MAC Address Issue SSID Association, never intended for security Issue MAC Sent in clear, very easily spoofed Published Papers University of Maryland, April 2001 Wireless LAN (WLAN) Wired LAN Client Access Point (AP) Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 9
10 IEEE Security Data Privacy (Pre WPA) Wired Equivalency Privacy Based on RC4 Algorithm (good algorithm) Weak Implementation (Weak IV, IV sent in clear, common WEP key Issues (Based on WEP implementation) Weak IV FMS Paper, July 2001 Key Derivation via monitoring - AirSnort Key Derivation via bit flipping UC Berkley, Feb IV & WEP Key Replay Attack - DoS, knowing IV & WEP No Key Management Lends to invasion WiFi Interoperability Certification 40 bit only Wireless LAN (WLAN) WEP Wired LAN Client Access Point (AP) Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 10
11 WLAN Security Components (WPA & i) Authentication Framework (802.1X) Authentication Algorithm (EAP) Data Encryption Algorithm (TKIP, AES) Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 11
12 WLAN Security Standards IEEE TGi - Proposed Standard i IEEE Task Group focused on WLAN Security Improvement Enhancement Proposed X, EAP, TKIP, MIC, AES Expected Ratification Q4CY03 WECA Wireless Ethernet Compatibility Alliance Compatibility Seal of Approval WiFi Interoperability WiFi WLAN Interoperability CY2000 WiFi Protected Access (WPA) 802.1X, EAP, TKIP, MIC Accepted January 2003, Testing started February FIPS Federal Information Processing Standard Not specific for WLAN but does have implications for encrypting data sent over WLANs Regulated by NIST Federal WLAN Guide Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 12
13 FIPS Certification & Standards Implementation What FIPS 140-1/2 does: Certification of Encryption Algorithm(s) & Modes DES, 3DES, AES only certain modes of these algorithms What FIPS 140-1/2 does not do: Certification of implementation standards (ie IEEE or IETF) Therefore proprietary FIPS approved solutions exist FIPS Certified IPSec and i (when ratified) solutions offer open standards based, government certified solutions WPA probably will never be FIPS certified Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 13
14 802.1X Authentication Process Client AP Auth. Server Start Request Identity AP Blocks All Requests Until Authentication Completes Identity Identity RADIUS Server Authenticates Client EAP Authentication Algorithm Derive Key Client Authenticates RADIUS Server Derive Key Broadcast Key Key Length AP Sends Client Broadcast Key, Encrypted With Session Key WEP Key never sent over the wire, derived by end station & Authentication server Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 14
15 802.11i & WPA Encryption Algorithms Static WEP Not recommended (especially for Enterprise Configurations) Dynamic WEP - Hardened WEP Session Keys - WPA Temporal Key Integrity Protocol (TKIP) - Reduce IV attack, strengthen key integrity Message Integrity Check (MIC) - Prevent Replay attack, authenticity of frame Alternative to WEP-RC i Advanced Encryption Standard (AES) - As strong as 3DES, faster computation, FIPS direction (NIST & IEEE) - Currently DES nor 3DES supported as a data privacy algorithm in any direction Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 15
16 IPSec WLAN Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 16
17 IPSec VPN CiscoSecure VPN Client Base Network DHCP WLAN Encrypted IP End to End security VPN Concentrator IPSec VPN Layer 3 Client to Concentrator Haul back to Central Point of Data Privacy Stronger Data Encryption (3DES, AES) today Standards based RFC 2401 Can be implemented on top of Layer 2 WLAN Part of a Defense in Depth approach Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 17
18 Additional benefits of IPSec VPNs Can be used for wired & wireless Remote Access (Cable) Dial-In (RAS) Traffic separation (Communities of Interests) Same software for wired & wireless Usability, Support, Cost benefits Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 18
