Wireless network security

Lt. Robert Drmola, University of defence, Communication and information system department

Content

Home and corporal networks comparison Data protection Protection methods WLAN standards comparison Conclusion

Home versus organizations networks WiFi – phenomenon of Czech republic

(Internet providers policy) Urgency of protection also small office and

home networks It has got advantages for hackers Big organizations usually uses better access

methods

Reasons for wireless security

Computer criminality Activities masking Industrial espionage Unauthorization access Connectivity to internet

Organizations data protection 38% scans company network for unauthorized

access points 22% instruct employees about wireless

network problems 57% set up network policy 33% without protection !!!!!

Company data protection

Unauthorized (black) access point

Company data protection

Ad-Hoc networks

Basic methods

MAC filter activation SSID change Change of defaults parameters

IP Admin password Default cryptography keys

Argue out of 20% of attackers

Advanced methods

WEP activation – Not so strong but better than nothing

WPA, WPA2 activation Radius server activation

Alternative for SOHO networks (WPA-PSK)

Corporal networks

WLAN protection on commercial and organizations level

User authentization:

No authentization of devices but users – guard against

stolen devices or device simulations

Corporal networks

WLAN protection on commercial and organizations level

System interdependence:

protect against unauthorized access points. Not only the client to network but also the network to client authorization.

Corporal networks

WLAN protection on commercial and organizations level

Centralized management:

All information about users, devices, access points are saved centrally. Easy for admins to change information but hard to attackers

Corporal networks

WLAN protection on commercial and organizations level

Dynamical encryption keys:

Different keys for every session and for every device and user.

Security standards comparison

Secu

rity

level

Open network

WEP

WPA-PSKWPA2-PSK

WPA2-802.1xWPA2-802.1x IPSec - VPN

Security standards for WLAN

  Authentization/Encryption Corporal networks SOHO networks

Open network ---- / ---- unsuitable unsuitable

WEP Practically none/WEP unsuitable Very bad

WPA-PSK PSK/WEP-TKIP Very badVery good (quality-price

ratio)

WPA2-PSK PSK/AES-CCMP Bad Ideal solution

WPA-802.1x 802.1x/WEP-TKIP Good solutionUnsuitable because of the

price and hard implementation

WPA2-802.1x 802.1x/AES-CCMPIdeal solution for big

networks

Unsuitable because of the price and hard

implementation

Idea and conclusion

WLAN protection:

Nowadays is possible to solve WLAN security can be personalized for every

kind of running Solve encryption only in radio parts (IPSec,

VPN)

Conclusion

Security isn’t something what we can buy in box in our shop. It is unremitting fight between security experts and hackeres, which try to increase security level of our world. It requires persistent comparisons, tests and implementations. Unfortunately it can not be said: “Now - we protected our network and we can not solve this problem in future.”

Thank you for your attention

Lt. Robert Drmola, University of defence, Communication and information systems department