Scribd Logo
Carica

Benvenuto in Scribd!

  • Wireless v3.0

    Caricato da

    amindradesilva
    22 visualizzazioni18 pagine
    This document discusses security issues and solutions for wireless networks. It begins by outlining security risks like bypassing firewalls and weak encryption. It then examines problems with the 802.11 wireless standard like misconfiguration, insecure access points, and client-to-client attacks. Several methods for establishing security are presented: WEP has known weaknesses; 802.1x provides authentication; WPA and WPA2 improved encryption with TKIP and AES respectively. The document concludes with recommendations like using WPA2 encryption, hiding the SSID, and regular security audits to protect wireless networks.

    Descrizione originale:

    Wireless v3.0

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document discusses security issues and solutions for wireless networks. It begins by outlining security risks like bypassing firewalls and weak encryption. It then examines problems with the 802.11 wireless standard like misconfiguration, insecure access points, and client-to-client attacks. Several methods for establishing security are presented: WEP has known weaknesses; 802.1x provides authentication; WPA and WPA2 improved encryption with TKIP and AES respectively. The document concludes with recommendations like using WPA2 encryption, hiding the SSID, and regular security audits to protect wireless networks.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    22 visualizzazioni18 pagine

    Wireless v3.0

    Caricato da

    amindradesilva
    This document discusses security issues and solutions for wireless networks. It begins by outlining security risks like bypassing firewalls and weak encryption. It then examines problems with the 802.11 wireless standard like misconfiguration, insecure access points, and client-to-client attacks. Several methods for establishing security are presented: WEP has known weaknesses; 802.1x provides authentication; WPA and WPA2 improved encryption with TKIP and AES respectively. The document concludes with recommendations like using WPA2 encryption, hiding the SSID, and regular security audits to protect wireless networks.

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 18

    Wireless Network

    SSID
    (Service
    Set
    Identifier)

    List of
    SSIDs

    Security Risks in Wireless


    (in any type of wireless communication)
    Attackers could bypass the firewalls
    Short message service (SMS)spamming (ex:- in Mobile
    communication)
    Malicious downloadable code or content (ex:- to Android devices)
    Weak Encryption key or non encryption exist at all in wireless
    communication
    Turning on wireless encryption does not mean data is protected
    end-to-end because the Wired portion of the traffic may still travel
    in the clear (unencrypted)

    Wireless (802.11) Security

    Security Problems of 802.11 (wireless)


    Misconfiguration Security
    no encryption used
    weak (guessable) password used to generate key
    weak protection of encryption key on client machine
    weak protection of management interface for access point
    Physically insecure locations
    Access points should not be placed where they are easily
    accessible because they can be accessed, removed and
    tampered with (configurations copied or altered and then
    returned).
    Rogue access points
    These may be illegal access points brought in to the enterprise
    by employees, or poor access point setup by the untrained
    employee described above.

    Security Problems of 802.11


    Client-to-client attacks (in ad hoc mode)

    wireless ad-hoc connections are implemented with very little security; no


    authentication, no access control, no encryption. There represents a
    security risk even between authorized devices, as well as to the client
    itself, data being transferred, and any clients or networks that are
    connected to it.

    War driving

    Actually refers to hackers driving from place to place attempting to find


    wireless connections to which they can connect.
    connect

    Easy to eavesdrop (interception and monitoring)

    Because Wireless uses the airwaves, it is easy to listen in on network


    traffic or even connect to a network. Thus Interception and monitoring of
    wireless traffic is possible. (packet analyzer software freely available)

    Theft of services

    Concerns about 'wireless theft' , that is, unauthorized use of a wireless


    services such as internet connection by unauthorized users or clients by
    directly accessing the access point and bypass the firewall

    Security Problems of 802.11


    WIFI Jamming (Wi-Fi is aimed at use within unlicensed
    spectrum)

