Presentation is loading. Please wait.

Presentation is loading. Please wait.

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Published byShanna Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1."— Presentation transcript:

1 The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1

2 Overview 1.Threats to wireless networks 2.Threats by hackers 3.Controlling access to wireless LANs 4.Association and authentication 5.Wireless security encryption 2

3 1. Threats to wireless LANs A WLAN is open to anyone within range of an access point and the appropriate credentials to associate to it. With a wireless NIC and knowledge of cracking techniques, an attacker may not have to physically enter the workplace to gain access to a WLAN. There are three major categories of threat that lead to unauthorized access: –War drivers - drive around a neighbourhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to exploit. –Hackers (Crackers) - malicious intruders who enter systems as criminals and steal data or deliberately harm systems –Employees – can often introduce ‘rogue’ access points on a WLAN to interfere with normal network operation. 3

4 2. Threats by hackers... Man In The Middle attacks MITM attackers are individuals who select a host as a target and position themselves logically between the target and the router or gateway of the target. In a wired LAN environment, the attacker needs to be able to physically access the LAN to insert a device logically into the topology. With a WLAN, the radio waves emitted by access points can provide the connection. The attacker selects a station as a target and uses packet sniffing software, such as Wireshark, to observe the client station connecting to an access point. The hacker might be able to read and copy the target username, server name, client and server IP address, the ID used to compute the response, and the challenge and associate response, which is passed in clear text between station and access point. 4

5 2. Threats by hackers – Denial of Service 802.11b and g WLANs use the unlicensed 2.4 GHz ISM band. –This is the same band used by most wireless consumer products, including baby monitors, cordless phones, and microwave ovens. –Attackers can use these devices to create noise on all the channels in the band. It is possible for an attacker to turn a NIC into an access point that can then be used to implement a DoS attack. –The attacker, using a PC as an access point, can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the stations. –The access points, in turn, flood the BSS with simultaneous traffic, causing a constant stream of collisions. Another type of DoS attack in a BSS is when an attacker sends a series of disassociate commands that cause all stations in the BSS to disconnect. –When the stations are disconnected, they immediately try to reassociate, which creates a burst of traffic. The attacker sends another disassociate command and the cycle repeats itself. 5

6 3. Controlling Access to WLANs The concept of depth means having multiple security solutions available. If you want to do something extra to secure access to your WLAN, you can add depth by implementing a three-step approach: –SSID cloaking – Disable Service Set Identifier broadcasts from access points –MAC address filtering – Manually add tables of allowed MAC addresses of wireless clients. –WAN security implementation using various security protocols: WEP, WPA or WPA2 Configure access points that are near outside walls of buildings to transmit on a lower power setting than other access points closer to the middle of the building. This is to merely reduce the RF signature on the outside of the building where anyone running an application such as Netstumbler, Wireshark, or even Windows XP, can map WLANs. 6

7 3. Controlling Access to WLANs cont... - Security protocols Open authentication –A client requests authentication and the access point grants it Wired Equivalent Privacy (WEP) authentication –WEP has a flawed encryption algorithm. –Not easily scaled as the 32-bit WEP keys are manually entered by users. – Can be improved by the use of SSIDs and MAC address filtering. Wi-Fi Alliance WiFI Protected Access (WPA) authentication –LEAP (Lightweight Extensible Authentication Prototol) –PEAP (Protected EAP) –EAP-FASTEAP-FAST 802.11i & Wi-Fi Alliance WiFI Protected Access version 2 (WPA2) authentication –For enterprises, WPA2 includes a connection to a Remote Authentication Dial In User Service (RADIUS) database. 7

8 4. Association and authentication In an open network, such as a home network, association may be all that is required to grant a client access to devices and services on the WLAN. In enterprise networks that have stricter security requirements, an additional authentication or login is required to grant clients such access. This login process is managed by the Extensible Authentication Protocol (EAP). EAP is a framework for authenticating network access. IEEE developed the 802.11i standard for WLAN authentication and authorization. 8

9 5. Wireless Security Protocols - Encryption 802.11i certified enterprise-level encryption mechanisms - –Temporal Key Integrity Protocol (TKIP) for WPA –Advanced Encryption Standard (AES) for WPA2 TKIP is the encryption method certified as WPA. –It provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 WEP encryption method. – It makes use of the original encryption algorithm used by WEP. –TKIP has two primary functions: –1. It encrypts the Layer 2 payload –2. It carries out a message integrity check (MIC) in the encrypted packet. –This helps ensure against a message being tampered with. AES is better then TKIP. It has the same functions as TKIP, but it uses additional data from the MAC header that allows destination hosts to recognize if the non-encrypted bits have been tampered with. It also adds a sequence number to the encrypted data header. 9

10 5. Wireless Security Protocols – Encryption continued... Pre-shared key (PSK) When you configure Linksys access points or wireless routers, such as the WRT300N, you may not see WPA or WPA2, instead you may see references to something called pre-shared key (PSK). Various types of PSKs are as follows: –PSK or PSK2 with TKIP is the same as WPA –PSK or PSK2 with AES is the same as WPA2 –PSK2, without an encryption method specified, is the same as WPA2 10

Download ppt "The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
1 15-May-15 S Ward Abingdon and Witney College Wireless CCNA Exploration Semester 3 Chapter 7.

1 15-May-15 S Ward Abingdon and Witney College Wireless CCNA Exploration Semester 3 Chapter 7.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
WIRELESS SECURITY ASHIMA SOOD PEYTON GREENE. OVERVIEW History Introduction to Wireless Networking Wireless Network Security Methods Securing Wireless.

WIRELESS SECURITY ASHIMA SOOD PEYTON GREENE. OVERVIEW History Introduction to Wireless Networking Wireless Network Security Methods Securing Wireless.

Similar presentations

Ads by Google