1 / 28

LM 5 . Wireless Network Security

LM 5 . Wireless Network Security. Dr. Lei Li. Road Map. Introduction. Mobile Security. Security Auditing & Risk Analysis. WLAN Security. Mobile Network Overview. Evolution of Wireless Network. WLAN Overview. Infor. Security Essentials. WLAN Threats & Vulnerabilities.

mead
Download Presentation

LM 5 . Wireless Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LM 5. Wireless Network Security Dr. Lei Li

  2. Road Map Introduction Mobile Security Security Auditing & Risk Analysis WLAN Security Mobile Network Overview Evolution of Wireless Network WLAN Overview Infor. Security Essentials WLAN Threats & Vulnerabilities Cellular Network Security WLAN Security Mobile Security Threats WLAN Security Tools Mobile Devices Security

  3. Learning Outcomes After this module, a student will be able to: • Describe the architecture for securing wireless network • List the measures to physically secure WLAN • Describe the measures for access control and authentication in WLAN • Discuss the issues of using VPN to secure WLAN • Differentiate intrusion detection systems and intrusion prevention systems • Describe the method of data protection using in enterprise wireless network • Describe how to develop a comprehensive security policy for wireless network • Describe the auditing process for a wireless network security

  4. Security Architecture • Customer needs • Physical wireless network • User Access Control & Authentication • Encryption • Comprehensive security policy

  5. A Highly Secure Wireless Network WPA Source: https://www.cisco.com/c/dam/en_us/about/ac123/ac147/images/ipj/ipj_5-3/highly_secure.gif

  6. Physical Security • Contain of radio frequency (RF) signals • Reduce RF leak • Site modeling • Placement of the AP • Replace omni antenna with directional antenna • AP power adjustment

  7. WLAN Segmentation • Isolate WLAN traffics from LAN traffics • Easier for the WLAN traffic management • Physical segmentation using switch • Virtual LAN • Larger WLANs • Logically divide the network into groups using broadcast domains

  8. Access Control • SSID Obfuscation • Segment users by SSID/VLAN pair • SSID cloaking • Hide WLAN from unauthorized client • Best practice for avoiding casual or opportunistic access to the network • Not sufficient to defeat passive or active scanning

  9. Access Control - MAC Filtering • MAC address • Physical address of the device • Operates at OSI layer 2 • Deny by default, permit by exception • Suitable for small business or SOHO network • Not effective control in WLAN as in LAN • Attacker can monitor the network traffics and capture the MAC address

  10. Access Control - VPN • Extend private network across a public network

  11. VPN over WLAN • Secure WLAN using VPN • Provide authentication, encryption, and privacy • User’s IP address is obscured • The performance of the network may suffer • Requires user to install special software

  12. VPN Protocols • SSL VPN • Securely access the web from browser • IPSec VPN • Set at IP layer • More often used to allow secure remote-access to a private network

  13. Authentication - Open authentication Image source: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html#wp1034858

  14. Authentication – Shared Key Authentication Image source: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html#wp1034858

  15. Authentication – EAP • Extensible authentication protocol Image source: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html#wp1034858

  16. Authentication – MAC Based Image source: https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html#wp1034858

  17. 802.1x Authentication • Used for LAN or WLAN • Use EAP Image source: https://en.wikipedia.org/wiki/IEEE_802.1X#Typical_authentication_progression

  18. WLAN Authorization • Authenticated users should have different permissions • 802.1X for both authentication and authorization • 802.1X funnel wireless traffic onto VLAN • Group-based permissions • Grouping wireless traffic using 802.1Q tags • Create a link between authentication and authorization

  19. Data Protection - Encryption • WEP – not secure at all. • WPA • Temporal Key Integrity Protocol (TKIP) – backward compatible with WEP device • WPA2 • Advanced Encryption Standard (AES) – most secure

  20. WPA3 • New security standard announced in 2018 • New features • Robust protection - protect people who use weak password, brute force attacks • Simplification of configuration and security for device with limited display interface • Individualized data encryption for open Wi-Fi network • CNSA compliance

  21. Data Protection- IPSec • Internet protocol security • End-to-end security scheme • Operates at OSI Internet layer Image source: https://www.slashroot.in/what-ipsec-and-how-ipsec-does-job-securing-data-communication

  22. IPSec Image source: https://www.google.com/search?q=ipsec+tunnel+mode+vs+transport+mode&safe=active&source=lnms&tbm=isch&sa=X&ved=0ahUKEwi5vpj_n8nYAhUFRCYKHUGTANkQ_AUICigB&biw=999&bih=970#imgrc=8HftlxcUbTFmxM:

  23. IPSec VPN vs. SSL VPN • IPSec VPN • Function at network layer • Remote access to company office network resources • Always on connection • SSL VPN • Function at application layer • More granular access control • Used in web browsers

  24. Comprehensive Security Policy • Risk analysis • What to protect, value of the asset, possibility of breach, cost to protect the system • Governing policies • Technical policies • End-user policies

  25. Wireless Security Policy • Define assets, risks and security objectives • Identify required security practices and measures • Dictate acceptable behavior and enforcement • Serve as a vehicle for achieving consensus

  26. Wireless Security Policy Content • Policy objectives • Ownership and authority • Scope • Risk assessment • Security measures • Acceptable usage • Deployment process • Auditing and enforcement

  27. Wireless Security in Big Picture Security Auditing Identify issues and establish baseline for the network Physical Security Contain signals Access Control SSID MAC Authentication VPN Obfuscation Filtering 802.1x. IPSec Corporate Network Firewall, anti-virus, IPS, IDS Data Protection Encryption Authentication VPN WPA/WPA2 Filtering 802.1x. IPSec Comprehensive Security Policies User awareness and training, compliance consideration, etc.

  28. Reference • Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security, ELSEVIER, 2005. • Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016. • https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-14/wireless-networks.html • http://searchsecurity.techtarget.com/feature/Wireless-AP-placement-basics • http://searchnetworking.techtarget.com/feature/Using-VLANs-to-compartmentalize-WLAN-traffic • https://books.google.com/books?id=noWHCgAAQBAJ&pg=PA161&lpg=PA161&dq=ssid+bofuscation&source=bl&ots=CfCLH4fhhY&sig=93JeGN8aTOHZEGKUS7jNnGDpluE&hl=en&sa=X&ved=0ahUKEwin_7mA98TYAhVE0VMKHa9WB7IQ6AEIKzAA#v=onepage&q=ssid%20bofuscation&f=false • https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html#wp1034858 • https://en.wikipedia.org/wiki/Virtual_private_network • http://searchnetworking.techtarget.com/tip/WLAN-security-Beyond-the-VPN • https://www.networksasia.net/article/what-are-differences-between-intrusion-detection-and-intrusion-prevention-1227715200 • https://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both/ • https://en.wikipedia.org/wiki/IPsec • https://www.calyptix.com/research-2/ssl-vpn-and-ipsec-vpn-how-they-work/ • https://www.cisco.com/c/en/us/about/security-center/framework-segmentation.html • http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=3 • http://searchmobilecomputing.techtarget.com/tip/Creating-a-wireless-security-policy • http://www.wseas.us/e-library/confereces/2008/bucharest/mcbe/13mcbe.pdf

More Related