Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.

Slides:

Advertisements

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

Advertisements

Filtering and Security By Mohammad Shanehsaz June 2004.

Guide to Network Defense and Countermeasures Second Edition

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Firewalls and Intrusion Detection Systems

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Circuit & Application Level Gateways CS-431 Dick Steflik.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Enabling Secure Internet Access with ISA Server.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Ch. 5 – Access Points. Overview Access Point Connection.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Intranet, Extranet, Firewall. Intranet and Extranet.

FIREWALL Mạng máy tính nâng cao-V1.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

TCOM 515 Lecture 6.

Chapter 6: Packet Filtering

Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Chapter 11 Firewalls.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

Ch 8. Security in computer networks Myungchul Kim

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Access Control List (ACL)

TCP/IP Protocols Contains Five Layers

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Internet Security and Firewall Design Chapter 32.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.

Networking Components Assignment 3 Corbin Watkins.

SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.

Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Wired Equivalent Privacy. INTRODUCTION Wired Equivalent Privacy (WEP) is a security algorithm for IEEE wireless networks. Introduced as part of.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Security in the layers 8: Network Security.

Computer Data Security & Privacy

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

* Essential Network Security Book Slides.

Firewalls Purpose of a Firewall Characteristic of a firewall

POOJA Programmer, CSE Department

Firewalls By conventional definition, a firewall is a partition made

دیواره ی آتش.

Networking Essentials For Firewall-1 Administrators

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network from unauthorized users with different security protocols. - One of the most basic and first security protocols is the WEP Shared Key Authentication

WEP shared key authentication -

The WEP Shared Key Authentication protocoll process in 5 steps between the client and the access point on the wireless network. -The client sends and authentication request to the access point. -The access point sends and nonce text to the client. -The client uses its preconfigured 128-bit shared key to encrypt the nonce text from the access point. -The access point decrypts the encrypted nonce text by using its preconfigured WEP key that corresponds with the shared key. The access point then compares the decrypted text with the original nonce text being sent. If the two nonce texts matches eachother they share the same WEP key and the access point can authenticate the client -The client can then connect to the network through the wireless access point

Configuring WEP keys - Some manufacturers support only one 128-bit key, but usually most access points can handle 4 different WEP keys. - The 128-bit WEP Key is expressed as 13 sets of two hexadecimal digits (0-9 and A-F). For example, " AB CD EF " is a 128-bit WEP key.

WEP weaknesses - A high percentage of wireless networks have WEP disabled because of the high administrative workload of maintaining a shared WEP key - WEP has the same problem as all systems based upon shared keys: any secret held by more than one person soon becomes public knowledge. When users leave the network the WEP key needs to be changed, which can be a frequent problem in big networks with many users comming and go. - The WEP checksum is linear and predictable.

Firewall has three goals - -All traffic from outside to inside, and vice versa, passes through the firewall -Only authorized traffic, as defined by the local security policy will be allowed to pass -The firewall itself is immune to penetration

Three different categories - Traditional Packet Filters - Stateful Packet Filters - Applications gateways

Packet Filters Filtering decisions are typically based on: - IP source or destination address - Protocol type in IP datagram field: TCP, UDP, ICMP, OSPF, and so on - TCP or UDP source and destination port - TCP flag bits: SYN, ACK and so on - Different rules for the different router interfaces - Different rules for datagram leaving and entering the network

Access control list for a router interface

Access control list for stateful filters

Application Gateway - Finer-level security, firewall combine packet filtering with application gateways. - Applications gateway looks beyond the IP/TCP/UDP header -Internal network often have multiple applications gateways, for example, gateways for Telnet, HTTP, FTP and .

Weaknesses in WEP security design Sharing a key with all users. Problem: Liable for security issues trough transmission in unprotected channels and malicious users. Solution: Public-key protocol for authenticating indivudal keys. Such as SSL (BankID, FTP-rings, etc.)

Base stations are never authenticated Problem: 1337-h4xx0rz who knows the shared key can introduce a spoof an eavesdrop on the traffic. Solution: Base stations should supply a certificate Stream cipher repetition. Problem: Patterns can be found since the same key is always used. Solution: Negotiate a new key before a pattern reasonably could be found. Even with higher encryption problems were found so a range of decryption algroithms can be deployed.

Low level of encryption was used in the first versions Problem: With lower levels of encryption brute force hacking is possible. Solution: Change to 128-bit keys only Users not deploying the full range of security measures. Problem: People simply didn’t adapt to the new security specifications. Solution: Better default settings and documentation