Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 8 Wireless Network Security

Similar documents
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Wireless Network Standard and Guidelines

Security Awareness. Wireless Network Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Chapter 2 Configuring Your Wireless Network and Security Settings

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Chapter 2 Wireless Networking Basics

Tutorial 3. June 8, 2015

Wireless security. Any station within range of the RF receives data Two security mechanism

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Chapter 2 Wireless Settings and Security

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

WIRELESS NETWORKING SECURITY

Cisco Aironet Wireless Bridges FAQ

Security in Wireless Local Area Network

The next generation of knowledge and expertise Wireless Security Basics

Wi-Fi Client Device Security and Compliance with PCI DSS

Chapter 6 CDMA/802.11i

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Objectives. Security+ Guide to Network Security Fundamentals, Third Edition. Network Vulnerabilities. Media-Based Vulnerabilities

WLAN Authentication and Data Privacy

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

9 Simple steps to secure your Wi-Fi Network.

Developing Network Security Strategies

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Wireless Network Standard

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No.

Wireless Security for Mobile Computers

Configure WorkGroup Bridge on the WAP131 Access Point

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Wireless Networks. Welcome to Wireless

Access Point Configuration

Network Security Best Practices

How To Protect A Wireless Lan From A Rogue Access Point

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003

Top 10 Security Checklist for SOHO Wireless LANs

How To Secure Wireless Networks

CS 356 Lecture 29 Wireless Security. Spring 2013

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

Chapter 3 Safeguarding Your Network

Huawei WLAN Authentication and Encryption

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter. User Guide WIRELESS WMP54G. Model No.

PwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Best Practices for Outdoor Wireless Security

Wireless-G Business PCI Adapter with RangeBooster

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

WHITE PAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

WiFi Security Assessments

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

Wireless-N. User Guide. PCI Adapter WMP300N (EU) WIRELESS. Model No.

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

Wireless Troubleshooting

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

The Importance of Wireless Security

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Networking: Certified Wireless Network Administrator Wi Fi Engineering CWNA

Security in IEEE WLANs

Top 10 Security Checklist for SOHO Wireless LANs

Securing your Linksys WRT54G

INFORMATION ASSURANCE DIRECTORATE

The Wireless LAN (Local Area Network) USB adapter can be operated in one of the two following networking configurations :

Testing Wi-Fi Functionality in Medical Devices

CSC574: Computer and Network Security

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

QuickSpecs. HP M n Access Point Series. Models HP M n WW Access Point. Key features

Configuring Security Solutions

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Wireless Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

WIRELESS SECURITY IN (WI-FI ) NETWORKS

chap18.wireless Network Security

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Preparing the Computers for TCP/IP Networking

A Division of Cisco Systems, Inc. GHz g. Wireless-G. Access Point with SRX. User Guide WIRELESS WAP54GX. Model No.

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Particularities of security design for wireless networks in small and medium business (SMB)

Wireless LAN Access Point

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

User s Manual. Wireless LAN Access Point. Model No.: SP918GK

HP M n Access Point Configuration and Administration Guide

Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

How To Secure A Wireless Network With A Wireless Device (Mb8000)

IEEE a/ac/n/b/g Enterprise Access Points ECW5320 ECWO5320. Management Guide. Software Release v

Designing, Securing and Monitoring a/b/g/n Wireless Networks

Setting up a WiFi Network (WLAN)

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK

Wireless LANs vs. Wireless WANs

United States Trustee Program s Wireless LAN Security Checklist

Transcription:

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 8 Wireless Network Security

Objectives Describe the different types of wireless network attacks List the vulnerabilities in IEEE 802.11 security Explain the solutions for securing a wireless network Security+ Guide to Network Security Fundamentals, Fourth Edition 2

Introduction Wireless data communications have revolutionized computer networking Wireless data networks found virtually everywhere Wireless networks have been targets for attackers Early wireless networking standards had vulnerabilities Changes in wireless network security yielded security comparable to wired networks Security+ Guide to Network Security Fundamentals, Fourth Edition 3

Wireless Attacks Bluetooth Wireless technology Uses short-range radio frequency transmissions Provides for rapid, ad-hoc device pairings Example: smartphone and Bluetooth headphones Personal Area Network (PAN) technology Two types of Bluetooth network topologies Piconet Scatternet Security+ Guide to Network Security Fundamentals, Fourth Edition 4

