IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)
|
|
- Loreen Rodgers
- 8 years ago
- Views:
Transcription
1 IT-Sicherheit: Sicherheitsprotokolle Wireless Security (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)
2 ! 61 ints 5 2 Po ss e c Ac 3 Built in Security Features!!!!!! Service Set Identifier (SSID) Differentiates one access point from another SSID is cast in beacon frames every few seconds. Beacon frames are in plain text! First layer of security Stealth Mode probe request 4
3 Do s and Don'ts for SSID s! Default SSID s are well known (Linksys AP s default to linksys, CISCO defaults to tsunami, etc) so change them immediately! Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame! Why? 5 Hiding the SSID! As stated earlier, the SSID is by default broadcast every few seconds.! Turning it off makes it harder to figure out a wireless connection is there! Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text! Increases deployment difficulty! Windows tends to get confused 6
4 MAC address filtering! MAC address filtering works by only allowing specific hardware to connect to the AP! Management on large networks unfeasible! Using a packet sniffer, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted! May be good for small networks that need to protect against accidental misuse only 7 Associating with the AP! Access points have two ways of initiating communication with a client! Shared Key or Open Key authentication! Open key allows anyone to start a conversation with the AP! Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates 8
5 How Shared Key AuthN works! Client begins by sending an association request to the AP! AP responds with a challenge text (unencrypted)! Client, using the proper WEP key, encrypts text and sends it back to the AP! If properly encrypted, AP allows communication with the client 9 Is Open or Shared Key more secure?! Ironically enough, Open key is the answer in short! Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text! Can be prompted by disassociation attack 10
6 Wired Equivalent Protocol (WEP)! Primary built security for protocol! Intended to make wireless as secure as a wired network! Provides Confidentiality, Integrity, and Authentication! Uses 40 bit RC4 encryption! Unfortunately, since ratification of the standard, this use of RC4 has been proven insecure, leaving the protocol wide open for attack 11 WEP Encryption 12
7 Problems with WEP! 1 static key! No encryption is strong if one key is used forever! Key length is short (40bits)! Brute forcing is possible! Using CRC32 in ICV! Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta)! bits cannot set or cleared, but could be flipped! No specification on key distribution! Lacks scalability! No protection against replay attack! Improper use of RC4! Protocol doesn t actually specify IV use! 2 existing attacks 13 Numerical Limitation Attack! IVs are only 24bit, and thus there are only 16,777,216 possible IVs! A busy network will repeat IVs often! By listening to the encrypted traffic and picking out the duplicate IVs, it is possible to obtain the clear text 14
8 FMS Attack -- weak IV attack --! Some IVs do not work well with RC4! Using a formula, one can take these weak IV and infer parts of the WEP key! 5 % chance of guessing correctly! Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IVs to figure out the WEP key! 4M ~ 6M packets to decrypt 40bit WEP key! The time needed to deploy the attack is linearly proportional to the key length! 104bit key is only 2.6 times more secure than 40bits key! [Fluhrer, Mantin, Shamir 2001] 15 Conclusion: WEP! Confidentiality! FMS attack! Integrity! Bit-flipping attack! Authentication! Not really! WEP is flawed, and there is no simple solution to fix it! Attacks against WEP are passive and extremely difficult to detect NO MORE WEP 16
9 Virtual Private Networking (VPN)! Deploying a secure VPN over a wireless network can greatly increase the security of your data! Idea behind this is to treat the wireless network the same as an insecure wired network (the Internet)! Docking network goes nowhere but to the VPN gateways 17 Perceived problems of VPN approach! Deployment Overhead! Performance does not scale with number of APs deployed! PC crypto speeds around 500 Mbit/s, highly parallelizable! Susceptible to denial of service (DOS) attacks! E.g., against DHCP/DNS in the docking network! PCs are vulnerable in the docking network! Susceptible to any attack against the specific VPN! Will be repaired quickly (VPNs do interface to the Internet!), if any! (PPTP with MSCHAPv2 is quite weak against dictionary attacks, though) 18
10 Back to L2 (network boundary) solutions! 802.1x! per-user authentication! Key distribution mechanism! WPA! Subset of i! 2 forms! 802.1x with EAP + TKIP (including MIC)! Pre-shared Key + TKIP (including MIC)! i RSN (Robust Security Network)! 802.1x with EAP + AES + CCM X authentication! 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks.! Not limited or specific to networks! Uses EAP for implementation! 802.1X is not an alternative to WEP, it works along with the protocol to manage authentication for WLAN clients! It also generates the short-term ( temporal ) keys for encryption and data protection 20
