1 / 51

Wireless and Instant Messaging

Wireless and Instant Messaging. Chapter 8. Learning Objectives. Understand security issues related to wireless data transfer Understand the 802.11x standards Understand Wireless Application Protocol (WAP) and how it works

cisco
Download Presentation

Wireless and Instant Messaging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless and Instant Messaging Chapter 8

  2. Learning Objectives • Understand security issues related to wireless data transfer • Understand the 802.11x standards • Understand Wireless Application Protocol (WAP) and how it works • Understand Wireless Transport Layer Security (WTLS) protocol and how it works continued…

  3. Learning Objectives • Understand Wired Equivalent Privacy (WEP) and how it works • Conduct a wireless site survey • Understand instant messaging

  4. 802.11 • IEEE group responsible for defining interface between wireless clients and their network access points in wireless LANs • First standard finalized in 1997 defined three types of transmission at Physical layer • Diffused infrared - based on infrared transmissions • Direct sequence spread spectrum (DSSS) - radio-based • Frequency hopping spread spectrum (FHSS) - radio-based continued…

  5. 802.11 • Established WEP as optional security protocol • Specified use of 2.4 GHz industrial, scientific, and medical (ISM) radio band • Mandated 1 Mbps data transfer rate and optional 2 Mbps data transfer rate • Most prominent working groups: 802.11b, 802.11a, 802.11i, and 802.11g

  6. 802.11a • “High-Speed Physical Layer in the 5 GHz Band” • Sets specifications for wireless data transmission of up to 54 Mbps in the 5 GHz band • Uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS • Approved in 1999

  7. 802.11b • “Higher-Speed Layer Extension in the 2.4 GHz Band” • Establishes specifications for data transmission that provides 11 Mbps transmission (with fallback to 5.5, 2, and 1 Mbps) at 2.4 GHz band • Sometimes referred to as “Wi-Fi” when associated with WECA certified devices • Uses only DSSS • Approved in 1999

  8. 802.11c • Worked to establish MAC bridging functionality for 802.11 to operate in other countries • Folded into 802.1D standard for MAC bridging

  9. 802.11d • Responsible for determining requirements necessary for 802.11 to operate in other countries • Continuing

  10. 802.11e • Responsible for creating a standard that will add multimedia and quality of service (QoS) capabilities to wireless MAC layer and therefore guarantee specified data transmission rates and error percentages • Proposal in draft form

  11. 802.11f • Responsible for creating a standard that will allow for better roaming between multivendor access points and distribution systems • Ongoing

  12. 802.11g • Responsible for providing raw data throughput over wireless networks at a throughput rate of 22 Mbps or more • Draft created in January 2002; final approval expected in late 2002 or early 2003

  13. 802.11h • Responsible for providing a way to allow for European implementation requests regarding the 5 GHz band • Requirements • Limits PC card from emitting more radio signal than needed • Allows devices to listen to radio wave activity before picking a channel on which to broadcast • Ongoing; not yet approved

  14. 802.11i • Responsible for fixing security flaws in WEP and 802.1x • Hopes to eliminate WEP altogether and replace it with Temporal Key Integrity Protocol (TKIP), which would require replacement of keys within a certain amount of time • Ongoing; not yet approved

  15. 802.11j • Worked to create a global standard in the 5 GHz band by making high-performance LAN (HiperLAN) and 802.11a interoperable • Disbanded after efforts in this area were mostly successful

  16. Wireless Application Protocol (WAP) • Open, global specification created by the WAP Forum • Designed to deliver information and services to users of handheld digital devices • Compatible with most wireless networks • Can be built on any operating system

  17. WAP-Enabled Devices

  18. WAP-Enabled Devices

  19. How WAP 1x Works • WAP 1.x Stack • Set of protocols created by the WAP Forum that alters the OSI model • Five layers lie within the top four (of seven) layers of the OSI model • Leaner than the OSI model • Each WAP protocol makes data transactions as compressed as possible and allows for more dropped packets than OSI model

  20. WAP 1.x Stack Compared to OSI/Web Stack

  21. Differences Between Wireless and Wired Data Transfer • WAP 1.x stack protocols require that data communications between clients (wireless devices) and servers pass through a WAP gateway • Network architectural structures

  22. WAP versus Wired Network

  23. The WAP 2.0 Stack • Eliminates use of WTLS; relies on a lighter version of TLS – the same protocol used on the common Internet stack – which allows end-to-end security and avoids any WAP gaps • Replaces all other layers of WAP 1.x by standard Internet layers • Still supports the WAP 1.x stack in order to facilitate legacy devices and systems

