Shashank wireless lans security
•0 j'aime•760 vues
Télécharger pour lire hors ligne
Signaler
Recommandé
Contenu connexe
Tendances
Tendances(20)
Similaire à Shashank wireless lans security
Similaire à Shashank wireless lans security(20)
Dernier
Empathic Computing: Delivering the Potential of the MetaverseMark Billinghurst
422 vues•80 diapositives
The details of description: Techniques, tips, and tangents on alternative tex...BookNet Canada
103 vues•24 diapositives
Dernier(20)
Shashank wireless lans security
- 2. 1. Wireless Introduction 2. Wireless network modes 3. SSID 4. WEP 5. WPA 6. Advantages 7. Disadvantage 8. Conclusion Wireless Network Security
- 3. INTRO A Wireless LAN Links Two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider internet. IEEE 802 series standards 802.11 – wireless LANs (LAN) 802.15 – wireless personal area networks (e.g., Bluetooth) 802.16 – wireless broadband up to 155Mb Wireless Network Security
- 4. 802.11a – 54 Mbps@5 GHz Not interoperable with 802.11b Limited distance Dual-mode APs require 2 chipsets, look like two APs to clients Cisco products: Aironet 1200 802.11b – 11 Mbps@2.4 GHz Full speed up to 300 feet Coverage up to 1750 feet Cisco products: Aironet 340, 350, 1100, 1200 802.11g – 54 Mbps@2.4 GHz Same range as 802.11b Backward-compatible with 802.11b Speeds slower in dual-mode Cisco products: Aironet 1100, 1200 Wireless Network Security
- 5. The 802.11 wireless networks operate in two basic modes: 1. Infrastructure mode 2. Ad-hoc mode Infrastructure mode: each wireless client connects directly to a central device called Access Point (AP) No direct connection between wireless clients AP acts as a wireless hub that performs the connections and handles them between wireless clients Wireless Network Security
- 6. The hub handles: the clients’ authentication, Authorization link-level data security (access control and enabling data traffic encryption) Ad-hoc mode: Each wireless client connects directly with each other No central device managing the connections Rapid deployment of a temporal network where no infrastructures exist (advantage in case of disaster…) Each node must maintain its proper authentication list Wireless Network Security
- 7. Identifies a particular wireless network A client must set the same SSID as the one in that particular AP Point to join the network Without SSID, the client won’t be able to select and join a wireless network Hiding SSID is not a security measure because the wireless network in this case is not invisible It can be defeated by intruders by sniffing it from any probe signal containing it. Wireless Network Security
- 8. The original native security mechanism for WLAN provide security through a 802.11 network Used to protect wireless communication from eavesdropping (confidentiality) Prevent unauthorized access to a wireless network (access control) Prevent tampering with transmitted messages Provide users with the equivalent level of privacy inbuilt in wireless networks. Wireless Network Security
- 9. 1. Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY) 2. Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) message keys + a 24-bit IV random initialization vector (CONFIDENTIALITY). 3. The Initialization Vector (IV) and default key on the station access point are used to create a key stream 4. The key stream is then used to convert the plain text message into the WEP encrypted frame. Wireless Network Security
- 12. Initialization Vector IV Dynamic 24-bit value Chosen randomly by the transmitter wireless network interface 16.7 million possible keys (224 ) Shared Secret Key 40 bits long (5 ASCII characters) when 64 bit key is used 104 bits long (13 ASCII characters) when 128 bit key is used Wireless Network Security
- 13. Wireless Network Security IV RC4 key IV encrypted packet original unencrypted packet checksum
- 16. 1. The station sends an authentication request to AP 2. AP sends challenge text to the station. 3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and it sends the latter to AP. 4. AP decrypts the encrypted text using its configured WEP key that corresponds to the station's default key. 5. AP compares the decrypted text with the original challenge text. 6. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP key, and the access point authenticates the station. 7. The station connects to the network. Wireless Network Security
- 18. Wireless Network Security WEP encrypted networks can be cracked in 10 minutes Goal is to collect enough IVs to be able to crack the key IV = Initialization Vector, plaintext appended to the key to avoid Repetition Injecting packets generates IVs
- 19. New technique in 2002 replacement of security flaws of WEP. Improved data encryption Strong user authentication Because of many attacks related to static key, WPA minimize shared secret key in accordance with the frame transmission. Wireless Network Security
- 20. Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP. WPA also provides vastly improved payload integrity. Wireless Network Security
- 21. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed. The Michael algorithm is a strong algorithm that would still work with most older network cards. WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker. Wireless Network Security
- 22. Wireless Network Security WEP WPA ENCRYPTION RC4 RC4 KEY ROTATION NONE Dynamic Session Keys KEY DISTRIBUTION Manually typed into each device Automatic distribution available AUTHENTICATI ON Uses WEP key as Authentication Can use 802.1x & EAP
- 23. 1. It is easier to add or move workstations. 2. It is easier to provide connectivity in areas where it is difficult to lay cable. 3. Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings. 4. Access to the network can be from anywhere within range of an access point. 5.Portable or semi-permanent buildings can be connected using a WLAN. Wireless Network Security
- 24. 1.As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly. 2.Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN. 3.Security is more difficult to guarantee and requires configuration. 4.Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user. Wireless Network Security
- 25. 1.Wireless LANs very useful and convenient, but current security state not ideal for sensitive environments. 2.Cahners In-Stat group predicts the market for wireless LANs will be $2.2 billion in 2004, up from $771 million in 2000. 3.Growing use and popularity require increased focus on security Wireless Network Security
- 26. Thank You! Wireless Network Security