110 likes | 225 Views
Wireless Network Security. Dr. John P. Abraham Professor UTPA. 802.11 Protocols. 802.11-1997 (802.11 legacy) 1997 up to 2Mbps. Used 2.4Ghz band 802.11a Theoretically 20Mbps, but could not penetrate walls, practically yielded 1Mbps. Used 5GHz band. 50’ 802.11b 1999. 5Mbps. 375’ used 2.4GHz
E N D
Wireless Network Security Dr. John P. Abraham Professor UTPA
802.11 Protocols 802.11-1997 (802.11 legacy) 1997 up to 2Mbps. Used 2.4Ghz band 802.11a Theoretically 20Mbps, but could not penetrate walls, practically yielded 1Mbps. Used 5GHz band. 50’ 802.11b 1999. 5Mbps. 375’ used 2.4GHz 802.11g 2003. 22Mbps (theoretical 54Mbps) 802.11n 2009.over 50Mbps 820’
Controlling Access • Control connection to access points (AP) • Best method – control through MAC address – but requires registration first. • Wired Equivalent Privacy (WEP) – same secret key should installed on AP and on workstation (64 to 128 bits long – 5 to 13 characters). • Know the steps for WEP encryption. P.195
Device Authentication • Service Set Identifier (SSID) is a name associated with the access point. This SID can be set to broadcast or not. If it is not broadcasted the user will have to know it; show all wireless networks will not show it. • The Open Systems authentication. The wireless device sends an association request frame to the AP. The frame will contain the SSID and the data rate it can support. The AP receives the frame, if the SSID matches to self, it authenticates the device. • The Shared key authentication. The WEP’s default key is used. The AP sends a challenge text to the device wanting connection. The device must encrypt challenge text with the default WEP key and return it to the AP. The AP decrypts and compares the text. It matches connection is given.
Vulnerabilities of 802.11 security • Open system authentication is weak. The attacker only has to know the SSID (which is mostly broadcast). Roaming is difficult if SSID is not beaconed. Even if the SSID is not beaconed, other management frames will contain SSID, and freely available tools can discover it. So turning of SSID beaconing does not give much protection. • MAC address filtering – an attacker can capture an already connected MAC address and use it get connection (spoofing). There are programs available to do this. • WEP - if longer than 128 bit number is used, the initialization vector defaults to 24 bits which can be broken easily. WEP creates detectable patterns for the attacker and an attacker now can crack it in minutes.
WEP To encrypt packets WEP can use only a 64-bit or 128-bit number Which is made up of a 24-bit initialization vector (IV) and a 40-bit or 104-bit default key The relatively short length of the default key limits its strength WEP implementation violates the cardinal rule of cryptography: Anything that creates a detectable pattern must be avoided at all costs IVs would start repeating in fewer than seven hours Security+ Guide to Network Security Fundamentals, Third Edition 6
Personal wireless security • WPA – Wi-Fi Protected Access, PSK for authentication and TKIP for encryption. • PSK (preshared key) Uses a passphrase generate the encryption key. This must be entered both at the AP and wireless device. PSK authenticates the user and it gives a seed key for encryption. • TKIP (Temporal Key Integrity Protocol). Replaces WEP. Uses longer than 128-bity key. It can generate 280 trillion possible keys for each packet.
Enterprise wireless Security • TKIP replaces WEP encryption and makes wireless transmissions more secure • WPA2 Enterprise security model provides the highest level of secure authentication and encryption on wireless. • Enterprise wirless security devices can be used such as Thin Access Points, Wireless VLANs and Rogue Access Point discovery tools. • Thin access points: An access point with limited functionality, authentication and encryption is removed and placed on a wireless switch. • Wireless VLANS – to manage traffic. • Rogue Access Point Discovery tools. Protocol analyzer captures wirless traffic which is then compared with a list of known approved devices. A continuess wireless probe monitors the RF traffic.
Enterprise Wireless Security Devices (continued) Security+ Guide to Network Security Fundamentals, Third Edition 9
Security+ Guide to Network Security Fundamentals, Third Edition 10
Security+ Guide to Network Security Fundamentals, Third Edition 11