Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Size: px
Start display at page:

Download "Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer"

Transcription

1 Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March (section 8.8) Also based on: LAN Switch Security, Eric Vyncke, Christopher Paggen Cisco Press, 2008 (chapters 2 to 6) 7: Securing LANs 7-1 Chapter 7: Securing LANs Chapter goals: security in practice: Security in the data link layer Securing Wireless LANs Securing Switched Ethernet LANs 7: Securing LANs 7-2 1

2 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-3 WEP Design Goals Symmetric key crypto Confidentiality Station authorization Data integrity Self-synchronizing: each packet separately encrypted Given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost Unlike Cipher Block Chaining (CBC) in block ciphers Efficient Can be implemented in hardware or software 7: Securing LANs 7-4 2

3 Review: Symmetric Stream Ciphers key keystream generator keystream Combine each byte of keystream with byte of plaintext to get ciphertext m(i) = i th unit of message ks(i) = i th unit of keystream c(i) = i th unit of ciphertext c(i) = ks(i) m(i) ( = exclusive or) m(i) = ks(i) c(i) WEP uses RC4 7: Securing LANs 7-5 Stream cipher and packet independence Recall design goal: each packet separately encrypted If for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted Need to know where we left off for packet n WEP approach: initialize keystream with key + new IV for each packet: Key+IV packet keystream generator keystream packet 7: Securing LANs 7-6 3

4 WEP encryption (1) Sender calculates Integrity Check Value (ICV) over data four-byte hash/crc for data integrity Each side has 104-bit shared key Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key Sender also appends keyid (in 8-bit field) 128-bit key input into pseudo random number generator to get keystream data in frame + ICV is encrypted with RC4: Bytes of keystream are XORed with bytes of data & ICV IV & keyid are appended to encrypted data to create payload Payload inserted into frame encrypted IV Key ID data ICV MAC payload 7: Securing LANs 7-7 WEP encryption (2) Sender-side IV (per frame) K s : 104-bit secret symmetric key key sequence generator (for given K s, IV) IV IV IV IV IV IV k 1 k 2 k 3 k N k N+1 k N header IV WEP-encrypted data + CRC Plaintext frame data + CRC d 1 d 2 d 3 d N CRC 1 CRC 4 c 1 c 2 c 3 c N c N+1 c N+4 new IV for each frame 7: Securing LANs 7-8 4

5 WEP decryption overview encrypted IV Key ID data ICV MAC payload Receiver extracts IV Inputs IV and shared secret key into pseudo random generator, gets keystream XORs keystream with encrypted data to decrypt data + ICV Verifies integrity of data with ICV Note: message integrity approach used here is different from the MAC (message authentication code) and signatures (using PKI) 7: Securing LANs 7-9 End-point authentication with nonce STA: client station I am Alice R AP: access point authentication as in protocol ap4.0 K A-B (R) host requests authentication from access point access point sends 128-bit nonce: R host encrypts nonce using shared symmetric key: K A-B (R) access point decrypts nonce, authenticates host Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! 7: Securing LANs

6 WEP Authentication authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce authentication: knowing the shared key is enough. But no key distribution mechanism - Not all APs do it, even if WEP is being used - AP indicates if authentication is necessary in beacon frame - Done before association 7: Securing LANs 7-11 Breaking WEP encryption security hole: 24-bit IV, one IV per frame -> IV s eventually reused After 12,000 frames, 99% probability to have reused same IV Could be as short as a few seconds at full LAN capacity! IV transmitted in plaintext -> IV reuse detected attack: Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 Trudy sees: c i = d i XOR k i IV Trudy knows c i and d i, so can compute k i IV Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV Next time IV is used, Trudy can decrypt! 7: Securing LANs

7 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs i: improved security numerous (stronger) forms of encryption possible replacing WEP e.g., CCMP based on AES, or strengthened WEP provides key distribution one key per station, not the same key for all! uses authentication server separate from access point good thing for mobility 7: Securing LANs

