Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Fifth Edition

Similar presentations


Presentation on theme: "Security+ Guide to Network Security Fundamentals, Fifth Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Fifth Edition
Chapter 9 Wireless Network Security Chapter 9 Wireless Network Security

2 Objectives Describe the different types of wireless network attacks
List the vulnerabilities in IEEE security Explain the solutions for securing a wireless network Objectives Describe the different types of wireless network attacks List the vulnerabilities in IEEE security Explain the solutions for securing a wireless network Security+ Guide to Network Security Fundamentals, Fifth Edition

3 Introduction Wireless data communications have revolutionized computer networking Wireless data networks found virtually everywhere Wireless networks have been targets for attackers Early wireless networking standards had vulnerabilities Changes in wireless network security yielded security comparable to wired networks Introduction Wireless data communications have revolutionized computer networking Wireless data networks found virtually everywhere Wireless networks have been targets for attackers Early wireless networking standards had vulnerabilities Changes in wireless network security yielded security comparable to wired networks Security+ Guide to Network Security Fundamentals, Fifth Edition

4 Wireless Attacks Several attacks can be directed against wireless data systems Attacks can be directed against: Bluetooth systems Near field communication devices Wireless local area networks Wireless Attacks Several attacks can be directed against wireless data systems Attacks can be directed against: Bluetooth systems Near field communication devices Wireless local area networks Security+ Guide to Network Security Fundamentals, Fifth Edition

5 Bluetooth Bluetooth - Wireless technology uses short-range radio frequency (RF) transmissions Provides for rapid, ad-hoc device pairings Enables users connect wirelessly to wide range of computing and telecommunications devices Bluetooth is a Personal Area Network (PAN) technology data communication over short distances Provides virtually instantaneous connections between Bluetooth-enabled device and receiver Current version Bluetooth v4.0 Bluetooth Bluetooth - Wireless technology uses short-range radio frequency (RF) transmissions Provides for rapid, ad-hoc device pairings Enables users connect wirelessly to wide range of computing and telecommunications devices Bluetooth is a Personal Area Network (PAN) technology data communication over short distances Provides virtually instantaneous connections between Bluetooth-enabled device and receiver Current version Bluetooth v4.0 Security+ Guide to Network Security Fundamentals, Fifth Edition

6 Bluetooth Products (Table 9-1)
A table with three columns and eight rows. The first row is composed of column headers: Category, Bluetooth pairing, and Usage. Row 2. Category: Automobile Bluetooth pairing: Hands-free car system with cell phone Usage: Drivers can speak commands to browse the cell phone’s contact list, make hands-free phone calls, or use its navigation system. Row 3. Category: Home entertainment Bluetooth pairing: Stereo headphones with portable music player Usage: Users can create a playlist on a portable music player and listen through a set of wireless headphones or speakers. Row 4. Category: Photographs Bluetooth pairing: Digital camera with printer Usage: Digital photos can be sent directly to a photo printer or from pictures taken on one cell phone to another phone. Row 5. Category: Computer accessories Bluetooth pairing: Computer with keyboard and mouse Usage: Small travel mouse can be linked to a laptop or a full-size mouse and keyboard that can be connected to a desktop computer. Row 6. Category: Gaming Bluetooth pairing: Video game system with controller Usage: Gaming devices and video game systems can support multiple controllers, while Bluetooth headsets allow gamers to chat as they play. Row 7. Category: Sports and fitness Bluetooth pairing: Heart-rate monitor with wristwatch Usage: Athletes can track heart rates while exercising by glancing at their watch. Row 8. Category: Medical and health Bluetooth pairing: Blood pressure monitors with smartphones Usage: Patient information can be sent to a smartphone, which can then send an emergency phone message if necessary. Security+ Guide to Network Security Fundamentals, Fifth Edition

7 Bluetooth Topologies Two types of Bluetooth network topologies:
Piconet – Established when two Bluetooth devices come within range of each other Scatternet - Group of piconets in which connections exist between different piconets Bluetooth Topologies Two types of Bluetooth network topologies: Piconet – Established when two Bluetooth devices come within range of each other Scatternet - Group of piconets in which connections exist between different piconets Security+ Guide to Network Security Fundamentals, Fifth Edition

8 Bluetooth Piconet (Figure 9-1)
A figure. The left circle contains a smaller circle labeled M that connects to a smaller circle labeled AS with a solid line. A dashed line connects M to a smaller circle labeled PS. The right circle has a smaller circle labeled M that connects to four smaller circles, each labeled AS. Beneath is the legend M = Master, AS = Active slave, and PS = Parked slave Security+ Guide to Network Security Fundamentals, Fifth Edition

