1 / 24

Access Control and Site Security (Part 2)

Access Control and Site Security (Part 2). (January 25, 2012). © Abdou Illia – Spring 2012. Learning Objectives. Discuss Site Security Discuss Wireless LAN Security. Site Security. Building Security Basics. Single point of (normal) entry to building Fire doors and alarms Security centers

beate
Download Presentation

Access Control and Site Security (Part 2)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Control and Site Security (Part 2) (January 25, 2012) © Abdou Illia – Spring 2012

  2. Learning Objectives • Discuss Site Security • Discuss Wireless LAN Security

  3. Site Security

  4. Building Security Basics • Single point of (normal) entry to building • Fire doors and alarms • Security centers • Monitors for closed-circuit TV (CCTV) • Videotapes that must be retained (Don’t reuse too much or the quality will be bad) • Interior doors to control access between parts of the building • Prevent piggybacking, i.e. holding the door open so that someone can enter without identification defeats this protection

  5. Building Security Basics • Phone stickers with security center phone number • Prevent dumpster diving by keeping dumpsters in locked, lighted area • Training security personnel • Training all employees • Enforcing policies: You get what you enforce

  6. Reading Questions • Answer Reading Questions 1 posted to the course web site (in Notes’ section)

  7. 802.11 Wireless LAN Security

  8. Basic Terminology • Accidental Association • Wireless device latching onto a neighboring Access Point when turned on. User may not even notice the association • Malicious association • Intentionally setting a wireless device to connect to a network • Installing rogue wireless devices to collecting corporate info • War driving • Driving around looking for weak unprotected WLAN

  9. AM radio channels have a 10KHz bandwidth FM radio channels: 200KHz bandwidth IEEE 802.11 WLAN standards 802.11b 802.11a 802.11g 802.11n* Unlicensed Band 2.4 GHz 5 GHz 2.4 GHz 2.4 GHz or 5 GHz Rated Speed ≤11 Mbps ≤ 54 Mbps ≤ 54 Mbps ≤ 300 Mbps Range (Indoor/Outdoor) 35m/100m 25m/75m 25m/75m 50m/125m # of channels 3 12 13 14 * Under development Infinity • Service band 2.4 - 2.4835 GHz divided into 13 channels • Each channel is 22 MHz wide • Channels spaced 5 MHz apart • Channel 1 centered on 2412 MHz. Channel 13 centered on 2472 MHz • Transmissions spread across multiple channels • 802.11b and 802.11g devices use only Channel 1, 6, 11 to avoid transmission overlap. 802.11b WLAN: 2.4 GHz-2.4835 GHz Frequency Spectrum AM Radio service band: 535 kHz-1705 kHz FM Radio service band: 88 MHz-108 MHz 0 Hz 802.11g uses Orthogonal Frequency Division Multiplexing (OFDM) modulation scheme to achieve higher speed than 802.11b

  10. 802.11 Wireless LAN (WLAN) Security • Basic Operation: • Main wired network for servers (usually 802.3 Ethernet) • Wireless stations with wireless NICs • Access points for spreading service across the site • Access points are internetworking devices that link 802.11 LANs to 802.3 Ethernet LANs

  11. Ethernet Switch (2) 802.3 Frame Containing Packet Access Point Client PC Notebook With PC Card Wireless NIC Server 802.11 Wireless LAN operation • 802.11 refers to the IEEE Wireless LAN standards 802.11 Frame Containing Packet (3) (1)

  12. 1. If the AP is 802.11n-compliant, it could communicate with the notebook even if the notebook has a 802.11a NIC. T F2. The Wireless AP needs to have a 802.3 interface T F3. The switch needs to have at least one wireless port. T F Ethernet Switch 802.11 Frame Containing Packet Access Point Client PC Notebook With PC Card Wireless NIC Server 802.11 Wireless LAN operation (2) 802.3 Frame Containing Packet (1) (3) 4. How many layers should the Wireless AP have to perform its job?

