Internet Security Principle Wireless LAN/WAN Protection

About This Presentation

Title:

Internet Security Principle Wireless LAN/WAN Protection

Description:

Wireless technology allows the network to go where wire cannot go. ... Verizon Wireless. Sprint PCS. AT&T Wireless. Upgrade requires entire new radio system ... – PowerPoint PPT presentation

Number of Views:575

Avg rating:3.0/5.0

Slides: 55

Provided by: jiaweit

Category:

more less

Transcript and Presenter's Notes

Title: Internet Security Principle Wireless LAN/WAN Protection

1
Internet Security PrincipleWireless LAN/WAN
Protection
2
Group Member

Jia-Wei Tsay
Taesun(Andy) Park

3
Contents

Introduction
Applications
Technologies
Threats
Recent security mechanism
Protection solutions
Conclusion
Reference

4
Introduction

Abstract
What is the wireless LAN
What is the wireless WAN
The importance of wireless LAN/WAN protection

5
Abstract

Wireless LAN/WAN are becoming a respectable
alternative in indoor communications. It offers
flexibility and mobility in networking
environments, as the user is not bound to a
certain workplace anymore
Wireless technology allows the network to go
where wire cannot go. Mobile workforce who
require real time access to data benefit from
wireless LAN/WAN connectivity since they can
access it almost any time any place. Wireless
LAN/WAN are also ideal for providing mobility in
home and hot spot environments

6
Abstract(cont)

Unfortunately, disgruntled employees, hackers,
viruses, industrial espionage, and other forms of
destruction are not uncommon in today's Networks
This project addresses the vulnerabilities and
the security to the wireless LAN/WAN

7
What is the wireless LAN

A wireless LAN (WLAN) is a flexible data
communication system implemented as an extension
to, or as an alternative for, a wired LAN within
a building or campus. Using electromagnetic
waves, WLANs transmit and receive data over the
air, minimizing the need for wired connections.
Thus, WLANs combine data connectivity with user
mobility, and, through simplified configuration,
enable movable LANs

8
What is the wireless LAN(cont)

A wireless local area network (WLAN) is a
flexible data communication system using radio
frequency (RF) technology to transmit and receive
data over the air. It can be integrated with
existing campus network seamlessly and easily so
that we can enjoy network computing without
looking for a physical network port
wireless LAN is a collection of two or more
devices connected via an open air medium in order
to share data

9
What is the wireless WAN

Wireless WANs, which can bridge branch offices of
a company, cover a much more extensive area than
wireless LANs. Unlike WLANs, which offer limited
user mobility and instead are generally used to
enable the mobility of the entire network, WWANs
facilitate connectivity for mobile users such as
the traveling businessman. In general, WWANs
allow users to maintain access to work-related
applications and information while away from
their office.

10
What is the wireless WAN (cont)

In wireless WANs, communication occurs
predominantly through the use of radio signals
over analog, digital cellular, or PCS networks,
although signal transmission through microwaves
and other electromagnetic waves is also possible.
Today, most wireless data communication takes
place across 2G cellular systems such as TDMA,
CDMA, PDC, and GSM, or through packet-data
technology over old analog systems such as CDPD
overlay on AMPS.

11
What is the wireless WAN (cont)

Although traditional analog networks, having been
designed for voice rather than data transfer,
have some inherent problems, some 2G (second
generation) and new 3G (third generation) digital
cellular networks are fully integrated for
data/voice transmission. With the advent of 3G
networks, transfer speeds should also increase
greatly.

12
The importance of wireless LAN/WAN protection

Security is an important aspect in wireless
LAN/WAN since it is hard to restrict access to
network resources physically, which can be made
with wired LAN/WAN by physical access control in
the premises

13
Application

Doctors and nurses in hospitals are more
productive because hand-held or notebook
computers with wireless LAN capability deliver
patient information instantly.
Consulting or accounting audit engagement teams
or small workgroups increase productivity with
quick network setup.
Network managers in dynamic environments minimize
the overhead of moves, adds, and changes with
wireless LANs, thereby reducing the cost of LAN
ownership.

