WIRELESS LAN SECURITY FUNDAMENTALS
|
|
- Kathlyn Roberts
- 7 years ago
- Views:
Transcription
1 WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015
2 Learning Goals Authentication with 802.1X But first: We need to understand some PKI And before that, we need a cryptography primer And before that What is security 2
3 Security basics What is security? 3
4 Biggest security challenge at BH 4
5 CRYPTOGRAPHY PRIMER
6 Why study cryptography? Absolutely critical to wireless security Heavily used during authentication process Protects data in transit Makes you more interesting at parties 6
7 Meet Bob and Alice Bob and Alice are traditionally used in examples of cryptography 7
8 Symmetric Key Cryptography 8
9 Symmetric Key Cryptography Strength: Simple and very fast (order of 1000 to faster than asymmetric mechanisms) Challenges: Must agree on the key beforehand How to securely pass the key to the other party? Examples: AES, 3DES, DES, RC4 AES is the current gold standard for security 9
10 Public Key Cryptography (Asymmetric) 10
11 Public Key Cryptography Strength Solves problem of passing the key Allows establishment of trust context between parties Challenges: Slow (MUCH slower than symmetric) Problem of trusting public key (what if I ve never met you?) Examples: RSA, DSA, ECDSA 11
12 Hybrid Cryptography Randomly generate session key Encrypt data with session key (symmetric key cryptography) Encrypt session key with recipient s public key (public key cryptography) 12
13 Hash Function Properties it is easy to compute the hash value for any given message it is infeasible to find a message that has a given hash it is infeasible to find two different messages with the same hash it is infeasible to modify a message without changing its hash Ensures message integrity Also called message digests or fingerprints Examples: MD5, SHA1, SHA2 (256/384/512) 13
14 Message Integrity with CBC-MAC Set IV=0 Run message through AES-CBC (or some other symmetric cipher) Discard everything except final block this output is the MAC 14
15 AES-CCM (Counter with CBC-MAC) CBC-MAC AES in Counter Mode 15
16 Entropy (Information-theoretic, not thermodynamic!) When we create a random key, it must be unique and unpredictable We need good random numbers for this What happens if it s not unique or unpredictable? 16
17 Summary: Security Building Blocks Encryption provides confidentiality, can provide authentication and integrity protection Checksums/hash algorithms provide integrity protection, can provide authentication Digital signatures provide Buy this Book! authentication, integrity protection For more info: 17
18 CERTIFICATES, TRUST & PKI
19 What is a Certificate? Binds a public key to some identifying information The signer of the certificate is called its issuer The entity talked about in the certificate is the subject of the certificate Certificates in the real world Any type of license, government-issued ID s, membership cards,... Binds an identity to certain rights, privileges, or other identifiers 19
20 Public Key Infrastructure A Certificate Authority (CA) guarantees the binding between a public key and another CA or an End Entity (EE) CA Hierarchies 20
21 Who do you trust? Windows: Start->Run->certmgr.msc 21
22 Public Key Infrastructure We trust a certificate if there is a valid chain of trust to a root CA that we explicitly trust Web browsers also check DNS hostname == certificate Common Name (CN) Chain Building & Validation 22
23 Creating Certificates A-Z 1. Generate entropy 2. Use entropy to create random public/private keypair (asymmetric crypto) 3. Attach identifying information to public key send to CA (Certificate Signing Request) 4. CA issues certificate in X.509 format Contains public key as supplied in CSR Contains hash of certificate contents Contains digital signature signed with CA s private key (hash + asymmetric crypto) 5. Retrieve certificate from CA match up with private key. Ready for use. 23
24 Generating Certificate Signing Request 24
25 Public CA versus Private CA Windows Server includes a domain-aware CA why not just use it? Disadvantages: PKI is complex. Might be easier to let Verisign/Thawte/etc. do it for you. Nobody outside your Windows domain will trust your certificates Advantages: Less costly Better security possible. Low chances of someone outside organization getting a certificate from your internal PKI 25
26 For More Info Buy this Book! 26
27 PUTTING IT ALL TOGETHER: 802.1X
28 Authentication with 802.1X Authenticates users before granting access to L2 media Makes use of EAP (Extensible Authentication Protocol) 802.1X authentication happens at L2 users will be authenticated before an IP address is assigned 28