8 802.11i: four phases of operation (802.1x) STA: client station 1 Discovery of security capabilities AP: access point wired network AS: Authentication server (AAA) 2 STA and AS mutually authenticate, together generate Master Key (MK). AP serves as pass through 3 STA derives Pairwise Master Key (PMK) 3 AS derives same PMK, sends to AP 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 7: Securing LANs 7-15 EAP: extensible authentication protocol EAP: end-end client (mobile) to authentication server protocol EAP sent over separate links mobile-to-ap (EAP over LAN) defines the way to encapsulate EAP messages in frames AP-to-AS (RADIUS over UDP) allows non local communication (including roaming through a Radius proxy) EAP-TLS: uses X.509v3 PKI-issued certificates and TLS mechanisms for strong end-end mutual authentication Mobile AP wired network AS EAP over LAN (EAPoL) IEEE EAP TLS EAP RADIUS UDP/IP 7: Securing LANs

9 Other standards WPA: WiFi Protected Access Implements the majority of the IEEE i standard Existed before IEEE i Still uses RC4 Two modes: Enterprise: uses 802.1x, so PMK is specific to client station Personal: does not use 802.1x, PMK is replaced by a pre-shared key, simpler, use for SOHO (Small Office Home Office) environments, no need for AS server WPA2 Implements the full IEEE i But may not work with older WiFi cards 7: Securing LANs 7-17 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

10 Switched Ethernet Reminder Switches build a spanning tree to avoid loops Root bridge, root ports, forwarding/blocking ports Switches self-learn mapping between MAC addresses and ports, by looking at MAC source addresses They build a CAM (Content Addressable Memory) table When a MAC address is not in the table, the switch floods the frame Switches are transparent to routers and hosts A set of interconnected switches form a LAN For IP, this LAN is a subnet IP addresses are mapped on MAC addresses by the ARP protocol Don t confuse MAC forwarding tables and ARP tables! 7: Securing LANs 7-19 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

11 MAC spoofing attack MAC spoofing B sends a frame with source MAC address C Switch «learns» that C is reachable via interface 2! B can now see the frames destined for C Some switches will overwrite C s entry C cannot see frames any longer! DoS attack! A Spoofed source: C Dest: A C A B C 7: Securing LANs 7-21 MAC flooding attack B generates a large number of frames with spoofed MAC addresses Switch (CAM) table will overflow Capacity of table may vary from a few thousands to more than 100,000 entries Older entries will be removed from table Switch now floods frames on all interfaces for removed (unknown) MAC addresses Usually one table per switch, not one per VLAN All VLANs impacted A Y? X? B C 7: Securing LANs

12 Preventing MAC spoofing and flooding attacks MAC address activity notification Many switches can be configured to warn about frequent MAC address changes Port security Associate a (few) MAC address(es) with every port (Why not just 1?) Can be static or dynamic Violations are notified Unicast flooding protection Limited flooding is normal But continuous flooding is not! Alert! DHCP snooping See next slides 7: Securing LANs 7-23 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

13 Attack against DHCP DHCP is not a datalink protocol but solutions to DHCP attacks are also useful to thwart layer 2 attacks DHCP reminder: Client discovers server(s): broadcast packet DHCP server broadcasts an offer Client broadcasts interest in (one) offer DHCP acks Client gets IP address and mask, but also default router and DNS servers! A (quick) rogue DHCP server can easily redirect client to a fake router and/or fake DNS server Solution: DHCP snooping Monitor and restrict DHCP operations on a (V)LAN A host has no reason to send DHCP offers (nor ACKs)! Don t let DHCP offers enter the switch on «untrusted» ports In addition: DHCP snooping allows to learn IP-to-MAC bindings Learns IP address assigned to client and knows client MAC address (present in request) 7: Securing LANs 7-25 DHCP snooping to thwart IP/ MAC spoofing attacks IP spoofing Source: B Spoofed source IP is IP C Dest: A B A IP packet B: attacker MAC spoofing Spoofed source: C Dest: A Source IP is IP B C A IP packet B: attacker A C: victim A C: victim DHCP snooping: discard frames with invalid <IP, MAC> source address pairs 7: Securing LANs

