Huawei WLAN Authentication and Encryption
|
|
- Gabriella Sharp
- 8 years ago
- Views:
Transcription
1 Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions in all walks of life. These services include wireless access, authentication, charging, security auditing, intelligent O&M, and network plan and design. This solution is widely used in various scenarios such as the campus, office area, hotel, government, bank, energy source, transportation, medical care, and wireless city. The Huawei WLAN authentication and encryption feature is a feature of the Huawei integrated WLAN solution. The Huawei WLAN authentication and encryption feature ensures the security of air interface key data using advanced encryption algorithms such as Rivest Cipher 4 (RC4), Advanced Encryption Standard (AES), and SMS4, and authenticates users using the portal, 802.1x, or WLAN Authentication and Privacy Infrastructure (WAPI), preventing user data from being stolen and user privacy from leaking, making the WLAN as secure as the wired network, and laying the firm foundation for mobile networks. 1. Overview WLAN wireless data is transmitted over the air and can be received any proper device. Therefore, WLAN wireless data security has always been of great concern since the emergence of WLAN, and authentication and encryption technologies have been developed and improved. A series of security mechanisms has been developed, including Wired Equivalent Privacy (WEP) at the initial stage, Wi-Fi Protected Access (WPA), WPA2, and the Chinese standard WAPI. Huawei launches an integrated authentication and encryption solution to protect users' wireless data security in various WLAN networks, including small home networks, campus networks, enterprise networks and even the widely covered carrier networks. The commonly used WLAN authentication and encryption methods are WEP, WPA/WPA2, WAPI, web, and MAC address authentication and encryption. WEP: WEP is a WLAN authentication and encryption method developed at the initial stage. It supports two 错 误! 未 知 的 文 档 属 性 名 称 1/13
2 authentication modes: open system authentication and shared key authentication. WPA/WPA2: WPA substitutes the WEP standard before IEEE i is published. It performs only some of the functions defined in IEEE i. WPA2 performs all the functions defined in IEEE i. Compared with WPA, the AES in Counter with CBC-MAC (CCM) mode is added. CBC-MAC is Ciphy Block Chaing Message Authentication Code for short. WPA and WPA2 support two authentication modes: pre-shared key (PSK) authentication and 802.1x authentication. PSK is the simplified WPA/WPA2 without 802.1x. In the PSK mode, authentication is performed between a user and the AC using pre-shared keys. Similar to WEP, the pair wise master key (PMK) is pre-installed, but all the keys used for encryption and other functions are generated dynamically. Therefore, WPA/WPA2 is a powerful security solution x: Based on IEEE for WLAN access, 802.1x is first introduced to solve the problem of access authentication of WLAN users. It prevents unauthenticated users or devices from accessing the Local Area Network (LAN) or the Metropolitan Area Network (MAN) through access interfaces. The 802.1x authentication defines only an implementation framework to authenticate the user identity. To implement the authentication process, you need to use other protocols. The 802.1x authentication is also called the dot1x authentication. WAPI: WAPI is a Chinese national standard and it consists of two parts: WLAN Authentication Infrastructure (WAI) and WLAN Privacy Infrastructure (WPI). WAI authenticates user identity and WPI provides the encryption function to protect data transmitted on WLANs. WAPI can provide higher security for the WLAN system. The portal authentication is also called the web authentication or DHCP+WEB authentication. DHCP is short for Dynamic Host Configuration Protocol. The client uses the web browser such as Internet Explorer to enter user names and passwords on the authentication page. Then the web server completes user authentication. In the MAC address authentication mode, a client sends its MAC address as the identity information to an access device. Clients do not need the client software in MAC address authentication. Table 1 lists Huawei WLAN authentication and encryption feature in details. Table 1: Huawei WLAN authentication and encryption feature Authentication Description Mode The WEP is one part of the IEEE standard that is passed in WEP September, 1999, and ensures confidentiality using the Rivest Cipher 4 (RC4) serial stream encryption technology 错 误! 未 知 的 文 档 属 性 名 称 2/13
