1 / 37

Wireless LAN Security

Wireless LAN Security. Presented By Mona Aly Shafik. Agenda. WLAN overview Threats Security Mechanisms and Technologies. WLAN Applications. Copper vs. WLAN. Lower pricing on WLAN equipment means it is no longer cheaper to install copper Moving a terminal once makes RF the better solution

jock
Download Presentation

Wireless LAN Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless LAN Security Presented By Mona Aly Shafik

  2. Agenda • WLAN overview • Threats • Security Mechanisms and Technologies

  3. WLAN Applications

  4. Copper vs. WLAN • Lower pricing on WLAN equipment means it is no longer cheaper to install copper • Moving a terminal once makes RF the better solution • Popularity increasing • Consider future WLAN expansion while surveying

  5. Two Different Implementations of Wireless LAN Technology Wireless Bridging LAN-to-LAN connectivity Wireless Networking Mobile user connectivity

  6. They ARE: Local, not wide area In-building or campus area coverage for mobile users Up to several miles for point-to-point (LAN to LAN) Radio or infrared FCC licenses not required Customer owns the equipment (no usage charges) They ARE NOT: Cellular phones Pagers Packet Data What Are Wireless LANs?

  7. 902-928 MHz 2.4 – 2.4835 GHz (IEEE 802.11)a 5 GHz (IEEE 802.11) HyperLAN HyperLAN2 ISM Unlicensed Frequency Bands Short Wave Radio FM Broadcast Infrared wireless LAN AM Broadcast Television Audio Cellular (840 MHz) NPCS (1.9GHz) Extremely Low Very Low Low Medium High Very High Ultra High Super High Infrared Visible Light Ultra- violet X-Rays

  8. IEEE 802.11 Standard • IEEE 802.11 became a standard in July 1997 • Infrared • RF • Two RF technologies defined: • Direct sequence spread spectrum - 1 Mbps and 2 Mbps • Frequency hopping spread spectrum - 1 Mbps and 2 Mbps • IEEE 802.11b became a standard in September 1999 • Only one RF technology defined- DSSS at 5.5 Mbps & 11 Mbps • 802.11 defines a high-performance radio • 802.11 promises “true” vendor interoperability (over the air)

  9. 900 MHz vs. 2.4 GHz vs. 5 GHz 900 MHz band 2.4 GHz band 5 GHz band Global market IEEE 802.11 Higher data rates (10+ Mbps) Global market IEEE 802.11 Higher data rates (20+Mbps) Greater range than 2.4 GHz band ( for in- building LANs) PROs Much less Range than 900 MHz or 2.4 GHz Higher cost RF components Large antenna required Maximum data rate 1 Mbps Limited bandwidth Crowded band Less range than 900 MHz (for in-building LANs) CONs

  10. POWER Frequency not used Frequency not used 1 Sec TIME 1 Mw 100 Mw 1 Ms Mhz Mhz 22 2.402 GHz FREQUENCY 2.483 GHz Spread Spectrum Approaches Direct Sequence Frequency Hopping

  11. Local Area Network (LAN) Wireless LAN (WLAN) as an extension to wired LAN Hub Hub Access Point Server Switch Internet Work Group Bridge

  12. Typical WLAN Topologies Wireless “Cell” Wireless “Cell” Channel 1 Channel 6 LAN Backbone Access Point Access Point Wireless Clients Wireless Clients

  13. Wireless Repeater Topology Wireless Repeater “Cell” Channel 1 LAN Backbone Channel 1 Access Point Access Point Wireless Clients

  14. Alternative Peer-to-Peer Topology Peer-to-Peer Configuration (ad hoc mode) Wireless “Cell” Wireless Clients Modem

  15. Access Point Coverage & Data Rate Shifting Review 1 Mbps DSSS 2 Mbps DSSS 5.5 Mbps DSSS 11 Mbps DSSS

  16. Rate Shifting • Survey performed at each data rate • Coverage cell for each rate mapped • Higher rates – shift to proper areas • Lower rates – overlap and frequency 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps

  17. (Some) Rules for Wireless LANs • All equipment must be on the same frequency (2.4 GHz) and same type of modulation (FH or DS) to communicate. • In order for wireless equipment from different manufacturers to work together, they must all be 802.11 compliant.