9 Bluetooth Scatternet (Figure 9-2)
A figure. The left circle a smaller circle labeled M that connects to four smaller circles, each labeled AS. A small circle labeled PS is also within the circle. The right circle is identical. In the middle the two circles overlap and each connect to a smaller circle labeled AS. Beneath is the legend M = Master, AS = Active slave, and PS = Parked slave Security+ Guide to Network Security Fundamentals, Fifth Edition

10 Bluejacking Bluejacking - Attack that sends unsolicited messages to Bluetooth-enabled devices Can be text messages, images, or sounds Considered more annoying than harmful No data is stolen Bluejacking Bluejacking - Attack that sends unsolicited messages to Bluetooth-enabled devices Can be text messages, images, or sounds Considered more annoying than harmful No data is stolen Security+ Guide to Network Security Fundamentals, Fifth Edition

11 Bluesnarfing Bluesnarfing - Unauthorized access to wireless information through Bluetooth connection Often between cell phones and laptops Attacker copies s, contacts, or other data by connecting to Bluetooth device without owner’s knowledge Bluesnarfing Bluesnarfing - Unauthorized access to wireless information through Bluetooth connection Often between cell phones and laptops Attacker copies s, contacts, or other data by connecting to Bluetooth device without owner’s knowledge Security+ Guide to Network Security Fundamentals, Fifth Edition

12 Near Field Communication (NFC)
Near field communication (NFC) –Low speed and low power technology for smartphones and smart cards Used to establish communication between devices in close proximity Once devices tapped together or brought within several centimeters each other two-way communication established NFC’s ease of use opened door for wide range of practical short-range communications Near Field Communication (NFC) Near field communication (NFC) –Low speed and low power technology for smartphones and smart cards Used to establish communication between devices in close proximity Once devices tapped together or brought within several centimeters each other two-way communication established NFC’s ease of use opened door for wide range of practical short-range communications Security+ Guide to Network Security Fundamentals, Fifth Edition

13 NFC Contactless Payment
NFC devices increasingly used in contactless payment systems so consumer can pay for purchase by tapping store’s payment terminal with smartphone Users store credit card and/or store loyalty card information in “virtual wallet” the smartphone to pay for purchases at NFC-enabled point-of-sale (PoS) checkout device NFC contactless payment systems has risks because of the nature of this technology NFC Contactless Payment NFC devices increasingly used in contactless payment systems so consumer can pay for purchase by tapping store’s payment terminal with smartphone Users store credit card and/or store loyalty card information in “virtual wallet” the smartphone to pay for purchases at NFC-enabled point-of-sale (PoS) checkout device NFC contactless payment systems has risks because of the nature of this technology Security+ Guide to Network Security Fundamentals, Fifth Edition

14 Contactless Payment System (Figure 9-3)
A figure. A hand holding a smartphone is help inches above a point-of-sale terminal. Security+ Guide to Network Security Fundamentals, Fifth Edition

15 NFC risks and defenses (Table 9-2)
A table with three columns and five rows. The first row is composed of column headers: Vulnerability, Explanation, and Defense. Row 2. Vulnerability: Eavesdropping Explanation: The NFC communication between device and terminal can be intercepted and viewed. Defense: Because an attacker must be extremely close to pick up the signal, users should be aware of this. Also, some NFC applications can perform encryption. Row 3. Vulnerability: Data manipulation Explanation: Attackers can jam an NFC signal so transmission cannot occur. Defense: Some NFC devices can monitor for data manipulation attacks. Row 4. Vulnerability: Man-in-the-middle attack Explanation: An attacker can intercept the NFC communications between devices and forge a fictitious response. Defense: Devices can be configured in active-passive pairing so one device only sends while the other can only receive. Row 5. Vulnerability: Device theft Explanation: The theft or loss of a smartphone could allow an attacker to use that phone for purchases. Defense: Smartphones should be protected with passwords or PINs. Security+ Guide to Network Security Fundamentals, Fifth Edition