19 WLAN Design Concepts Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 19
20 Design Security Reducing Bandwidth Coverage 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps - 11 Mbps connections only (or on edges of perimeter only) - Can also reduce the radio power to reduce coverage area Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 20
21 OSI Layer & WLAN Security ACLs ACLs Application Presentation Session Transport Network User ID Password URL Filtering SSL IPSec Network Layer IETF Standards (RFC 2401) IP DES, 3DES, AES WLAN Data Link IEEE Standards (802.11) Ethernet ACLs Data Link Physical WEP (RC4) WEP Alternative (AES) Lends to Defense in Depth Approach Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 21
22 Conceptual View Configuration A Configuration B DISA Security Enclave DISA Security Enclave Base Base WLAN Security Enclave Hangar WLAN(s) WLAN Security Enclave Base WLAN(s) Conf Room WLAN(s) Other WLAN(s) Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 22
23 WLAN Security Enclave WLAN Security Enclave VPN Concentrator IDS Firewall External Authentication Server (Optional) Network Control Center L3 Switch Authentication Server WLAN VLAN Backbone Network WLSE Wired VLANs Bldg1 Bldg2 Management Console ACS, WLSE & IDS WLAN Wired Users WLAN Wired Users Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 23
24 Wireless Mobility VLAN 100 AP Wired Users VLAN 200 ROAM Bldg WLAN Wired Backbone Hangars Bldg WLAN Wired WLAN WLAN Wired AP VLAN 103 Wired Users VLAN 201 ROAM VLAN 101 Conference Rooms AP VLAN 102 ROAM Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 24 Bldg4 Bldg3 Wired Users VLAN 202 Bldg6 ROAM Bldg5
25 Wireless IPSec WIN CE Based Scanner WLAN Client VPN Client IPSec VPN Concentrator WLAN Security Enclave Network Control Center WEP AP IPSec Bldg1 IPSec Backbone Laptop WLAN Client VPN Client Bldg2 Bldg3 Hardware VPN Client MS-DOS Based Scanner WLAN Client No VPN Client WEP AP Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 25 AP WEP
26 802.11i with AES Design WIN CE Based Scanner WLAN Client NCC WLAN Security Enclave AP i - AES EUB IPSec Tunnel i w/aes X & EAP Authentication - AES IPsec From End User Buildings to Security Enclave Protection from other Base Traffic ITN Wireless VLAN back to Security enclave Laptop WLAN Client EUB EUB MS-DOS Based Scanner WLAN Client i - AES AP Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 26 AP i - AES
27 Different Users, Different Access Common WLAN Cisco Secure ACS 3.1 Authentication via EAP for all users Group 1 (Internal WLAN Users) IPSec VPN, Dynamic WEP, VLAN 100 Group 2 (Scanner & Special Applications) No VPN, Dynamic WEP, VLAN 200 Group 3 (Visiting Users) EAP (guest access or registration), No VPN, Internet Access ONLY, VLAN 300 Developer VLAN 100 Internal_VLAN VLAN 200 Special Apps_VLAN 300 Guest_VLAN Si Guest or Contractor Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 27
28 Conclusion Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 28
29 Recommendations for WLAN Security Change product defaults Unique SSID, turn off SSID broadcast, WEP Key (128 bit), userid/password on AP Tie WLAN into your Organizational Security Policy Site Survey Know your environment, understand your implementation and goals Antennas Types, Association Parameters (Data Rate, Power, MAC Address), AP Placement Separate network for WLAN Firewall and IDS before entering private LAN, separate infrastucture or VLAN & IP Addresses. Defense in Depth Approach Layer 2 WPA, i, Layer 3 VPNs Boundary Protection IDS, Firewalls Interoperability - Standards based, FIPS-140 Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 29
30 Conclusion Wireless is here to stay Enables new applications, new enterprise Security not just a WLAN issue a Network issue Treat the network as an untrusted network and secure appropriately WLAN can be extremely secure No quick fixes planning and design Solutions to address security are available today and will continue to evolve Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 30