3 The WEP supports the open system authentication and shared key authentication. The WEP is a technology for encrypting group information between the access points (APs) and client using RC4. After the key is configured, the key cannot be automatically updated. The password can be easily cracked. Therefore, the WEP authentication is seldom used currently. The open system authentication is the most frequently used authentication for carrier networks, and is generally used with the portal authentication. The WPA is short for Wi-Fi Protected Access, and is a commercial standard introduced by the Wi-Fi alliance. The WPA implements most part of the IEEE i standard, and is a transitional scheme that replaces the WEP before the i is completely established. The WPA uses the Temporal Key Integrity Protocol (TKIP) for data encryption. The WPA2 is a completely-established i standard and the WPA/WPA2-PS K second version of the WPA. The WPA2 uses Counter Mode with CBC-MAC Protocol (CCMP) for data encryption. The WPA/WPA2-PSK requires a key to be input in advance at each WLAN node, for example, the AP, wireless controller, and network adapter. A WLAN client can access the WLAN if its shared key is the same as that configured on the WLAN server. The shared key is used only for authentication but not for encryption. Therefore, it will not bring security risks as the pre-shared key authentication. Do not install the client because it is seldom used and no personnel is available for maintaining the password required by WPA/WPA2. WPA/WPA2-80 The 802.1x defines only the authentication frame but not a complete 错 误! 未 知 的 文 档 属 性 名 称 3/13
4 2.1x set of authentication rules. Specific authentications require other protocols, such as Extensible Authentication Protocol (EAP), Lightweight Extensible Authentication Protocol (LEAP), EAP-TLS, EAP-TTLS, and PEAP. TLS is Transport Layer Security for short and TTLS is Tunneled Transport Layer Security for short. Generally specific client software must be installed. However, if a user performs only the admission control but not the policy control, all common operating systems such as ISO, Android, and Windows supports 802.1x, and the client does not need to be installed. The 802.1X is frequently used in enterprise networks and seldom used in carrier networks. The WAPI is the Chinese national WLAN standard GB This standard includes the new WAPI security mechanism that is composed of WLAN Authentication Infrastructure (WAI) and WLAN Privacy Infrastructure (WPI). The WAPI provides the certificate-based and pre-shared-key-based WAPI key management methods. Unlike the WAP, the WAPI authenticates both users and APs, and uses SMS4 instead of CCMP as the encryption algorithm for better security. WAPI is a national standard, and must be supported in markets inside China but is seldom used in markets outside China. The portal authentication is also called the web authentication or the DHCP+WEB authentication. It uses the standard web browser such Portal as Internet Explorer, and does not need special client software. The client obtains the IP address before authentication. Layer 3 devices such as routers can be available between the user and the access server 错 误! 未 知 的 文 档 属 性 名 称 4/13
5 The portal authentication is frequently used on carrier networks and enterprise networks. In the MAC address authentication, a client sends its MAC address as the identity information to an access device. Mac The MAC address authentication does not require user name and password to be entered for login, and is used in scenarios without high security requirements. The real-name authentication is a comprehensive authentication solution provided by Huawei. In this authentication, each user uses Real-name authentication the real name to log in to the WLAN. This authentication is used in scenarios with high security requirements such as the court and educational institution so that users can be tracked down. 2. Application The Huawei WLAN authentication and encryption and Huawei integrated solution can provide WLAN networks with high security, delicate policy control, and intelligent O&M for customers. The Huawei WLAN authentication and encryption feature supports leading authentication and encryption protocols in the industry, and provide various combined authentication solutions, such as the solution for the carrier WLAN, for customers based on scenarios. On the carrier WLAN, the open system authentication plus portal authentication are used. After a user connects to the carrier WLAN, the portal server automatically displays an authentication service page. After the user is authenticated, the user can visit the WLAN. Generally advertisements are displayed on the authentication service page and the MAC binding function is pushed. After the user selects the MAC binding function, the user can use the MAC authentication to visit the carrier WLAN network next time without the necessity to enter the user name and password 错 误! 未 知 的 文 档 属 性 名 称 5/13