    Blocking the wifi signal frequency with overlapping signals to generate a


    Denial of service situation

    Denial or degradation of service

    Attackers sending or flooding bogus packets continuously or by continues


    association / authentication requests to keep the system busy

    Establishing Security in Wireless


    1. WEP (802.11b)
    2. 802.1x
    3. WPA
    4. WPA2 (802.11i)

    Security in Wireless
    WEP: Wired Equivalent Privacy (802.11b)
    WEP was an early attempt to secure wireless
    networks, and better security is now available because
    it is an easily broken security algorithm
    WEP is
    open: just supply correct SSID to connect
    Uses a shared key
    Without WEP, no confidentiality, integrity, or
    authentication of user data
    The cipher used in WEP is RC4, key length ranges
    from 40 up to 128 bits

    WEP Operation
    IV

    original unencrypted packet

    checksum

    RC4

    key
    IV

    encrypted packet
    The IV is often a counter that starts at zero
    Hence, rebooting causes IV reuse
    Also, there are only 16 million possible IVs, so
    after intercepting enough packets, there are sure to
    be repeats
    Reuse of the same IV produces identical key
    streams

    Security in Wireless
    WEP: Security Issues

    Key is shared by all clients and the base station

    Therefore compromising one node compromises the entire


    network

    Manual key distribution among clients


    thus making changes to the key difficult

    Initialization Vector (IV) used during encryption is only 24


    bits long
    How to crack information: find packets with duplicate
    public IVs

    repetition of IV guaranteed on busy networks due to small IV


    space

    Tools: WEPCrack, AirSnort

    15 minutes to 24 hours to collect enough packets

    Security in Wireless
    Improvement (to WEP) #1: 802.1x

    Port-based user authentication and key distribution


    This control feature lets administrators control who can send traffic through and receive traffic from the
    network (individual switch ports). It does not allow a node to send or receive traffic through a port until the
    user of the node has by authenticated (user name / password)by a RADIUS server.

    Security in Wireless
    Improvement #2: WPA (Wi-Fi Protected Access)

    Incorporates 802.1X security

    Use of TKIP (Temporal Key Integrity Protocol)

    Advantages
    stronger, centralized user authentication
    automatically negotiated per-user keys with frequent key
    updates
    stronger encryption algorithm choices

    Security in Wireless
    Features of TKIP (Temporal Key Integrity Protocol)

    TKIP implements a complex key mixing function that


    combines the secret key with the initialization vector before
    passing it to the RC4. (WEP, in comparison, merely XOR the
    initialization vector with the root key before passing it to the
    RC4)
    WPA implements a sequence counter to protect against replay
    attacks. Packets received out of order will be rejected.

    TKIP implements a 64-bit Message Integrity Check

    Extension of IV to 48 bits

    TKIP ensures that every data packet is sent with a unique


    encryption key (reduces frequent key change requirement)

    Security in Wireless
    Improvement #3: 802.11i (WPA2)

    AES is the primary encryption algorithm


    with block chaining mode
    802.11i is also called WPA2.

    Security in Wireless
    Recommendations for WLAN Security

    WEP - Poor do not use

    WPA fair (but not recommended now)

    WPA2 (802.11i) -Recommended

    Wireless Security Recommendations


    1.

    Hide SSID

    2.

    Enable MAC filtering

    3.

    Change default passwords of Access points and other wireless devices

    4.

    Configure the wireless system to use "strong" passwords

    5.

    limit the number of unsuccessful login attempts to the wireless network

    6.

    Use centralized user authentication (RADIUS) to configure the access point

    7.

    8.
    9.

    Disable ad hoc mode


    Because wireless ad-hoc mode invites access by unauthorized nodes to your
    computer
    Be informed about risks and threats
    Carry out regular security audits and penetration assessments on the wireless
    network

    Security Through Other Means

    Use firewalls to isolate wireless traffic from


    wired network
    Use intrusion detection to detect attacks on
    wireless networks (like IDS)
    Use IPSec / VPNs to protect traffic at IP
    layer
    Use TLS (SSL) to protect traffic at
    application layer

    Potrebbero piacerti anche