11 How authentication takes place! A client requests access to the AP! The AP asks for a set of credentials! The client sends the credentials to the AP which forwards them to authenticating server! The exact method for supplying credentials is not defined in 802.1X itself! Uses EAP over LAN (EAPOL) x authentication 22
12 Extensible Authentication Protocol (EAP)! 802.1X utilizes EAP for its authentication framework! flexible: one time passwords, certificates, smartcards, own eap protocol, etc! zero per packet overhead! cost efficient! 802.1X integrates well with other open standards such as RADIUS! RADIUS is the de-facto standard backend protocol for Network Access Server authentication 23 more benefits of choosing 802.1X! Software upgrade! Access points only need a firmware upgrade to enable 802.1X! On the client side, 802.1X can be enabled with an OS upgrade (or just an updated driver for the NIC)! Depending on the EAP you choose, you can have a very secure authentication scheme!! Proprietary versions of dynamic key management available 24
13 EAP-MD5! EAP-MD5 is a simple EAP protocol similar to CHAP! Uses an MD5 hash of a username, a server challenge and password that is sent to the RADIUS server! Vulnerable to dictionary attacks! Authenticates only one way! Man in the middle attack! No key generation 25 LEAP (Cisco Wireless)! Like MD5, it uses a Login/Password scheme that it sends to the RADIUS server! Each user gets a dynamically generated one time key upon login! Authenticates client to AP and vice versa! Can be used along with RADIUS session time out feature, to dynamically generate keys at set intervals! Only guaranteed to work with Cisco wireless clients! Broken ASLEAP by Joshua Wright! Dictionary attacks too easy 26
14 EAP-TLS! Instead of a username/password scheme, EAP-TLS uses certificate based authentication! Has dynamic one time key generation! Two way authentication! Uses TLS (Transport Layer Security) to pass the PKI (Public Key Infrastructure) information to RADIUS server! Compatible with many OS s! Harder to implement and deploy because keys/certificates for clients need to be generated 27 EAP-TTLS (Bob Funk) PEAP by Microsoft and Cisco! Very similar to EAP-TLS except that the client does not have to authenticate itself with the server using a certificate! In phase 1, a bogus identity can be used by the client (must be good enough to find the authentication server, though); only the server authenticates in this phase! In phase 2, the TLS protected channel can be used for a simple login/password based scheme (e.g., using MSCHAPv2)! Much easier to setup, does not necessarily require a PKI! PEAPv0 currently works natively with Windows XP SP1, but other platforms are starting to support it; EAP-TTLS is supported by much open source software 28
15 EAP Types MD5 Open / Proprietary Open Mutual Auth NO AuthN Client User/pass AuthN Server None Username in clear txt Yes TLS Open YES Certificate Certificate Yes TTLS Open YES User/pass Certificate No PEAP Open YES User/pass Certificate No LEAP Proprietary YES User/pass None Yes 29 WPA (Wi-Fi Protected Access)! Subset of i! Confidentiality! Fix flawed encryption mechanism! TKIP: Per-packet dynamic key mechanism! Authentication! 2 forms: Per-user based and Pre-shared key! Integrity! Upgradeability! Software / Firmware Upgrade 30
16 WPA Steps! Confirmation of association capability! 802.1x authentication and PMK creation! 4way handshake and PTK installation! Group key (GTK) installation! Encryption using TKIP x Authentication + PMK Pairwise master key:! Authentication process uses secure channel! PMK generation can be piggy-backed on that! PMK is a seed for temporal WEP key generation in the next phase! PMK is generated based on the user authentication result 32
17 802.1x Authentication + PMK 33 4 Way Handshake and PTK! Do not directly use PMK for crypto! Generate pairwise transient key PTK (512 bits) from PMK and nonces! splits in 4 ways, 128 bits each:! Data encryption, data integrity, EAPOL-Key encryption, EAPOL-Key integrity! Part of PTK is used to generate the encryption key (WEP equivalent) in the next phase 34
18 Situation after EAP success! Supplicant (station) and authentication server are happy about each other, share PMK! Authentication server sends authenticator (AP) the PMK! Now, supplicant and authenticator have to prove to each other they do know the PMK! This handshake also generates the PTK: Anonce (authenticator nonce) and Snonce (supplicant nonce) add freshness to the PTK 35 4 Way Handshake and PTK 36