Table 8-1 Bluetooth products Security+ Guide to Network Security Fundamentals, Fourth Edition 5

Wireless Attacks (cont d.) Piconet Established when two Bluetooth devices come within range of each other One device (master) controls all wireless traffic Other device (slave) takes commands Active slaves can send transmissions Parked slaves are connected but not actively participating Security+ Guide to Network Security Fundamentals, Fourth Edition 6

Figure 8-1 Bluetooth piconet Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 7

Wireless Attacks (cont d.) Scatternet Group of piconets with connections between different piconets Bluejacking Attack that sends unsolicited messages to Bluetooth-enabled devices Text messages, images, or sounds Considered more annoying than harmful No data is stolen Security+ Guide to Network Security Fundamentals, Fourth Edition 8

Figure 8-2 Bluetooth scatternet Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 9

Wireless Attacks (cont d.) Bluesnarfing Unauthorized access to wireless information through a Bluetooth connection Often between cell phones and laptops Attacker copies e-mails, contacts, or other data by connecting to the Bluetooth device without owner s knowledge Security+ Guide to Network Security Fundamentals, Fourth Edition 10

Wireless LAN Attacks Institute of Electrical and Electronics Engineers (IEEE) Most influential organization for computer networking and wireless communications Dates back to 1884 Began developing network architecture standards in the 1980s 1997: release of IEEE 802.11 Standard for wireless local area networks (WLANs) Higher speeds added in 1999: IEEE 802.11b Security+ Guide to Network Security Fundamentals, Fourth Edition 11

Wireless LAN Attacks (cont d.) IEEE 802.11a Specifies maximum rated speed of 54Mbps using the 5GHz spectrum IEEE 802.11g Preserves stable and widely accepted features of 802.11b Increases data transfer rates similar to 802.11a IEEE 802.11n Ratified in 2009 Security+ Guide to Network Security Fundamentals, Fourth Edition 12

Wireless LAN Attacks (cont d.) Improvements in IEEE 802.11n Speed Coverage area Interference Security Wireless client network interface card adapter Performs same functions as wired adapter Antenna sends and receives signals Security+ Guide to Network Security Fundamentals, Fourth Edition 13

Wireless LAN Attacks (cont d.) Access point (AP) major parts Antenna and radio transmitter/receiver send and receive wireless signals Bridging software to interface wireless devices to other devices Wired network interface allows it to connect by cable to standard wired network AP functions Acts as base station for wireless network Security+ Guide to Network Security Fundamentals, Fourth Edition 14

Figure 8-3 Access point Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 15

Wireless LAN Attacks (cont d.) AP functions (cont d.) Acts as a bridge between wireless and wired networks Can connect to wired network by a cable Autonomous access points Separate from other network devices and access points Have necessary intelligence for wireless authentication, encryption, and management Security+ Guide to Network Security Fundamentals, Fourth Edition 16

Wireless LAN Attacks (cont d.) Wireless broadband routers Single hardware device containing AP, firewall, router, and DHCP server Wireless networks have been vulnerable targets for attackers Not restricted to a cable Types of wireless LAN attacks Discovering the network Attacks through the RF spectrum Attacks involving access points Security+ Guide to Network Security Fundamentals, Fourth Edition 17

Wireless LAN Attacks (cont d.) Discovering the network One of first steps in attack is to discover presence of a network Beaconing AP sends signal at regular intervals to announce its presence and provide connection information Wireless device scans for beacon frames War driving Process of passive discovery of wireless network locations Security+ Guide to Network Security Fundamentals, Fourth Edition 18

Table 8-2 War driving tools Security+ Guide to Network Security Fundamentals, Fourth Edition 19

Wireless LAN Attacks (cont d.) War chalking Documenting and then advertising location of wireless LANs for others to use Previously done by drawing on sidewalks or walls around network area Today, locations are posted on Web sites Security+ Guide to Network Security Fundamentals, Fourth Edition 20

Table 8-4 War chalking symbols Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 21

Wireless LAN Attacks (cont d.) Attacks through the RF spectrum Wireless protocol analyzer Generating interference Wireless protocol analyzer Wireless traffic captured to decode and analyze packet contents Network interface card (NIC) adapter must be in correct mode Security+ Guide to Network Security Fundamentals, Fourth Edition 22