  18. Threats CIA attacks • Traffic analysis • Passive eavesdropping • Active eavesdropping • Man in-the-middle • Unauthorized access • Session high jacking • Replay attack

  19. Traffic Analysis Three forms of information • activity on the network • The identification and physical location of wireless access points • The type of protocols being used in the transmissions

  20. Passive Eavesdropping

  21. Passive eavesdropping (cont.) WEP (Wired Equivalency Privacy) • WEP uses the RC-4 encryption algorithm that has a key size of 40 or 128 bits • The IV is the seed that generates a unique key stream for every packet generated • Together the IV and the 40 bit key are inputs to the RC4 algorithm

  22. Active Eavesdropping

  23. Man-In-The-Middle Attack

  24. Session High-Jacking and Replay

  25. Older Security Methods • Older forms of security on WLANs • SSID (Service Set Identifier) • Authentication controlled by MAC • Shared RC4 key Authentication

  26. Shared key Authentication vulnerabilities Plain –text challenge Cipher-text Response Access point Listening Listening Plain text challenge XOR Key stream Attacker listening Cipher text response

  27. 802.11 Security • WEP (Wired Equivalency Privacy) • 40 bit keys • 128 bit keys • Part of the association process • WEP uses the RC4 stream cipher

  28. 802.1x • 802.1x is an IEEE Standard for Port Based authentication for wired networks • It relies on EAP (Extensible Authentication Protocol) • Improved user authentication: username and password • Dynamic, session-based encryption keys • Centralized user administration

  29. 802.1x advantages for WLANs • Link layer (layer 2) support for Extensible Authentication Protocol (EAP) • Securely facilitates authentication message exchanges between: Wireless Client Access Point AAA Server • Allows the use of numerous authentication algorithms • WLAN implementations of 802.1X must support mutual authentication

  30. 802.1X over Wireless Steps Access Point RADIUS Server Client AP ignores all requests until network logon Associate Logon Access request RADIUS server authenticates client Access challenge EAP request EAP response Access request Client authenticates RADIUS server (process repeats in reverse) Client and RADIUS server derive session WEP key Access success RADIUS server passes session key to AP EAP success Client and AP start using encryption

  31. Extensible Authentication protocol- transport layer security (EAP-TLS) • EAP has different modes of operation, the most promising is the use of TLS as the authentication mechanism in the EAP • EAP-TLS support mutual authentication and dynamic keying Decrypt with George’s private key Decrypted E-mail Encrypted email George public key Encrypted email George public key cipher

  32. EAP-TLS Authentication Process Access Point RADIUS Server Client AP blocks all requests until Authentication completes start Certificate Authority Request Identity Identity Identity Server certificate Server certificate Client certificate Client certificate Random session keys generated

  33. Comparison

  34. Encrypted Tunnel or virtual private network (VPN) • TWO of the key design parameters of the VPN are the OSI network layer that is encrypted and the endpoints of the tunnel • The lower the layer that is encrypted the more secure • The longer the tunnel generally the more secure the tunnel

  35. Questions • What WEP key size(s) does the 802.11 standard specify? • Why should the SSID not be considered a security feature? • What is the advantage of a two-way authentication? • Why are security measures beyond the 802.11 WEP security needed? • A WLAN is strictly an extension of the wired LAN and not a standalone network (True/False)? • State two of the security threats and the security mechanism to overcome them

  36. Wireless analyzers • Boingo • www.boingo.com • Boingo is free software that can be downloaded from the Internet; it searches all available networks, and lets you know when you are in the range of a high-speed service signal (or tells you where to find the closest one). • Netstumbler • http://www.netstumbler.org/ • Very popular and well known, Netstumbler is free software that can be downloaded from the Internet; it detects WLAN access points and displays information about them.

  37. References • http://www.intel.com/business/bss/infrastructure/wireless/security/terms.htm • http://www.extremetech.com/category2/0,3971,563,00.asp • http://www.boingo.com/download.html • www.cisco.com • http://www.itoc.usma.edu/Documents/ITOC_TR-2003-101_%28G6%29.pdf

More Related