6 2.1 TKIP/CCMP Encryption Algorithm Huawei WLAN Authentication and Encryption Feature Internal The TKIP is an encryption protocol at the link layer provided by i to remove major defects in Wired Equivalent Privacy (WEP) design. The major drawback of the WEP is that the random seed of the WEP is composed of the initial vector (IV) and the WEP key. To guard against attacks on the IN, the TKIP is improved in the following points: 1. The sender device calculates the message integrity code (MIC) to ensure the information integrity. The plain text, source address, and destination address are included in the MIC calculation. The calculation result is encrypted using the MIC key. 2. The packet sequence number is used to prevent replay. The sequence number is contained in the WEP IV. 3. The Fast Packet Keying algorithm is used to generate the packet encryption key by combining the temporary key and packet sequence number. 4. The 802.1x EAPoL Key protocol is used to update the temporary key and MIC key. The TKIP is better than the WEP. However, the TKIP is also based on the stream password, and cannot eliminate security concerns. The CCMP is a security protocol that is based on AES block password and developed by the IEEE work group. The CCMP provides the encryption, authentication, integrity check, and anti-replay functions. It is based on the CCM that uses the AES algorithm and combines the Counter Mode (CTR) for encryption and CBC-MAC for authentication and integrity to ensure the integrity of MPDU data and IEEE MPDU header x Authentication The 802.1x protocol is a network access control protocol based on ports. On the WLAN, ports generally refer to MAC addresses at the logical layer. This protocol provides an authentication process frame. In this frame, the system consists of the authentication requester, authentication point, and authentication server. They respectively correspond to the client, access server, and AAA server. The authentication point is only responsible for the authentication and exchange process at the link layer, and does not maintain any user information. Any authentication request is forwarded to the authentication server, for example, RADIUS, for actual handling 错 误! 未 知 的 文 档 属 性 名 称 6/13
7 The EAP over LAN (EAPOL) protocol defined by 802.1x is used between the authentication requester and the authentication point. The back end transmits EAP packets through RADIUS encapsulation. The 802.1x protocol requires any data to be authenticated. Unauthorized connection ports transmit only authentication frames, and abandon all non-eapol frames. Data frames can be forwarded on after the authentication succeeds. Figure 1 shows the entity protocol stacks of the 802.1x authentication system. Figure 1: Entity protocol stacks of the 802.1x authentication system Authentication Requester Client Authentication Point Access Server Authentication Server AAA Server On the WLAN, most authentication service gateways of wireless users are configured on the AC. Otherwise, for example, when service gateways are configured on the Broadband Remote Access Server (BRAS), wireless users are the same as the wired users for service gateways. In the 802.1x authentication mode, authentication service gateways are configured on the AC and the local forwarding and concentrated forwarding of user data are supported. The 802.1x authentication is secure and reliable, can be easily implemented and flexibly applied, and meet industry standards. Therefore, it is frequently used on carrier or enterprise networks merging 3G and WLAN. Secure and reliable: In the wireless LAN environment, 802.1x is combined with EAP-TLS and EAP-TTLS to dynamically allocate WEP certificate keys, eliminating the security loopholes in wireless LAN access. Easily implemented and flexibly applied: The 802.1x retains the traditional AAA authentication network architecture, and can use existing RADIUS devices and easily implement and flexibly control the authentication granularity. In this authentication mode, user access, user IDs or connected devices can be authenticated for 错 误! 未 知 的 文 档 属 性 名 称 7/13
8 different users. Industry standards: The IEEE standard has the same source as the Ethernet standard, and can implement seamless merging with the Ethernet technology. The Windows, Linux, IOS, and Android operating systems running on clients support the 802.1x protocol. 2.3 Portal Authentication The portal authentication is also called the web authentication. When a user needs to use other information on the Internet, the user must pass the authentication on a portal website before using Internet resources. The user can visit an existing portal server and enter the user name and password for authentication. The user can also directly visit other external networks through HTTP. However, any external network URL visited before authentication is forcibly pushed to the portal server. On the WLAN, most authentication service gateways of wireless users are configured on the AC. Otherwise, for example, when service gateways are located on the BRAS, wireless users are the same as the wired users for service gateways. In the portal authentication mode, authentication service gateways are configured on the AC and the local forwarding and concentrated forwarding of user data are supported. The Huawei WLAN product version V2R2 passes the TR5 review by the end of October. The portal authentication includes the Layer 2 authentication and Layer 3 authentication. The differences between the Layer 2 authentication and Layer 3 authentication are that in the Layer 2 authentication, the MAC address of the server to which a user is to visit cannot be obtained and the ARP detection cannot be performed to check whether a user is online. The Layer 2 authentication and Layer 3 authentication processes are the same. Figure 2 shows the process. Figure 2: Portal authentication (web authentication) process 错 误! 未 知 的 文 档 属 性 名 称 8/13
