Scribd Logo
Carica

Benvenuto in Scribd!

  • Week 6 - Wireless Security

    Caricato da

    Arisya Nurqamarina
    44 visualizzazioni28 pagine
    Week 6 - Wireless Security

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Week 6 - Wireless Security

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    44 visualizzazioni28 pagine

    Week 6 - Wireless Security

    Caricato da

    Arisya Nurqamarina
    Week 6 - Wireless Security

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 28

    Overview

    Week 6 Wireless Security

    Week 7 Internet Security Protocols &


    Standards (SSL, HTTPS, IPSec)

    Week 8 Intrusion Detection

    Week 9 Intrusion Prevention & Firewalls

    Week 10 Web, Cloud & IoT Security

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless network security
    WIRELESS NETWORK SECURITY Team
    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless security
    key factors contributing to higher security risk of wireless networks

    channel mobility resources accessibility


    involves broadcast devices are far have sophisticated devices such as
    communications, which more portable operating systems but sensors and robots,
    is far more susceptible and mobile, thus limited memory and may be left
    to eavesdropping and resulting in a processing resources with unattended in remote
    jamming than wired number of risks which to counter threats, and/or hostile
    networks including denial of service locations, thus greatly
    and malware increasing their
    vulnerability to
    more vulnerable to
    physical attacks
    active attacks that
    exploit vulnerabilities in
    communications
    protocols
    WIRELESS NETWORK SECURITY Team
    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless networking components

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless network threats
    accidental malicious
    association association

    nontraditional
    ad hoc networks
    networks

    identity theft (MAC man-in-the middle


    spoofing) attacks

    denial of service
    network injection
    (DoS)

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless network threats
    • Three Major Categories of Security
    Threats:

    War Drivers
    • War Drivers:
    • War driving means driving around a
    neighborhood with a wireless laptop
    and looking for an unsecured 802.11b/g
    system.
    • Hackers/Crackers:
    • Malicious intruders who enter systems
    as criminals and steal data or
    deliberately harm systems.

    Employees
    • Employees:
    • Set up and use Rogue Access Points
    without authorization. Either interfere
    with or compromise servers and files.

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    securing wireless transmissions
    • principal threats are eavesdropping,
    altering or inserting messages, and
    disruption

    • countermeasures for
    eavesdropping:
    • signal-hiding techniques
    • encryption

    • the use of encryption and


    authentication protocols is the
    standard method of countering
    attempts to alter or insert
    transmissions

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    securing wireless networks
    • the main threat involving wireless access points is
    unauthorized access to the network

    • principal approach for preventing such access is


    the IEEE 802.1x standard for port-based network
    access control
    • the standard provides an authentication mechanism for
    devices wishing to attach to a LAN or wireless network

    • use of 802.1x can prevent rogue access points and


    other unauthorized devices from becoming
    insecure backdoors

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    securing wireless networks

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless network security techniques

    allow only specific computers


    use encryption
    to access your wireless network

    use anti-virus and anti-spyware change your router’s pre-set


    software and a firewall password for administration

    change the identifier on your


    turn off identifier broadcasting
    router from the default

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    mobile device security
    an organization’s networks must accommodate:

    • growing use of new devices


    • significant growth in employee’s use of mobile devices
    • cloud-based applications
    • applications no longer run solely on physical servers in corporate
    data centers
    • de-perimeterization
    • there are a multitude of network perimeters around devices,
    applications, users, and data
    • external business requirements
    • the enterprise must also provide guests, third-party contractors,
    and business partners network access using various devices from a
    multitude of locations
    WIRELESS NETWORK SECURITY Team
    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    security threats

    lack of physical use of untrusted use of untrusted use of untrusted


    security controls networks mobile devices applications

    interaction with use of untrusted use of location


    other systems content services

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    mobile
    device
    security
    element