16 Wireless Local Area Network (WLAN) Attacks
Wireless local area network (WLAN) - Designed to replace or supplement wired local area network (LAN) Tablets, laptop computers, smartphones, and printers within 460 feet (140 meters) of centrally located connection device Can send and receive information from 54 Mbps to 7 billion bits per second (Gbps) Wireless Local Area Network (WLAN) Attacks Wireless local area network (WLAN) - Designed to replace or supplement wired local area network (LAN) Tablets, laptop computers, smartphones, and printers within 460 feet (140 meters) of centrally located connection device Can send and receive information from 54 Mbps to 7 billion bits per second (Gbps) Security+ Guide to Network Security Fundamentals, Fifth Edition

17 IEEE WLANs Institute of Electrical and Electronics Engineers (IEEE) - Most influential organization for computer networking and wireless communications Dates back 1884 Began developing network architecture standards in 1980s In 1997 released IEEE standard for wireless local area networks (WLANs) Today multiple IEEE WLAN standards IEEE WLANs Institute of Electrical and Electronics Engineers (IEEE) - Most influential organization for computer networking and wireless communications Dates back 1884 Began developing network architecture standards in 1980s In 1997 released IEEE standard for wireless local area networks (WLANs) Today multiple IEEE WLAN standards Security+ Guide to Network Security Fundamentals, Fifth Edition

18 IEEE WLAN Standards (Table 9-3)
A table with seven columns and seven rows. The first row is composed of column headers: blank, , b, a, g, n, and ac. Row 2. blank: Frequency : 2.4 GHz b: 2.4 GHz a: 5 GHz g: 2.4 GHz n: 2.4 & 5 GHz ac: 5 GHz Row 3. blank: Nonoverlapping channels : b: a: g: n: ac: 21 Row 4. blank: Maximum data rate : 2 Mbps b: 11 Mbps a: 54 Mbps g: 54 Mbps n: 600 Mbps ac: 7.2 Gbps Row 5. blank: Indoor range (feet/meters) : 65/ b: 125/ a: 115/ g: 115/ n: 230/ ac: 115/35 Row 6. blank: Outdoor range (feet/meters) : 328/ b: 460/ a: 393/ g: 460/ n: 820/ ac: 460/140 Row 7. blank: Ratification date : b: a: g: n: ac: 2014 Security+ Guide to Network Security Fundamentals, Fifth Edition

19 WLAN Hardware Wireless client network interface card adapter - Performs same functions as wired adapter with antenna that sends and receives signals Access point (AP) consists of: Antenna and radio transmitter/receiver to send and receive wireless signals Special bridging software to interface wireless devices to other devices Wired network interface that allows to connect by cable to a standard wired network WLAN Hardware Wireless client network interface card adapter - Performs same functions as wired adapter with antenna that sends and receives signals Access point (AP) consists of: Antenna and radio transmitter/receiver to send and receive wireless signals Special bridging software to interface wireless devices to other devices Wired network interface that allows to connect by cable to a standard wired network Security+ Guide to Network Security Fundamentals, Fifth Edition

20 AP Functions AP has two basic functions:
Acts as “base station” the wireless network: all wireless devices with wireless NIC transmit to AP, which in turn, redirects signal (if necessary) to other wireless devices Acts as bridge between wireless and wired networks so AP can be connected to the wired network by a cable, allowing all wireless devices to access through AP to wired network (and vice versa) AP Functions AP has two basic functions: Acts as “base station” the wireless network: all wireless devices with wireless NIC transmit to AP, which in turn, redirects signal (if necessary) to other wireless devices Acts as bridge between wireless and wired networks so AP can be connected to the wired network by a cable, allowing all wireless devices to access through AP to wired network (and vice versa) Security+ Guide to Network Security Fundamentals, Fifth Edition

21 Access point (AP) In WLAN (Figure 9-4)
A figure. A horizontal line labeled Wired network is connected to icons above the line labeled File server, PC, and Internet. Beneath the line are two Laptop computers that are transmitting to an AP that is connected to the Wired network. Security+ Guide to Network Security Fundamentals, Fifth Edition

22 Home WLAN Hardware For a small office or home another device is commonly used Device combines multiple features into a single hardware device: AP Firewall Router Dynamic host configuration protocol (DHCP) server Devices are residential WLAN gateways but often called wireless routers Home WLAN Hardware For a small office or home another device is commonly used Device combines multiple features into a single hardware device: AP Firewall Router Dynamic host configuration protocol (DHCP) server Devices are residential WLAN gateways but often called wireless routers Security+ Guide to Network Security Fundamentals, Fifth Edition