29 Sample EAP Transaction 2-stage process Outer tunnel establishment Credential exchange happens inside encrypted tunnel EAPOL Start Client Request Identity Response Identity (anonymous) Client Key exchange Cert. verification Response credentials Authenticator Response Identity TLS Start Certificate Request credentials Authentication Server Success EAPOL RADIUS 29
30 802.1X Acronym Soup PEAP (Protected EAP) Uses a digital certificate on the network side Password or certificate on the client side EAP-TLS (EAP with Transport Level Security) Uses a certificate on network side Uses a certificate on client side TTLS (Tunneled Transport Layer Security) Uses a certificate on the network side Password, token, or certificate on the client side EAP-FAST Cisco proprietary Do not use known security weaknesses 30
31 #ATM15 31 CONFIDENTIAL Copyright Aruba Networks, Inc. All rights reserved
32 Configure Supplicant Properly Configure the Common Name of your RADIUS server (matches CN in server certificate) Configure trusted CAs (an in-house CA is better than a public CA) ALWAYS validate the server certificate Do not allow users to add new CAs or trust new servers Enforce with group policy 32
33 Isn t MSCHAPv2 broken? Short answer: Yes because of things like rainbow tables, distributed cracking, fast GPUs, etc. This is why we use MSCHAPv2 inside a PEAP (TLS) tunnel for Wi-Fi What happens if you don t properly validate the server certificate? Look up FreeRADIUS-WPE Test at Aruba HQ Sunnyvale 33
34 WPA2 Key Management Summary Auth Server AP/Controller Step 2: Use PMK and 4-Way Handshake to derive, bind, and verify PTK Step 1: Use RADIUS to push PMK from AS to AP Step 3: Use Group Key Handshake to send GTK from AP to STA 34
35 THANK YOU THANK YOU
Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationWhite paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More informationDeploying and Configuring Polycom Phones in 802.1X Environments
Deploying and Configuring Polycom Phones in 802.1X Environments This document provides system administrators with the procedures and reference information needed to successfully deploy and configure Polycom
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationClickShare Network Integration
ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecurity Policy. Trapeze Networks
MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision].
More informationWireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)
Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationWireless Network Configuration Guide
CIT Table of Contents Introduction... 1 General Wireless Settings... 1 1. Windows XP Wireless Configuration... 2 2. Windows XP Intel Pro Wireless Tool... 7 3. Windows Vista Using the Windows Wireless Tools...
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCSC574: Computer and Network Security
CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationStep-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database
Step-by-step Guide for Configuring Cisco ACS server as the Radius with an External Windows Database Table of Contents: INTRODUCTION:... 2 GETTING STARTED:... 3 STEP-1: INTERFACE CONFIGURATION... 4 STEP-2:
More informationConfigure WorkGroup Bridge on the WAP131 Access Point
Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationNetwork Authentication - 802.1X Secure the Edge of the Network - Technical White Paper
Bosch Security Systems Video Systems Network Authentication - 802.1X Secure the Edge of the Network - Technical White Paper 4 July 2016 Secure the edge of the network Security devices are mostly located
More informationWLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.
WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationSecurity Guide. BES12 Cloud. for BlackBerry
Security Guide BES12 Cloud for BlackBerry Published: 2015-03-31 SWD-20150317085646346 Contents Introduction... 7 About this guide...8 What is BES12 Cloud?... 9 Key features of BES12 Cloud...10 Security
More information802.1X Client Software
802.1X Client Software REV1.0.0 1910011339 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationWiMAX Public Key Infrastructure (PKI) Users Overview
WiMAX Public Key Infrastructure (PKI) Users Overview WiMAX, Mobile WiMAX, Fixed WiMAX, WiMAX Forum, WiMAX Certified, WiMAX Forum Certified, the WiMAX Forum logo and the WiMAX Forum Certified logo are trademarks
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationSecurity. 2014 Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -
Security - 1 - OPC UA - Security Security Access control Wide adoption of OPC SCADA & DCS Embedded devices Performance Internet Scalability MES Firewalls ERP Communication between distributed systems OPC
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationHow to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:
How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall: General Settings To connect to the ResNet-Secure SSID, a device is needed that supports 802.1X authentication and WPA2 Enterprise.