Wireless LAN Attacks (cont d.) Six modes of wireless NICs Master (acting as an AP) Managed (client) Repeater Mesh Ad-hoc Monitor Interference Signals from other devices can disrupt wireless transmissions Security+ Guide to Network Security Fundamentals, Fourth Edition 23

Wireless LAN Attacks (cont d.) Devices that can cause interference with a WLAN Microwave ovens Elevator motors Copy machines Outdoor lighting (certain types) Theft protection devices Bluetooth devices Security+ Guide to Network Security Fundamentals, Fourth Edition 24

Figure 8-5 Attacker interference Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 25

Wireless LAN Attacks (cont d.) Attacks using access points Rogue access points Evil twins Rogue access point Unauthorized access point that allows attacker to bypass network security configurations May be set up behind a firewall, opening the network to attacks Security+ Guide to Network Security Fundamentals, Fourth Edition 26

Figure 8-6 Rogue access point Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 27

Wireless LAN Attacks (cont d.) Evil twin AP set up by an attacker Attempts to mimic an authorized AP Attackers capture transmissions from users to evil twin AP Security+ Guide to Network Security Fundamentals, Fourth Edition 28

Vulnerabilities of IEEE 802.11 Security Original IEEE 802.11 committee recognized wireless transmissions could be vulnerable Implemented several wireless security protections in the standard Left others to WLAN vendor s discretion Protections were vulnerable and led to multiple attacks Security+ Guide to Network Security Fundamentals, Fourth Edition 29

MAC Address Filtering Method of controlling WLAN access Limit a device s access to AP Media Access Control (MAC) address filtering Used by nearly all wireless AP vendors Permits or blocks device based on MAC address Vulnerabilities of MAC address filtering Addresses exchanged in unencrypted format Attacker can see address of approved device and substitute it on his own device Managing large number of addresses is challenging Security+ Guide to Network Security Fundamentals, Fourth Edition 30

Figure 8-7 MAC address filtering Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 31

SSID Broadcast Each device must be authenticated prior to connecting to the WLAN Open system authentication Device discovers wireless network and sends association request frame to AP Frame carries Service Set Identifier (SSID) User-supplied network name Can be any alphanumeric string 2-32 characters long AP compares SSID with actual SSID of network If the two match, wireless device is authenticated Security+ Guide to Network Security Fundamentals, Fourth Edition 32

Figure 8-8 Open system authentication Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 33

SSID Broadcast (cont d.) Open system authentication is weak Based only on match of SSIDs Attacker can wait for the SSID to be broadcast by the AP Users can configure APs to prevent beacon frame from including the SSID Provides only a weak degree of security Can be discovered when transmitted in other frames Older versions of Windows XP have an added vulnerability if this approach is used Security+ Guide to Network Security Fundamentals, Fourth Edition 34

Wired Equivalent Privacy (WEP) IEEE 802.11 security protocol Encrypts plaintext into ciphertext Secret key is shared between wireless client device and AP Key used to encrypt and decrypt packets WEP vulnerabilities WEP can only use 64-bit or 128-bit number to encrypt Initialization vector (IV) is only 24 of those bits Short length makes it easier to break Security+ Guide to Network Security Fundamentals, Fourth Edition 35

Figure 8-9 WEP encryption process Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 36

Wired Equivalent Privacy (cont d.) WEP vulnerabilities (cont d.) Violates cardinal rule of cryptography: avoid a detectable pattern Attackers can see duplication when IVs start repeating Keystream attack (or IV attack) Attacker identifies two packets derived from same IV Uses XOR to discover plaintext See Figures 8-10 and 8-11 for details Security+ Guide to Network Security Fundamentals, Fourth Edition 37

Figure 8-10 XOR operations Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 38

Figure 8-11 Capturing packets Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition 39

Wireless Security Solutions Unified approach to WLAN security was needed IEEE and Wi-Fi Alliance began developing security solutions Resulting standards used today IEEE 802.11i WPA and WPA2 Security+ Guide to Network Security Fundamentals, Fourth Edition 40

Wi-Fi Protected Access (WPA) Introduced in 2003 by the Wi-Fi Alliance A subset of IEEE 802.11i Design goal: protect present and future wireless devices Temporal Key Integrity Protocol (TKIP) Encryption Used in WPA Uses longer 128 bit key than WEP Dynamically generated for each new packet Security+ Guide to Network Security Fundamentals, Fourth Edition 41