31 Cisco WLAN Security Links Cisco WLAN Security website Cisco Wireless Security Suite software downloading instructions SAFE: Wireless LAN Security in Depth Cisco Mobile Office: At Work (Click on - Technology Overview) Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 31
32 Chris Johnson CSE - Cisco Federal chrisj@cisco.com _10_2001_c1 2001, Cisco Systems, Inc. 32
33 Other IEEE Standard Activities a 5 GHz, ratified in b 11Mb 2.4 GHz, ratified in g Higher Datarate at 2.4 GHz e Quality of Service f Inter-Access Point Protocol (IAPP) h Dynamic Channel Selection and Transmit Power Control mechanisms i Authentication and Security Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 33
34 802.1X & EAP 802.1X IEEE Authentication Framework Originally designed for wired networks, used (natively) for WLAN Supplicant Client (software on mobile device) Authenticator AP Authentication Server RADIUS EAP Authentication Protocol (RFC2284) Works inside the 802.1X Authentication Framework i does not stipulate any authentication algorithm Cisco EAP, EAP-TLS, EAP-SIM (GSM), PEAP (Hybrid), Others EAP Mutual Authentication WLAN authenticates the client, client authenticates the WLAN Dynamic WEP Key Generation Unique WEP Key per authenticated user Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 34
35 WLAN Data Transmission Dynamic Session Key Used for encryption of data, unique to each authenticated user Derived independently by client and authentication server Session key sent to AP over wired network Session Key never sent over wireless network Timeout & renegotiate session keys Cisco Value Add - Optional but recommended (hourly good idea) Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 35
36 802.11, WPA, i Comparison Feature Open Authentication Shared Authentication 802.1X EAP WEP 40/128bit Dynamic Encryption Key WEP-TKIP (128 Bit) MIC AES Authentication Encryption Comments WPA/802.11i WPA/802.11i /WiFi WPA/802.11i WPA/802.11i WPA/802.11i i Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 36
37 Additional Cisco Value Add Features AP Authentication Rogue Access Point Detection Per-packet hashing Change WEP key per packet Broadcast key rotation Change WEP Key for broadcast and multicast Publicly Secure Packet Forwarding (PSPF) Prevent client to client communication in a WLAN Wired Network PSPF Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 37
38 IPSec VPN Design Ideas Dummy network WLAN Unique IP address range (ie ) Not routed outside WLAN perimeter Only devices on network are APs After VPN Authentication Client assigned valid IP address (in IPSec tunnel) Special IP range just for WLAN users (ie /24) VPN Concentrator WLAN VPN WLAN AP Routes IPSec Corporate WLAN IP VPN IP Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 38 WEP
39 Initial IEEE Security Data Privacy How WEP Encryption Works Random Number Generator (24 bits) 24 bits Initialization Vector MAC Addresses In the clear IV In the clear 40 or 104 bits WEP Key 24 bits CRC-32 Seed RC4 WEP Encrypted Payload And ICV Frame Payload CRC-32 ICV Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 39
40 802.11i Encryption Algorithms IV BASE KEY PLAINTEXT DATA TKIP HASH XOR CIPHERTEXT DATA Hardening WEP Temporal Key Integrity Protocol (TKIP) - Stronger keys, reduce IV attack, rotation of keys Message Integrity Check (MIC) -Prevent Replay attack, authenticity of frame IV PACKET KEY RC4 WEP Frame - No MIC MIC STREAM CIPHER DA SA IV Data ICV WEP Encrypted WEP Frame - MIC DA SA IV Data SEQ MIC ICV Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. WEP Encrypted 40
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More informationConfigure WorkGroup Bridge on the WAP131 Access Point
Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationDESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com
DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring
More informationACC-232 2002, Cisco Systems, Inc. All rights reserved.