  13. Summary Question (1) • Which of the following is among Wireless Access Points’ functions? • Convert electric signal into radio wave • Convert radio wave into electric signal • Forward messages from wireless stations to devices in a wired LAN • Forward messages from one wireless station to another • All of the above • Only c and d

  14. AccessPoint MAC Filtering • The Access Point could be configured to only allow mobile devices with specific MAC addresses • Today, attack programs exist that could sniff MAC addresses, and then spoof them

  15. AccessPoint IP Address Filtering • The Access Point could be configured to only allow mobile devices with specific IP addresses • Attacker could • Get IP address by guessing based on companies range of IP addresses • Sniff IP addresses

  16. SSID: Apparent 802.11 Security • Service Set Identifier (SSID) • It’s a “Network name” of up to 32 characters • Access Points come with default SSID. Example: “tsunami” for Cisco or “linksys” for Linksys • All Access Points in a WLAN have same SSID • Mobile devices must know the SSID to “talk” to the access points • SSID frequently broadcasted by the access point for ease of discovery. • SSID in frame headers are transmitted in clear text • SSID broadcasting could be disabled but it’s a weak security measure • Sniffer programs (e.g. Kismet) can find SSIDs easily

  17. Wired Equivalent Privacy (WEP) • Standard originally intended to make wireless networks as secure as wired networks • With WEP, mobile devices need a key used with an Initialization Vector to create a traffic key • Typical WEP key length: 40-bit, 128-bit, 256-bit • WEP key is shared by mobile devices and Access Points • Problems: • shared keys create a security hole • WEP is not turned-on by default Open Source WEP Cracking software WEP authentication process aircrack-ngweplabWEPCrack airsnort • Wireless station sends authentication request to AP • AP sends back a 128 bits challenge text in plaintext • Wireless station encrypts challenge text with its WEP key and sends result to AP • AP regenerate the WEP from received result, then compare WEP to its own WEP • AP sends a success or failure message

  18. 802.11i and Temporal Key Integrity Protocol (TKIP) • In 2004, the IEEE 802.11 working group developed a security standard called 802.11i to be implement in 802.11 networks. • 802.11i tightens security through the use of the Temporal Key Integrity Protocol (TKIP) • TKIP can be added to existing AP and NICs • TKIP uses a 128-bit key (that changes) to encrypt the WEP.

  19. Access Point Applicant (Lee) Using Authentication server orWi-Fi Protected Access (WPA) • WPA is an early version of the 802.11i and 802.11x security standards 2. Pass on Request to RADIUS Server RADIUS Server / WAP Gateway 1. Authentication Request 4. Accept Applicant Key=XYZ 5. OK Use Key XYZ 3. Get User Lee’s Data (Optional; RADIUS Server May Store Authentication Data) Directory Server or Kerberos Server • RADIUS is an AAA (Authentication, Authorization, Accounting) protocol • Once user authenticated, AP assigns user individual key, avoiding shared key.

  20. Protocols used in WPA • Authentication and data integrity in 802.11i and 802.11x rely on the Extensible Authentication Protocol (EAP) which has different options: • Wireless Transport Layer Security (WTLS) protocol • Server and mobile devices must have digital certificates • Requires that Public Key Infrastructure (PKI) be installed to manage digital certificates • Tunneled WTLS • Digital certificates are installed on the server only • Once server is securely authenticated to the client via its Certificate Authority, a secured tunnel is created. • Server authenticates the client through the tunnel. • Client could use passwords as mean of authentication

  21. Ethernet Switch (2) 802.3 Frame Containing Packet Access Point SoftAP Client PC Notebook With PC Card Wireless NIC Server Soft Access Point* • Usually, a soft AP is a laptop loaded with cracking software • Soft AP allow the hacker to get passwords, MAC address, etc. (1) (3) * Also called Rogue Access Point

  22. Wireless Intrusion Detection Systems • Monitor the radio spectrum for the presence of unauthorized access points • Conventionally, operate by checking the MAC addresses of the participating access points • Use fingerprinting approach to weed out devices with spoofed MAC addresses • Compare unique signatures exhibited by the signals emitted by each wireless access point against the known signatures of legitimate access points

  23. How Cracking Wireless Networks works? • Visit Youtube.com • Search for the following video • Video name: Cracking Wireless Networks • Posted by: spektral311 • Date: 9/8/2006 • Copy of video in Review section of website

  24. Summary Questions • What is meant by accidental association? Malicious association? • What are the functions of a wireless access point? • What is a SSID? How many SSIDs are needed in a WLAN with 3 wireless access points and 13 mobile stations? • How good security measure is disabling the broadcasting of a WLAN’s SSID? • What is WEP? How secure is a WEP-protected WLAN compared to a WPA WLAN using the 802.11i standard? • What does using TKIP add to a WEP-protected WLAN? • Explain the operation of a WPA WLAN using a RADIUS • What is rogue AP? How can you detect a rogue AP?

More Related