Wireless Network Security

Slides:



Advertisements
Similar presentations
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Advertisements

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Security. Why is it important? Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Over.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
WLAN What is WLAN? Physical vs. Wireless LAN
Lecture 10 Page 1 CS 136, Fall 2014 Network Security, Continued Computer Security Peter Reiher November 13, 2014.
Mobile and Wireless Communication Security By Jason Gratto.
A History of WEP The Ups and Downs of Wireless Security.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Lecture 13 Page 1 CS 136, Spring 2009 Network Security: Firewalls continued, VPNS, Honeypots CS 136 Computer Security Peter Reiher May 14, 2009.
Wireless Networking & Security Greg Stabler Spencer Smith.
Lecture 13 Page 1 CS 136, Fall 2010 Network Security: Virtual Private Networks, Wireless Networks, and Honeypots CS 136 Computer Security Peter Reiher.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Lecture 12 Page 1 CS 136, Fall 2011 Network Security: Con’t CS 136 Computer Security Peter Reiher November 3, 2011.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
Lecture 11 Page 1 CS 136, Fall 2012 Network Security, Continued CS 136 Computer Security Peter Reiher November 6, 2012.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
NETWORK COMPONENTS BY REYNALDO ZAMORA. HUB Hubs are devices that serve as the central connection for a network. Its job is to send data from one computer.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Assignment 3 Jacob Seiz. Hub A hub provides a central access point for a network. Through multiple I/O ports a hub can connect multiple Ethernet devices.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Network System Security - Task 2. Russell Johnston.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Chapter 40 Internet Security.
Network Security: Firewalls, Network Cryptography, and Honeypots Computer Security Peter Reiher February 9, 2017.
Outline The basic authentication problem
Wireless Protocols WEP, WPA & WPA2.
WEP & WPA Mandy Kershishnik.
Password Management Limit login attempts Encrypt your passwords
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Outline Basics of network security Definitions Sample attacks
A Wireless LAN Security Protocol
Virtual Private Networks
Click to edit Master subtitle style
Outline Introduction Characteristics of intrusion detection systems
Firewall Configuration and Administration
Security in Networking
Network Security: Firewalls continued, Virtual Private Networks, and Honeypots CS 136 Computer Security Peter Reiher February 18, 2010.
IEEE i Dohwan Kim.
Outline Using cryptography in networks IPSec SSL and TLS.
RC4 RC
Security Issues with Wireless Protocols
Marcial Quinones-Cardona
Outline The spoofing problem Approaches to handle spoofing
6. Application Software Security
Outline Basics of network security Definitions Sample attacks
Security in Wide Area Networks
Outline The concept of perimeter defense and networks Firewalls.
Lecture 36.
Lecture 36.
Presentation transcript:

Wireless Network Security Wireless networks are “just like” other networks Except . . . Almost always broadcast Generally short range Usually supporting mobility Often very open

Types of Wireless Networks Variants on local area network technologies Bluetooth networks Very short range Cellular telephone networks Line-of-sight networks Dedicated, for relatively long hauls Satellite networks

The General Solution For Wireless Security Wireless networks inherently less secure than wired ones So we need to add extra security How to do it? Link encryption Encrypt traffic just as it crosses the wireless network Decrypt it before sending it along

Why Not End-to-End Encryption? Some non-wireless destinations might not be prepared to perform crypto What if wireless user wants protection anyway? Doesn’t help wireless access point provide exclusive access Any eavesdropper can use network

802.11 Security Originally, 802.11 protocols didn’t include security Once the need became clear, it was sort of too late Huge number of units in the field Couldn’t change the protocols So, what to do?

WEP First solution to the 802.11 security problem Wired Equivalency Protocol Intended to provide encryption in 802.11 networks Without changing the protocol So all existing hardware just worked The backward compatibility worked The security didn’t

What Did WEP Do? Used stream cipher (RC4) for confidentiality With 104 bit keys Usually stored on the computer using the wireless network 24 bit IV also used Used checksum for integrity

What Was the Problem With WEP? Access point generates session key from its own permanent key plus IV Making replays and key deduction attacks a problem IV was intended to prevent that But it was too short and used improperly In 2001, WEP cracking method shown Took less than 1 minute to get key

WPA and WPA2 Generates new key for each session Can use either TKIP or AES mode Various vulnerabilities in TKIP mode AES mode hasn’t been cracked yet May be available for some WPA Definitely in WPA2

Honeypots and Honeynets A honeypot is a machine set up to attract attackers Classic use is to learn more about attackers Ongoing research on using honeypots as part of a system’s defenses

Setting Up A Honeypot Usually a machine dedicated to this purpose Probably easier to find and compromise than your real machines But has lots of software watching what’s happening on it Providing early warning of attacks

What Have Honeypots Been Used For? To study attackers’ common practices There are lengthy traces of what attackers do when they compromise a honeypot machine Not clear these traces actually provided much we didn’t already know

Honeynets A collection of honeypots on a single network Maybe on a single machine with multiple addresses More often using virtualization Typically, no other machines are on the network Since whole network is phony, all incoming traffic is probably attack traffic

What Can You Do With Honeynets? Similar things to honeypots But at the network level Also good for tracking the spread of worms Worm code typically visits them repeatedly Main tool for detecting and analyzing botnets Gives evidence of DDoS attacks Through backscatter Based on attacker using IP spoofing

Honeynets and Botnets Honeynets widely used by security researchers to “capture” bots Honeynet is reachable from Internet Intentionally weakly defended Bots tend to compromise them Researcher gets a copy of the bot

Issues With Honeynet Research Don’t want captured bot infecting other non-honeynet sites Or performing other attack activities So you need to prevent it from attacking out But you also need to see its control traffic

What To Do With a Bot? When the bot is captured, what do you do with it? Typically, analyze it Especially for new types of bots To find weaknesses And to track rest of botnet Analysis helpful for tracing “ancestry”

Do You Need A Honeypot? Not in the same way you need a firewall Only useful if your security administrator spending a lot of time watching things E.g., very large enterprises Or if your job is observing hacker activity Something that someone needs to be doing Particularly, security experts watching the overall state of the network world But not necessarily you