14
Application(cont)

Training sites at corporations and students at
universities use wireless connectivity to
facilitate access to information, information
exchanges, and learning.
Network managers installing networked computers
in older buildings find that wireless LANs are a
cost-effective network infrastructure solution.
Retail store owners use wireless networks to
simply frequent network reconfiguration.

15
Application(cont)

Trade show and branch office workers minimize
setup requirements by installing preconfigured
wireless LANs needing no local MIS support.
Warehouse workers use wireless LANs to exchange
information with central databases and increase
their productivity.
Network managers implement wireless LANs to
provide backup for mission-critical applications
running on wired networks.
Senior executives in conference rooms make
quicker decisions because they have real-time
information at their fingertips.

16
LAN/WAN Technologies

WAP
Bluetooth
AMPS
TDMA
CDMA
GSM
G3 IMT-2000 International Mobile
GPRS
LMDS
100BaseRadio

17
WAP

WAP stands for Wireless Application Protocol
WAP is an application communication protocol
WAP is used to access services and information
WAP is inherited from Internet standards
WAP is for handheld devices such as mobile phones
WAP is a protocol designed for micro browsers
WAP enables the creating of web applications for
mobile devices.
WAP uses the mark-up language WML

18
WAP(cont)

The WAP standard is based on Internet standards
(HTML, XML and TCP/IP). It consists of a WML
language specification, a WMLScript
specification, and a Wireless Telephony
Application Interface (WTAI) specification.
WAP is published by the WAP Forum, founded in
1997 by Ericsson, Motorola, Nokia, and Unwired
Planet

19
Bluetooth

Bluetooth technology is a forthcoming wireless
personal area networking (WPAN) technology that
has gained significant industry support and will
coexist with most wireless LAN solutions. The
Bluetooth specification is for a 1 Mbps, small
form-factor, low-cost radio solution that can
provide links between mobile phones, mobile
computers and other portable handheld devices and
connectivity to the internet.

20
Bluetooth(cont)

This technology, embedded in a wide range of
devices to enable simple, spontaneous wireless
connectivity is a complement to wireless LANs
which are designed to provide continuous
connectivity via standard wired LAN features and
functionality

21
Wireless WAN (Summary)

1G First generation (Analog voice) AMPS
- Advanced Mobile Phone Service
2G Second Generation (Digital voice and
messages)
- TDMA - Time Division Multiple Access (D-AMPS,
NA-TDMA, IS-54, IS-136)
- CDMA - Code Division Multiple Access
(CDMA-One, IS-95a) GSM - Global System for Mobile
communication
2.5G
- EDGE Enhanced Data rate for Global Evolution
- GPRS General Packet Radio Service
3G Third Generation (Broadband Data and Voice
over IP)
- IMT-2000 backbone of 3G world
- W-CDMA Wideband CDMA
- Cdma2000 Broadband CDMA
- LMDS / MMDS Local Multipoint / Multipoint
Microwave Distribution Systems

22
Wireless WAN (Summary)
2004
2003
2002
2001
GSM
GPRS
W-CDMA
EDGE
Cingular VoiceStream
TDMA
ATT Wireless
iDEN
Nextel
CDMA-2000
CDMA
1x
3x
Verizon Wireless Sprint PCS
Easy upgrade
2G
3G
2.5G
Upgrade requires new modulation
Upgrade requires entire new radio system
23
Wireless WAN
Cellular Telephony - bandwidth 9.6-14.4 Kbps
(2G) 28.2-128 Kbps (2.5G) 200-2000 Kbps (3G)
- standards GSM, CDMA, TDMA, GPRS common use
national coverage Paging - bandwidth 9.6 Kbps
standard CDPD common use two-way short text
messages Satellite - bandwidth 400-1500
Kbps (downlink) 256 Kbps (uplink)
24
AMPS - Advanced Mobile Phone Service
-First generation wireless tech - analog
cellular phone system (in USA and South Africa)
- uses FDMA - Frequency Division Multiple
Access - (800-900)MHz frequency Spectrum
Subdivided into 25 KHz Channels(4000 channels)
- one subscriber at a time to each channel (no
sharing) - the system based on fixed cells
(geographic zones) - 3 components cellular
phone, base station, MTSO - Mobile Telephone
Switching Office
25
TDMA - Time Division Multiple Access (2G)

