wireless network security
DESCRIPTION
ALL ABOUT THE PRECAUTIONS AND SECURITY MEASURES NEED TO BE TAKEN IN ORDER TO PREVENT UNAUTHORIZED ACCESS TO UR WIRELESS NETWORKTRANSCRIPT
Securing a Wireless Network
Presented by :Aurobindo Nayak Regd.No.>0701288307
Wireless Network Security
AG
EN
DA
:Wireless network
overview
IEEE Specifications
Security considerations
Security vulnerabilities
Solutions and precautions
Questions and comments
What
is W
i-Fi
:
Wi-Fi is an abbreviation for Wireless Fidelity and a
catch all phrase for the several different
standards and recommendations that
comprise wireless networking. Wi-Fi enables the user
to deploy a computer
network without needing to run cable
throughout the facility.
Sta
ndard
s:
IEEE 802.11.b –2.4GHz
– 11Mbps IEEE 802.11.a – 5GHz
– 54 Mbps IEEE 802.11g – 2.4Ghz
– Hybrid 11/54Mbps
IEEE 8
02.1
1.a
5G
Hz
– 54M
bps
International standard for
wireless networking that operates
in the 5 GHz frequency range
(5.725 GHz to 5.850 GHz) with a
maximum 54 Mbps data transfer
rate. The 5 GHz frequency band
is not as crowded as the 2.4 GHz
frequency, because the 802.11a
specification offers more radio
channels than the 802.11b. These
additional channels can help
avoid radio and microwave
interference. Cost of 802.11a equipment is
approximately twice that of
802.11b and current deployment
is limited.
IEEE 8
02.1
1.b
2.4
GH
z –
11M
bps
International standard for wireless
networking that operates in the 2.4
GHz frequency range (2.4 GHz to
2.4835 GHz) and provides a
throughput of up to 11 Mbps with a
range of just over 300 feet indoors.
This is a very commonly used
frequency. Microwave ovens, cordless
phones, medical and scientific
equipment, as well as Bluetooth
devices, all work within the 2.4 GHz
frequency band. 802.11b enables transfers of up to 11
Mbps. Comparable to 10BaseT in
speeds, 802.11b is the most common
wireless standard deployed today. In
comparison T1 speeds are 1.54Mbps
and DSL is normally in the 640Kbps
range.
Secu
ring a
W
irele
ss
Netw
ork
:
Most wireless networks today
use the 802.11 standard for
communication. 802.11b
became the standard wireless
ethernet networking
technology for both business
and home in 2000. The IEEE
802.11 Standard is an
interoperability standard for
wireless LAN devices, that
identifies three major
distribution systems for
wireless data communication:
Direct Sequence Spread Spect
rum (DSSS) Radio Technology
Frequency Hopping Spread Sp
ectrum (FHSS) Radio Technolo
gy Infrared Technology
Independent Basic Service Set (IBSS)
[Basic Service Set (BSS)] Network
Extended Service Set (ESS) Network
Secu
rity
(E
ncr
ypti
on,
Conte
nt
Filt
eri
ng,
Priv
acy
, etc
.)
Encryption:oEncryption on the pubic
network can be used but
would create administrative overhead.
Encryption keys would
have to be changed
regularly and anyone using
their own laptop would
have to be given the key.
oEncryption works best in a
network that does not
allow people to use their
own laptops.
Content Filtering & Proxy
Servers:o Web content filtering that has
generally been software on the
desktop would have to be
handled by a server if people
are allowed to use their own
laptops. o Proxy servers allow you to
control what information people
have access to. This is a good
practice anyway, allowing you
to control at a global level what
information travels over your
network. It also allows you to
track usage.
Secu
rity
Vuln
era
bili
ties: o packet sniffing - war drivers; hi-
gain antennao War driver mapping
o Antenna on the Cheap (er, Chip)
- Pringle's can’s antenna
o traffic redirection - modifying
ARP tables o resource stealing - using a valid
station's MAC address
o rogue networks and station
redirection [network
administrators also rely on
manufacturers' default Service
Set IDentifiers (SSIDs)
o DoS (any radio source including
2.4 Ghz cordless phones)
o WEP uses the RC4 encryption algorithm,
known as a stream cipher. A stream
cipher expands a short key into infinite
pseudo-random key stream. The sender
XORs the key stream with the plaintext
to produce cipher text. The receiver has
a copy of the same key, and uses it to
generate identical key stream. XORing
the key stream with the cipher text
yields the original plaintext.
o If an attacker flips a bit in the cipher
text, then upon decryption, the
corresponding bit in the plaintext will
be flipped. Also, if an eavesdropper
intercepts two cipher texts encrypted
with the same key stream, it is possible
to obtain the XOR of the two plaintexts.
Once one of the plaintexts becomes
known, it is trivial to recover all of the
others.o IEEE 802.1X: This standard, supported
by Windows XP, defines a framework for
MAC-level authentication. Susceptible
to session-hijacking and man-in-the-
middle attacks.
Secu
rity
Solu
tions:
o Advanced Encryption Standard
(AES) encryption [IEEE 802.11i]
o "Key-hopping" technology that
can change the encryption key
as often as every few seconds.
o EAP-TTLS (Extensible
Authentication Protocol (EAP) -
Tunneled Transport Layer
Security)o Enhanced Security Network
(ESN) - Extended Service Set
with : I.enhanced authentication mechanism for
both STAs and APs based on 802.11x
II. enhanced data encapsulation using AES
III. dynamic, association-specific cryptographic
keys IV. key management
Wireless Protocol Analyzers:o check for unknown MAC
(Media Access Control)
addresses and alert the
network manager o log attempts to gain
unauthorized access to the
network o filter access attempts based
on the type of network card
o conduct site survey of traffic
usage o find dead zones in the
wireless network
Wir
ele
ss S
ecu
rity
Pr
eca
uti
ons
Change default names
Add passwords to all devices
Disable broadcasting on
network hubs Don't give the network a name
that identifies your company
Move wireless hubs away from
windows Use the built-in encryption
Disable the features you don't
use Put a firewall between the
wireless network and other
company computers
Encrypt data Regularly test wireless
network security
Questions? Comments?