1 / 46

Chapter 8

Chapter 8. Wireless Security. Objectives. Explain wireless networking and why it is used Describe IEEE 802.11 radio wave networking Explain Bluetooth networking Describe attacks on wireless networks Discuss wireless security measures

roy
Download Presentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 Wireless Security

  2. Objectives • Explain wireless networking and why it is used • Describe IEEE 802.11 radio wave networking • Explain Bluetooth networking • Describe attacks on wireless networks • Discuss wireless security measures • Configure security for wireless interfaces in workstation operating systems Guide to Operating System Security

  3. Introduction to Wireless Networking • Enables communications where a wired network is impractical • Reduces installation costs • Provides “anywhere” access • Enables easier small and home office networking • Enables data access to fit the application Guide to Operating System Security

  4. Attacks on Wireless Networks • Many opportunities, particularly through sniffer software • Difficult or impossible to detect Guide to Operating System Security

  5. Wireless Network Support Organizations • Wireless LAN Association (WLANA) • WINLAB Guide to Operating System Security

  6. Why Use a Wireless Network Instead of a Wired Network? • A wired network can be difficult or impossible to install in some situations Guide to Operating System Security

  7. Radio Wave Technologies • Network applications use high frequencies measured in hertz • Line-of-sight transmission • Spread spectrum technology • Popular technologies • IEEE 802.11 standard • Bluetooth Guide to Operating System Security

  8. Radio Wave Technologies Guide to Operating System Security

  9. Radio Wave Technologies • Advantages • Relatively inexpensive • Easy to install • Provide anywhere access • Offer an alternative for hard-to-cable areas • Disadvantages • Do not have speeds to match 100Mbps communications • Frequencies may experience interference Guide to Operating System Security

  10. IEEE 802.11 Radio Wave Networking (Continued) • Advantages in terms of compatibility and reliability • Devices are not proprietary • Encompasses fixed and mobile stations • Recognizes indoor and outdoor communications Guide to Operating System Security

  11. IEEE 802.11 Radio Wave Networking (Continued) • Kinds of communication • Discrete units (asynchronous) • Governed by time restrictions Guide to Operating System Security

  12. How IEEE 802.11 Wireless Networks Function • Components • Access methods • Handling of data errors • Transmission speeds • Authentication • Topologies • Multiple-cell wireless LANs Guide to Operating System Security

  13. Wireless Components • Wireless NIC (WNIC) • Functions as a transmitter/receiver (transceiver) • Access point • Antennas • Directional antenna • Omnidirectional antenna Guide to Operating System Security

  14. Directional Antenna Guide to Operating System Security

  15. Omnidirectional Antenna Guide to Operating System Security

  16. Wireless Networking Access Methods • Priority-based access • Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) Guide to Operating System Security

  17. Handling Data Errors • Automatic repeat request (ARQ) characteristic • Helps reduce communication errors created by sources of interference Guide to Operating System Security

  18. Transmission Speeds Guide to Operating System Security

  19. Infrared Wireless Networking • 802.11R standard • Can be broadcast in a single direction or in all directions • Transmits in range of 100 GHz to 1000 THz Guide to Operating System Security

  20. Infrared Wireless Networking • Security factors • Difficult to intercept without someone knowing • Not susceptible to interference from RFI and EMI • Disadvantages (but also make it more secure) • Data transmission rates only reach up to 16 Mbps (directional) and can be less than 1 Mbps (omnidirectional) • Does not go through walls Guide to Operating System Security

  21. Diffused Infrared Wireless Communication Guide to Operating System Security

  22. Using Authentication to Disconnect • Prevents two communicating stations from being inadvertently disconnected by a nonauthorized station Guide to Operating System Security

  23. 802.11 Network Topologies • Independent basic service set (IBSS) topology • Consists of two or more wireless stations that can be in communication • Does not use an access point • Extended service set (ESS) topology • Uses one or more access points to provide a larger service area than an IBSS topology Guide to Operating System Security

