CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

Slides:



Advertisements
Similar presentations
Security in Wireless Networks Juan Camilo Quintero D
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade Wenche Backman-Kamila.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
WIRELESS LAN SECURITY Using
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
WLAN 보안.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Center of Excellence Wireless and Information Technology CEWIT 2003 Keys To Secure Your Wireless Enterprise Toby Weiss SVP, eTrust Computer Associates.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Securing your wireless LAN Paul DeBeasi VP Marketing
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
1 WLAN 보안. 2 WLAN Security Requirements for Secure Wireless LANs –Authentication –Access Control –Data Privacy –Data Integrity –Protection Against Replay.
Wireless Networking & Security Greg Stabler Spencer Smith.
Wireless Authentication & 802.1X By Gareth Ayres.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
Wireless Technology x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lecture 24 Wireless Network Security
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless security Wi–Fi (802.11) Security
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Wireless Protocols WEP, WPA & WPA2.
Wireless LAN Security 4.3 Wireless LAN Security.
Presentation transcript:

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge

CSG357 Dan Ziminski & Bill Davidge 2 AGENDA Some attacks to WLANs Authentication Protocols Encryption Protocols Rogue AP problem Case Studies

CSG357 Dan Ziminski & Bill Davidge Passive Monitoring Attacker Passive Monitoring Captures data Station Access Point Username: dziminski Password:cleartext

CSG357 Dan Ziminski & Bill Davidge DOS Attack Attacker spoofs Disassociate frame Station Access Point X Connection is broken

CSG357 Dan Ziminski & Bill Davidge Man in the Middle Attack Access Point Attacker broadcasts spoofed AP SSID and MAC Address Station unknowingly connects to attacker MIM attacks can always be established But if strong authentication and encryption are used, attacker will be nothing more than a bridge. AP MAC Address Station MAC Address AP MAC Address Station MAC Address Attacker Station

CSG357 Dan Ziminski & Bill Davidge 6 Authentication and Encryption Standards EAP 802.1x WPA-TKIP802.11i RC4 TLS MSFT IETF Encryption Algorithms Authentication Protocols PEAP CSCO/MSFT IETF Certificate Credentials Username/Password Encryption Standards WEP RC4AES

CSG357 Dan Ziminski & Bill Davidge x Authentication Station Supplicant Access Point Authenticator RADIUS Server Authorizer

CSG357 Dan Ziminski & Bill Davidge x EAP-TLS Authentication Station Supplicant Access Point Authenticator RADIUS Server Authorizer Client digital cert From XYZ CA Server Digital cert From XYZ CA

CSG357 Dan Ziminski & Bill Davidge x PEAP authentication Station Supplicant Access Point Authenticator RADIUS Server Authorizer Digital cert From XYZ CA Directory Server Phase 1: Authenticate AP. Secure tunnel to AP using TLS Phase 2: Password authentication with directory server Username Dan Password: encrypted Success/Fail

CSG357 Dan Ziminski & Bill Davidge 10 VPN Authentication and Encryption Station Access Point VPN Gateway LAN IPSEC VPN Tunnel

CSG357 Dan Ziminski & Bill Davidge 11 Web Authentication Station Access Point Web auth security device LAN HTTPS Login page Backend RADIUS Server

CSG357 Dan Ziminski & Bill Davidge 12 Which Authentication to Choose? Wireless Auth Type Desktop Control Needed Cost to Implement Difficult to Manage Vendor Support Problems Vulnerable to Attack VPNhigh mediumlow WEPmediumlowhighlowhigh 802.1x EAP TLS ceritficates high mediumlow 802.1x PEAP medium low Web Authlow mediumlowmedium

CSG357 Dan Ziminski & Bill Davidge 13 WEP Encryption IVPayloadCRC-32 Encrypted with 40 or 104 bit key. RC4 Algorithm. integrity check 24 bit IV clear text WEP has several problems 1.IV is too small. At 10,000 packets per second IV repeats in 5 hours. 2.There are several “weak keys”. Those are especially vulnerable. 3.No key update mechanism built in. 4.Message replay attacks. DOS.