operate at 800 MHz (806-902 MHz digital cellular
system) or 1900 MHz (1850-1990 MHz PCS -
Personal Communication Service)
1900 MHz system requires more cells than 800 MHz
system
30-KHz radio channels are divided into 6 time
slots ( a fraction of the second). Each time slot
is assigned among 8 subscribers
referred to as D-AMPS - Digital AMPS NA-TDMA-
North America TDMA IS-54 - the first
implementation of TDMA IS-136 - next generation
TDMA (transmission up to 43.2 Kbps)
http//www.uwcc.org/ TDMA

26
CDMA - Code Division Multiple Access (2G)

operate at 800 MHz (digital cellular system) and
1900 MHz (PCS) frequency bands
10-20 times the capacity of analog AMPS 4- 6
times the capacity of TDMA up to 384 Kbps
referred to as IS-95 CDMA (or CDMA One) standard
by TIA
CDMA assigns digital codes to activate subscribes
CDMA divides the radio spectrum into channels
that are 1.25 MHz wide
Lack of international roaming capabilities
there are 2 competing standards cdma2000
- American implementation, backward compatible
with GSM and other second-generation wireless
systems
- W-(for Wideband)-CDMA developed by European
Telecommunications Standards Institute
Incompatible with existing CDMA or GSM
infrastructure
http//www.3gpp.org/ CDMA

27
GSM - Global System for Mobile communication (2G)

European version of TDMA, very popular in Europe
support for "Short message service" (short test
messages)
operates at 900 MHz and 1800 MHz (Europe) 1900
MHz in USA as PCS
very popular in Europe, Asia, India, Africa
combination of FDMA and TDMA FDMA divides the 25
MHz bandwidth into 124 carrier frequencies of 200
KHz each each 200 Kbps channel in divided into 8
time slots using TDMA
up to 384 Kbps based on 60 orbiting
satellites
international roaming capabilities in more than
170 countries
Vendors Alcatel, Ericsson, Lucent, Nokia, Nortel

28
G3 IMT-2000 International Mobile
Telecommunication - Year 2000

project started in 1992
wireless access through satellite and terrestrial
systems packet services 144 Kbps, 384 Kbps, 2
Mbps
circuit-switched services 144 Kbps, 284 Kbps,
2Mbps
3 modes of operation
- based on CDMA ONE
- IS 95B based on CDMA 2000
- IXMC, IXTREME, HDR, 3XMC based on TDMA/GSM
- EDGE Global roaming
http//www.itu.int/imt2000/

29
GPRS, LMDS, 100 BaseRadio
GPRS General Packet Radio Service (2.5 G) -
packet switched intermediate step to transport
high-speed data efficiently over GSM- and
TDMA-based networks - GPRS uses 8 time slots in
the 200 KHz channel and can support IP-based
packet data speeds between 14.4 Kbps and 115
Kbps LMDS - Local Multi-point Distribution
Service - not popular yet, terrestrial
broadband wireless tech. - - versions 24, 28,
31,38,40 GHz - 1 Mbps - 45 Mbps - operates at
very high frequences 100BaseRadio - operates
at 5.2 GHz, 5.3 GHz and 5.775 GHz - the
standard complies with IEEE802.3, 802.1d, VLANs
30
Wireless WAN (Summary)