1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationWIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS
January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationWireless Security for Mobile Computers
A Datalogic Mobile and Summit Data Communications White Paper Original Version: June 2008 Update: March 2009 Protecting Confidential and Sensitive Information It is every retailer s nightmare: An attacker
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More informationWi-Fi Client Device Security and Compliance with PCI DSS
Wi-Fi Client Device Security and Compliance with PCI DSS A Summit Data Communications White Paper Original Version: June 2008 Update: January 2009 Protecting Payment Card Information It is every retailer
More informationA Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No.
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G PCI Adapter with RangeBooster User Guide Model No. WMP54GR Copyright and Trademarks Specifications are subject to change without notice.
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationParticularities of security design for wireless networks in small and medium business (SMB)
Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro
More informationALL1682511. 500Mbits Powerline WLAN N Access Point. User s Manual
ALL1682511 500Mbits Powerline WLAN N Access Point User s Manual Contents 1. Introduction...1 2. System Requirements...1 3. Configuration...1 4. WPS...9 5. Wireless AP Settings...9 6. FAQ... 15 7. Glossary...
More informationCertified Wireless Security Professional (CWSP) Course Overview
Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationCisco Aironet Wireless Bridges FAQ
Cisco Aironet Wireless Bridges FAQ Document ID: 16041 Contents Introduction What is the Cisco Aironet Wireless Bridge? What are the different platforms of wireless bridges that Cisco offers? Where can
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationAnalysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal
Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper
More informationCipher Suites and WEP
Cipher Suites and WEP This module describes how to configure the cipher suites required for using Wireless Protected Access (WPA) and Cisco Centralized Key Management (CCKM); Wired Equivalent Privacy (WEP);
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationWireless Network Standard and Guidelines
Wireless Network Standard and Guidelines Purpose The standard and guidelines listed in this document will ensure the uniformity of wireless network access points and provide guidance for monitoring, maintaining
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationEnterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003
Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.
More informationm-trilogix White Paper on Security in Wireless Networks
m-trilogix White Paper on Security in Wireless Networks Executive Summary Wireless local area networks (WLANs) based on IEEE 802.11b (Wi-Fi) will ship, according to a Cahners- Instat study, 23.6 million
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationIEEE 802.1X For Wireless LANs
IEEE 802.1X For Wireless LANs John Roese, Ravi Nalmati, Cabletron Albert Young, 3Com Carl Temme, Bill McFarland, T-Span David Halasz, Aironet Paul Congdon, HP Andrew Smith, Extreme Networks Slide 1 Outline
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationChapter 2 Configuring Your Wireless Network and Security Settings
Chapter 2 Configuring Your Wireless Network and Security Settings This chapter describes how to configure the wireless features of your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router. For a wireless
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationHow To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses
Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationConfiguring Security Solutions
CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from
More informationWhite paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationNXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015
NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note 802.11w Management Frame Protection Copyright 2015 ZyXEL Communications Corporation 802.11w Management Frame Protection Introduction IEEE 802.11w
More informationENHWI-N3. 802.11n Wireless Router
ENHWI-N3 802.11n Wireless Router Product Description Encore s ENHWI-N3 802.11n Wireless Router s 1T1R Wireless single chip can deliver up to 3x faster speed than of 802.11g devices. ENHWI-N3 supports home
More informationWi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003
Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 2003 Wi-Fi Alliance. Wi-Fi is a registered trademark of the Wi-Fi Alliance
More informationA Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G USB Network Adapter with RangeBooster User Guide Model No. WUSB54GR Copyright and Trademarks Specifications are subject to change without
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More information9 Simple steps to secure your Wi-Fi Network.