  24. Additional WAP 2.0 Features • WAP Push • User agent profile • Wireless Telephony Application • Extended Functionality Interface (EFI) • Multimedia Messaging Service (MMS)

  25. Quick Quiz • What is the frequency used by 802.11b? • Which 802.11 subgroup uses the 5 GHz band? • Which wireless application protocol standard maps more closely to the OSI model? • The brief time in which WAP 1.x data is not encrypted at all is called the _______

  26. Wireless Transport Layer Security (WTLS) Protocol • Provides authentication, data encryption, and privacy for WAP 1.x users • Three classes of authentication • Class 1 • Anonymous; does not allow either the client or the gateway to authenticate each other • Class 2 • Only allows the client to authenticate the gateway • Class 3 • Allows both the client and the gateway to authenticate each other

  27. WTLS Protocol: Steps of Class 2 Authentication • WAP device sends request for authentication • Gateway responds, then sends a copy of its certificate – which contains gateway’s public key – to the WAP device • WAP device receives the certificate and public key and generates a unique random value • WAP gateway receives encrypted value and uses its own private key to decrypt it

  28. WTLS Security Concerns • Security threats posed by WAP gap

  29. Wired Equivalent Privacy (WEP) • Optional security protocol for wireless local area networks defined in the 802.11b standard • Designed to provide same level of security as a wired LAN • Not considered adequate security without also implementing a separate authentication process and providing for external key management

  30. Wireless LAN (WLAN) • Connects clients to network resources using radio signals to pass data through the ether • Employs wireless access points (AP) • Connected to the wired LAN • Act as radio broadcast stations that transmit data to clients equipped with wireless network interface cards (NICs)

  31. How a WLAN Works

  32. APs

  33. NICs

  34. How WEP Works • Uses a symmetric key (shared key) to authenticate wireless devices (not wireless device users) and to guarantee integrity of data by encrypting transmissions • Each of the APs and clients need to share the same key • Client sends a request to the AP asking for permission to access the wired network continued…

  35. How WEP Works • If WEP has not been enabled (default), the AP allows the request to pass • If WEP has been enabled, client begins a challenge-and-response authentication process

  36. WEP’s Weaknesses • Problems related to the initialization vector (IV) that it uses to encrypt data and ensure its integrity • Can be picked up by hackers • Is reused on a regular basis • Problems with how it handles keys

  37. Other WLAN Security Loopholes • War driving • Unauthorized users can attach themselves to WLANs and use their resources, set up their own access points and jam the network • WEP authenticates clients, not users • Wireless network administrators and users must be educated about inherent insecurity of wireless systems and the need for care

  38. Conducting a Wireless Site Survey • Conduct a needs assessment of network users • Obtain a copy of the site’s blueprint • Do a walk-through of the site • Identify possible access point locations • Verify access point locations • Document findings

  39. Instant Messaging (IM) • AOL Instant Messenger (AIM) • MSN Messenger • Yahoo! Messenger • ICQ • Internet Relay Chat (IRC)

  40. Definition of IM • Uses a real-time communication model • Allows users to keep track of online status and availability of other users who are also using IM applications • Can be used on both wired and wireless devices • Easy and fast continued…

  41. Definition of IM • Operates in two models: • Peer-to-peer model • May cause client to expose sensitive information • Peer-to-network model • Risk of network outage and DoS attacks making IM communication unavailable

  42. Problems Facing IM • Lack of default encryption enables packet sniffing • Social engineering overcomes even encryption

  43. Technical Issues Surrounding IM • Files transfers • Application sharing

  44. Legal Issues Surrounding IM • Possible threat of litigation or criminal indictment should the wrong message be sent or overheard by the wrong person • Currently immune to most corporate efforts to control it • Must be monitored in real time

  45. Blocking IM • Install a firewall to block ports that IM products use; IM will be unavailable to all employees • Limited blocking not currently possible

  46. Cellular Phone Simple Messaging Service (SMS) • Messages are typed and sent immediately • Problems • Tracking inappropriate messages • Risk of having messages sniffed

  47. Chapter Summary • Efforts of IEEE, specifically 802.11x standards, to standardize wireless security • Security issues related to dominant wireless protocols • WAP • Connects mobile telephones, PDAs, pocket computers, and other mobile devices to the Internet • WEP • Used in WLANs continued…

  48. Chapter Summary • WTLS protocol • Conducting a site survey in advance of building a WLAN • Security threats related to using (IM)

More Related