19 4 Way Handshake and PTK 37 Group Key! Problem: Broadcasts (AP to Stations) cannot use pairwise keys! Broadcast packets from Stations are actually unicast to APs first -- can use PTK for this leg! Separate group transient key (GTK)! Sent after pairwise secure connection is established! Needs to be re-keyed after each disassociation!! WEP Key-ID field recycled to allow seamless transition 38
20 TKIP (Temporal Key Integrity Protocol)! Problem: old hardware may not be powerful enough for AES-CCMP; need to continue using RC4 TKIP:! Expands IV space (24 " 48bits)! IV sequence is specified! TSC (TKIP sequence counter) protects against replay! Per-packet Mixing Function creates the 40-bit (104-bit) part! Allows working with legacy hardware expecting structure! Mix in MAC address to minimize IV reuse between systems! MIC: Michael! Very cheap integrity checker for MAC addresses and data 39 The MIC tradeoff! Most good message integrity checks are too expensive! Michael is fast and cheap! But only limited resilience! Adds to WEP ICV (CRC), which is still applied at MPDU level! Michael is done at the MSDU level! Attacks would require millions of packets! Countermeasures (60-second blackout) once an attack is detected! Creates age-old DoS problem! There are easier ways to do wireless DoS, though 40
21 WPA-PSK! For home / SOHO use! Removes 802.1X authentication! Pre-shared Key ( PSK ) is computed from pass phrase via password-based key derivation function PBKDF2 (RFC2898)! Use this as the PMK! WPA-PSK = Pre-shared Key + TKIP! Weak against passive dictionary attack! Choose long, complex PSKs! Still much better than WEP i! The long-awaited security standard for wireless, ratified in June 2004! Better encryption: AES-CCMP! Key-caching! Pre-authentication! Hardware manufactured before 2002 is likely to be unsupported: too weak 42
22 Key-Caching! Skips re-entering of the user credential by storing the host information on the network Pre-authentication! Allows client to become authenticated with an AP before moving to it! Useful in encrypted VoIP over Wi-Fi " Fast Roaming 43 Things to keep in mind while deploying WLAN! Hide SSID! Do NOT use WEP! Use WPA with 802.1x if possible! Or at least use WPA with a very complex pre-shared key! Or use VPNs 44
23 Take-away messages! If you compromise on security, your security will be compromised! Do get a security review early in the process! Distributing security critical functions into zillions of nonupgradeable hardware devices will create a problem! With sufficient thrust, pigs fly just fine! However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. [RFC 1925: Fundamental truths of networking, 1 April 1996] 45 Nächste Termine Mo, Uhr: Übung Do, Uhr: Sicherheitsmanagement Übungsblatt 10 bald auf Stud.IP, s.: 46
White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationSymm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationWIRELESS NETWORK SECURITY
WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a
More informationWiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise
Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi
More informationThe Importance of Wireless Security
The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationEVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)
EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationWiFi Security: WEP, WPA, and WPA2
WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationWIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS
January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationWLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University
WLAN Security Giwhan Cho ghcho@dcs.chonbuk.ac.kr Distributed/Mobile Computing System Lab. Chonbuk National University Content WLAN security overview 802.11i WLAN security components pre-rsn (Robust Security
More informationACC-232 2002, Cisco Systems, Inc. All rights reserved.
1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless
More informationCS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard
CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11
More informationAdvanced Security Issues in Wireless Networks
Advanced Security Issues in Wireless Networks Seminar aus Netzwerke und Sicherheit Security Considerations in Interconnected Networks Alexander Krenhuber Andreas Niederschick 9. Januar 2009 Advanced Security
More informationWireless Local Area Network Security Obscurity Through Security
Wireless Local Area Network Security Obscurity Through Security Abstract Since the deployment of infamous Wired Equivalent Privacy (WEP), IEEE and vendors have developed a number of good security mechanisms
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationWi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003
Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 2003 Wi-Fi Alliance. Wi-Fi is a registered trademark of the Wi-Fi Alliance
More informationWireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)
Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights
More informationWLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.
WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by
More informationchap18.wireless Network Security
SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless
More informationWireless Pre-Shared Key Cracking (WPA, WPA2)
Wireless Pre-Shared Key Cracking (WPA, WPA2) TABLE OF CONTENTS Introduction... 2 Mechanics Of PSKs And How They Work Demystified... 2 How PSKs Can Be Cracked!... 5 WPA2 PSK Cracking Demonstration.... 6
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationUnderstanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones
Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones Polycom s SpectraLink 8400 Series wireless phones meet the highest security requirements. By the time you deploy
More informationImplementing Security for Wireless Networks
Implementing Security for Wireless Networks Action Items for this session Learn something! Take notes! Fill out that evaluation. I love to see your comments and we want to make these better! Most important:
More informationHow To Secure A Wireless Network With A Wireless Device (Mb8000)
MB8000 Network Security and Access Control Overview MB8000 employs almost all of the current popular WLAN security mechanisms. These include wireless-user isolation, closed system (by turning off SSID
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationIEEE 802.11 Wireless LAN Security Overview
138 IEEE 802.11 Wireless LAN Security Overview Ahmed M. Al Naamany, Ali Al Shidhani, Hadj Bourdoucen Department of Electrical and Computer Engineering Sultan Qaboos University, Oman. Summary Wireless Local
More informationExtensible Authentication Protocol (EAP) Security Issues
Sotillo ECU 1 Extensible Authentication Protocol (EAP) Security Issues Samuel Sotillo, Dept. of Technology Systems, East Carolina University Abstract This document describes the Extensible Authentication
More informationUNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security
UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop
More informationCertified Wireless Security Professional (CWSP) Course Overview
Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption
More informationParticularities of security design for wireless networks in small and medium business (SMB)
Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationA DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES
A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES Johanna Janse van Rensburg, Barry Irwin Rhodes University G01j202j7@campus.ru.ac.za, b.irwin@ru.ac.za (083) 944 3924 Computer Science Department, Hamilton
More informationLecture 2 Secure Wireless LAN
Lecture 2 Secure Wireless LAN Network security (19265400 / 201000086) Lecturers: Aiko Pras Pieter-Tjerk de Boer Anna Sperotto Ramin Sadre Georgios Karagiannis Acknowledgements Part of the slides are based
More informationNetwork security, TKK, Nov 2008 1
Outline Network security: WLAN Security LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA, 802.11i Tuomas Aura, Microsoft Research, UK 2 LAN technology LAN (WLAN) standards
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationEnterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003
Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.
More informationWLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles
WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking
More informationDESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com
DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationVulnerabilities of Wireless Security protocols (WEP and WPA2)
Vulnerabilities of Wireless Security protocols (WEP and WPA2) Vishal Kumkar, Akhil Tiwari, Pawan Tiwari, Ashish Gupta, Seema Shrawne Abstract - Wirelesses Local Area Networks (WLANs) have become more prevalent
More informationWireless security (WEP) 802.11b Overview
Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationWireless Security for Mobile Computers
A Datalogic Mobile and Summit Data Communications White Paper Original Version: June 2008 Update: March 2009 Protecting Confidential and Sensitive Information It is every retailer s nightmare: An attacker
More informationWLAN Authentication and Data Privacy
WLAN Authentication and Data Privacy Digi Wi-Point 3G supports various Wi-Fi security options, including WEP-40/WEP-104 and WPA- PSK and WPA2-PSK. To configure WLAN security on DIGI WI-POINT 3G, you may
More informationCisco SAFE: Wireless LAN Security in Depth
White Paper Cisco SAFE: Wireless LAN Security in Depth Authors Sean Convery (CCIE #4232), Darrin Miller (CCIE #6447), and Sri Sundaralingam are the primary authors of this white paper. Mark Doering, Pej
More informationAgenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story
Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,
More informationWi-Fi in Healthcare:
Wi-Fi in Healthcare: Security Solutions for Hospital Wi-Fi Networks Wi-Fi Alliance February 2012 The following document and the information contained herein regarding Wi-Fi Alliance programs and expected
More informationWireless Networking Basics. NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA
Wireless Networking Basics NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA n/a October 2005 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks
More informationNetwork Security: WLAN Security. Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010
Network Security: WLAN Security Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline Wireless LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA,
More informationChapter 10: Designing and Implementing Security for Wireless LANs Overview
Chapter 10: Designing and Implementing Security for Wireless LANs Overview Identify and describe the strengths, weaknesses, appropriate uses, and appropriate implementation of IEEE 802.11 security related
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationWLAN 802.11w Technology