9 C l i e n t Access Server DHCP Server Web Authentication Server 6 AAA Server The process is as follows: 1 to 4: A dynamic user obtains the MAC address through DHCP (a static user can manually configure the MAC address). 5: The user visits the authentication page of the web authentication server, and enters the user name and password to log in. 6: The portal authentication server notifies the access server of the user information through internal protocols. 7: The access server authenticates the user on the corresponding AAA server. 8: The AAA server sends back the authentication result to the access server. 9: The access server notifies the web authentication server of the authentication result. 10: The web authentication server displays the authentication result on the HTTP authentication page to notify the user of the result 错 误! 未 知 的 文 档 属 性 名 称 9/13
10 11: The user accesses network resources normally after the authentication succeeds. The portal authentication can provide convenient management functions. Portal websites can develop advertisement and community services and personalized businesses. In this manner, carriers, device providers, and content and service providers can form an Internet content union. The portal authentication is frequently used on carrier or enterprise WLANs. 2.4 Real-Name Authentication The security of WLAN is crucial for the large-scale deployment and widespread application of WLAN, particularly in sensitive scenarios such as government department and schools. Huawei introduces the real name authentication system for such scenarios, making the tracing and auditing of floating personnel easier. The real-name authentication takes the mobile number as the real name and the network account. Figure 3 shows the real-name authentication process. Figure 3: Real-name authentication process (5) The system sends the network account and password to the visitor service mobile phone. Third-Party SMS Message Platform Enterprise WLAN 5 (6) The visitor enters and submits the account and password, and uses the network after authentication. 6 SRUN AAA IP backbone network 4 (4) The administrator authenticates the mobile number and the visitor. AC (2) The visitor connects to the WLAN. The self-service portal page is displayed. (1) A visitor enters the enterprise for visit and communication. portal LSW (3) The visitor enters the mobile number for registration and applies for the network password Enterprise visitor Enterprise employee HUAWEI TECHNOLOGIES CO., LTD. Page 1 The real-name authentication makes the following tasks easier: Tracing and auditing visitors Providing online self-services for visitors Obtaining accounts and passwords automatically using Short Message Service (SMS) 错 误! 未 知 的 文 档 属 性 名 称 10/13
11 messages Appointing a customer or reserving a meeting Sending account passwords or reserved meeting notifications to appointed customers in s at specified time 2.5 WAPI Authentication The WAPI is the Chinese national WLAN standard GB This standard includes the new WAPI security mechanism. WAPI is an access control method based on Triple-Element Peer Authentication (TePA). It implements two-way authentication, and supports certificate authentication and pre-shared key authentication. It also supports unicast and multicast, and can be widely used in wired and wireless networks. However, WAPI is commercially immature, and is seldom used in markets outside China. 3. Ordering Information The authentication and encryption feature is bound to WLAN devices, and do not need to be separately purchased. To order the feature, you must order the device at the same time. For details, contact the local sales office. Table 2 lists the ordering information. Table 2: Ordering information of authentication and encryption feature Device Description AP devices AP6010SN/DN AP7110DN AP6310SN AP6510DN Built-in antenna. Indoor installation mode, 100 mw, and supporting b/g/n and the authentication and encryption feature. External antenna. Adopting leading technology, 3x3 MIMO, and supporting b/g/n and the authentication and encryption feature. Indoor high power Data Access Service (DAS) product. 100 mw, and supporting b/g/n and the authentication and encryption feature. Outdoor dual-frequency standard AP device. 2.4 GHz 500 mw/5 GHz 错 误! 未 知 的 文 档 属 性 名 称 11/13
