Access Control and Site Security (Part 2) (January 28, 2015) © Abdou Illia – Spring 2015.

Slides:



Advertisements
Similar presentations
Security+ All-In-One Edition Chapter 10 – Wireless Security
Advertisements

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Access Control and Site Security (Part 2) (Tuesday, January 22, 2008) © Abdou Illia – Spring 2008.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Conducted and Wireless Media (Part II) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 7, Tuesday 2/21/2007)
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
CIST 1601 Information Security Fundamentals Chapter 12 Wireless Networking Security Collected and Compiled By JD Willard MCSE, MCSA, Network+, Microsoft.
Access Control and Site Security (Part 2) (January 28, 2015) © Abdou Illia – Spring 2015.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Securing a Wireless Network
IE 419/519 Wireless Networks Lecture Notes #4 IEEE Wireless LAN Standard Part #2.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Wireless Security Chapter 12.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
1 Chapter Overview Wireless Technologies Wireless Security.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
Mobile and Wireless Communication Security By Jason Gratto.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Wireless Networking.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
Wireless Networks Tamus, Zoltán Ádám
Chapter 8 Connecting Wirelessly
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Computer Concepts 2014 Chapter 5 Local Area Networks.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Wireless standards Unit objective Compare and contrast different wireless standards Install and configure a wireless network Implement appropriate wireless.
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Review For Exam 1 (February 8, 2012) © Abdou Illia – Spring 2012.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Solving the Security Risks of WLAN Tuukka Karvonen
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Wireless Networks Standards and Protocols & x Standards and x refers to a family of specifications developed by the IEEE for.
Dependability in Wireless Networks By Mohammed Al-Ghamdi.
CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Cisco Discovery Home and Small Business Networking Chapter 7 – Wireless Networking Jeopardy Review v1.1 Darren Shaver Kubasaki High School – Okinawa,
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Chapter-7 Basic Wireless Concepts and Configuration.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Discovery Internetworking Module 7 JEOPARDY K. Martin.
TERMINOLOGY Define: WPAN
CompTIA Security+ Study Guide (SY0-401)
Instructor Materials Chapter 6 Building a Home Network
Wireless Technologies
Wireless Networking Chapter 23.
Wireless LAN Security 4.3 Wireless LAN Security.
Access Control and Site Security (Part 2)
WLAN Security Antti Miettinen.
Antti Miettinen (modified by JJ)
Conducted and Wireless Media (Part II)
Presentation transcript:

Access Control and Site Security (Part 2) (January 28, 2015) © Abdou Illia – Spring 2015

2 Learning Objectives Discuss Site Security Discuss Wireless LAN Security

Site Security

4 Building Security Basics Single point of (normal) entry to building Fire doors and alarms Security centers Monitors for closed-circuit TV (CCTV) Videotapes that must be retained (Don’t reuse too much or the quality will be bad) Interior doors to control access between parts of the building Prevent piggybacking, i.e. holding the door open so that someone can enter without identification defeats this protection

5 Building Security Basics Phone stickers with security center phone number Prevent dumpster diving by keeping dumpsters in locked, lighted area Training security personnel Training all employees Enforcing policies: You get what you enforce

6 Reading Questions Answer Reading Questions 1 posted to the course web site (in Notes’ section)

Wireless LAN Security

8 Basic Terminology Accidental Association Wireless device latching onto a neighboring Access Point when turned on. User may not even notice the association Malicious association Intentionally setting a wireless device to connect to a network Installing rogue wireless devices to collecting corporate info War driving Driving around looking for weak unprotected WLAN

b802.11a802.11g 2.4 GHz5 GHz2.4 GHzUnlicensed Band ≤11 Mbps ≤ 54 Mbps Rated Speed IEEE WLAN standards n* 2.4 GHz or 5 GHz ≤ 300 Mbps * Under development 0 Hz Frequency Spectrum Infinity AM Radio service band: 535 kHz-1705 kHz FM Radio service band: 88 MHz-108 MHz b WLAN: 2.4 GHz GHz 31213# of channels g uses Orthogonal Frequency Division Multiplexing (OFDM) modulation scheme to achieve higher speed than b AM radio channels have a 10KHz bandwidth FM radio channels: 200KHz bandwidth 35m/100m 25m/75m Range (Indoor/Outdoor) 50m/125m Service band GHz divided into 13 channels Each channel is 22 MHz wide Channels spaced 5 MHz apart Channel 1 centered on 2412 MHz. Channel 13 centered on 2472 MHz Transmissions spread across multiple channels b and g devices use only Channel 1, 6, 11 to avoid transmission overlap.

Wireless LAN (WLAN) Security Basic Operation: Main wired network for servers (usually Ethernet) Wireless stations with wireless NICs Access points for spreading service across the site Access points are internetworking devices that link LANs to Ethernet LANs

Frame Containing Packet Wireless LAN operation refers to the IEEE Wireless LAN standards Notebook With PC Card Wireless NIC Ethernet Switch Access Point Server Frame Containing Packet (2) (3) Client PC (1)

Wireless LAN operation Notebook With PC Card Wireless NIC Ethernet Switch Access Point Server Frame Containing Packet Frame Containing Packet (2) (1) Client PC (3) 1. If the AP is n-compliant, it could communicate with the notebook even if the notebook has a a NIC. T F 2. The Wireless AP needs to have a interface T F 3. The switch needs to have at least one wireless port. T F 4. How many layers should the Wireless AP have to perform its job?

