Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Published byBrisa Plante Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing."— Presentation transcript:

1 Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing & Managing Wireless LAN : Implementing 802.1x EAP-TLS PEAP-MSCHAPv2, FreeRADIUS + dialupadmin + MySQL ( FULL DEMO )  Make Deep Security with WPA2 Wifi Protected Access = 802.1x + ( TKIP or CCMP ) Wifi Protected Access = 802.1x + ( TKIP or CCMP )

2 Wireless LAN Security Protecting a WLAN involves three major elements: Authenticating the person (or device) connecting to the network so that you have a high degree of confidence that you know who or what is trying to connect. Authorizing the person or device to use the WLAN so that you control who has access to it. Protecting the data transmitted on the network so that it is safe from eavesdropping and unauthorized modification. http://go.microsoft.com/fwlink/?LinkId=23481

3 Port-Based Network Authentication ► What is 802.1x ? “Port-based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases which the authentication and authorization fails. A port in this context is a single point of attachment to the LAN infrastructure.” http://standards.ieee.org/getieee802/download/802.1X-2001.pdf http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

4 ► What is EAP ? Extensible Authentication Protocol (EAP) A flexible protocol used to carry arbitrary authentication information over PPP It used by supplicant and authenticator to communicate http://www.ietf.org/rfc/rfc3748.txt

5 ► It requires entitie(s) to play three roles in the authentication process: that of an supplicant, an authenticator and an authentication server http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

6 The authenticator (Access Point) becomes the middleman for relaying EAP received in 802.1x packets to an authentication server by using RADIUS to carry the EAP information

7 EAP authentication methods ► ► EAP-MD5 ► ► EAP–TLS ► ► EAP-Tunneled TLS (TTLS) ► ► EAP-Protected EAP (PEAP) ► ► EAP-Lightweight EAP (LEAP) ► ► EAP-MSCHAPv2 ► ► PEAP-MSCHAPv2

8 ► EAP-MD5 MD5-Challenge requires sername/password and is equivalent to the PPP CHAP protocol [RFC1994]. This method does not provide dictionary attack resistance, mutual authentication or key derivation and has therefore little use in a wireless authentication enviroment. RFC1994 http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

9 ► ► EAP-Transport Layer Security (EAP-TLS) It uses public key certificates to authenticate both the wireless clients and the RADIUS servers by establishing an encrypted TLS session between the two. Provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticator http://www.ietf.org/rfc/rfc2716.txt http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

10 ► EAP-TTLS Sets up a encrypted TLS-tunnel for safe transport of authentication data. Within the TLS tunnel, (any) other authentication methods may be used. Developed by Funk Software and Meetinghouse and is currently an IETF draft. Sets up a encrypted TLS-tunnel for safe transport of authentication data. Within the TLS tunnel, (any) other authentication methods may be used. Developed by Funk Software and Meetinghouse and is currently an IETF draft. http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

11 ► EAP-Protected EAP (PEAP) Uses, as EAP-TTLS, an encrypted TLS-tunnel. Supplicant certificates for both EAP-TTLS and EAP- PEAP are optional, but server (AS) certificates are required. Developed by Microsoft, Cisco and RSA Security and is currently an IETF draft. http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.htmlhttp://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

12 ► EAP-MSCHAPv2 Requires username/password and is basically an EAP encapsulation of MS-CHAP- v2 [RFC2759]. Usually used inside of a PEAP encrypted tunnel. Developed by Microsoft and is currently an IETF draft. RFC2759 http://www.gnist.org/%7Elars/courses/04thales/8021X-HOWTO.html

13 ► ► PEAP-MSCHAPv2 Combination of Protected EAP (PEAP) and EAP-MSCHAPv2

14 RADIUS ( Authentication Server) ► Remote Authentication Dial-In User Service (RADIUS) http://www.ietf.org/rfc/rfc2865.txt http://www.ietf.org/rfc/rfc2865.txt ► the "de-facto" back-end authentication server used in 802.1X. ► AAA (Authentication, Authorization and Accounting ) Support ► FreeRADIUS is a fully GPL'ed implemented RADIUS server http://www.freeradius.org

Download ppt "Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing."

Similar presentations

Authentication.

Authentication.
802.1x What it is, How it’s broken, and How to fix it.

802.1x What it is, How it’s broken, and How to fix it.
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Similar presentations

Ads by Google