• Home

  • Documents

  • Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to...

If you can't read please download the document

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless

Tags:

Embed Size (px)

Citation preview

  • Slide 1
  • Wireless Network Security
  • Slide 2
  • Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless security are similar to those found in a wired environment security requirements are the same: security requirements are the same: confidentiality, integrity, availability, authenticity, accountability confidentiality, integrity, availability, authenticity, accountability most significant source of risk is the underlying communications medium most significant source of risk is the underlying communications medium
  • Slide 3
  • Wireless Networking Components
  • Slide 4
  • Wireless Network Threats accidental association malicious association ad hoc networks nontraditional networks identity theft (MAC spoofing) man-in-the middle attacks denial of service (DoS) network injection
  • Slide 5
  • Securing Wireless Transmissions principal threats are eavesdropping, altering or inserting messages, and disruption principal threats are eavesdropping, altering or inserting messages, and disruption countermeasures for eavesdropping: countermeasures for eavesdropping: signal-hiding techniques signal-hiding techniques encryption encryption the use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions the use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions
  • Slide 6
  • Securing Wireless Networks the main threat involving wireless access points is unauthorized access to the network the main threat involving wireless access points is unauthorized access to the network principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control the standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network the standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors
  • Slide 7
  • Wireless Network Security Techniques use encryption use anti-virus and anti-spyware software and a firewall turn off identifier broadcasting change the identifier on your router from the default change your routers pre-set password for administration allow only specific computers to access your wireless network
  • Slide 8
  • IEEE 802.11 Terminology
  • Slide 9
  • Wireless Fidelity (Wi-Fi) Alliance Wireless Fidelity (Wi-Fi) Alliance 802.11b 802.11b first 802.11 standard to gain broad industry acceptance first 802.11 standard to gain broad industry acceptance Wireless Ethernet Compatibility Alliance (WECA) Wireless Ethernet Compatibility Alliance (WECA) industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating later renamed the Wi-Fi Alliance later renamed the Wi-Fi Alliance term used for certified 802.11b products is Wi-Fi term used for certified 802.11b products is Wi-Fi has been extended to 802.11g products has been extended to 802.11g products Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) Wi-Fi Alliance certification procedures for IEEE802.11 security standards Wi-Fi Alliance certification procedures for IEEE802.11 security standards WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification
  • Slide 10
  • IEEE 802 Protocol Architecture
  • Slide 11
  • General IEEE 802 MPDU Format
  • Slide 12
  • IEEE 802.11 Extended Service Set
  • Slide 13
  • IEEE 802.11 Services
  • Slide 14
  • Distribution of Messages Within a DS the two services involved with the distribution of messages within a DS are: the two services involved with the distribution of messages within a DS are: distribution distribution integration integration the primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS distribution enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802x LAN service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN integration
  • Slide 15
  • Association-Related Services transition types, based on mobility: transition types, based on mobility: no transition no transition a station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS a station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS BSS transition BSS transition station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station ESS transition ESS transition station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteed station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteed
  • Slide 16
  • Services association establishes an initial association between a station and an APestablishes an initial association between a station and an AP reassociation enables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to anotherenables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to another disassociation a notification from either a station or an AP that an existing association is terminateda notification from either a station or an AP that an existing association is terminated
  • Slide 17
  • Wireless LAN Security Wired Equivalent Privacy (WEP) algorithm Wired Equivalent Privacy (WEP) algorithm 802.11 privacy contained major weaknesses 802.11 privacy contained major weaknesses Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard Robust Security Network (RSN) Robust Security Network (RSN) final form of the 802.11i standard final form of the 802.11i standard Wi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 program Wi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 program
  • Slide 18
  • Elements of IEEE 802.11i
  • Slide 19
  • IEEE 802.11i Phases of Operation
  • Slide 20
  • Slide 21
  • 802.1X Access Control
  • Slide 22
  • MPDU Exchange authentication phase consists of three phases: authentication phase consists of three phases: connect to AS connect to AS the STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS the STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS EAP exchange EAP exchange authenticates the STA and AS to each other authenticates the STA and AS to each other secure key delivery secure key delivery once authentication is established, the AS generates a master session key and sends it to the STA once authentication is established, the AS generates a master session key and sends it to the STA
  • Slide 23
  • IEEE 802.11i Key Hierarchies
  • Slide 24
  • IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols
  • Slide 25
  • Phases of Operation
  • Slide 26
  • Temporal Key Integrity Protocol (TKIP) designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP provides two services: provides two services: message integrity adds a message integrity code to the 802.11 MAC frame after the data field data confidentiality provided by encrypting the MPDU