13 Summary Question (1) Which of the following is among Wireless Access Points’ functions? a)Convert electric signal into radio wave b)Convert radio wave into electric signal c)Forward messages from wireless stations to devices in a wired LAN d)Forward messages from one wireless station to another e)All of the above f)Only c and d

14 MAC Filtering The Access Point could be configured to only allow mobile devices with specific MAC addresses Today, attack programs exist that could sniff MAC addresses, and then spoof them Access Point MAC Access Control List O9-2X-98-Y6-12-TR 10-U1-7Y-2J-6R-11 U1-E2-13-6D-G H1-80 ……………………..

15 IP Address Filtering The Access Point could be configured to only allow mobile devices with specific IP addresses Attacker could Get IP address by guessing based on companies range of IP addresses Sniff IP addresses Access Point IP Address Access Control List / / ……………………..

16 SSID: Apparent Security Service Set Identifier (SSID) It’s a “Network name” of up to 32 characters Access Points come with default SSID. Example: “tsunami” for Cisco or “linksys” for Linksys All Access Points in a WLAN have same SSID Mobile devices must know the SSID to “talk” to the access points SSID frequently broadcasted by the access point for ease of discovery. SSID in frame headers are transmitted in clear text SSID broadcasting could be disabled but it’s a weak security measure Sniffer programs (e.g. Kismet) can find SSIDs easily

17 Wired Equivalent Privacy (WEP) Standard originally intended to make wireless networks as secure as wired networks With WEP, mobile devices need a key used with an Initialization Vector to create a traffic key Typical WEP key length: 40-bit, 128-bit, 256-bit WEP key is shared by mobile devices and Access Points Problems: shared keys create a security hole WEP is not turned-on by default 1.Wireless station sends authentication request to AP 2.AP sends back a 128 bits challenge text in plaintext 3.Wireless station encrypts challenge text with its WEP key and sends result to AP 4.AP regenerate the WEP from received result, then compare WEP to its own WEP 5.AP sends a success or failure message WEP authentication process aircrack-ng weplab WEPCrack airsnort Open Source WEP Cracking software

i and Temporal Key Integrity Protocol (TKIP) In 2004, the IEEE working group developed a security standard called i to be implement in networks i tightens security through the use of the Temporal Key Integrity Protocol (TKIP) TKIP can be added to existing AP and NICs TKIP uses a 128-bit key (that changes) to encrypt the WEP.

19 Using Authentication server or Wi-Fi Protected Access (WPA) Access Point 1. Authentication Request 2. Pass on Request to RADIUS Server 3. Get User Lee’s Data (Optional; RADIUS Server May Store Authentication Data) 4. Accept Applicant Key=XYZ 5. OK Use Key XYZ Directory Server or Kerberos Server RADIUS Server / WAP Gateway RADIUS is an AAA (Authentication, Authorization, Accounting) protocol Once user authenticated, AP assigns user individual key, avoiding shared key. WPA is an early version of the i and x security standards Applicant (Lee)

20 Protocols used in WPA Authentication and data integrity in i and x rely on the Extensible Authentication Protocol (EAP) which has different options: Wireless Transport Layer Security (WTLS) protocol  Server and mobile devices must have digital certificates  Requires that Public Key Infrastructure (PKI) be installed to manage digital certificates Tunneled WTLS  Digital certificates are installed on the server only  Once server is securely authenticated to the client via its Certificate Authority, a secured tunnel is created.  Server authenticates the client through the tunnel.  Client could use passwords as mean of authentication

21 Soft Access Point* Notebook With PC Card Wireless NIC Ethernet Switch Access Point Server Frame Containing Packet (2) (3) Client PC (1) * Also called Rogue Access Point Soft AP Usually, a soft AP is a laptop loaded with cracking software Soft AP allow the hacker to get passwords, MAC address, etc.

22 Wireless Intrusion Detection Systems Monitor the radio spectrum for the presence of unauthorized access points Conventionally, operate by checking the MAC addresses of the participating access points Use fingerprinting approach to weed out devices with spoofed MAC addresses Compare unique signatures exhibited by the signals emitted by each wireless access point against the known signatures of legitimate access points

23 How Cracking Wireless Networks works? Visit Youtube.com Search for the following video Video name: Cracking Wireless NetworksCracking Wireless Networks Posted by: spektral311 Date: 9/8/2006 Copy of video in Review section of website

24 Summary Questions What is meant by accidental association? Malicious association? What are the functions of a wireless access point? What is a SSID? How many SSIDs are needed in a WLAN with 3 wireless access points and 13 mobile stations? How good security measure is disabling the broadcasting of a WLAN’s SSID? What is WEP? How secure is a WEP-protected WLAN compared to a WPA WLAN using the i standard? What does using TKIP add to a WEP-protected WLAN? Explain the operation of a WPA WLAN using a RADIUS What is rogue AP? How can you detect a rogue AP?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.