Title: WLAN protocol 802.11 ab overview and security issues
1WLAN protocol 802.11 a/b overview and security
issues
- Maged Girgis
- Systems Consultant.
- Intermec Technologies Canada Ltd.
- (800) 268-6936
- www.intermec.com
2Agenda Security Is A Verb (Action Required)
- WLAN Standards 802.11b and 802.11a
- Escalating Security Levels
- Security Costs
- When Do I Implement Security?
- Security Tools and Examples
3Wireless LAN Technology
- WLAN Technology Trends
- Proprietary Systems in the Early 1990s evolved
to todays standards based systems - Wireless Speeds Now Meet Minimum Requirements for
LAN Applications - 802.11b for Mobile Devices
- 802.11a for Specialized Laptops and Desktops
- Cost Reductions and Performance Gains
4802.11b and 802.11a
- 802.11b and 802.11a are WLAN standards developed
by the IEEE committee - WLAN uses the same Ethernet protocol and CSMA/CA
(carrier sense multiple access with collision
avoidance) for path sharing as hard wired
networks - In short, 802.11b and 802.11a are simply Ethernet
cable replacement (wireless Ethernet)
5802.11a The Basic Facts
- 802.11a not a migration for 802.11b
- 54Mbps Rating
- Actual maximum 22 to 26 Mbps
- Turbo or 2X mode
- Expected 25 to 50 improvement
- NOT Inter-vendor compatible
- A is up to 5X faster than B
- More bandwidth
- More channels
- Less interference
6Applications Problems for A
- 802.11a
- Shorter wave
- 5.4GHz
- Tends to weaken and or bounce off objects
- 802.11b
- Longer wave
- 2.4GHz
- Tends to go through or around objects more easily
7Applications - Where Does A Fit Best
802.11a
802.11b
8Summary of A and B
- 802.11b and 802.11a are complementary
- 802.11b
- Moderate bandwidth up to 11mbps
- Large coverage area
- Supports high mobility applications
- 802.11a
- Great for large file transfers
- Stationary transmissions
- Short to medium distances
- Both standards will benefit from coming security
enhancements. - Some installations will need both
9Escalating Security
10The Security Continuum
Cost
IS Effort
Level
Security
Free
Basic
WEP(static)
? server
Business
802.1x
server
Coming Business
WPA (TKIP)
?server
Future Business
802.11i
Best Available
VPN/FIPS
11Security Costs
- Physical Guard, Card Entry
- Equipment Servers, Tools, (FIPS)
- Installation Set-Up, Specification
- Support IS Management, Accounts
- Maintenance Audit, Certification
- Upgrades Hardware, Software, Labor
12Where Is Security Needed?
- Weakest Link
- Anywhere There Is Data Flow
- Basically Everywhere There Is Wireless
LAN Backbone
Access Points
13Security Tools
- Filtering, Access Control Lists (ACL)
- Encryption
- 802.1x Authentication
- RADIUS Server
- Firewall
- VPN Tunneling
- FIPS Specialized Implementations
- Other
14802.1x Wireless LAN Security
Enterprise-Class SecurityEAP/TLS or EAP/TTLS
Other Network Servers and Services
Access Point
Wireless Client
- User requests access AP prevents wired network
access - Encrypted credentials sent to authentication
server - Authentication server validates user, grants
access rights - AP Port enabled and Dynamic WEP keys are assigned
to client (encrypted) - Wireless client can now access general network
services securely
RADIUS Authentication Server
15Layered Security
Server FIPS VPN Firewall VLAN RADIUS
Router Firewall VLAN
Switch Firewall VLAN
AP (switch) VLAN 802.1x, EAS ACL Filter WEP No
SSID Open
Device FIPS VPN 802.1x WEP Open
Government Better
Critical Good
Business Fair
None
16Steps to Prevent Unauthorized Access
- Change default administrative settings
- Turn off DHCP
- SSID
- Change the SSID
- Use minimum of 8 characters (coded)
- Turn off the SSID beacon (ANY not allowed)
- (If available)
- WEP 128
- Turn it ON use it!
- Manually change it
- Access control list ACL (if available)
- Access point blocks access to end devices that
their MAC address is not present
17Wireless LAN Examples
Business Security
Application Servers
Static WEP Key Encryption
Switch
Switch
Router
Firewall
ACL RADIUS Server
18Wireless LAN Examples
Business Critical with a Firewall
802.1x RADIUS Authentication Server
Application Servers
802.1x Dynamic WEP Key Rotation
Switch
Switch
Router
Firewall
Firewall
802.1x RADIUS Authentication Server
19Wireless LAN Examples
Government FIPS 140 Certified
AirFortress Authentication Server
Application Servers
Secure Clients
AirFortress Wireless Gateway
Switch
Switch
Router
Firewall
20WLAN Security concerns
- Two Basic Concerns
- Unauthorized access (Authentication)
- Risk of access to companies network from bogus
Wi-Fi stations or War Drivers - Stolen Data (Privacy)
- Risk of eavesdropping on WLAN data traffic
21WLAN Security Solutions
- Two Basic Concerns - Solutions
- Unauthorized access (Authentication)
- Implement Segregation/WEP
- Stolen Data (Privacy)
- Implement 802.1x
- Implement FIPS
22Practical WLAN security issues
- FBI Study shows that 75 of security breaches
from inside via the wire. - Many WLAN networks use default network names and
passwords - Security awareness needs to grow
- Accidental access can easily be prevented by
using the security features available today
23Radio Frequency Coverage
Site Survey will confirm coverage area and make
sure theres not too much RF bleed over
Access Point
Access Point
24Security - Conclusions
- Wireless Can Be Secured
- Use Appropriate Security
- Security Is Not Free
- Use A Security Policy
- Layer Your Security
25Thank You
- About Intermec
- Over 30 years in business
- Broadest line of ADC, mobile computing, scanning,
wireless networking and printer/media systems - Leader in wireless networking infrastructure