12 125 mw, and supporting b/g/n and the authentication and encryption feature. Outdoor dual-frequency bridge AP device. 2.4 GHz 500 mw/5 GHz 125 AP6610DN mw, and supporting upstream optical interfaces, b/g/n and the authentication and encryption feature. AC devices AC PWR host. 20 GE interfaces, 4 combo interfaces, 2 SFP+ AC6605 ports, and supporting the authentication and encryption feature. The license must be configured. ACU-H80D2ACMPS00-Wireless access control board. This device is not S9300/S7700 SPU separately for sale. The license must be configured. The authentication and encryption feature must be configured. Authentication server Deep blue srun300 TSM This device supports the 802.1x, portal, MAC, and WAPI authentication, and traffic-based and duration-based charging. This device supports the 802.1x, portal, MAC, and WAPI authentication and the policy control. SMS message platform Third-party SMS message Integrate the third-party SMS message platforms or purchase the SMS platform/sms modem message message modems based on the site requirements, for example, those produced by Montnets or Maixuntong. 4. Huawei and Partners Huawei and partners can help you enhance network authentication and secure deployment experience, and speed up the establishment, O&M, innovation, and growth of the WLAN. Huawei has a professional team for secure authentication technology and a senior team for WLAN design 错 误! 未 知 的 文 档 属 性 名 称 12/13
13 These teams can create a clear and replicable WLAN network with easy O&M and optimize services and enhance performance for you, helping you increase operation efficiency, save funds, reduce risks, and achieve success. 5. More Information For more information about Huawei WLAN authentication and encryption feature, visit or contact the local sales office 错 误! 未 知 的 文 档 属 性 名 称 13/13
WLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.
WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationSelf Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:
IMPORTANT! This Guide refers to the following Products: Securing Your Wireless Network Please read the following carefully; Synopsis: This Guide is designed to help you if you have a Wireless Network that
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationWireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)
Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights
More informationUNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security
UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop
More informationCertified Wireless Security Professional (CWSP) Course Overview
Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationchap18.wireless Network Security
SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless
More informationWhite paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationWIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS
January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationAdvanced Security Issues in Wireless Networks
Advanced Security Issues in Wireless Networks Seminar aus Netzwerke und Sicherheit Security Considerations in Interconnected Networks Alexander Krenhuber Andreas Niederschick 9. Januar 2009 Advanced Security
More informationImplementing Security for Wireless Networks
Implementing Security for Wireless Networks Action Items for this session Learn something! Take notes! Fill out that evaluation. I love to see your comments and we want to make these better! Most important:
More informationEVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)
EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}
More informationSymm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationParticularities of security design for wireless networks in small and medium business (SMB)
Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro
More informationA Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G USB Network Adapter with RangeBooster User Guide Model No. WUSB54GR Copyright and Trademarks Specifications are subject to change without
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationLecture 3. WPA and 802.11i
Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture
More informationWISE-4000 Series. WISE IoT Wireless I/O Modules
WISE-4000 Series WISE IoT Wireless I/O Modules Bring Everything into World of the IoT WISE IoT Ethernet I/O Architecture Public Cloud App Big Data New WISE DNA Data Center Smart Configure File-based Cloud
More informationWLAN Authentication and Data Privacy
WLAN Authentication and Data Privacy Digi Wi-Point 3G supports various Wi-Fi security options, including WEP-40/WEP-104 and WPA- PSK and WPA2-PSK. To configure WLAN security on DIGI WI-POINT 3G, you may
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationWLAN Information Security Best Practice Document
WLAN Information Security Best Practice Document Produced by FUNET led working group on wireless systems and mobility (MobileFunet) (WLAN security) Author: Wenche Backman Contributors: Ville Mattila/CSC
More informationWiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise
Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi
More informationSetting up a WiFi Network (WLAN)
Setting up a WiFi Network (WLAN) How to set up Wi-Fi on your Huawei E960 InZone Step 1: In the address field on your internet browser, type http://192.168.1.1/ Step 2: Type admin into the Password box
More informationConfigure WorkGroup Bridge on the WAP131 Access Point
Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless
More informationTECHNICAL NOTE REFERENCE DOCUMENT. Improving Security for Axis Products. Created: 4 October 2007. Last updated: 11 October 2007. Rev: 1.
