NXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015



Similar documents
How To Secure Wireless Networks

CS 356 Lecture 29 Wireless Security. Spring 2013

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

chap18.wireless Network Security

Configure WorkGroup Bridge on the WAP131 Access Point

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Chapter 2 Wireless Networking Basics

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

NXC5500/2500. Application Note. Smart Classroom Load Balancing. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

Industrial Communication. Securing Industrial Wireless

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

WLAN Authentication and Data Privacy

Keeping SCADA Networks Open and Secure DNP3 Security

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

WIRELESS NETWORKING SECURITY

An Experimental Study Analysis of Security Attacks at IEEE Wireless Local Area Network

WLAN w Technology

Security in IEEE WLANs

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

Configuring Security Solutions

The next generation of knowledge and expertise Wireless Security Basics

Recommended Wireless Local Area Network Architecture

WIRELESS NETWORK SECURITY

Cipher Suites and WEP

Security Awareness. Wireless Network Security

Wireless Security for Mobile Computers

1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6.

PREVENTING WIRELESS LAN DENIAL OF SERVICE ATTACKS

Chapter 2 Configuring Your Wireless Network and Security Settings

Security in Wireless Local Area Network

Wireless USB Adapter

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Chapter 3 Safeguarding Your Network

Wireless Technology Seminar

Wireless Network Standard and Guidelines

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

IEEE Wireless LAN Security Overview

Case Study - Configuration between NXC2500 and LDAP Server

Top 10 Security Checklist for SOHO Wireless LANs

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Link Layer and Network Layer Security for Wireless Networks

Wireless Networks. Welcome to Wireless

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

The Basics of Wireless Local Area Networks

Implementing Security for Wireless Networks

Wi-Fi Client Device Security and Compliance with PCI DSS

Chapter 6 CDMA/802.11i

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

XIV. Title. 2.1 Schematics of the WEP Encryption in WEP technique Decryption in WEP technique Process of TKIP 25

Agenda. What is Hybrid AP Fat AP vs. Thin AP Benefits of ZyXEL Hybrid AP How Managed AP finds the Controller AP Web GUI

United States Trustee Program s Wireless LAN Security Checklist

Wireless Security with Cyberoam

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

Securing end devices

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Wireless security. Any station within range of the RF receives data Two security mechanism

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

AirStation One-Touch Secure System (AOSS ) A Description of WLAN Security Challenges and Potential Solutions

Wireless (Select Models Only) User Guide

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

How To Protect A Wireless Lan From A Rogue Access Point

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WiFi. Is for Wireless Fidelity Or IEEE Standard By Greg Goldman. WiFi 1

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

Your Wireless Network has No Clothes

The Wireless LAN (Local Area Network) USB adapter can be operated in one of the two following networking configurations :

Wireless Network Security Position Paper - Technical

CONNECTING THE RASPBERRY PI TO A NETWORK

Comparison of ICM with TPF-LEP to Prevent MAC Spoof DoS Attack in Wireless Local Area Infrastructure Network

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Configuration Guide. How to Configure the AP Profile on the DWC Overview

Chapter 2 Wireless Settings and Security

PCI Wireless Compliance with AirTight WIPS

Wi-Fi Client Device Security & HIPAA Compliance

CHAPTER 1 INTRODUCTION

Observer Analyzer Provides In-Depth Management

HANDBOOK 8 NETWORK SECURITY Version 1.0

CS549: Cryptography and Network Security

Transcription:

NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note 802.11w Management Frame Protection Copyright 2015 ZyXEL Communications Corporation

802.11w Management Frame Protection Introduction IEEE 802.11w is the Management Frames Protection (MFP) standard for the IEEE 802.11 family of standards. IEEE 802.11w provides protection for management frames, extending the encryption and authentication methods defined in 802.11i to cover these frames, in addition to the data frames that were originally covered by 802.11i. The 802.11w protocol applies only to a set of robust management frames that are protected by the MFP service. These include Disassociation, De-authentication, and Robust Action frames. Unless the packets were sent by clients, the access point (AP) will not receive those packets. The purpose is to avoid DoS attacks in the network; for example, when a DoS attacker launches a Spoofed Disconnect De-authentication/Disassociation attack on an existing connection. Note: MFP is required on both the AP and client in order to support 802.11w. How Does It Work? 802.11w prevents Spoofed Disconnect DoS attacks As wireless network connection protocols develop and progress, secure encryption and authentication requirements for data transmission are also gradually increasing; therefore, in 2004, the IEEE completed the formulation of IEEE 802.11i protocol. Though IEEE 802.11i can protect data packets, it cannot protect management packets. Aware of this problem, IEEE 802.11w was ratified in 2009. IEEE 802.11w, a wireless encryption standard, was developed based on IEEE 802.11i, which prevents management packets from being attacked in wireless Local Area Networks (LANs). With the added assurance in wireless network security and reliability, VoIP applications can further rely on wireless networks to provide adequate call quality and coverage. 1

IEEE 802.11w offers three main types of protection. The first is for unicast management frames, which are packets transmitted between one AP and one client. By extending the existing notion of data encryption algorithms, e.g., Temporal Key Integrity Protocol (TKIP) and RC4 encryption algorithms, IEEE 802.11w offers protection against forgeries and enables wireless communication confidentiality. The second type of protection is for broadcast management frames, wherein radio frequency properties or start measurements are adjusted instead of reporting sensitive information. In essence, there is no need to encrypt broadcast management frames, plus the encryption for broadcast packets generally is more complex than for unicast packets. IEEE 802.11w mainly protects against forgeries, such as counterfeiting and eavesdropping, rather than providing confidentiality. To achieve this, it only relies on one set of information integrity code, which is appended to the non-encrypted management packets. The last type of protection is for de-authentication and dissociation frames. With a pair of one-time keys between one AP and one client, the client can determine if the de-authentication is valid or not. With 802.11w implemented in the wireless network, WLAN management frames, such as de-authentication and dissociation frames between APs and client stations (STAs), are secured with the addition of cryptographic protection, wherein DoS attacks using spoofed packets are prevented. Configuration Only the WPA2-AES (WPA2 with AES) security protocol is compatible with 802.11w Management Frame Protection: MFP (802.11w) support or not Optional: If the client supports MFP, the management frames will be encrypted Required: The client MUST support MFP; otherwise the authentication cannot be performed by the AP 2

Setting Path: CONFIGURATION > Object > AP Profile > SSID > Security List > Authentication Settings > Management Frame Protection Note: Default is disabled. Application Limits Enabling 802.11w on an AP MAY affect a client s performance. Whether it s a ZyXEL AP or another brand s AP, the same issue will be encountered. This issue should be resolved soon by chip vendors due to increasing client support for 802.11ac. 3

Scenario Protecting a wireless network to avoid security threats A wireless network hacker usually uses a tool to broadcast de-authentication and disassociation, in order to interrupt the connection between clients and the AP. The WAC6500 series AP and its client devices must support 802.11w to avoid these kinds of wireless security threats. 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information