23 WLAN Enterprise Attacks
In traditional wired network well-defined boundary (“hard edge”) protects data and resources Two types of hard edges: Network hard edge: Wired network typically has one point through which data must pass from an external network to secure internal network; single data entry point makes it easier to defend against attacks because any attack must likewise pass through one point Walls of building: Walls keep out unauthorized personnel who cannot physically access computing devices or network equipment WLAN Enterprise Attacks In traditional wired network well-defined boundary (“hard edge”) protects data and resources Two types of hard edges: Network hard edge: Wired network typically has one point through which data must pass from an external network to secure internal network; single data entry point makes it easier to defend against attacks because any attack must likewise pass through one point Walls of building: Walls keep out unauthorized personnel who cannot physically access computing devices or network equipment Security+ Guide to Network Security Fundamentals, Fifth Edition

24 Network Hard Edge (Figure 9-5)
A figure. At the left an icon of the Internet connects to an icon of a Firewall with the label “Single entry point.” Lines from the firewall encompass icons of a desktop, corporate laptop, network device, server, printer, and desktop. The lines from the server are labeled Network hard edge. Security+ Guide to Network Security Fundamentals, Fifth Edition

25 Blurred Edges Introduction of WLANs in enterprises has changed hard edges to “blurred edges” Instead of network hard edge with single data entry point, WLAN can contain multiple entry points Because RF signals extend beyond boundaries of building, walls cannot be considered as a hard edge to keep away attackers Blurred Edges Introduction of WLANs in enterprises has changed hard edges to “blurred edges” Instead of network hard edge with single data entry point, WLAN can contain multiple entry points Because RF signals extend beyond boundaries of building, walls cannot be considered as a hard edge to keep away attackers Security+ Guide to Network Security Fundamentals, Fifth Edition

26 Network Blurred Edge (Figure 9-6)
A figure. At the left an icon of the Internet connects to an icon of a Firewall with the label “Single entry point.” Lines from the firewall encompass icons of a desktop, corporate laptop, network device, server, printer, desktop, and two access points. The lines from the server are labeled Network blurred edge. One attacker laptop connects to an access points and is labeled “Injects infections behind firewall.” A second attacker laptop connects to the other access point and is labeled “Listens to data transmissions.” Security+ Guide to Network Security Fundamentals, Fifth Edition

27 Additional WLAN Enterprise Attacks
In addition to creating multiple entry points, several different wireless attacks can be directed at enterprise: Rogue access points Evil twins Intercepting wireless data Wireless replay attacks Wireless denial of service attacks Additional WLAN Enterprise Attacks In addition to creating multiple entry points, several different wireless attacks can be directed at enterprise: Rogue access points Evil twins Intercepting wireless data Wireless replay attacks Wireless denial of service attacks Security+ Guide to Network Security Fundamentals, Fifth Edition

28 Rogue Access Points Rogue access point - Unauthorized AP allows attacker to bypass network security configurations and opens network and users to attacks Attacker who can access network through rogue access point is behind firewall and network protections Rogue APs can be hardware or software Rogue Access Points Rogue access point - Unauthorized AP allows attacker to bypass network security configurations and opens network and users to attacks Attacker who can access network through rogue access point is behind firewall and network protections Rogue APs can be hardware or software Security+ Guide to Network Security Fundamentals, Fifth Edition

29 Rogue Access Point and Evil Twin Attacks (Figure 9-7)
A figure. At the left an icon of the Internet connects to an icon of a Firewall with the label “Single entry point.” Lines from the firewall encompass icons of a desktop, corporate laptop, network device, server, printer, desktop, and two access points and one rogue access point. The lines from the server are labeled Network blurred edge. One attacker laptop connects to an access points and is labeled “Injects infections behind firewall.” A second attacker laptop connects to the other access point and is labeled “Listens to data transmissions.” A computer labeled "Corporate laptop" connects to an access point and is labeled "Running software-based rogue AP" and an attacker connects to that computer with a wireless signal. Another corporate laptop connects to an AP labeld "evil twin" and is labeled "Connects to evil twin by mistake." Security+ Guide to Network Security Fundamentals, Fifth Edition

30 Intercepting Wireless Data
One of most common wireless attacks is intercepting and reading data (packet sniffing) being transmitted Attacker can pick up RF signal from open or misconfigured AP and read any confidential wireless transmissions If attacker manages to connect to enterprise wired network through rogue AP, also could read broadcast and multicast wired network traffic that leaks from wired network to wireless network Intercepting Wireless Data One of most common wireless attacks is intercepting and reading data (packet sniffing) being transmitted Attacker can pick up RF signal from open or misconfigured AP and read any confidential wireless transmissions If attacker manages to connect to enterprise wired network through rogue AP, also could read broadcast and multicast wired network traffic that leaks from wired network to wireless network Security+ Guide to Network Security Fundamentals, Fifth Edition

