Securing a Wireless Network

Presented by :Aurobindo Nayak Regd.No.>0701288307

Wireless Network Security

AG

EN

DA

:Wireless network

overview

IEEE Specifications

Security considerations

Security vulnerabilities

Solutions and precautions

Questions and comments

What

is W

i-Fi

:

Wi-Fi is an abbreviation for Wireless Fidelity and a

catch all phrase for the several different

standards and recommendations that

comprise wireless networking. Wi-Fi enables the user

to deploy a computer

network without needing to run cable

throughout the facility.

Sta

ndard

s:

IEEE 802.11.b –2.4GHz

– 11Mbps IEEE 802.11.a – 5GHz

– 54 Mbps IEEE 802.11g – 2.4Ghz

– Hybrid 11/54Mbps

IEEE 8

02.1

1.a

5G

Hz

– 54M

bps

International standard for

wireless networking that operates

in the 5 GHz frequency range

(5.725 GHz to 5.850 GHz) with a

maximum 54 Mbps data transfer

rate. The 5 GHz frequency band

is not as crowded as the 2.4 GHz

frequency, because the 802.11a

specification offers more radio

channels than the 802.11b. These

additional channels can help

avoid radio and microwave

interference. Cost of 802.11a equipment is

approximately twice that of

802.11b and current deployment

is limited.

IEEE 8

02.1

1.b

2.4

GH

z –

11M

bps

International standard for wireless

networking that operates in the 2.4

GHz frequency range (2.4 GHz to

2.4835 GHz) and provides a

throughput of up to 11 Mbps with a

range of just over 300 feet indoors.

This is a very commonly used

frequency. Microwave ovens, cordless

phones, medical and scientific

equipment, as well as Bluetooth

devices, all work within the 2.4 GHz

frequency band. 802.11b enables transfers of up to 11

Mbps. Comparable to 10BaseT in

speeds, 802.11b is the most common

wireless standard deployed today. In

comparison T1 speeds are 1.54Mbps

and DSL is normally in the 640Kbps

range.

Secu

ring a

W

irele

ss

Netw

ork

:

Most wireless networks today

use the 802.11 standard for

communication. 802.11b

became the standard wireless

ethernet networking

technology for both business

and home in 2000. The IEEE

802.11 Standard is an

interoperability standard for

wireless LAN devices, that

identifies three major

distribution systems for

wireless data communication:

Direct Sequence Spread Spect

rum (DSSS) Radio Technology

Frequency Hopping Spread Sp

ectrum (FHSS) Radio Technolo

gy Infrared Technology

Independent Basic Service Set (IBSS)

[Basic Service Set (BSS)] Network

Extended Service Set (ESS) Network

Secu

rity

(E

ncr

ypti

on,

Conte

nt

Filt

eri

ng,

Priv

acy

, etc

.)

Encryption:oEncryption on the pubic

network can be used but

would create administrative overhead.

Encryption keys would

have to be changed

regularly and anyone using

their own laptop would

have to be given the key.

oEncryption works best in a

network that does not

allow people to use their

own laptops.

Content Filtering & Proxy

Servers:o Web content filtering that has

generally been software on the

desktop would have to be

handled by a server if people

are allowed to use their own

laptops. o Proxy servers allow you to

control what information people

have access to. This is a good

practice anyway, allowing you

to control at a global level what

information travels over your

network. It also allows you to

track usage.

Secu

rity

Vuln

era

bili

ties: o packet sniffing - war drivers; hi-

gain antennao War driver mapping

o Antenna on the Cheap (er, Chip)

- Pringle's can’s antenna

o traffic redirection - modifying

ARP tables o resource stealing - using a valid

station's MAC address

o rogue networks and station

redirection [network

administrators also rely on

manufacturers' default Service

Set IDentifiers (SSIDs)

o DoS (any radio source including

2.4 Ghz cordless phones)

o WEP uses the RC4 encryption algorithm,

known as a stream cipher. A stream

cipher expands a short key into infinite

pseudo-random key stream. The sender

XORs the key stream with the plaintext

to produce cipher text. The receiver has

a copy of the same key, and uses it to

generate identical key stream. XORing

the key stream with the cipher text

yields the original plaintext.

o If an attacker flips a bit in the cipher

text, then upon decryption, the

corresponding bit in the plaintext will

be flipped. Also, if an eavesdropper

intercepts two cipher texts encrypted

with the same key stream, it is possible

to obtain the XOR of the two plaintexts.

Once one of the plaintexts becomes

known, it is trivial to recover all of the

others.o IEEE 802.1X: This standard, supported

by Windows XP, defines a framework for

MAC-level authentication. Susceptible

to session-hijacking and man-in-the-

middle attacks.

Secu

rity

Solu

tions:

o Advanced Encryption Standard

(AES) encryption [IEEE 802.11i]

o "Key-hopping" technology that

can change the encryption key

as often as every few seconds.

o EAP-TTLS (Extensible

Authentication Protocol (EAP) -

Tunneled Transport Layer

Security)o Enhanced Security Network

(ESN) - Extended Service Set

with : I.enhanced authentication mechanism for

both STAs and APs based on 802.11x

II. enhanced data encapsulation using AES

III. dynamic, association-specific cryptographic

keys IV. key management

Wireless Protocol Analyzers:o check for unknown MAC

(Media Access Control)

addresses and alert the

network manager o log attempts to gain

unauthorized access to the

network o filter access attempts based

on the type of network card

o conduct site survey of traffic

usage o find dead zones in the

wireless network

Wir

ele

ss S

ecu

rity

Pr

eca

uti

ons

Change default names

Add passwords to all devices

Disable broadcasting on

network hubs Don't give the network a name

that identifies your company

Move wireless hubs away from

windows Use the built-in encryption

Disable the features you don't

use Put a firewall between the

wireless network and other

company computers

Encrypt data Regularly test wireless

network security

Questions? Comments?