  24. IBSS Wireless Topology Guide to Operating System Security

  25. ESS Wireless Topology Guide to Operating System Security

  26. Multiple-Cell Wireless LANs • ESS wireless topology that employs two or more access points • Inter-Access Point Protocol (IAPP) • Roaming protocol that enables a mobile station to move from one cell to another without losing connection Guide to Operating System Security

  27. Bluetooth Radio Wave Networking • Uses frequency hopping in the 2.4-GHz band designated by FCC for unlicensed ISM transmissions • Uses time-division duplexing (TDD) for packet transmissions Guide to Operating System Security

  28. Anatomy of Attacks on Wireless Networks • Antenna • Wireless network interface card • GPS • War-driving software Guide to Operating System Security

  29. Rogue Access Point • Wireless access point installed without knowledge of network administrator • Not configured to have security • Provides an attacker with an unsecured entryway to packet communications Guide to Operating System Security

  30. Attacks Through Long-Range Antennas • Increases reach of a signal • Enables network to be monitored from a greater distance without being observed Guide to Operating System Security

  31. Man-in-the-Middle Attacks • Interception of a message meant for a different computer • Attacker operates between two communicating computers in order to: • Listen in on communications • Modify communications Guide to Operating System Security

  32. Pitfalls of Wireless Communications • Inherently not secure because they are transported over radio waves • Considerations • Avoid wireless communications for extremely sensitive information • Configure tightest security available Guide to Operating System Security

  33. Wireless Security Measures • Open system authentication • Shared key authentication • Wired Equivalent Privacy (WEP) • Service set identifier (SSID) • 802.1x security • 802.1i security Guide to Operating System Security

  34. Open System Authentication • Two stations can authenticate each other • Provides little security, only mutual agreement to authenticate • Default form of authentication in 802.11 Guide to Operating System Security

  35. Shared Key Authentication • Uses symmetrical encryption • Same key for both encryption and decryption Guide to Operating System Security

  36. Wired Equivalent Privacy (WEP) • Same encryption key is used at both stations that are communicating Guide to Operating System Security

  37. Wired Equivalent Privacy (WEP) Guide to Operating System Security

  38. Service Set Identifier (SSID) • Identification value: • typically up to 32 characters in length • defines a logical network for all devices that belong to it • Each device is configured to have same SSID • Typically used in ESS, but not IBSS Guide to Operating System Security

  39. 802.1x Security • Port-based form of authentication • Uncontrolled port • Controlled port • Does not include encryption • can be set up to work with EAP and its evolving versions (EAP-TTLS and PEAP) • Use different computers for authentication server and authenticator Guide to Operating System Security

  40. 802.1i Security • Builds on 802.1x standard • Implements Temporal Key Integrity Protocol (TKIP) for creating random encryption keys from one master key Guide to Operating System Security

  41. Configuring Security for Wireless Interfaces • Windows 2000/XP Professional • Support use of WNICs • Red Hat Linux 9.x • Supports use of WNICs (installed through GNOME desktop Network Device Control tool) • Mac OS X • Built-in compatibility for AirPort WNICs and base stations (access points) Guide to Operating System Security

  42. Open system authentication Shared key authentication WEP (40-bit and 104-bit keys) SSID 802.1x EAP Authentication through RADIUS Windows 2000 Professional Wireless Security Techniques Guide to Operating System Security

  43. Open system authentication Shared key authentication WEP (40-bit and 104-bit keys) SSID 802.1x EAP and EAP-TLS PEAP Authentication through RADIUS Windows XP Professional Wireless Security Techniques Guide to Operating System Security

  44. Red Hat Linux Wireless Security Techniques • Open system authentication • Shared key authentication • WEP (40-bit and 104-bit keys) • SSID • 802.1x Guide to Operating System Security

  45. Mac OS X Wireless Security Techniques • Open system authentication • Shared key authentication • WEP (40-bit and 104-bit keys) • SSID • RADIUS authentication • Firewall protection Guide to Operating System Security

  46. Summary • How wireless networks work • Popular approaches to wireless networking • IEEE 802.11 • Bluetooth • Types of attacks against wireless networks • Wireless security measures and how to implement them in client operating systems Guide to Operating System Security

More Related