9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password
More informationConfiguration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone
Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone Product Summary Manufacturer: Cisco Systems: www.cisco.com Access Point: Cisco Aironet 1130AG
More informationAPPENDIX 3 LOT 3: WIRELESS NETWORK
APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop
More informationNetwork Security Best Practices
CEDIA WHITE PAPER Network Security Best Practices 2014 CEDIA TABLE OF CONTENTS 01 Document Scope 3 02 Introduction 3 03 Securing the Router from WAN (internet) Attack 3 04 Securing the LAN and Individual
More informationIEEE 802.11a/ac/n/b/g Enterprise Access Points ECW5320 ECWO5320. Management Guide. www.edge-core.com. Software Release v2.0.0.1
IEEE 802.11a/ac/n/b/g Enterprise Access Points ECW5320 ECWO5320 Management Guide Software Release v2.0.0.1 www.edge-core.com Management Guide ECW5320 Indoor Enterprise Access Point IEEE 802.11a/ac/n/b/g
More informationApple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4
1. APPLE AIRPORT EXTREME 1.1 Product Description The following are device specific configuration settings for the Apple Airport Extreme. Navigation through the management screens will be similar but may
More informationCisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers
Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer
More informationCisco on Cisco Best Practices Cisco Wireless LAN Design
Cisco on Cisco Best Practices All contents are Copyright 1992 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Contents 1. Overview...4 2. Architecture...4 2.1.
More informationWireless Networking Basics. NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA
Wireless Networking Basics NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA n/a October 2005 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks
More informationCisco 500 Series Secure Router Models
Cisco 500 Series Secure Router Product Description and Positioning Q. What is the Cisco 500 Series Secure Router? A. Part of the Cisco Smart Business Communications System (SBCS) portfolio from Cisco,
More informationCisco SAFE: Wireless LAN Security in Depth
White Paper Cisco SAFE: Wireless LAN Security in Depth Authors Sean Convery (CCIE #4232), Darrin Miller (CCIE #6447), and Sri Sundaralingam are the primary authors of this white paper. Mark Doering, Pej
More informationPotential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University
Potential Security Vulnerabilities of a Wireless Network Implementation in a Military Healthcare Environment Jason Meyer East Carolina University Abstract This paper will look into the regulations governing
More informationAgenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story
Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationWIRELESS NETWORK SECURITY
WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a
More informationConfiguring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication
Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication This document describes how to configure WPA-Enterprise and WPA2 security protocols with RADIUS authentication for Check Point Embedded
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationDesign and Implementation Guide. Apple iphone Compatibility
Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new
More informationBurglarproof WEP Protocol on Wireless Infrastructure
Association for Information Systems AIS Electronic Library (AISeL) PACIS 2006 Proceedings Pacific Asia Conference on Information Systems (PACIS) 1-1-2006 Burglarproof WEP Protocol on Wireless Infrastructure
More information1.1.1 Security The integrated model will provide the following capabilities:
1. CISCO 1.1 Product Description Because Cisco Systems is a major supplier of enterprise level wireless products, which meet the benchmark requirements for the high sensitivity environment, this section
More informationECB1220R. Wireless SOHO Router/Client Bridge
Wireless SOHO Router/Client Bridge 2.4GH 802.11 b/g 54Mbps PRODUCT DESCRIPTION ECB-1220R is a 2.4GHz 802.11b/g broadband Wi-Fi Router with advanced AP/Client Bridge/Repeater functions. So you could implement
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationWireless Troubleshooting
Wireless Troubleshooting Applicable Version: 10.00 onwards Applicable Models: All WiFi Models - CR15wi, CR15wiNG, CR25wi, CR25wiNG, CR35wi, CR35wiNG Connectivity Issues with Cyberoam Inbuilt Access points
More informationSSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. E-mail: pro09020@fe.up.pt Dez 2009. Dez 2009 1
SSI Commons Wireless Protocols WEP and WPA2 Bertil Maria Pires Marques E-mail: pro09020@fe.up.pt Dez 2009 Dez 2009 1 WEP -Wired Equivalent Privacy WEPisasecurityprotocol,specifiedintheIEEEWireless Fidelity
More informationUNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security
UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop
More informationWireless-G Business PCI Adapter with RangeBooster
Wireless-G Business PCI Adapter with RangeBooster USER GUIDE BUSINESS SERIES Model No. WMP200 Wireless Model Model No. No. Copyright and Trademarks Specifications are subject to change without notice.