14 ARP spoofing/poisoning Telling that IP C is at MAC B ARP reminder: ARP request: MAC broadcast frame searching for an IP address ARP reply: unicast Gratuitous ARP: Reply sent without prior request Useful when MAC address changes ARP spoofing/poisoning Sends gratuitous ARP with wrong IP-to-MAC mapping: attacker s MAC address (MAC B ) mapped to victim s IP address (IP C ) All traffic to C is actually sent to B. Then B can silently forward it to C after sniffing: Man-in-the- Middle attack Note: B needs a second ARP spoofing attack to also sniff the return traffic A Source: B Solutions: Dest: A B A gratuitous ARP C: victim B: attacker Ignore gratuitous ARP Use an IDS to track changes in IP-to-MAC mappings Rely on DHCP snooping 7: Securing LANs 7-27 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

15 Attacking the Spanning Tree Protocol Taking over the root bridge Attacker sends BPDUs with smallest id Becomes root bridge If attacker is dualhomed some traffic can be redirected to cross attacker s device BPDU flooding DoS attack Solution: Discard BPDUs on access ports End stations are not supposed to send BPDUs! 7: Securing LANs 7-29 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

16 VLANs Reminder VLAN: Virtual LAN Multiple VLANs can be deployed on the same set of switches (same LAN infrastructure) 802.1Q: Extended frame format, with VLAN id Frames cannot jump from one VLAN to another without crossing a router Broadcast frames remain on their VLAN A VLAN can be switch-port-based or MAC-addressbased One can define VLANs within VLANs: VLAN ids can be stacked in the 802.1Q frame When a frame has no VLAN id on a trunk line, there is a default VLAN id which the frame is considered to be associated with 7: Securing LANs 7-31 Attacking the VLAN tag stack Victim A: is on VLAN 2 Switch strips off 1st tag (equal to default) B being on VLAN 1? A 2 Trunk line with default VLAN = 1. Frames on VLAN 1 travel untagged? A 1 2 Inner VLAN Outer VLAN VLAN hopping Frame hops from VLAN 1 to VLAN 2! Victim on VLAN 2 can receive killer packets from an attacker on VLAN 1 without crossing any router! Solutions Don t assign default VLAN to any access port, or Force all traffic on trunk to always carry a tag, even the default one 7: Securing LANs

17 Summary Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i IEEE 802.1x EAP Radius Same AAA principles can also be used with Switched Ethernet LANs Securing Switched Ethernet LANs Securing the MAC selflearning process MAC spoofing MAC flooding Securing DHCP and ARP Rogue DHCP server ARP spoofing/poisoning Securing the spanning tree protocol Securing VLANs VLAN hopping 7: Securing LANs

Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Netzwerksicherheit: Anwendungen

Netzwerksicherheit: Anwendungen Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Wireless security. Any station within range of the RF receives data Two security mechanism

Wireless security. Any station within range of the RF receives data Two security mechanism 802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the

More information

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key

More information

Authentication in WLAN

Authentication in WLAN Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing

More information

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2 Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,

More information

CS 356 Lecture 29 Wireless Security. Spring 2013

CS 356 Lecture 29 Wireless Security. Spring 2013 CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Securing end devices

Securing end devices Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security

More information

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

More information

Wireless Networks. Welcome to Wireless

Wireless Networks. Welcome to Wireless Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)

More information

Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

More information

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

More information

Tutorial 3. June 8, 2015

Tutorial 3. June 8, 2015 Tutorial 3 June 8, 2015 I. Basic Notions 1. Multiple-choice (Review Questions Chapter 6, 8 and 11) 2. Answers by a small paragraph (Chapter 2: viruses: MBR, rootkits, ) Multiple choice X. Which is the

More information

CSC574: Computer and Network Security

CSC574: Computer and Network Security CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice

More information

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port 1. VLAN Overview 2. VLAN Trunk 3. Why use VLANs? 4. LAN to LAN communication 5. Management port 6. Applications 6.1. Application 1 6.2. Application 2 6.3. Application 3 6.4. Application 4 6.5. Application

More information

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2

More information

chap18.wireless Network Security

chap18.wireless Network Security SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless

More information

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074 Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.

More information

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm

More information

WLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.

WLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by

More information

CS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

CS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11

More information

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Huawei WLAN Authentication and Encryption

Huawei WLAN Authentication and Encryption Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

The Wireless Network Road Trip

The Wireless Network Road Trip The Wireless Network Road Trip The Association Process To begin, you need a network. This lecture uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in

More information

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Implement Spanning Tree Protocols LAN Switching and Wireless Chapter 5 Explain the role of redundancy in a converged

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will

More information

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights

More information

WLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University

WLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University WLAN Security Giwhan Cho ghcho@dcs.chonbuk.ac.kr Distributed/Mobile Computing System Lab. Chonbuk National University Content WLAN security overview 802.11i WLAN security components pre-rsn (Robust Security

More information

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G. Network Security Chapter 15 Security of Wireless Local Area Networks Network Security WS 2002: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control MAC and physical characteristics

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Wireless Security: Secure and Public Networks Kory Kirk

Wireless Security: Secure and Public Networks Kory Kirk Wireless Security: Secure and Public Networks Kory Kirk Villanova University Computer Science kory.kirk@villanova.edu www.korykirk.com/ Abstract Due to the increasing amount of wireless access points that

More information

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able

More information

IEEE 802.1X For Wireless LANs

IEEE 802.1X For Wireless LANs IEEE 802.1X For Wireless LANs John Roese, Ravi Nalmati, Cabletron Albert Young, 3Com Carl Temme, Bill McFarland, T-Span David Halasz, Aironet Paul Congdon, HP Andrew Smith, Extreme Networks Slide 1 Outline

More information

Switching in an Enterprise Network

Switching in an Enterprise Network Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise Chapter 3 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Compare the types of

More information

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring

More information

Configure WorkGroup Bridge on the WAP131 Access Point

Configure WorkGroup Bridge on the WAP131 Access Point Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless

More information

How To Secure Wireless Networks

How To Secure Wireless Networks Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Wireless Local Area Networks (WLANs)

Wireless Local Area Networks (WLANs) 4 Wireless Local Area Networks (WLANs) Contents Overview...................................................... 4-3 Configuration Options: Normal Versus Advanced Mode.............. 4-4 Normal Mode Configuration..................................

More information

WiFi Security: WEP, WPA, and WPA2

WiFi Security: WEP, WPA, and WPA2 WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent

More information

Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model

Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model AUTOMATYKA 2010 Tom 14 Zeszyt 1 Marcin Ko³odziejczyk* Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model 1. Introduction The purpose of this article is to describe some security levels

More information

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow) Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a

More information

Computer Networks - CS132/EECS148 - Spring 2013 --------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 -------------------------------------------------------------------------- Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) --------------------------------------------------------------------------

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance CHAPTER 5 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive

More information

WIRELESS LAN SECURITY FUNDAMENTALS

WIRELESS LAN SECURITY FUNDAMENTALS WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015 #ATM15ANZ @ArubaANZ Learning Goals Authentication with 802.1X But first: We need to understand some PKI And before that, we need a cryptography

More information

Chapter 8. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, sl April 2009. Thanks and enjoy!

Chapter 8. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, sl April 2009. Thanks and enjoy! Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

ACC-232 2002, Cisco Systems, Inc. All rights reserved.

ACC-232 2002, Cisco Systems, Inc. All rights reserved. 1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless

More information

Wireless Network Security Challenges

Wireless Network Security Challenges Wireless Network Security Challenges SHARE Summer 2010 Boston Laura Knapp WW Business Consultant Applied Expert Systems (www.aesclever.com) laurak@aesclever.com laura@lauraknapp.com Networking - Connecting

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin Exploiting First Hop Protocols to Own the Network Rocket City TakeDownCon 2015 Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin www.dynetics.com V## Goes Here 1 OSI and TCP/IP Model OSI

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Solutions for LAN Protection

Solutions for LAN Protection Solutions Guide Solutions for LAN Protection Allied Telesis security features safeguard networks and mitigate attacks Introduction The increasing number of connected devices in today s networks has created

More information

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1

Local Area Networks. LAN Security and local attacks. TDC 363 Winter 2008 John Kristoff - DePaul University 1 Local Area Networks LAN Security and local attacks TDC 363 Winter 2008 John Kristoff - DePaul University 1 Overview Local network attacks target an internal network Some attacks can be launched remotely

More information

Network Security Protocols

Network Security Protocols Network Security Protocols Information Security (bmevihim100) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete slides (including

More information

Security in Wireless and Mobile Networks

Security in Wireless and Mobile Networks Security in Wireless and Mobile Networks 1 Introduction This is a vast and active field, a course by itself Many references on wireless security A good book on wireless cooperation: Thwarting Malicious