Wireless Security - George Mason Universityastavrou/courses/isa_656_F08/...Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which

Wireless Security - George Mason Universityastavrou/courses/isa_656_F08/...Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which

Documents
CWSP Guide to Wireless Security Wireless Security Policy

CWSP Guide to Wireless Security Wireless Security Policy

Documents
Security concerns in Wireless LAN Guðbjarni Guðmundsson

Security concerns in Wireless LAN Guðbjarni Guðmundsson

Documents
Chaotic Maps-Based Mutual Authentication and Key Agreement ...€¦ · wireless services for wireless networking has raised a number of security concerns among mobile users and service

Chaotic Maps-Based Mutual Authentication and Key Agreement ...€¦ · wireless services for wireless networking has raised a number of security concerns among mobile users and service

Documents
SaaS Challenges & Security Concerns

SaaS Challenges & Security Concerns

Technology
Wireless Security

Wireless Security

Documents
Wireless (In)security: The true state of wireless security

Wireless (In)security: The true state of wireless security

Documents
Biometric Security Concerns

Biometric Security Concerns

Documents
+ Security Concerns Chapter 10.1. + Security types Physical security Access security Database security

+ Security Concerns Chapter 10.1. + Security types Physical security Access security Database security

Documents
IoT devices today & security concerns

IoT devices today & security concerns

Software
Cloud security issues and concerns

Cloud security issues and concerns

Internet
Cloud Computing & Security Concerns

Cloud Computing & Security Concerns

Education
Wireless Security Systems - Recent Media Concerns

Wireless Security Systems - Recent Media Concerns

Education
Security Concerns in Cloud Computing

Security Concerns in Cloud Computing

Education
CWSP Guide to Wireless Security Enterprise Wireless Hardware Security

CWSP Guide to Wireless Security Enterprise Wireless Hardware Security

Documents
U.S. COUNTERINTELLIGENCE AND SECURITY CONCERNS ... - …

U.S. COUNTERINTELLIGENCE AND SECURITY CONCERNS ... - …

Documents
Mobile Security - Wireless Mesh Network Security · PDF fileOverview Introduction •Wireless Ad-hoc Networks •Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless

Mobile Security - Wireless Mesh Network Security · PDF fileOverview Introduction •Wireless Ad-hoc Networks •Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless

Documents
CWSP Guide to Wireless Security Wireless Security Models

CWSP Guide to Wireless Security Wireless Security Models

Documents
Information security trends and concerns

Information security trends and concerns

Technology
CWSP Guide to Wireless Security Foundations of Wireless Security

CWSP Guide to Wireless Security Foundations of Wireless Security

Documents
Addressing security concerns through BPM

Addressing security concerns through BPM

Technology
Security Concerns and International Relations

Security Concerns and International Relations

Presentations & Public Speaking
Secure Systems Research Group - FAU Introduction to Wireless Sensor Networks and its Security Concerns 8/20/2009 Anupama Sahu

Secure Systems Research Group - FAU Introduction to Wireless Sensor Networks and its Security Concerns 8/20/2009 Anupama Sahu

Documents
Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Wireless security survey Wireless network security ... · Wireless network security landscape of India 1 Wireless security survey Wireless network security landscape of India December

Documents
Tackling Cloud Security Concerns

Tackling Cloud Security Concerns

Documents
Introduction to Wireless Sensor Networks and its Security Concerns

Introduction to Wireless Sensor Networks and its Security Concerns

Documents
Wireless technologies Wireless Network Security

Wireless technologies Wireless Network Security

Documents
Security concerns-with-e-commerce

Security concerns-with-e-commerce

Technology
Integrated Security for WLANs - Faculty Web Serverfaculty.ccc.edu/mmoizuddin/CISCO LIVE 2008/AGG/BRKAGG... · 2012-12-10 · wireless LAN Review specific security concerns and requirements

Integrated Security for WLANs - Faculty Web Serverfaculty.ccc.edu/mmoizuddin/CISCO LIVE 2008/AGG/BRKAGG... · 2012-12-10 · wireless LAN Review specific security concerns and requirements

Documents
Pace Wireless Concerns

Pace Wireless Concerns

Documents