WLAN protocol 802.11 ab overview and security issues - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

WLAN protocol 802.11 ab overview and security issues

Description:

802.11a The Basic Facts. 802.11a not a migration for 802.11b. 54Mbps Rating ... Applications - Where Does 'A' Fit Best. Data. Rates. Data. Types. Transmit ... – PowerPoint PPT presentation

Number of Views:132
Avg rating:3.0/5.0
Slides: 26
Provided by: magedg
Category:

less

Transcript and Presenter's Notes

Title: WLAN protocol 802.11 ab overview and security issues


1
WLAN protocol 802.11 a/b overview and security
issues
  • Maged Girgis
  • Systems Consultant.
  • Intermec Technologies Canada Ltd.
  • (800) 268-6936
  • www.intermec.com

2
Agenda Security Is A Verb (Action Required)
  • WLAN Standards 802.11b and 802.11a
  • Escalating Security Levels
  • Security Costs
  • When Do I Implement Security?
  • Security Tools and Examples

3
Wireless LAN Technology
  • WLAN Technology Trends
  • Proprietary Systems in the Early 1990s evolved
    to todays standards based systems
  • Wireless Speeds Now Meet Minimum Requirements for
    LAN Applications
  • 802.11b for Mobile Devices
  • 802.11a for Specialized Laptops and Desktops
  • Cost Reductions and Performance Gains

4
802.11b and 802.11a
  • 802.11b and 802.11a are WLAN standards developed
    by the IEEE committee
  • WLAN uses the same Ethernet protocol and CSMA/CA
    (carrier sense multiple access with collision
    avoidance) for path sharing as hard wired
    networks
  • In short, 802.11b and 802.11a are simply Ethernet
    cable replacement (wireless Ethernet)

5
802.11a The Basic Facts
  • 802.11a not a migration for 802.11b
  • 54Mbps Rating
  • Actual maximum 22 to 26 Mbps
  • Turbo or 2X mode
  • Expected 25 to 50 improvement
  • NOT Inter-vendor compatible
  • A is up to 5X faster than B
  • More bandwidth
  • More channels
  • Less interference

6
Applications Problems for A
  • 802.11a
  • Shorter wave
  • 5.4GHz
  • Tends to weaken and or bounce off objects
  • 802.11b
  • Longer wave
  • 2.4GHz
  • Tends to go through or around objects more easily

7
Applications - Where Does A Fit Best
802.11a
802.11b
8
Summary of A and B
  • 802.11b and 802.11a are complementary
  • 802.11b
  • Moderate bandwidth up to 11mbps
  • Large coverage area
  • Supports high mobility applications
  • 802.11a
  • Great for large file transfers
  • Stationary transmissions
  • Short to medium distances
  • Both standards will benefit from coming security
    enhancements.
  • Some installations will need both

9
Escalating Security
10
The Security Continuum
Cost
IS Effort
Level
Security
Free
Basic
WEP(static)
? server
Business
802.1x
server
Coming Business
WPA (TKIP)
?server
Future Business
802.11i

Best Available
VPN/FIPS
11
Security Costs
  • Physical Guard, Card Entry
  • Equipment Servers, Tools, (FIPS)
  • Installation Set-Up, Specification
  • Support IS Management, Accounts
  • Maintenance Audit, Certification
  • Upgrades Hardware, Software, Labor

12
Where Is Security Needed?
  • Weakest Link
  • Anywhere There Is Data Flow
  • Basically Everywhere There Is Wireless

LAN Backbone
Access Points
13
Security Tools
  • Filtering, Access Control Lists (ACL)
  • Encryption
  • 802.1x Authentication
  • RADIUS Server
  • Firewall
  • VPN Tunneling
  • FIPS Specialized Implementations
  • Other

14
802.1x Wireless LAN Security
Enterprise-Class SecurityEAP/TLS or EAP/TTLS
Other Network Servers and Services

Access Point
Wireless Client
  • User requests access AP prevents wired network
    access
  • Encrypted credentials sent to authentication
    server
  • Authentication server validates user, grants
    access rights
  • AP Port enabled and Dynamic WEP keys are assigned
    to client (encrypted)
  • Wireless client can now access general network
    services securely


RADIUS Authentication Server
15
Layered Security
Server FIPS VPN Firewall VLAN RADIUS
Router Firewall VLAN
Switch Firewall VLAN
AP (switch) VLAN 802.1x, EAS ACL Filter WEP No
SSID Open
Device FIPS VPN 802.1x WEP Open
Government Better
Critical Good
Business Fair
None
16
Steps to Prevent Unauthorized Access
  • Change default administrative settings
  • Turn off DHCP
  • SSID
  • Change the SSID
  • Use minimum of 8 characters (coded)
  • Turn off the SSID beacon (ANY not allowed)
  • (If available)
  • WEP 128
  • Turn it ON use it!
  • Manually change it
  • Access control list ACL (if available)
  • Access point blocks access to end devices that
    their MAC address is not present

17
Wireless LAN Examples
Business Security
Application Servers
Static WEP Key Encryption
Switch
Switch
Router
Firewall
ACL RADIUS Server
18
Wireless LAN Examples
Business Critical with a Firewall
802.1x RADIUS Authentication Server
Application Servers
802.1x Dynamic WEP Key Rotation
Switch
Switch
Router
Firewall
Firewall
802.1x RADIUS Authentication Server
19
Wireless LAN Examples
Government FIPS 140 Certified
AirFortress Authentication Server
Application Servers
Secure Clients
AirFortress Wireless Gateway
Switch
Switch
Router
Firewall
20
WLAN Security concerns
  • Two Basic Concerns
  • Unauthorized access (Authentication)
  • Risk of access to companies network from bogus
    Wi-Fi stations or War Drivers
  • Stolen Data (Privacy)
  • Risk of eavesdropping on WLAN data traffic

21
WLAN Security Solutions
  • Two Basic Concerns - Solutions
  • Unauthorized access (Authentication)
  • Implement Segregation/WEP
  • Stolen Data (Privacy)
  • Implement 802.1x
  • Implement FIPS

22
Practical WLAN security issues
  • FBI Study shows that 75 of security breaches
    from inside via the wire.
  • Many WLAN networks use default network names and
    passwords
  • Security awareness needs to grow
  • Accidental access can easily be prevented by
    using the security features available today

23
Radio Frequency Coverage
Site Survey will confirm coverage area and make
sure theres not too much RF bleed over
Access Point
Access Point
24
Security - Conclusions
  • Wireless Can Be Secured
  • Use Appropriate Security
  • Security Is Not Free
  • Use A Security Policy
  • Layer Your Security

25
Thank You
  • About Intermec
  • Over 30 years in business
  • Broadest line of ADC, mobile computing, scanning,
    wireless networking and printer/media systems
  • Leader in wireless networking infrastructure
Write a Comment
User Comments (0)
About PowerShow.com