1 / 14

Wireless Security

Wireless Security. Gregg A. Campbell. Agenda - .11i, IPS/IDS, Ranging. WPA WPA2 IEEE 802.11i AES Encryption WPA and WPA2 Comparison Cisco TKIP, WPA, WPA2 Comparison. Wireless IDS. Wireless Security?. Implementation Checklist. Client associates. Corporate Network.

matsu
Download Presentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security Gregg A. Campbell

  2. Agenda - .11i, IPS/IDS, Ranging • WPA • WPA2 • IEEE 802.11i • AES Encryption • WPA and WPA2 Comparison • Cisco TKIP, WPA, WPA2 Comparison • Wireless IDS

  3. Wireless Security? Implementation Checklist

  4. Client associates CorporateNetwork Cannot send data until… Data from client Blocked by AP EAP …EAP authentication complete 802.1x RADIUS Client sends data Passed by AP Data from client 802.1x (EAP) WLAN Client Access Point/Controller RADIUS server

  5. WPA • Wi-Fi Protected Access (WPA) • Standards-based security solution from the Wi-Fi Alliance • Addresses the vulnerabilities in native WLANs using Wired Equivalent Privacy (WEP) • Supports IEEE 802.1X and Pre-Shared Key (PSK) authentication • Temporal Key Integrity Protocol (TKIP) for encryption • Fully supported by the Cisco Wireless Security Suite

  6. WPA2 • Announced 9/1/04: Next generation of Wi-Fi security • Follows IEEE 802.11i standard • Supports IEEE 802.1X and Pre-Shared Key (PSK) authentication • Advanced Encryption Standard (AES) encryption algorithm using CCMP • Facilitates government FIPS 140-2 compliance • Pre-authentication is optional • Backward compatible with WPA • Mandatory with an optional (18 month) phase-in period • Fully supported by the Cisco Wireless Security Suite

  7. IEEE 802.11i • Ratified June 2004 • Defines security standards for wireless LANs • Details stronger encryption, authentication, and key management strategies for wireless data and system security • Required hardware accelerator chip in radio • Includes the following: • Two new data-confidentiality protocols – TKIP and AES-CCMP • Negotiation process for selecting the correct confidentiality protocol • Key system for each traffic type • Key caching and pre-authentication

  8. AES Encryption • Encryption standard defined by NIST (National Institute of Standards and Technology) to replace DES • The ‘Gold’ standard • Hardware encryption vs. software encryption • Replaces RC4 encryption in IEEE 802.11i • 128 bit symmetric cipher, 48 bit Initialization Vector • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) • Requires hardware acceleration, or the overall performance of an 11Mb radio will be unacceptable • Facilitates government FIPS 140-2 compliance • Note: 802.1X is not FIPS compliant

  9. WPA and WPA2 Comparison

  10. Cisco TKIP, WPA, WPA2 Comparison

  11. WPA2 & Extended EAP types • Initial WPA2 testing was on EAP-TLS • Other EAP methods now available • EAP-TTLS/MSCHAPv2 • PEAPv0/EAP-MSCHAPv2, (a.k.a., Microsoft PEAP) • PEAPv1/EAP-GTC, (a.k.a., Cisco PEAP)

  12. Wireless IDS • Traditional wired IDS focus on L3 and higher • Nature of RF medium and wireless standards mandate IDS at the physical and data link layer • RF medium vulnerabilities: • Unlicensed spectrum subject to interference, contention • Not contained by physical security boundaries • Standards vulnerabilities: • Unauthenticated management frames • Session hi-jacking, replay type attacks • Wide availability of wireless hacking literature & tools

  13. Wireless IDS • Address RF related vulnerabilities • Detect, locate, mitigate rogue devices • Detect and manage RF interference • Detect reconnaissance if possible • Address standards-based vulnerabilities • Detect management frame & hi-jacking style attacks • Enforce security configuration policies • Complementary functionality: • Forensic analysis • Compliance reporting

  14. Wireless IDS HYPE: External wIDS sensors are the best way to detect and remediate all wireless attacks REALITY: Most attacks/events occur on the AP/Client channel ROGUES and AD HOCs: Detected quickly via intelligent off channel scanning • On-channel attack detected 802.11a Channel 153 Rogue AP • Off channel rogue detected • AP contains rogue client • Off channel ad hoc net detected • AP contains ad hoc net 802.11g Channel 1 Ad Hoc client RF Containment RF Containment 802.11a Channel 153 Rogue client 802.11g Channel 1 Ad Hoc client 802.11g Channel 6 Valid client 802.11g Channel 6 Attacker 802.11a Channel 152 Valid client

More Related