31 Wireless Replay Attack
Wireless attack can “hijacking” wireless connection to perform wireless man-in-the-middle attack Makes it appear that wireless device and network computers are communicating with each other, when actually they sending and receiving data through evil twin AP ( “man-in-the-middle”) Wireless replay - Attacker captures data being transmitted, records, and then sends to original recipient without attacker’s presence being detected Wireless Replay Attack Wireless attack can “hijacking” wireless connection to perform wireless man-in-the-middle attack Makes it appear that wireless device and network computers are communicating with each other, when actually they sending and receiving data through evil twin AP ( “man-in-the-middle”) Wireless replay - Attacker captures data being transmitted, records, and then sends to original recipient without attacker’s presence being detected Security+ Guide to Network Security Fundamentals, Fifth Edition

32 Wireless Denial of Service Attack
RF jamming - Using intentional RF interference to flood RF spectrum with enough interference to prevent device from effectively communicating with AP Another wireless DoS attack takes advantage of an IEEE design weakness Different types of frames can be “spoofed” by an attacker to prevent client from being able to remain connected to WLAN Wireless Denial of Service Attack RF jamming - Using intentional RF interference to flood RF spectrum with enough interference to prevent device from effectively communicating with AP Another wireless DoS attack takes advantage of an IEEE design weakness Different types of frames can be “spoofed” by an attacker to prevent client from being able to remain connected to WLAN Security+ Guide to Network Security Fundamentals, Fifth Edition

33 Wireless Home Attacks Home users face several risks from attacks on their insecure wireless networks: Data theft Read wireless transmissions Inject malware Download harmful content Wireless Home Attacks Home users face several risks from attacks on their insecure wireless networks: Data theft Read wireless transmissions Inject malware Download harmful content Security+ Guide to Network Security Fundamentals, Fifth Edition

34 War Driving War driving - Searching for wireless signals from automobile or on foot using portable computing device War chalking - Documenting and advertising location of wireless LANs for others Previously done by drawing on sidewalks or walls around network area Today, locations are posted on Web sites War Driving War driving - Searching for wireless signals from automobile or on foot using portable computing device War chalking - Documenting and advertising location of wireless LANs for others Previously done by drawing on sidewalks or walls around network area Today, locations are posted on Web sites Security+ Guide to Network Security Fundamentals, Fifth Edition

35 War Chalking Symbols (Figure 9-8)
A figure. The left icon is an open circle. The middle icon are two half-circles back-to-back. The right circle has a W embedded in the middle. The left circle is labeled Network name and Closed network. The middle circle is labeled Network name, Bandwidth, and Open network. The right circle is labeled Network name, Bandwidth, and Encrypted network Security+ Guide to Network Security Fundamentals, Fifth Edition

36 War driving tools (Table 9-4)
A table with two columns and six rows. The first row is composed of column headers: Tool and Purpose. Row 2. Tool: Mobile computing device Purpose: A mobile computing device with a wireless NIC can be used for war driving. This includes a standard portable computer, a pad computer, or a smartphone. Row 3. Tool: Wireless NIC adapter Purpose: Many war drivers prefer an external wireless NIC adapter that connects into a USB or other port and has an external antenna jack. Row 4. Tool: Antenna(s) Purpose: Although all wireless NIC adapters have embedded antennas, attaching an external antenna will significantly increase the ability to detect a wireless signal. Row 5. Tool: Software Purpose: Client utilities and integrated operating system tools provide limited information about a discovered WLAN. Serious war drivers use more specialized software. Row 6. Tool: Global positioning system (GPS) receiver Purpose: Although this is not required, it does help to pinpoint the location more precisely if this information will be recorded or shared with others. Security+ Guide to Network Security Fundamentals, Fifth Edition

37 Vulnerabilities of IEEE Wireless Security
Original IEEE committee recognized wireless transmissions could be vulnerable Implemented several wireless security protections in standard while left others to WLAN vendor’s discretion Protections were vulnerable and led to multiple attacks Vulnerabilities of IEEE Wireless Security Original IEEE committee recognized wireless transmissions could be vulnerable Implemented several wireless security protections in standard while left others to WLAN vendor’s discretion Protections were vulnerable and led to multiple attacks Security+ Guide to Network Security Fundamentals, Fifth Edition

