Download presentation
Presentation is loading. Please wait.
Published byShanna Gordon Modified over 9 years ago
1
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1
2
Overview 1.Threats to wireless networks 2.Threats by hackers 3.Controlling access to wireless LANs 4.Association and authentication 5.Wireless security encryption 2
3
1. Threats to wireless LANs A WLAN is open to anyone within range of an access point and the appropriate credentials to associate to it. With a wireless NIC and knowledge of cracking techniques, an attacker may not have to physically enter the workplace to gain access to a WLAN. There are three major categories of threat that lead to unauthorized access: –War drivers - drive around a neighbourhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to exploit. –Hackers (Crackers) - malicious intruders who enter systems as criminals and steal data or deliberately harm systems –Employees – can often introduce ‘rogue’ access points on a WLAN to interfere with normal network operation. 3
4
2. Threats by hackers... Man In The Middle attacks MITM attackers are individuals who select a host as a target and position themselves logically between the target and the router or gateway of the target. In a wired LAN environment, the attacker needs to be able to physically access the LAN to insert a device logically into the topology. With a WLAN, the radio waves emitted by access points can provide the connection. The attacker selects a station as a target and uses packet sniffing software, such as Wireshark, to observe the client station connecting to an access point. The hacker might be able to read and copy the target username, server name, client and server IP address, the ID used to compute the response, and the challenge and associate response, which is passed in clear text between station and access point. 4
5
2. Threats by hackers – Denial of Service 802.11b and g WLANs use the unlicensed 2.4 GHz ISM band. –This is the same band used by most wireless consumer products, including baby monitors, cordless phones, and microwave ovens. –Attackers can use these devices to create noise on all the channels in the band. It is possible for an attacker to turn a NIC into an access point that can then be used to implement a DoS attack. –The attacker, using a PC as an access point, can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the stations. –The access points, in turn, flood the BSS with simultaneous traffic, causing a constant stream of collisions. Another type of DoS attack in a BSS is when an attacker sends a series of disassociate commands that cause all stations in the BSS to disconnect. –When the stations are disconnected, they immediately try to reassociate, which creates a burst of traffic. The attacker sends another disassociate command and the cycle repeats itself. 5
6
3. Controlling Access to WLANs The concept of depth means having multiple security solutions available. If you want to do something extra to secure access to your WLAN, you can add depth by implementing a three-step approach: –SSID cloaking – Disable Service Set Identifier broadcasts from access points –MAC address filtering – Manually add tables of allowed MAC addresses of wireless clients. –WAN security implementation using various security protocols: WEP, WPA or WPA2 Configure access points that are near outside walls of buildings to transmit on a lower power setting than other access points closer to the middle of the building. This is to merely reduce the RF signature on the outside of the building where anyone running an application such as Netstumbler, Wireshark, or even Windows XP, can map WLANs. 6
7
3. Controlling Access to WLANs cont... - Security protocols Open authentication –A client requests authentication and the access point grants it Wired Equivalent Privacy (WEP) authentication –WEP has a flawed encryption algorithm. –Not easily scaled as the 32-bit WEP keys are manually entered by users. – Can be improved by the use of SSIDs and MAC address filtering. Wi-Fi Alliance WiFI Protected Access (WPA) authentication –LEAP (Lightweight Extensible Authentication Prototol) –PEAP (Protected EAP) –EAP-FASTEAP-FAST 802.11i & Wi-Fi Alliance WiFI Protected Access version 2 (WPA2) authentication –For enterprises, WPA2 includes a connection to a Remote Authentication Dial In User Service (RADIUS) database. 7
8
4. Association and authentication In an open network, such as a home network, association may be all that is required to grant a client access to devices and services on the WLAN. In enterprise networks that have stricter security requirements, an additional authentication or login is required to grant clients such access. This login process is managed by the Extensible Authentication Protocol (EAP). EAP is a framework for authenticating network access. IEEE developed the 802.11i standard for WLAN authentication and authorization. 8
9
5. Wireless Security Protocols - Encryption 802.11i certified enterprise-level encryption mechanisms - –Temporal Key Integrity Protocol (TKIP) for WPA –Advanced Encryption Standard (AES) for WPA2 TKIP is the encryption method certified as WPA. –It provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 WEP encryption method. – It makes use of the original encryption algorithm used by WEP. –TKIP has two primary functions: –1. It encrypts the Layer 2 payload –2. It carries out a message integrity check (MIC) in the encrypted packet. –This helps ensure against a message being tampered with. AES is better then TKIP. It has the same functions as TKIP, but it uses additional data from the MAC header that allows destination hosts to recognize if the non-encrypted bits have been tampered with. It also adds a sequence number to the encrypted data header. 9
10
5. Wireless Security Protocols – Encryption continued... Pre-shared key (PSK) When you configure Linksys access points or wireless routers, such as the WRT300N, you may not see WPA or WPA2, instead you may see references to something called pre-shared key (PSK). Various types of PSKs are as follows: –PSK or PSK2 with TKIP is the same as WPA –PSK or PSK2 with AES is the same as WPA2 –PSK2, without an encryption method specified, is the same as WPA2 10
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.