1G First generation (Analog voice) AMPS
- Advanced Mobile Phone Service
2G Second Generation (Digital voice and
messages)
- TDMA - Time Division Multiple Access (D-AMPS,
NA-TDMA, IS-54, IS-136)
- CDMA - Code Division Multiple Access
(CDMA-One, IS-95a) GSM - Global System for Mobile
communication
2.5G
- EDGE Enhanced Data rate for Global Evolution
- GPRS General Packet Radio Service
3G Third Generation (Broadband Data and Voice
over IP)
- IMT-2000 backbone of 3G world
- W-CDMA Wideband CDMA
- Cdma2000 Broadband CDMA
- LMDS / MMDS Local Multipoint / Multipoint
Microwave Distribution Systems

31
Wireless WAN (Summary)
2004
2003
2002
2001
GSM
GPRS
W-CDMA
EDGE
Cingular VoiceStream
TDMA
ATT Wireless
iDEN
Nextel
CDMA-2000
CDMA
1x
3x
Verizon Wireless Sprint PCS
Easy upgrade
2G
3G
2.5G
Upgrade requires new modulation
Upgrade requires entire new radio system
32
Threats

Inherent flaws
Hackers
Distribution file and quality of password
Interception
Masquerading
denial-of-service attack
transitive trust attack

33
Inherent flaws

Attacks from within the networks user community
Unauthorized access to network resources via the
wireless hardware typically high capability
receiver
Eavesdropping on the wireless signaling from
outside the company or work group
In a wireless LAN cannot be physically
restricted. Any registered user of the network
can access data that he has no business
accessing. Disgruntled current and ex-employees
have been known to read, distribute, and even
alter, valuable company data files.

34
Hackers

Remote access products allows people to dial in
for their email, remote offices connected via
dial-up lines, on-site Web sites, and "Extranets"
that connect vendors and customers to own network
which can make network vulnerable to hackers

35
Distribution file and quality of password

On the other hand, the user needs to have the
file distributed when he wants to access the
Intranet. Typically, this distribution file would
reside on the hard disk of the user's personal
laptop. The quality of the password that opens
access to the keys in the file, is essential to
the whole security of the system if a malicious
user finds out the password and gains access to
the distribution file, she can log on to the
server and thus create a tunnel to the intranet

36
Interception

A kind of identity interception, in which the
identity of a communicating party is observed for
a later misuse, or data interception in which an
unauthorized user is observing the user data
during a communication

37
Masquerading

Masquerading takes place when an attacker
pretends to be an authorized user in order to
gain access to information or to a system

38
DOS attack

A denial-of-service attack could be launched
against a wireless LAN by deliberately causing
interference in the same frequency band the
wireless LAN operates
Due the nature of the radio transmission the
wireless LANs are very vulnerable against denial
of service attacks
If attacker has powerful enough transceiver, he
can easily generate such radio interference that
our wireless LAN is unable to communicate using
radio path

39
Transitive trust attack

If the attacker can fool wireless LAN to trust
the mobile he controls, then there is one hostile
network node inside all firewalls of enterprise
network and it is very difficult to prevent any
hostile actions after that
fooling the mobile to trust the base controlled
by attacker as our base

40
Recent security mechanism

Service Set ID (SSID)
Wired Equivalent Privacy (WEP)
Wireless Transport Layer Security (WTLS)

41
SSID

Service Set ID (SSID) is a network name. This
name is sometimes considered secret
An access point can be configured either to allow
any client to connect to it or to require that a
client specifically must request the access point
by name. Even though this was not meant primarily
as a security feature, setting the access point
to require the SSID can let the ID act as a
password.