TECHNICAL NOTE REFERENCE DOCUMENT Improving Security for Axis Products Created: 4 October 2007 Last updated: 11 October 2007 Rev: 1.0 TABLE OF CONTENTS 1 INTRODUCTION 3 2 BEST-PRACTICE SECURITY POLICIES
More informationUnderstanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones
Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones Polycom s SpectraLink 8400 Series wireless phones meet the highest security requirements. By the time you deploy
More informationHP M220 802.11n Access Point Configuration and Administration Guide
HP M220 802.11n Access Point Configuration and Administration Guide HP Part Number: 5998-3140 Published: September 2012 Edition: 1 Copyright 2012 Hewlett-Packard Development Company, L.P. The information
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationEAP-WAI Authentication Protocol
EAP-WAI Authentication Protocol draft-richard-emu-wai-00 Richard 2009-07-26 Stockholm, IETF 75th Preface WAPI is a WLAN security protocol and brought forward By a Standard Group in China. It was invited
More informationPart Number: 203285. HG253s V2 Home Gateway Product Description V100R001_01. Issue HUAWEI TECHNOLOGIES CO., LTD.
Part Number: 203285 HG253s V2 Home Gateway Issue V100R001_01 HUAWEI TECHNOLOGIES CO., LTD. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means
More informationHow To Understand The Latest Wireless Networking Technology
GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band.
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationHow To Use The Cisco Aironet 1240G Series For A Wireless Network (Wired) And For A Wired Network (Wireless)
Cisco Aironet 1240G Series Access Point Cisco Aironet 1240G Series Access Points provide single-band 802.11g wireless connectivity for challenging RF environments such as factories, warehouses, and large
More informationQuestion How do I access the router s web-based setup page? Answer
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=3676 Question How do I access the router s web-based setup page? Answer All Linksys routers have a built-in web-based setup
More informationHow To Secure A Wireless Network With A Wireless Device (Mb8000)
MB8000 Network Security and Access Control Overview MB8000 employs almost all of the current popular WLAN security mechanisms. These include wireless-user isolation, closed system (by turning off SSID
More informationProCurve Wireless LAN Security
ProCurve Wireless LAN Security Fundamentals Guide Technical Training Version 8.21 Contents ProCurve Wireless LAN Security Fundamentals Introduction... 1 Objectives... 1 Discussion Topics... 2 Authentication
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More informationEnterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003
Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.
More informationRunning Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS
Wireless Data Network Security 1 Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security for Hospitals: Various Solutions to Meet HIPAA Requirements. Jody Barnes East
More informationConfiguring Security Solutions
CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from
More informationSecuring Wireless LANs with LDAP
A P P L I C A T I O N N O T E Securing Wireless LANs with LDAP Many organizations have standardized on LDAP (Lightweight Directory Access Protocol) servers as a repository for their users and related security
More informationQuick Installation Guide of WLAN Broadband Router
To avoid users without access right through your WLAN Broadband Router, suggest that use security mechanism like WEP, WPA or set ID/password for web configuration login IP address 192.168.1.254. Preparation
More informationWi-Fi Client Device Security & HIPAA Compliance
Wi-Fi Client Device Security & HIPAA Compliance Originally Published: September 2010 Updated: October 2012 A White Paper from Laird Technologies Connecting medical devices to a hospital s Wi-Fi network
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationCisco Virtual Office Express
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
More informationCisco Aironet 1130G Series IEEE 802.11g Access Point
Cisco Aironet 1130G Series IEEE 802.11g Access Point Low-profile business-class access point with integrated antennas for easy deployment in offices and similar RF environments Product Overview The Cisco
More informationALL1682511. 500Mbits Powerline WLAN N Access Point. User s Manual
ALL1682511 500Mbits Powerline WLAN N Access Point User s Manual Contents 1. Introduction...1 2. System Requirements...1 3. Configuration...1 4. WPS...9 5. Wireless AP Settings...9 6. FAQ... 15 7. Glossary...