More informationCSC574: Computer and Network Security
CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Application Notes for Configuring Enterasys Wireless Access Point 3000 (RBT3K-AG) to Support Avaya IP Office, Avaya IP Wireless Telephones and Avaya Phone Manager
More informationrunning operation mode painless TECHNICAL SPECIFICATION WAN/LAN: One 10/100 Fast Ethernet RJ-45 WPS (WiFi Protected Setup) WAN (Internet connection)
PRODUCT DESCRIPTION ETR9350 is a 2T2R Wireless Single chip 11N Travel AP/Router that delivers up to 6x faster speeds than 802.11g devices. ETR9350 drives superior performance and unparalleled wireless
More informationWLAN Information Security Best Practice Document
WLAN Information Security Best Practice Document Produced by FUNET led working group on wireless systems and mobility (MobileFunet) (WLAN security) Author: Wenche Backman Contributors: Ville Mattila/CSC
More informationCisco RV220W Network Security Firewall
Cisco RV220W Network Security Firewall High-Performance, Highly Secure Connectivity for the Small Office The Cisco RV220W Network Security Firewall lets small offices enjoy secure, reliable, wired and
More informationThe Importance of Wireless Security
The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be
More informationA Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. PCI Adapter. User Guide WIRELESS WMP54G. Model No.
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G PCI Adapter User Guide Model No. WMP54G Copyright and Trademarks Specifications are subject to change without notice. Linksys is a
More informationEVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)
EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}
More informationINFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG ITMC TECH TIP ROB COONCE, MARCH 2008
INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG What is wireless technology? ITMC TECH TIP ROB COONCE, MARCH 2008 In our world today, this may mean sitting down at a coffee
More informationQuick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business
Quick Start Guide Cisco Small Business WRV210 Wireless-G VPN Router with RangeBooster Package Contents WRV210 Router Ethernet Cable Power Adapter Product CD-ROM Quick Start Guide Welcome Thank you for
More informationCisco Aironet 1130G Series IEEE 802.11g Access Point
Cisco Aironet 1130G Series IEEE 802.11g Access Point Low-profile business-class access point with integrated antennas for easy deployment in offices and similar RF environments Product Overview The Cisco
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability Implementing WLAN QoS Objectives Describe why WLANs need to support QoS policies in enterprise networks. Explain the issues
More informationA Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. Access Point with SRX. User Guide WIRELESS WAP54GX. Model No.
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G Access Point with SRX User Guide Model No. WAP54GX Copyright and Trademarks Specifications are subject to change without notice. Linksys
More informationWireless LAN. Quick Sales Guide
Wireless LAN Quick Sales Guide Wireless LAN Quick Finder Key Features Segment Description Key Features Small Web Managed SNMP Extended Range 2.4 GHz Support 802.11n Generation of PoE AP Support 802.11n
More informationCisco RV220W Network Security Firewall
Cisco RV220W Network Security Firewall High-Performance, Highly Secure Connectivity for the Small Office The Cisco RV220W Network Security Firewall lets small offices enjoy secure, reliable, wired and
More informationEnsuring HIPAA Compliance in Healthcare
The Intelligent Wireless Networking Choice WHITE PAPER Ensuring HIPAA Compliance in Healthcare Overview Wireless LANs are prevalent in healthcare institutions. The constant need for mobility among doctors,
More informationWireless-N. User Guide. PCI Adapter WMP300N (EU) WIRELESS. Model No.
2,4 GHz WIRELESS Wireless-N PCI Adapter User Guide Model No. WMP300N (EU) Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered trademark or trademark of
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationHP E-M110 Access Point Series. Product overview. Key features. Data sheet
HP E-M110 Access Point Series Data sheet Product overview HP E-M110 Access Point is an entry-level, single IEEE 802.11a/b/g radio device that can be configured to operate as an access point, a wireless
More information