42
WEP

Wireless LANs using the IEEE 802.11b standard
have been growing rapidly over the past two years
WEP is the optional security mechanism defined
within the 802.11 standard designed to make the
link integrity of the wireless medium equal to
that of a cable
A WEP is based on protecting the transmitted data
over the RF medium using a 64-bit or 128-bit seed
key and the RC4 encryption algorithm

43
WTLS

WAP uses WTLS as the security mechanism
WAP uses WTLS which is a wireless relative of the
more common SSL mechanism used by all major web
browsers. WTLS resembles SSL in that both rely on
certificates on the client and server to verify
the identity of the participants involved.
While SSL implementations generally rely on RSA
encryption, WTLS supports RSA, Diffie-Hellman,
and Elliptic Curve encryption. WTLS doesn't
provide for end-to-end security due to WAP's
current architecture and limitations of
server-side Transport Layer Security (SSL)

44
Problems

The SSID can typically be found by "sniffing" the
network. Therefore this lends very little to
securing a network
WEP, when enabled, only protects the data packet
information and does not protect the physical
layer header so that other stations on the
network can listen to the control data needed to
manage the network
WEP can be cracked by simply modifying several
device driver settings on your wireless
LAN-equipped mobile device

45
Problems(cont)

Weaknesses in the Key Scheduling Algorithm of RC4
which would allow an intruder to pose as a
legitimate user of the network in WEP
Wireless network Wi-fi used by American Airlines,
Starbucks and several hotel chains having no
encryption at all, so almost everything sent from
a customer's laptop can be picked up by a nearby
hacker

46
Protection solutions

Use higher-level security mechanisms such as
IPsec and SSH for security, instead of relying on
WEP.
Treat all systems that are connected via 802.11
as external. Place all access points outside the
firewall
users should augment the protocol with extra
layers of security, such as a VPN (virtual
private network) or a firewall

47
Protection solutions(cont)

Cisco is going to release in the up coming year
x.509 certificate authentication. So each person
will be required to unlock their x.509
certificate with a password and then present
their certificate over an encrypted channel
before they are allowed access to the network.
Early indications from Cisco are that there will
be some sort of session key based on this
certificate. So even if you have the keys for the
128 bit encryption you will still not be able to
understand or "sniff" the traffic without a
session key produced when the individual is
authenticated

48
Protection solutions(cont)

do not use the default key change the key
immediately and change it regularly don't tell
anyone the key, ever and conduct WLAN audits
regularly to ensure there are no rogue WLAN
connections
The WAP Forum has addressed this issue in WAP
2.0, offering end-to-end security
You should now have an operating RADIUS server
and access points that deny access to
unauthorized users. Spoofing IP addresses won't
work -- MAC addresses that don't successfully
authenticate are not allowed to pass through the
access point. Your wireless network is now
secured against hackers

49
Conclusion

The only applications that should be developed
for a wireless environment are those that are not
mission-critical or that are protected with
firewalls, token devices for authentication,
encryption, and Intrusion Detection Systems
Despite proponents' claims to the contrary,
wireless data technologies still possess a level
of insecurity, particularly if custom security
measures (such as encryption) are not put in
place by the enterprise or application developer

50
Conclusion(cont)

These are among the security enhancements that
are being proposed by Cisco, Microsoft, Intel and
others to the 802.11 standards committee for
stronger security capabilities in the standard
Only when these products and technologies are
proven to be secure from end to end will mobile
commerce begin to take off.

51
Reference

http//www.fortresstech.com/
http//techupdate.zdnet.com/techupdate/stories
http//www.nwfusion.com/newsletters/wireless/2001/
00765538.html
http//www.informit.com/content
http//www.hktechnology.com/hktnet/Solutions20for
20wlan/what_is_wlan/overview.htm
http//www.cityu.edu.hk/csc/deptweb/publications/t
ech-report.htm
http//www.pcworld.com/news/article/0,aid,55146,00
.asp
http//www.google.com/search?qcache35upR5YLz3Mw
ww.wirelessethernet.org/pdf/Wi-FiWEPSecurity.pdft
hreatofwirelessLanhlzh-TW

52
Reference(cont)