38 Categories of Vulnerabilities
Four categories vulnerabilities: Wired Equivalent Privacy (WEP) Wi-Fi Protected Setup (WPS) MAC address filtering SSID broadcasting Categories of Vulnerabilities Four categories vulnerabilities: Wired Equivalent Privacy (WEP) Wi-Fi Protected Setup (WPS) MAC address filtering SSID broadcasting Security+ Guide to Network Security Fundamentals, Fifth Edition

39 Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP) - IEEE security protocol designed to ensure that only authorized parties can view transmitted wireless information by encrypting transmissions WEP relies on shared secret key known only by wireless client and AP Initialization vector (IV) - 24-bit value that changes each time packet is encrypted and combined with shared secret key Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP) - IEEE security protocol designed to ensure that only authorized parties can view transmitted wireless information by encrypting transmissions WEP relies on shared secret key known only by wireless client and AP Initialization vector (IV) - 24-bit value that changes each time packet is encrypted and combined with shared secret key Security+ Guide to Network Security Fundamentals, Fifth Edition

40 WEP Vulnerabilities WEP security vulnerabilities:
WEP limited by length of IV of only 24 bits WEP creates detectable pattern that can provide attacker with valuable information to break encryption WEP Vulnerabilities WEP security vulnerabilities: WEP limited by length of IV of only 24 bits WEP creates detectable pattern that can provide attacker with valuable information to break encryption Security+ Guide to Network Security Fundamentals, Fifth Edition

41 Wi-Fi Protected Setup (WPS)
Wi-Fi Protected Setup (WPS) - Optional means of configuring security on wireless local area networks Designed to help users with limited knowledge of security to quickly and easily implement security on their WLANs Accomplished by pushing button or entering PIN Design and implementation flaws in WPS using PIN method makes it vulnerable Wi-Fi Protected Setup (WPS) Wi-Fi Protected Setup (WPS) - Optional means of configuring security on wireless local area networks Designed to help users with limited knowledge of security to quickly and easily implement security on their WLANs Accomplished by pushing button or entering PIN Design and implementation flaws in WPS using PIN method makes it vulnerable Security+ Guide to Network Security Fundamentals, Fifth Edition

42 MAC Address Filtering Method of controlling WLAN access limit a device’s access to AP Media Access Control (MAC) address filtering - Used by nearly all wireless AP vendors that permits or blocks device based on MAC address Vulnerabilities of MAC address filtering: Addresses exchanged in unencrypted format Attacker can see address of approved device and substitute it on his own device Managing large number of addresses is challenging Security+ Guide to Network Security Fundamentals, Fifth Edition

43 MAC Address Filtering (Figure 9-10)
A screen capture. The first line is labeled “Wireless Mac Filter” with two radio buttons “Enable” and “Disable”. The second line is labeled “Prevent:” and has two radio buttons “Prevent PCs listed rom accessing the wireless” with a callout line “Keep out these devices only.” The third line is labeled “Permit Only:” with a radio button “Permit only PCs listed to access the wireless network” with a callout line “Allow in only these devices.” Security+ Guide to Network Security Fundamentals, Fifth Edition

44 Disabling SSID Broadcasts
Service Set Identifier (SSID) - User-supplied network name of wireless network Normally SSID is broadcast so that any device can see it Broadcast can be restricted with intent that only those users that know the “secret” SSID in advance would be allowed to access the network Provides only a weak degree of security and has several limitations Disabling SSID Broadcasts Service Set Identifier (SSID) - User-supplied network name of wireless network Normally SSID is broadcast so that any device can see it Broadcast can be restricted with intent that only those users that know the “secret” SSID in advance would be allowed to access the network Provides only a weak degree of security and has several limitations Security+ Guide to Network Security Fundamentals, Fifth Edition

45 Wireless Security Solutions
As result of wireless security vulnerabilities in IEEE and Wi-Fi Alliance technologies, both organizations worked to create comprehensive security solutions IEEE i Wi-Fi Alliance - Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) WPA and WPA2 are primary wireless security solutions today Other security steps can also be taken Wireless Security Solutions As result of wireless security vulnerabilities in IEEE and Wi-Fi Alliance technologies, both organizations worked to create comprehensive security solutions IEEE i Wi-Fi Alliance - Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) WPA and WPA2 are primary wireless security solutions today Other security steps can also be taken Security+ Guide to Network Security Fundamentals, Fifth Edition