More informationCertified Wireless Security Professional (CWSP) Course Overview
Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationConfiguration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0
Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationSecurity Guide. BlackBerry Enterprise Service 12. for BlackBerry. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for BlackBerry Version 12.0 Published: 2014-11-12 SWD-20141106140037727 Contents Introduction... 7 About this guide...8 What is BES12?...9 Key features of
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationNetwork Security Protocols
Network Security Protocols Information Security (bmevihim100) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)
More informationUnderstanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones
Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones Polycom s SpectraLink 8400 Series wireless phones meet the highest security requirements. By the time you deploy
More informationDigital Certificates Demystified
Digital Certificates Demystified Alyson Comer IBM Corporation System SSL Development Endicott, NY Email: comera@us.ibm.com February 7 th, 2013 Session 12534 (C) 2012, 2013 IBM Corporation Trademarks The
More informationERNW Newsletter 36 / October 2011. Certificate Based Device Authentication with ios Devices
ERNW Newsletter 36 / October 2011 Certificate Based Device Authentication with ios Devices Version: 1.0 Date: 5 Oct 2011 Author: Rene Graf (rgraf@ernw.de) Table of contents 1 INTRODUCTION... 3 2 BACKGROUND
More informationDisplaying SSL Certificate and Key Pair Information
CHAPTER 6 Displaying SSL Certificate and Key Pair Information This chapter describes the show commands available for displaying SSL-related information, such as certificate signing request (CSR) parameter
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationUnderstanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012
Understanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012 Wai Choi, CISSP IBM Corporation RACF/PKI Development & Design Poughkeepsie, NY e-mail: wchoi@us.ibm.com 1 Trademarks
More informationCisco ISE and Certificates. How to Implement Cisco ISE and Server Side Certificates
Cisco ISE and Certificates How to Implement Cisco ISE and Server Side Certificates Table of Contents Certificate Usage... 3 So, what is a certificate?... 3 Determine if a Trusted Authority has Signed the
More informationHow To Test An Eap Test On A Network With A Testnet (Networking) On A Pc Or Mac Or Ipnet (For A Network) On An Ipnet Or Ipro (For An Ipro) On Pc Or Ipo
Chapter 6 - EAP Authentication This chapter describes using Extensible Authentication Protocol with FreeRADIUS. The following topics are discussed in this chapter: EAP Overview Types/Methods Testing with
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationAngel Dichev RIG, SAP Labs
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL
More informationWiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise
Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi
More informationASA and Native L2TP IPSec Android Client Configuration Example
ASA and Native L2TP IPSec Android Client Configuration Example Document ID: 113572 Contributed by Atri Basu and Rahul Govindan, Cisco TAC Engineers. Oct 29, 2013 Contents Introduction Prerequisites Requirements
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationLecture 3. WPA and 802.11i
Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationThe 802.1x specification
The 802.1x specification Fulvio Risso Politecnico di Torino Based on an existing presentation of Piero Nicoletti 1 IEEE 802.1x Port-Based Network Access Control Use physical access characteristics of IEEE
More informationExtension Wireless Access (EWA) v2.0
Extension Wireless Access (EWA) v2.0 The Extension Wireless Network (EWA) is broken into two parts: the public network (vce pub) and the private network (vce wlan). The public network (vce pub) is secured
More informationNetwork Services One Washington Square, San Jose, CA 95192-0209 408-924-1530
SJSU Premier Wi-Fi Service Network Services One Washington Square, San Jose, CA 95192-0209 408-924-1530 The SJSU Premier Wi-Fi service transmits your data across a secure, encrypted connection. This ensures
More informationiphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More information802.1x in the Enterprise Network
802.1x in the Enterprise Network Harrison Forest ICTN 6823 Abstract: This paper aims to provide a general over view of 802.1x authentication and its growing importance on enterprise networks today. It
More informationInternet access system through the Wireless Network of the University of Bologna (last update 6.3.2012)
Internet access system through the Wireless Network of the University of Bologna (last update 6.3.2012) Printable service summary document: the updated version is available online at the following address
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationWiFi Security: WEP, WPA, and WPA2
WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent
More informationIntroduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...
Hush Encryption Engine White Paper Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...4 Passphrase Requirements...4 Data Requirements...4
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationEAP Methods for 802.11 Wireless LAN Security
EAP Methods for 802.11 Wireless LAN Security Overview Because they broadcast data on the open airways, wireless networks present unique challenges for authentication mechanisms not encountered on wired
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationHuawei WLAN Authentication and Encryption
Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions
More informationConfiguring Windows 7 for eduroam at DkIT
Configuring Windows 7 for eduroam at DkIT Author: Paul Scollon, Computer Services Date: 18 th July, 2011 Version: 1.0 Note: see http://www.eduroam.ie/userdocs.php for details of other operating systems.
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationSecurity Guide. BlackBerry 10 Device
Security Guide BlackBerry 10 Device Published: 2016-01-29 SWD-20160129121335350 Contents Introduction... 5 Secure device management... 6 Hardware root of trust...7 The BlackBerry 10 OS... 8 The file system...8
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More information802.1X Authentication
OS X 10.7.3 and ios 5.1 May 25, 2012 Contents About 802.1X... 3 Apple Product Compatibility with 802.1X... 7 Configuring 802.1X Settings... 10 Resources... 17 Appendix A: Payload Settings for 802.1X...
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More information