Presentation is loading. Please wait.

Presentation is loading. Please wait.

LM 5. Wireless Network Security

Published byLuke Richardson Modified over 5 years ago

Similar presentations

Presentation on theme: "LM 5. Wireless Network Security"— Presentation transcript:

1 LM 5. Wireless Network Security
Dr. Lei Li Wireless Security

2 Road Map Introduction WLAN Security Mobile Security
Security Auditing & Risk Analysis Evolution of Wireless Network WLAN Overview Mobile Network Overview Infor. Security Essentials WLAN Threats & Vulnerabilities Cellular Network Security WLAN Security Mobile Security Threats WLAN Security Tools Mobile Devices Security

3 Learning Outcomes After this module, a student will be able to:
Describe the architecture for securing wireless network List the measures to physically secure WLAN Describe the measures for access control and authentication in WLAN Discuss the issues of using VPN to secure WLAN Differentiate intrusion detection systems and intrusion prevention systems Describe the method of data protection using in enterprise wireless network Describe how to develop a comprehensive security policy for wireless network Describe the auditing process for a wireless network security

4 Security Architecture
Customer needs Physical wireless network User Access Control & Authentication Encryption Comprehensive security policy

5 A Highly Secure Wireless Network
WPA Source:

6 Physical Security Contain of radio frequency (RF) signals
Reduce RF leak Site modeling Placement of the AP Replace omni antenna with directional antenna AP power adjustment

7 WLAN Segmentation Isolate WLAN traffics from LAN traffics
Easier for the WLAN traffic management Physical segmentation using switch Virtual LAN Larger WLANs Logically divide the network into groups using broadcast domains

8 Access Control SSID Obfuscation SSID cloaking
Segment users by SSID/VLAN pair SSID cloaking Hide WLAN from unauthorized client Best practice for avoiding casual or opportunistic access to the network Not sufficient to defeat passive or active scanning

9 Access Control - MAC Filtering
MAC address Physical address of the device Operates at OSI layer 2 Deny by default, permit by exception Suitable for small business or SOHO network Not effective control in WLAN as in LAN Attacker can monitor the network traffics and capture the MAC address

10 Access Control - VPN Extend private network across a public network

11 VPN over WLAN Secure WLAN using VPN
Provide authentication, encryption, and privacy User’s IP address is obscured The performance of the network may suffer Requires user to install special software

12 VPN Protocols SSL VPN IPSec VPN Securely access the web from browser
Set at IP layer More often used to allow secure remote-access to a private network

13 Authentication - Open authentication
Image source:

14 Authentication – Shared Key Authentication
Image source:

15 Authentication – EAP Extensible authentication protocol
Image source:

16 Authentication – MAC Based
Image source:

17 802.1x Authentication Used for LAN or WLAN Use EAP
Image source:

18 WLAN Authorization Authenticated users should have different permissions 802.1X for both authentication and authorization 802.1X funnel wireless traffic onto VLAN Group-based permissions Grouping wireless traffic using 802.1Q tags Create a link between authentication and authorization

19 Data Protection - Encryption
WEP – not secure at all. WPA Temporal Key Integrity Protocol (TKIP) – backward compatible with WEP device WPA2 Advanced Encryption Standard (AES) – most secure

20 WPA3 New security standard announced in 2018 New features
Robust protection - protect people who use weak password, brute force attacks Simplification of configuration and security for device with limited display interface Individualized data encryption for open Wi-Fi network CNSA compliance

21 Data Protection- IPSec
Internet protocol security End-to-end security scheme Operates at OSI Internet layer Image source:

22 IPSec Image source:

23 IPSec VPN vs. SSL VPN IPSec VPN SSL VPN Function at network layer
Remote access to company office network resources Always on connection SSL VPN Function at application layer More granular access control Used in web browsers

24 Comprehensive Security Policy
Risk analysis What to protect, value of the asset, possibility of breach, cost to protect the system Governing policies Technical policies End-user policies

25 Wireless Security Policy
Define assets, risks and security objectives Identify required security practices and measures Dictate acceptable behavior and enforcement Serve as a vehicle for achieving consensus

26 Wireless Security Policy Content
Policy objectives Ownership and authority Scope Risk assessment Security measures Acceptable usage Deployment process Auditing and enforcement

27 Wireless Security in Big Picture
Security Auditing Identify issues and establish baseline for the network Physical Security Contain signals Access Control SSID MAC Authentication VPN Obfuscation Filtering x IPSec Corporate Network Firewall, anti-virus, IPS, IDS Data Protection Encryption Authentication VPN WPA/WPA2 Filtering x IPSec Comprehensive Security Policies User awareness and training, compliance consideration, etc.

28 Reference Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, , and Ad Hoc Security, ELSEVIER, 2005. Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016.

Download ppt "LM 5. Wireless Network Security"

Similar presentations

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.

Security Policy. TOPICS Objectives WLAN Security Policy General Security Policy Functional Security Policy Conclusion.
Network Security.

Network Security.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
USRobotics Professional Access Point  Yosi Rafael.

USRobotics Professional Access Point  Yosi Rafael.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Wireless Networking.

Wireless Networking.
Certified Wireless Network Administrator (CWNA) PW0-105 Chapter 13 802.11 Network Security Architecture.

Certified Wireless Network Administrator (CWNA) PW0-105 Chapter Network Security Architecture.
Chapter 13-802.11 Network Security Architecture 802.11 Security Basics Legacy 802.11 security Robust Security Segmentation Infrastructure Security VPN.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Similar presentations

Ads by Google