46 Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access (WPA) – Security solution introduced by Wi-Fi Alliance. Design goal to fit into existing WEP engine without requiring extensive hardware upgrades or replacements Addresses both encryption and authentication Two modes of WPA WPA Personal - Designed for individuals or small office/home office (SOHO) settings, which typically have 10 or fewer employees WPA Enterprise - Intended for larger enterprises, schools, and government agencies Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) – Security solution introduced by Wi-Fi Alliance. Design goal to fit into existing WEP engine without requiring extensive hardware upgrades or replacements Addresses both encryption and authentication Two modes of WPA WPA Personal - Designed for individuals or small office/home office (SOHO) settings, which typically have 10 or fewer employees WPA Enterprise - Intended for larger enterprises, schools, and government agencies Security+ Guide to Network Security Fundamentals, Fifth Edition

47 WPA TKIP and PSK Temporal Key Integrity Protocol (TKIP) – Encryption technology “wrapper” around WEP by adding additional layer of security but still preserving WEP’s basic functionality Preshared Key (PSK) Authentication - Secret value manually entered on both AP and each wireless device (essentially identical to “shared secret” used in WEP) Because secret key not widely known, it may be assumed that only approved devices have key value WPA TKIP and PSK Temporal Key Integrity Protocol (TKIP) – Encryption technology “wrapper” around WEP by adding additional layer of security but still preserving WEP’s basic functionality Preshared Key (PSK) Authentication - Secret value manually entered on both AP and each wireless device (essentially identical to “shared secret” used in WEP) Because secret key not widely known, it may be assumed that only approved devices have key value Security+ Guide to Network Security Fundamentals, Fifth Edition

48 WPA Vulnerabilities Vulnerabilities in WPA: Key management Passphrases
Key sharing done manually without security protection Keys must be changed on regular basis Key must be disclosed to guest users Passphrases PSK passphrases fewer than 20 characters subject to cracking WPA Vulnerabilities Vulnerabilities in WPA: Key management Key sharing done manually without security protection Keys must be changed on regular basis Key must be disclosed to guest users Passphrases PSK passphrases fewer than 20 characters subject to cracking Security+ Guide to Network Security Fundamentals, Fifth Edition

49 Wi-Fi Protected Access 2 (WPA2)
Wi-Fi Protected Access 2 (WPA2) – Second generation of WPA security Based on final IEEE i standard Primary difference WPA2 allows wireless clients using TKIP to operate in same WLAN Like WPA are two modes WPA2: WPA2 Personal WPA2 Enterprise Wi-Fi Protected Access 2 (WPA2) Wi-Fi Protected Access 2 (WPA2) – Second generation of WPA security Based on final IEEE i standard Primary difference WPA2 allows wireless clients using TKIP to operate in same WLAN Like WPA are two modes WPA2: WPA2 Personal WPA2 Enterprise Security+ Guide to Network Security Fundamentals, Fifth Edition

50 CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) - Encryption protocol for WPA2 Specifies use of CCM (general-purpose cipher mode algorithm providing data privacy) with AES Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCMP provides data integrity and authentication CCM not require specific block cipher used, but AES is mandated by WPA2 (CCMP for WLANs often designated AES-CCMP) CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) - Encryption protocol for WPA2 Specifies use of CCM (general-purpose cipher mode algorithm providing data privacy) with AES Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCMP provides data integrity and authentication CCM not require specific block cipher used, but AES is mandated by WPA2 (CCMP for WLANs often designated AES-CCMP) Security+ Guide to Network Security Fundamentals, Fifth Edition

51 Extensible Authentication Protocol (EAP)
Authentication for WPA2 Enterprise model uses IEEE 802.1x standard Extensible Authentication Protocol (EAP) - Framework for transporting authentication protocols EAP created as more secure alternative than weak Challenge-Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) EAP is framework but not authentication protocol Extensible Authentication Protocol (EAP) Authentication for WPA2 Enterprise model uses IEEE 802.1x standard Extensible Authentication Protocol (EAP) - Framework for transporting authentication protocols EAP created as more secure alternative than weak Challenge-Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) EAP is framework but not authentication protocol Security+ Guide to Network Security Fundamentals, Fifth Edition

52 EAP Protocols Two common EAP protocols:
Lightweight EAP (LEAP) - Proprietary EAP method developed by Cisco Systems requires mutual authentication using Cisco client software; Cisco now recommends that users migrate to a more secure EAP than LEAP Protected EAP (PEAP) - Designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords; considered more flexible EAP scheme because it creates an encrypted channel between client and authentication server EAP Protocols Two common EAP protocols: Lightweight EAP (LEAP) - Proprietary EAP method developed by Cisco Systems requires mutual authentication using Cisco client software; Cisco now recommends that users migrate to a more secure EAP than LEAP Protected EAP (PEAP) - Designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords; considered more flexible EAP scheme because it creates an encrypted channel between client and authentication server Security+ Guide to Network Security Fundamentals, Fifth Edition