More information

IEEE 802.11 Wireless LAN Security Overview

IEEE 802.11 Wireless LAN Security Overview 138 IEEE 802.11 Wireless LAN Security Overview Ahmed M. Al Naamany, Ali Al Shidhani, Hadj Bourdoucen Department of Electrical and Computer Engineering Sultan Qaboos University, Oman. Summary Wireless Local

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge

More information

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas. Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key

More information

Based on Computer Networking, 4 th Edition by Kurose and Ross

Based on Computer Networking, 4 th Edition by Kurose and Ross Computer Networks Ethernet Hubs and Switches Based on Computer Networking, 4 th Edition by Kurose and Ross Ethernet dominant wired LAN technology: cheap $20 for NIC first widely used LAN technology Simpler,

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

- Hubs vs. Switches vs. Routers -

- Hubs vs. Switches vs. Routers - 1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing

More information

Lecture 2 Secure Wireless LAN

Lecture 2 Secure Wireless LAN Lecture 2 Secure Wireless LAN Network security (19265400 / 201000086) Lecturers: Aiko Pras Pieter-Tjerk de Boer Anna Sperotto Ramin Sadre Georgios Karagiannis Acknowledgements Part of the slides are based

More information

Advanced Security Issues in Wireless Networks

Advanced Security Issues in Wireless Networks Advanced Security Issues in Wireless Networks Seminar aus Netzwerke und Sicherheit Security Considerations in Interconnected Networks Alexander Krenhuber Andreas Niederschick 9. Januar 2009 Advanced Security

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

20. Switched Local Area Networks

20. Switched Local Area Networks 20. Switched Local Area Networks n Addressing in LANs (ARP) n Spanning tree algorithm n Forwarding in switched Ethernet LANs n Virtual LANs n Layer 3 switching n Datacenter networks John DeHart Based on

More information

First Semester Examinations 2011/12 INTERNET PRINCIPLES

First Semester Examinations 2011/12 INTERNET PRINCIPLES PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES

More information

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same. This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the

More information

VLAN and QinQ Technology White Paper

VLAN and QinQ Technology White Paper VLAN and QinQ Technology White Paper Issue 1.01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any

More information

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly

More information

Wireless security (WEP) 802.11b Overview

Wireless security (WEP) 802.11b Overview Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set

More information

Tools for Attacking Layer 2 Network Infrastructure

Tools for Attacking Layer 2 Network Infrastructure Tools for Attacking Layer 2 Network Infrastructure Kai-Hau Yeung, Dereck Fung, and Kin-Yeung Wong Abstract Data Link layer is considered as the weakest link in a secured network. If an initial attack comes

More information

Wireless LAN Security I: WEP Overview and Tools

Wireless LAN Security I: WEP Overview and Tools Wireless LAN Security I: WEP Overview and Tools Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration Interconnection of Heterogeneous Networks Internetworking Service model Addressing Address mapping Automatic host configuration Wireless LAN network@home outer Ethernet PPS Internet-Praktikum Internetworking

More information

Data Communications & Networks. Session 11 Main Theme Network Security. Dr. Jean-Claude Franchitti

Data Communications & Networks. Session 11 Main Theme Network Security. Dr. Jean-Claude Franchitti Data Communications & Networks Session 11 Main Theme Network Security Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences Adapted from

More information

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 3, Issue 5, May 2015, 23-30 Impact Journals WI-FI SECURITY: A LITERATURE

More information

A Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No.

A Division of Cisco Systems, Inc. GHz 2.4 802.11g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No. A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G PCI Adapter with RangeBooster User Guide Model No. WMP54GR Copyright and Trademarks Specifications are subject to change without notice.

More information

IPsec Details 1 / 43. IPsec Details

IPsec Details 1 / 43. IPsec Details Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS

More information

A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite

A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite White Paper A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite 1. Introduction Since the ratification of the IEEE 802.11b standard in 1999, wireless LANs have

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

WIRELESS NETWORKING SECURITY

WIRELESS NETWORKING SECURITY WIRELESS NETWORKING SECURITY Dec 2010 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Wireless LAN Security Mechanisms

Wireless LAN Security Mechanisms Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.

More information

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Document ID: 69632 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information