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationConfiguration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone
Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone Product Summary Manufacturer: Cisco Systems: www.cisco.com Access Point: Cisco Aironet 1130AG
More informationWLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles
WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking
More informationClickShare Network Integration
ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationChapter 2 Configuring Your Wireless Network and Security Settings
Chapter 2 Configuring Your Wireless Network and Security Settings This chapter describes how to configure the wireless features of your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router. For a wireless
More informationAPPENDIX 3 LOT 3: WIRELESS NETWORK
APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationHP E-M110 Access Point Series. Product overview. Key features. Data sheet
HP E-M110 Access Point Series Data sheet Product overview HP E-M110 Access Point is an entry-level, single IEEE 802.11a/b/g radio device that can be configured to operate as an access point, a wireless
More information9 Simple steps to secure your Wi-Fi Network.
9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password
More informationWireless Network Security Challenges
Wireless Network Security Challenges SHARE Summer 2010 Boston Laura Knapp WW Business Consultant Applied Expert Systems (www.aesclever.com) laurak@aesclever.com laura@lauraknapp.com Networking - Connecting
More informationCS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard
CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11
More informationPortal Authentication Technology White Paper
Portal Authentication Technology White Paper Keywords: Portal, CAMS, security, authentication Abstract: Portal authentication is also called Web authentication. It authenticates users by username and password
More informationIEEE 802.11 Wireless LAN Security Overview
138 IEEE 802.11 Wireless LAN Security Overview Ahmed M. Al Naamany, Ali Al Shidhani, Hadj Bourdoucen Department of Electrical and Computer Engineering Sultan Qaboos University, Oman. Summary Wireless Local
More informationOptimizing Converged Cisco Networks (ONT)
Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability Implementing WLAN QoS Objectives Describe why WLANs need to support QoS policies in enterprise networks. Explain the issues
More informationUSER GUIDE Cisco Small Business
USER GUIDE Cisco Small Business WBPN Wireless-N Bridge for Phone Adapters December 2011 Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries.
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationProduct Specifications
Product Specifications IWE1700-A Outdoor Wireless Access Point Pro/Advanced Version: 1.00 Last Updated: 3/11/2005 InterEpoch Technology, Inc. 7F., No.3, Alley 6, Lane 235, Pao-Chiao Rd., Hsin-Tien City,
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationEnterprise Wireless LAN. Key Features. Benefits. Hotspot/Service Gateway Series
Key Features Comprehensive Wireless Internet Access Solution Zero Configuration IP Plug and Play Unique Ticket Printer for Easy Service and Accounting Web-based User Authentication, Account Monitoring,
More informationWhite paper. Wireless Security: It s Like Securing Your Home
White paper Wireless Security: It s Like Securing Your Home WLAN SECURITY IS JUST LIKE YOUR HOUSE Imagine your home, filled with the people you love and your prized possessions. You open all the windows
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More informationCisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT)
Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT) Course Number: 642 845 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: Cisco CCNP Exam 642 845:
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationThe Importance of Wireless Security
The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be
More informationWLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University
WLAN Security Giwhan Cho ghcho@dcs.chonbuk.ac.kr Distributed/Mobile Computing System Lab. Chonbuk National University Content WLAN security overview 802.11i WLAN security components pre-rsn (Robust Security
More informationWi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003
Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 2003 Wi-Fi Alliance. Wi-Fi is a registered trademark of the Wi-Fi Alliance
More informationAuthentication and Security in IP based Multi Hop Networks
7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security
More informationWireless Security for Mobile Computers
A Datalogic Mobile and Summit Data Communications White Paper Original Version: June 2008 Update: March 2009 Protecting Confidential and Sensitive Information It is every retailer s nightmare: An attacker
More informationWLAN Outdoor CPE For 2.4G. Quick Installation Guide
WLAN Outdoor CPE For 2.4G Quick Installation Guide Part I: External Installation Direction A. Check the parts in your box CPE SET 1 DC 12V/1.5A Power Adapter 1 PoE DC Injector 1 Hose Clamps 2 Manual &
More informationNetwork User s Guide
Network User s Guide Multi-Protocol On-board Ethernet Print Server and Wireless Ethernet Print Server This Network User's Guide provides useful information on wired and wireless network settings and security
More information