53 EAP Protocols Supported By WPA2 Enterprise (Table 9-5)
A table with two columns and eight rows. The first row is composed of column headers: EAP name and Description. Row 2. EAP name: EAP-TLS Description: This Internet Engineering Task Force (IETF) global standard protocol uses digital certificates for authentication. Row 3. EAP name: EAP-TTLS/MSCHAPv2 Description: This EAP protocol securely tunnels client password authentication within Transport Layer Security (TLS) records. Row 4. EAP name: PEAPv0/EAP-MSCHAPv2 Description: This version of EAP uses password-based authentication. Row 5. EAP name: PEAPv1/EAP-GTC Description: PEAPv1 uses a changing token value for authentication. Row 6. EAP name: EAP-FAST Description: This EAP protocol securely tunnels any credential form for authentication (such as a password or a token) using TLS. Row 7. EAP name: EAP-SIM Description: EAP-SIM is based on the subscriber identity module (SIM) card installed in mobile phones and other devices that use Global System for Mobile Communications (GSM) networks. Row 8. EAP name: EAP-AKA Description: This EAP uses the Universal Mobile Telecommunications System (UMTS) Subscriber Identity Module (USIM) for authentication. Security+ Guide to Network Security Fundamentals, Fifth Edition

54 Additional Wireless Security Protections
Public area served by WLAN usually advertises itself or wants user to read and accept Acceptable Use Policy (AUP) before using WLAN Captive portal AP - Uses standard web browser to: Provide information Give wireless user opportunity to agree to policy Present valid login credentials Wi-Fi Protected Access 2 (WPA2) (cont.) Two common EAP protocols: Lightweight EAP (LEAP) - Proprietary EAP method developed by Cisco Systems requires mutual authentication using Cisco client software; Cisco now recommends that users migrate to a more secure EAP than LEAP Protected EAP (PEAP) - Designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords; considered more flexible EAP scheme because it creates an encrypted channel between client and authentication server Security+ Guide to Network Security Fundamentals, Fifth Edition

55 Rogue AP Detection Several methods to detect rogue AP:
Wireless device probe - Standard wireless device (portable laptop computer) can be configured as wireless probe Desktop probe – Desktop computer used as probe Access point probe – APs can detect neighboring APs Dedicated probe – Exclusively monitor RF frequency for transmissions Rogue AP Detection Several methods to detect rogue AP: Wireless device probe - Standard wireless device (portable laptop computer) can be configured as wireless probe Desktop probe – Desktop computer used as probe Access point probe – APs can detect neighboring APs Dedicated probe – Exclusively monitor RF frequency for transmissions Security+ Guide to Network Security Fundamentals, Fifth Edition

56 Power Levels and Placement
Some APs allow adjustment of power level that device transmits Reducing power allows less signal to reach outsiders Antenna placement can provide security Locate near center of coverage area Place high on wall to reduce signal obstructions and deter theft Power Levels and Placement Some APs allow adjustment of power level that device transmits Reducing power allows less signal to reach outsiders Antenna placement can provide security Locate near center of coverage area Place high on wall to reduce signal obstructions and deter theft Security+ Guide to Network Security Fundamentals, Fifth Edition

57 Site Survey Site survey - In-depth examination and analysis of wireless LAN site Several reasons for conducting a site survey (example: achieving best possible performance from WLAN) Can also can be used to enhance security of WLAN Survey can provide optimum location of APs so minimum amount of signal extends past boundaries of organization to be accessible to attackers Site Survey Site survey - In-depth examination and analysis of wireless LAN site Several reasons for conducting a site survey (example: achieving best possible performance from WLAN) Can also can be used to enhance security of WLAN Survey can provide optimum location of APs so minimum amount of signal extends past boundaries of organization to be accessible to attackers Security+ Guide to Network Security Fundamentals, Fifth Edition

58 Security+ Guide to Network Security Fundamentals, Fifth Edition
Chapter 9 Wireless Network Security Chapter 9 Wireless Network Security


Download ppt "Security+ Guide to Network Security Fundamentals, Fifth Edition"

Similar presentations


Ads by Google