CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila.

Slides:

Advertisements

Similar presentations

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.

Advertisements

Security in Wireless Networks Juan Camilo Quintero D

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Implementing Wireless LAN Security

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

TPS Reports Presents… A Wireless Report Joy Gibbons Julia Grant Kelsie Kirkpatrick Kevin Moore Byron Williams Image from:

Security Awareness: Applying Practical Security in Your World

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade -

WLAN What is WLAN? Physical vs. Wireless LAN

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

WIRELESS LAN SECURITY Using

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Wireless Networking.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.

© Aastra – 2012 SIP-DECT 4.0 RFP 43 WLAN June 2012.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Wireless Networking & Security Greg Stabler Spencer Smith.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Lecture 24 Wireless Network Security

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless security Wi–Fi (802.11) Security

CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Module 5 Configuring Wireless Network Connections.

Cisco Discovery Home and Small Business Networking Chapter 7 – Wireless Networking Jeopardy Review v1.1 Darren Shaver Kubasaki High School – Okinawa,

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Chapter-7 Basic Wireless Concepts and Configuration.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

Module Overview Overview of Wireless Networks Configure a Wireless Network.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Instructor Materials Chapter 6 Building a Home Network

Wireless Protocols WEP, WPA & WPA2.

Wireless LAN Security 4.3 Wireless LAN Security.

Presentation transcript:

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade Wenche Backman-Kamila

802.1x AES WEP TKIP WPA WPA2 WPA- Personal WPA- Enterpise PSK Let’s clean up the mess! web- authentication

Agenda The physical interface Authentication Encryption Traffic management Recommendations and comments

The physical interface Licence-free frequency bands –2,4 – 2,5 GHz (802.11b/g/n) –5,2 – 5,7 GHz (802.11a/n) Threaths –Interference from Microwave owens and motion sensors Bluetooth, other wireless equipment, other WLANs RF jammers –DoS attacks (assosiation or EAPOL Start)

AUTHENTICATION

Overall security of authentication methods

802.1x networks - alternatives 802.1x networks = eduroam networks 802.1x based on EAP EAP alternatives –TLS Requires personal certificates but no username and password –TTLS, PEAP and FAST Authentication based on username and password

Supplicant configuration considerations For 802.1x to be really secure pay attention to which server certificate is used In the supplicant –Define correct CA –Define server name More info in WLAN monitoring and supplicants - session

Information security risks in web-authentication The authenticity of the login page cannot be verified User IDs and passwords can be intercepted and sessions hijacked.

Authentication considerations Content of database –Eliminate authentication with shared user identities Impact of compromised credentials

ENCRYPTION

Wireless security vs wired security Signals from Access Points can be captured at the air interface Information security risks –Sniffing –Spoofing –Probing

More security risks – and countermeasures Firesheep –Users may get their profiles to e.g. Facebook hijacked Countermeasures –VPN encryption High requirements on the VPN server Performance usually drops –->Link-layer encryption

Overview of encryption development

Personal and Enterprise WPA-Personal WPA2-Personal (=WPA- PSK WPA2-PSK) WPA-Enterprise WPA2-Enterprise (=802.1x)

Details on WPA-TKIP and WPA2-AES WPA-TKIP regular key rotation per-frame key mixing a frame sequence counter to protect against replay attacks an improved message integrity check algorithm. WPA2-AES Actually AES-CCMP at link layer A single component handles –per-frame key management –integrity checks

TKIP-vulnerability End of 2008 –Injecting false messages of a few types (e.g. ARP) possible September 2009 –Forging short encypted packes (e.g. ARP messages) in shorter time (1 min vs 12 min) –Increased likelihood of session being hijacked Although encryption key never exposed –-> use only WPA2-AES

Wi-Fi alliance and WPA- TKIP Wi-Fi alliance will abandon WPA-TKIP in stages

Encryption conclusions Always use the most secure encryption method WPA2-AES Why? –When all use the same method roaming becomes easier –The Wi-Fi alliance is discontinuing support of WPA-TKIP For access to intranets etc. include also VPN encryption

TRAFFIC MANAGEMENT

Authorisation Minimum requirement is Internet access Separate VLAN for own users and visitors more rights and privilegies Check visitor VLAN carefully –no protected networks or machines using the same VLAN If possible access to printers and journals for all

MAC address blacklisting Information security and stability can be improved –by stopping Too frequent authentication requests Spreading a worm constantly receiving new IP-addresses –by handling notifications of copyright violations The user should be notified of blacklisting

Other restrictions SMTP –Only access to own servers allowed –Block connections from the Internet Block devices from acting as DHCP servers Make terminals communicate with each other through the AP

RECOMMENDATIONS

Regarding authentication Inform of the weaknesses of unencrypted networks –and of the need to switch to 802.1x Consider implications of stolen passwords Or use different passwords for WLAN Grant access to VPN without web- authentication Don’t allow use of unencrypted protocols in unencrypted networks

Comments regarding authentication Open networks are misused and copywright infringements occur MAC address blacklisting improves security and stability

Regarding encryption Use only WPA2-AES –If you have VERY good reasons allow also WPA-TKIP –Acknowledge supplicant configuration implications Unencrypted networks are risky –Open networks –Pre-shared key networks –Web-authenticated networks

References and contact info Main reference –WLAN Information Security BPD