Wi-Fi Protected Access (cont d.) Preshared Key (PSK) Authentication After AP configured, client device must have same key value entered Key is shared prior to communication taking place Uses a passphrase to generate encryption key Must be entered on each AP and wireless device in advance Not used for encryption Serves as starting point for mathematically generating the encryption keys Security+ Guide to Network Security Fundamentals, Fourth Edition 42

Wi-Fi Protected Access (cont d.) Vulnerabilities in WPA Key management Key sharing is done manually without security protection Keys must be changed on a regular basis Key must be disclosed to guest users Passphrases PSK passphrases of fewer than 20 characters subject to cracking Security+ Guide to Network Security Fundamentals, Fourth Edition 43

Wi-Fi Protected Access 2 (WPA2) Second generation of WPA known as WPA2 Introduced in 2004 Based on final IEEE 802.11i standard Uses Advanced Encryption Standard (AES) Supports both PSK and IEEE 802.11x authentication AES-CCMP Encryption Encryption protocol standard for WPA2 CCM is algorithm providing data privacy CBC-MAC component of CCMP provides data integrity and authentication Security+ Guide to Network Security Fundamentals, Fourth Edition 44

Wi-Fi Protected Access 2 (cont d.) AES encryption and decryption Should be performed in hardware because of its computationally intensive nature IEEE 802.1x authentication Originally developed for wired networks Provides greater degree of security by implementing port security Blocks all traffic on a port-by-port basis until client is authenticated Security+ Guide to Network Security Fundamentals, Fourth Edition 45

Wi-Fi Protected Access 2 (cont d.) Extensible Authentication Protocol (EAP) Framework for transporting authentication protocols Defines message format Uses four types of packets Request Response Success Failure Lightweight EAP (LEAP) Proprietary method developed by Cisco Systems Security+ Guide to Network Security Fundamentals, Fourth Edition 46

Wi-Fi Protected Access 2 (cont d.) Lightweight EAP (cont d.) Requires mutual authentication used for WLAN encryption using Cisco client software Can be vulnerable to specific types of attacks No longer recommended by Cisco Protected EAP (PEAP) Simplifies deployment of 802.1x by using Microsoft Windows logins and passwords Creates encrypted channel between client and authentication server Security+ Guide to Network Security Fundamentals, Fourth Edition 47

Table 8-3 Wireless security solutions Security+ Guide to Network Security Fundamentals, Fourth Edition 48

Other Wireless Security Steps Antenna placement Locate near center of coverage area Place high on a wall to reduce signal obstructions and deter theft Power level controls Some APs allow adjustment of the power level at which the LAN transmits Reducing power allows less signal to reach outsiders Security+ Guide to Network Security Fundamentals, Fourth Edition 49

Other Wireless Security Steps (cont d.) Organizations are becoming increasingly concerned about existence of rogue APs Rogue access point discovery tools Security personnel can manually audit airwaves using wireless protocol analyzer Continuously monitoring the RF airspace using a wireless probe Types of wireless probes Wireless device probe Desktop probe Security+ Guide to Network Security Fundamentals, Fourth Edition 50

Other Wireless Security Steps (cont d.) Types of wireless probes (cont d.) Access point probe Dedicated probe Wireless virtual LANs (VLANs) Organizations may set up to wireless VLANs One for employee access, one for guest access Configured in one of two ways Depending on which device separates and directs the packets to different networks Security+ Guide to Network Security Fundamentals, Fourth Edition 51

Summary Bluetooth is a wireless technology using shortrange RF transmissions IEEE has developed five wireless LAN standards to date, four of which are popular today (IEEE 802.11a/b/g/n) Attackers can identify the existence of a wireless network using war driving Wired Equivalent Privacy relies on a secret key shared between wireless client device and access point Security+ Guide to Network Security Fundamentals, Fourth Edition 52

Summary (cont d.) Wi-Fi Protected Access (WPA) and WPA2 have become the foundations of wireless security today Other steps to protect a wireless network include: Antenna positioning Access point power level adjustment Detecting rogue access points Security+ Guide to Network Security Fundamentals, Fourth Edition 53

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information