Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008."— Presentation transcript:

1 Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008

2 About IEEE 802.11  IEEE 802.11 is set of standards created for building wireless networks.  IEEE 802.11 grants the interoperability between different wireless devices.  IEEE 802.11 is often called Wi-Fi (Wireless Fidelity)  Wi-Fi Alliance, was founded in 1999 as WECA (Wireless Ethernet Compatibility Alliance).  In some countries the term "Wi-Fi" is often used by the public as a synonym for wireless internet (W-LAN)  Wi-Fi certified technologies are supported by nearly every modern personal computer operating system, most advanced game consoles, laptops, smartphones and many printers and other peripherals.

3 About IEEE 802.11  IEEE 802.11 uses free frequencies between 2400 to 2485 MHz (for 802.11b and 802.11g) and 5000 MHz (for 802.11a).  The band 2.4 GHz is split into 14 channels for Europe, 11 channels for USA.  Transmition speed depends on the devices used and distances between stations and can take values of 11, 22, 44, 54 or 108 Mbps.

4 Security principles  Security includes preventing unauthorized users to access the network and encrypting all the network traffic so that nobody from outside the network can sniff the information transmitted between users and/or devices.  Wireless networks will always remain less secure than traditional wired networks since all the signals are transmitted trough ether.

5 Basic methods  Disabling the ESSID broadcast and changing the default network ESSID introduced by manufacturer  MAC address filtering  Assigning static IP to devices  Traffic encryption (WEP, WPA, WPA2)  External authorization using RADIUS server  VPN  Limiting the range of the network

6 Disabling the ESSID broadcast  Hiding ESSID was introduced in the first Access Points as a “protection method”, ESSID as the “password”  The user must provide the ESSID (network identifier) to connect to the network  Not a real security method, nowadays ESSID is relatively easy to find  Good for hiding the network from neighbors  Might be dangerous when a malicious AP broadcasting friendly named network is created in the neighborhood area

7 MAC address filtering  MAC (Media Access Control) are unique identifiers assigned to the network device  MAC filtering consists of creating the “white list” of accepted clients  Only the registered clients can gain the access to the network  Should be used along other protection methods, MAC address in an unencrypted network can be easily found and “imitated” (using Macshift)  Can prevent from less experienced users

8 Assigning static IP to devices  Method similar to MAC address filtering  Every device is registered, a static IP address is assigned to a specific MAC address  To be used along with a router having a good traffic policy – only selected IPs can communicate to other hosts, etc.

9 WEP  Wired Equivalent Privacy was included as the privacy of the original IEEE 802.11 standard ratified in September 1999  Provides both authorization (basic) and encryption security  Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key  Key size security limitation, easy to crack using Stream cipher attack  Uses static keys – the keys are generated once according to the password  Using longer keys slows down the network  Currently not recommended, considered as deprecated

10 WPA/WPA2  WPA (Wi-Fi Protected Access) was introduced in 2004 to replace weak WEP and is hardware compatible  WPA implemented a subset of 802.11i and makes use of the Advanced Encryption Standard (AES)  IEEE 802.11i-2004 introduced new key distribution methods, the keys are no longer static (a serious issue of previous WPA)  Uses 802.1X for authentication, Extensible Authentication Protocol, AES-based CCMP to provide confidentiality, integrity and origin authentication  WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark

11 Personal WPA2  For home and small office use  Uses PSK (Pre Shared Key). The passphrase (“the password”) used for connecting the network may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits (256 bits).  Random PSK of length 13 are considered secure, shorter PSK are not enough to protect from Brute Force Attack

12 VPN  VPN stands for Virtual Private Networks  VPN creates secure tunnels between the client and VPN server  Provides user authorization and transition encryption  Uses compression to reduce the bandwidth  More resource expensive than WPA/WEP  Some routers do not pass VPN trough

13 Range of the network  If you use a single device position your Access point in the middle of the office/building so that the signal can be uniformly distributed.  Limit the antenna power so that the network is inaccessible from outside the office – this will prevent from attacks from outside. Otherwise anybody parked in front of your building can attempt to connect to your network and you will have no chance to locate him.

14 Conclusions  For my home wireless network I use Personal WPA2 (AES) with a randomly generated passphrase, the passphrase is changed periodically and is of length 63. Moreover all my devices are registered in the MAC whitelist and have static IPs associated by DHCP server.  When I use public hotspots I no matter WPA is used or no, I connect to the Internet using my own VPN server so that even if the traffic is sniffed at any of the pass-trough points, all the data I send and receive is safe.  If I had to implement an enterprise network, I would use all the protection methods described in the first point, VPN and I would configure AP/Router in such way so that only VPN connections to the VPN server are allowed. I find it simpler than RADIUS or WPA2/Enterprise.

15 Conclusions  Change your devices’ default passwords and other sensitive settings  Don’t let any user to extend the network by adding misconfigured devices. Even single unprotected Access Point can affect the security of the whole system.

16 Bibliography and usefull links  http://www.wifi.owe.pl/?id=ukrycie_essid  http://en.wikipedia.org/wiki/Wpa2  http://www.warchalking.pl/  http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy  http://hack.pl/artykuly/wardriving/bezpieczenstwo_sieci_bezprzewodowych_ 90  http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm

Download ppt "Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008."

Similar presentations

Anatomy of an 802.11 Wi-Fi Enterprise Wireless LAN Chris De Herrera Pacific Crest Bank Chief Information Officer Webmaster, Tablet PC Talk, CEWindows.NET.

Anatomy of an Wi-Fi Enterprise Wireless LAN Chris De Herrera Pacific Crest Bank Chief Information Officer Webmaster, Tablet PC Talk, CEWindows.NET.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
1 Wireless LANs. 2 Introduction Types of Communication Networks. LAN’s Configurations. Wireless Technology. –Definition. –Applications. –Example. Communications.

1 Wireless LANs. 2 Introduction Types of Communication Networks. LAN’s Configurations. Wireless Technology. –Definition. –Applications. –Example. Communications.
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Similar presentations

Ads by Google