Download presentation
Presentation is loading. Please wait.
1
LM 5. Wireless Network Security
Dr. Lei Li Wireless Security
2
Road Map Introduction WLAN Security Mobile Security
Security Auditing & Risk Analysis Evolution of Wireless Network WLAN Overview Mobile Network Overview Infor. Security Essentials WLAN Threats & Vulnerabilities Cellular Network Security WLAN Security Mobile Security Threats WLAN Security Tools Mobile Devices Security
3
Learning Outcomes After this module, a student will be able to:
Describe the architecture for securing wireless network List the measures to physically secure WLAN Describe the measures for access control and authentication in WLAN Discuss the issues of using VPN to secure WLAN Differentiate intrusion detection systems and intrusion prevention systems Describe the method of data protection using in enterprise wireless network Describe how to develop a comprehensive security policy for wireless network Describe the auditing process for a wireless network security
4
Security Architecture
Customer needs Physical wireless network User Access Control & Authentication Encryption Comprehensive security policy
5
A Highly Secure Wireless Network
WPA Source:
6
Physical Security Contain of radio frequency (RF) signals
Reduce RF leak Site modeling Placement of the AP Replace omni antenna with directional antenna AP power adjustment
7
WLAN Segmentation Isolate WLAN traffics from LAN traffics
Easier for the WLAN traffic management Physical segmentation using switch Virtual LAN Larger WLANs Logically divide the network into groups using broadcast domains
8
Access Control SSID Obfuscation SSID cloaking
Segment users by SSID/VLAN pair SSID cloaking Hide WLAN from unauthorized client Best practice for avoiding casual or opportunistic access to the network Not sufficient to defeat passive or active scanning
9
Access Control - MAC Filtering
MAC address Physical address of the device Operates at OSI layer 2 Deny by default, permit by exception Suitable for small business or SOHO network Not effective control in WLAN as in LAN Attacker can monitor the network traffics and capture the MAC address
10
Access Control - VPN Extend private network across a public network
11
VPN over WLAN Secure WLAN using VPN
Provide authentication, encryption, and privacy User’s IP address is obscured The performance of the network may suffer Requires user to install special software
12
VPN Protocols SSL VPN IPSec VPN Securely access the web from browser
Set at IP layer More often used to allow secure remote-access to a private network
13
Authentication - Open authentication
Image source:
14
Authentication – Shared Key Authentication
Image source:
15
Authentication – EAP Extensible authentication protocol
Image source:
16
Authentication – MAC Based
Image source:
17
802.1x Authentication Used for LAN or WLAN Use EAP
Image source:
18
WLAN Authorization Authenticated users should have different permissions 802.1X for both authentication and authorization 802.1X funnel wireless traffic onto VLAN Group-based permissions Grouping wireless traffic using 802.1Q tags Create a link between authentication and authorization
19
Data Protection - Encryption
WEP – not secure at all. WPA Temporal Key Integrity Protocol (TKIP) – backward compatible with WEP device WPA2 Advanced Encryption Standard (AES) – most secure
20
WPA3 New security standard announced in 2018 New features
Robust protection - protect people who use weak password, brute force attacks Simplification of configuration and security for device with limited display interface Individualized data encryption for open Wi-Fi network CNSA compliance
21
Data Protection- IPSec
Internet protocol security End-to-end security scheme Operates at OSI Internet layer Image source:
22
IPSec Image source:
23
IPSec VPN vs. SSL VPN IPSec VPN SSL VPN Function at network layer
Remote access to company office network resources Always on connection SSL VPN Function at application layer More granular access control Used in web browsers
24
Comprehensive Security Policy
Risk analysis What to protect, value of the asset, possibility of breach, cost to protect the system Governing policies Technical policies End-user policies
25
Wireless Security Policy
Define assets, risks and security objectives Identify required security practices and measures Dictate acceptable behavior and enforcement Serve as a vehicle for achieving consensus
26
Wireless Security Policy Content
Policy objectives Ownership and authority Scope Risk assessment Security measures Acceptable usage Deployment process Auditing and enforcement
27
Wireless Security in Big Picture
Security Auditing Identify issues and establish baseline for the network Physical Security Contain signals Access Control SSID MAC Authentication VPN Obfuscation Filtering x IPSec Corporate Network Firewall, anti-virus, IPS, IDS Data Protection Encryption Authentication VPN WPA/WPA2 Filtering x IPSec Comprehensive Security Policies User awareness and training, compliance consideration, etc.
28
Reference Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, , and Ad Hoc Security, ELSEVIER, 2005. Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.