Technical white paper WLAN 80.w Technology Table of contents Overview... Technical background... Benefits... 80.w technology implementation... Management Frame Protection negotiation... Protected management
More informationLecture 3. WPA and 802.11i
Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability Implementing WLAN QoS Objectives Describe why WLANs need to support QoS policies in enterprise networks. Explain the issues
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationHuawei WLAN Authentication and Encryption
Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions
More informationA SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS
A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS Jose Perez Texas A&M University Corpus Christi Email: jluisperez16@gmail.com Fax Number: (361) 825-2795 Faculty Advisor: Dr. Ahmed Mahdy, Texas A&M University
More informationA Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite
White Paper A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite 1. Introduction Since the ratification of the IEEE 802.11b standard in 1999, wireless LANs have
More informationProCurve Wireless LAN Security
ProCurve Wireless LAN Security Fundamentals Guide Technical Training Version 8.21 Contents ProCurve Wireless LAN Security Fundamentals Introduction... 1 Objectives... 1 Discussion Topics... 2 Authentication
More informationCSC574: Computer and Network Security
CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice
More informationIf security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders. Dan Farmer, System Administrators Guide to Cracking
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationCOMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)
COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2) Disha Baba Banda Singh Bahadur Engineering College Fatehgarh Sahib, Punjab Sukhwinder Sharma Baba Banda Singh Bahadur Engineering College Fatehgarh
More informationCipher Suites and WEP
Cipher Suites and WEP This module describes how to configure the cipher suites required for using Wireless Protected Access (WPA) and Cisco Centralized Key Management (CCKM); Wired Equivalent Privacy (WEP);
More informationWireless LAN Access Control and Authentication
Authors: John Vollbrecht, Founder Interlink Networks, Inc. 5405 Data Court, Suite 300, Ann Arbor, MI 48108, jrv@interlinknetworks.com Robert Moskowitz, Senior Technical Director TruSecure Corporation,
More informationSecurity in Wireless Local Area Network (WLAN)
The Journal of Mathematics and Computer Science Available online at http://www.tjmcs.com The Journal of Mathematics and Computer Science Vol.5 No.4 (2012) 320-330 Security in Wireless Local Area Network
More informationNetwork Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security (WS 2003: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control (MAC and physical characteristics
More informationUNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU
UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU ITMS: 26140230008 DOPYTOVO ORIENTOVANÝ PROJEKT Moderné
More informationWireless Network Security Challenges
Wireless Network Security Challenges SHARE Summer 2010 Boston Laura Knapp WW Business Consultant Applied Expert Systems (www.aesclever.com) laurak@aesclever.com laura@lauraknapp.com Networking - Connecting
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationWiFi Security Assessments
WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents
More informationHow To Understand The Latest Wireless Networking Technology
GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band.
More informationWired Equivalent Privacy (WEP) versus Wi-Fi Protected Access (WPA)
2009 International Conference on Signal Processing Systems Wired Equivalent Privacy (WEP) versus Wi-Fi Protected Access (WPA) ARASH HABIBI LASHKARI Computer Science Dept. of FCSIT a_habibi_l@hotmail.com
More informationNetwork Security Protocols
Network Security Protocols Information Security (bmevihim100) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)
More informationIEEE 802.1X For Wireless LANs
IEEE 802.1X For Wireless LANs John Roese, Ravi Nalmati, Cabletron Albert Young, 3Com Carl Temme, Bill McFarland, T-Span David Halasz, Aironet Paul Congdon, HP Andrew Smith, Extreme Networks Slide 1 Outline
More information802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS
APPLICATION NOTE Ref APNUS004 rev. A-0, March 08, 2007 802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS Why? In addition to MAC address filtering, ACKSYS products support a more reliable authentication
More informationVIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong
VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security
More informationWireless Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/
Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ At the mall... Page 2 Wireless Networks Page 3 Network supported
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the
More informationYour 802.11 Wireless Network has No Clothes
Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract
More informationSecuring your Linksys WRT54G
Securing your Linksys WRT54G Abstract Current implementations of the 802.11b and 802.11g wireless LAN standards have several potential pitfalls for security. However, built in security mechanisms in these
More informationDistributed Systems Security
Distributed Systems Security Protocols (Physical/Data-Link Layer) Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck http://www.itm.uni-luebeck.de/people/pfisterer Overview Security on
More informationA COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)
A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2) Vipin Poddar Suresh Gyan Vihar School of Engginering And Technology, Jaipur, Rajasthan. Hitesh Choudhary, Poornima University, Jaipur,
More information