CSG357 Dan Ziminski & Bill Davidge 14 Wi-Fi Protected Access (WPA) TKIP- encryption Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers). WPA-TKIP fixes problems with WEP. IV changes to 48 bits with no weak keys. 900 years to repeat an IV at 10k packets/sec. Use IV as a replay counter. Message integrity. Per-packet keying. Supported on many wireless card and on Windows XP (after applying 2 hot fixes). Uses 802.1x for key distribution. Can also use static keys.

CSG357 Dan Ziminski & Bill Davidge 15 TKIP – Per Packet Keying 48 bit IV 16 bit lower IV32 bit upper IV Key mixing Per-Packet-KeyIV d Session Key MAC Address 104 bits24 bits 128 bits Fixes the weaknesses of WEP key generation but still uses the RC4 algorithm.

CSG357 Dan Ziminski & Bill Davidge i AES-encryption Ratified by the IETF in June of 04. Uses the AES algorithm for encryption and 802.1x for key distribution. Backwards compatible with TKIP to support WPA clients i not in many products yet.

CSG357 Dan Ziminski & Bill Davidge 17 Which Encryption to Choose? Wireless Encryption Type Desktop Control Needed Cost to Implement Difficult to Manage Vendor Support Problems Vulnerable to Attack nonelow high WEPmediumlowhighlowmedium WPA TKIPhigh mediumlow i AEShigh none VPNhigh mediumlownone

CSG357 Dan Ziminski & Bill Davidge 18 Newbury Networks 3-hour “war driving” DNC in Boston –A total of 3,683 unique Wi-Fi devices –An average of 1 wireless network card every 2 minutes –Nearly 3,000 of the total Wi-Fi devices were discovered in Boston's Back Bay

CSG357 Dan Ziminski & Bill Davidge 19 3-hour “war driving” DNC in Boston –65% of the wireless networks detected had no encryption – 457 unique wireless access points-the majority of which were unsecured

CSG357 Dan Ziminski & Bill Davidge 20 DefCon X Hacker Convention hour monitoring Wireless LAN –Identified 8 sanctioned access points –35 rogue access points, and more than – –800 different station addresses

CSG357 Dan Ziminski & Bill Davidge 21 DefCon X Hacker Convention-2002 –200 to300 of the station addresses were fakes –115 peer-to-peer ad hoc networks and identified 123 stations that launched a total of 807 attacks during the two hours –490 were wireless probes from tools such as Netstumbler and Kismet

CSG357 Dan Ziminski & Bill Davidge 22 DefCon X Hacker Convention were varying forms Denial-of- Service attacks that either –jammed the airwaves with noise to shut down an access point –targeted specific stations by continually disconnecting them from an access point or –forced stations to route their traffic through other stations

CSG357 Dan Ziminski & Bill Davidge 23 DefCon X Hacker Convention-2002 –27 attacks came from out-of-specification management frames where hackers launched attacks that exploited protocols to take over other stations and control the network 190 were identity thefts, such as when MAC addresses and SSIDs

CSG357 Dan Ziminski & Bill Davidge 24

CSG357 Dan Ziminski & Bill Davidge 25 Case Studies-University University –fosters an open, sharing environment –“…allow all, deny some…” as far as access goes. –large area – large user population –knowledgeable support group and a wide spectrum of knowledge in the user base

CSG357 Dan Ziminski & Bill Davidge 26 Case Studies-Financial Institution –restricted access –limited number of authorized users –Technical staff with control of user hardware –geographically dispersed locations

CSG357 Dan Ziminski & Bill Davidge 27 Case Study: Global Bank (alias) In process of deploying enterprise WLAN. Using 802.1x EAP-TLS with client web certificate for authentication. Tested PEAP, but failed auth attempts would lock out users Active Directory account. Had a small VPN pilot but found it didn’t scale. Originally started testing WPA-TKIP but too many interoperability problems with card and APs. Switched to WEP with keys rotating every 30 minutes using 802.1x. They feel that this is secure enough. Monitor for rogue APs. Any rogue that is detected by 3+ APs is investigated and removed if on LAN.

CSG357 Dan Ziminski & Bill Davidge 28 Case Studies: home networks –small number of users –with no expectation of heavy volume –Limited technological expertise

CSG357 Dan Ziminski & Bill Davidge 29 Q and A You Ask We Answer

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.