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    IEEE 802.11 terminology

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless fidelity (wi-fi) alliance
    • 802.11b
    • First 802.11 standard to gain broad industry acceptance
    • Wireless Ethernet Compatibility Alliance (WECA)
    • Industry consortium formed in 1999 to address the
    concern of products from different vendors successfully
    interoperating
    • Later renamed the Wi-Fi Alliance
    • Term used for certified 802.11b products is Wi-Fi
    • Has been extended to 802.11g products
    • Wi-Fi Protected Access (WPA)
    • Wi-Fi Alliance certification procedures for IEEE802.11
    security standards
    • WPA2 incorporates all of the features of the IEEE802.11i
    WLAN security specification

    Logo source: https://techreport.com/r.x/2018_06_26_Wi_Fi_Alliance_starts_WPA3_security_certification_program/Wi-Fi_CERTIFIED_Flat.jpg

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    WIRELESS NETWORK SECURITY Team
    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    general IEEE 802 MPDU format

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    IEEE 802.11 extended service set (ESS)

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    association-related services
    • transition types, based on mobility:
    • no transition
    • a station of this type is either stationary or moves only within the direct
    communication range of the communicating stations of a single bss
    • BSS transition
    • station movement from one bss to another bss within the same ess;
    delivery of data to the station requires that the addressing capability be
    able to recognize the new location of the station
    • ESS transition
    • station movement from a bss in one ess to a bss within another ess;
    maintenance of upper-layer connections supported by 802.11 cannot
    be guaranteed

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    services

    association

    reassociation

    disassociation

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wifi association process

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless LAN security
    • Wired Equivalent Privacy (WEP) algorithm
    • 802.11 privacy
    • Wi-Fi Protected Access (WPA)
    • Set of security mechanisms that eliminates most
    802.11 security issues and was based on the
    current state of the 802.11i standard
    • Robust Security Network (RSN)
    • Final form of the 802.11i standard
    • Wi-Fi Alliance certifies vendors in compliance with
    the full 802.11i specification under the WPA2
    program

    Image source:
    http://cdn.osxdaily.com/wp-content/uploads/2014/03/find-wifi-security-encryption-protocol.jpg

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless encryption
    two encryption mechanisms:

    TKIP is the encryption method certified as Wi-Fi Protected Access


    (WPA).
    • Provides support for legacy WLAN equipment by addressing the original flaws
    associated with the 802.11 WEP encryption method.
    • Encrypts the Layer 2 payload.
    • Message integrity check (MIC) in the encrypted packet that helps ensure
    against a message tampering.

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    wireless encryption
    two encryption mechanisms:

    The AES encryption of WPA2 is the preferred method.


    • WLAN encryption standards used in IEEE 802.11i.
    • Same functions as TKIP.
    • Uses additional data from the MAC header that allows destination hosts to
    recognize if the non-encrypted bits have been tampered with.
    • Also adds a sequence number to the encrypted data header.

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    IEEE 802.11i phase of operation

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    IEEE 802.11i
    phase of
    operation
    (Capability
    Discovery,
    Authentication,
    Association)

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    MPDU exchange
    Authentication phase consists of three phases:
    1. Connect to AS
    The STA sends a request to its AP that it has an association with
    for connection to the AS; the AP acknowledges this request and
    sends an access request to the AS

    2. EAP exchange
    Authenticates the STA and AS to each other

    3. Secure key delivery


    Once authentication is established, the AS generates a master
    session key and sends it to the STA

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers
    Summary
    • Wireless Security
    • Wireless network threats • IEEE 802.11i wireless
    • Wireless security measures LAN security
    • Mobile device security • IEEE 802.11i services
    • Security threats • IEEE 802.11i phases of
    operation
    • Mobile device security
    strategy • Discovery phase
    • IEEE 802.11 wireless LAN • Authentication phase
    overview • Key management
    • The Wi-Fi alliance phase
    • IEEE 802 protocol architecture • Protected data
    • IEEE 802.11 network transfer phase
    components and architectural • The IEEE 802.11i
    model pseudorandom
    • IEEE 802.11 services function

    WIRELESS NETWORK SECURITY Team


    TTTN3513: COMPUTER & NETWORK SECURITY Modellers

    Potrebbero piacerti anche