Wireless Security Techniques: An Overview - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Wireless Security Techniques: An Overview

Description:

Columbus State University Columbus State University Telcordia ... Layer Security (EAP-TTLS): Funk Software/Certicom only requires server certification ... – PowerPoint PPT presentation

Number of Views:141
Avg rating:3.0/5.0
Slides: 20
Provided by: scie64
Category:

less

Transcript and Presenter's Notes

Title: Wireless Security Techniques: An Overview


1
Wireless Security Techniques An Overview
  • Bhagyavati Wayne C. Summers Anthony DeJoie
  • Columbus State University Columbus State
    University Telcordia Technologies, Inc.
    bhagyavati_at_colstate.edu summers_wayne_at_colstate.ed
    u tony_at_research.telcordia.com

2
Agenda
1. Introduction
2. First Generation WLANs
3. Second Generation WLANs
4. Curricula Issues
5. Conclusions
3
Introduction
  • Ubiquitous wireless networks
  • Uncontrolled media / self-deploying network
  • Wired vs. Wireless networks
  • Early WLANs slow and not very secure
  • Todays WLANs have more choices for enhanced
    security, but are still flawed
  • Need to incorporate WLAN and WLAN security
    concepts in our curriculum

4
WLANs
  • Ad-Hoc Independent Basic Service Set (IBSS) -
    computers talk directly to each other.
  • Basic Infrastructure Basic Service Set (BSS)
    Network - all traffic passes through a wireless
    access point.
  • Infrastructure Extended Service Set (ESS)
    Network - traffic passes through multiple
    wireless access points.

5
First Generation WLANs
  • The IEEE 802.11 - specification allows for the
    wireless transmission of raw data at indoor
    distances from several dozen to several hundred
    feet and outdoor distances of several to tens of
    miles using Carrier Sense Multiple Access with
    Collision Avoidance (CSMA/CA)
  • 802.11b - 11 Mbps using the 2.4 GHz
  • 802.11a 54 Mbps using the 5 GHz band
  • 802.11g 54 Mbps using 2.4 GHz
  • 802.11n 540 Mbps (supports MIMO)

6
First Generation WLANs
  • Minimal set of security features in 802.11b
    standard
  • Service Set Identifier (SSID)
  • Medium Access Control (MAC) address filters
  • Wired Equivalent Privacy (WEP) encryption
  • 64-bit RC4 data encryption (flawed) 128-bit
    WEP also available
  • Does prevent casual eavesdropping (if turned
    on)
  • Requires a sharing of the key between each mobile
    device and the access point
  • No procedure for key management

7
First Generation WLANs
  • Main Security Vulnerabilities
  • Security settings are not enabled by default
  • By default, access points broadcast SSID in clear
    text
  • MAC address of valid client can be sniffed and
    then spoofed
  • WEP is easily broken, only authenticates client
  • Rogue access points are easy to deploy
  • Man-in-the-middle attacks
  • WLANs are easily crashed by DoS attacks

8
First Generation WLANs
  • Security Controls
  • Turn off the broadcast SSIDs
  • Use automated MAC-based access control mechanisms
  • Enable WEP encryption
  • Lower power levels of access points / limit
    transmission rates (11 / 5.5 Mbps)

9
Second Generation WLANs
  • WPA (Wi-Fi Protected Access) interim encryption
    standard FLAWED
  • 802.11i
  • Temporal Key Integrity Protocol (TKIP)
  • uses RC4
  • generates new key every 10 Kb
  • hashes Initialization Vector
  • Message Integrity Check
  • Advanced Encryption Standard (AES)

10
Second Generation WLANs
  • 802.1X Framework for Authentication
  • (EAP Extensible Authentication Prototcol)
  • Transport Layer Security (EAP-TLS) used in
    802.1X clients for Windows XP
  • Lightweight EAP (LEAP) CISCO product used in
    Aironet products (dynamic WEP)
  • Protected EAP (PEAP) CISCO/Microsoft/RSA
    doesnt require certificates supports dynamic
    WEP
  • Tunneled Transport Layer Security (EAP-TTLS)
    Funk Software/Certicom only requires server
    certification

11
Second Generation WLANs
  • VPN (Virtual Private Network)
  • Wireless Gateway (simplifies roaming and provides
    opportunity to implement QoS)
  • AirDefense WLAN Monitoring
  • AirFortress provides for encryption at the MAC
    layer, hiding data and network information

12
Policies, Training, Awareness
  • Physical location of access points
  • Logical location of access points (in DMZ)
  • Ban rogue access points (monitor)
  • Disable ad-hoc (peer-to-peer) mode on all clients
  • Properly configure all devices
  • Standardize on one vendor
  • Perform frequent site surveys
  • Monitor logs
  • Keep patches up to date

13
Curricula Issues
  • Where?
  • Networking and Network Management Courses
  • Introductory Security Courses
  • Network Security Courses
  • Cryptography Course (look at RC4/WPA/AES
    encryption algorithms)

14
Curricula Issues
  • What?
  • Policy Standards for wireless networks
  • Designing wireless networks
  • Securing wireless networks
  • look at encryption algorithms (RC4, WPA, AES)
  • Look at standards (802.11i, 802.1X)

15
Curricula Issues
  • How?
  • Design Wireless Network Policy
  • Work with University IT Department to help survey
    security for campus wireless network
  • Installing and testing wireless networks
  • War-driving (discuss ethical issues)
  • Attack / Defend Exercises

16
Conclusions
  • Ubiquitous wireless networks
  • Home use
  • Coffee shops, local communities
  • IEEE 802.16 (WiMAX) - 75 Mb/sec, up to 30 miles
  • Need to teach students how to secure them

17
Resources
  • Wireless Security Blackpaper - http//arstechnica.
    com/paedia/w/wireless/security-1.html
  • Wireless LAN Security FAQ - http//www.iss.net/wir
    eless/WLAN_FAQ.php
  • The Unofficial 802.11 Security Web Page
    -http//www.drizzle.com/aboba/IEEE/
  • Wireless Network Security
  • 802.11, Bluetooth and Handheld Devices -
    http//csrc.nist.gov/publications/nistpubs/800-48/
    NIST_SP_800-48.pdf

18
Questions?
19
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com