Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solving the Security Risks of WLAN Tuukka Karvonen 18.12.2015.

Published byAnabel Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Solving the Security Risks of WLAN Tuukka Karvonen 18.12.2015."— Presentation transcript:

1 Solving the Security Risks of WLAN Tuukka Karvonen 18.12.2015

2 Outline General Guidelines Radio Interface Access Point Configuration Client Configuration TKIP Honey pot – Fake AP Links

3 General Guidelines Know the risks: War-Driving, Insertion Attacks, Monitoring, SNMP services, weak WEP algorithm, etc. The default configuration of the devices usually lacks security Clients and access points should be configured well Organizations need a wireless security policy, which everyone should follow

4 Radio Interface Provide coverage only to the areas where it is needed –Adjust transmitting power –use directional antennas Unintentional and intentional jamming is possible -> have an alternative, if it’s important to have your connection working Notice, it is fully legal for anybody to disturb your WLAN on the license-free ISM band

5 Access Point Configuration Turn of the broadcasting of SSID and don’t use the default one Provide DHCP (Dynamic Host Configuration Protocol) only if needed Require Wired Equivalent Privacy and strengthen it with IEEE 802.1X and TKIP –Original WEP algorithm is weak, so keys need to be changed frequently

6 Client Configuration Disable unnecessary services (i.e. Windows file sharing) Install Personal Firewall Use higher level security (IPsec, VPNs, SSL, SSH etc.) Use WEP and if possible strengthen it

7 Temporal Key Integrity Protocol (TKIP) Devices using WEP can be upgraded to TKIP with firmware patches Uses temporal key, which is changed every 10000 packets with help of 802.1X Combines the temporal key with the client's MAC address before adding a initialization vector -> every device has own encryption key Inserts message integrity code into each packet to avoid forgeries

8 Honey Pot – Fake AP Confuses war drivers Hides the real access point by generating thousands of counterfeit 802.11b access points –Sends Beacon frames with random SSID:s and MAC addresses Advanced version would also need to create real traffic http://www.blackalchemy.to/project/fakeap/

9 Links Information –http://www.iss.net/wireless/WLAN_FAQ.phphttp://www.iss.net/wireless/WLAN_FAQ.php –http://www.80211-planet.com/ Access point maps –http://www.wifimaps.com/http://www.wifimaps.com/ –http://www.netstumbler.com/http://www.netstumbler.com/ Tools: –http://freshmeat.net/projects/airsnort/http://freshmeat.net/projects/airsnort/ –http://www.netstumbler.com/http://www.netstumbler.com/ –Wireless Scanner http://www.iss.net/download/http://www.iss.net/download/

Download ppt "Solving the Security Risks of WLAN Tuukka Karvonen 18.12.2015."

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.

Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.

 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Similar presentations

Ads by Google