chapter 7 -wireless network security.ppt
abenimelos
340 views
24 slides
Apr 26, 2024
Slide 1 of 24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
About This Presentation
chapter 7 -wireless network security.
Slide Content
Chapter -7
Wireless Network
Security
Compiled by Mikiyas .A
1
Wireless Network
Security
Compiled by Mikiyas .A
1
Outline
Introduction to wireless security
Examining wireless LAN vulnerabilities
Understanding WLAN security models
Securing wireless transmission using VPN
Wireless security policies
2
Introduction to wireless security
Examining wireless LAN vulnerabilities
Understanding WLAN security models
Securing wireless transmission using VPN
Wireless security policies
2
Introduction to wireless security
Awirelessnetworkisanytypeofcomputernetworkthat
useswirelessdataconnectionsforconnectingnetworknodes.
Wirelessnetworksoperateusingradiofrequency
technology,afrequencywithintheelectromagneticspectrum
associatedwithradiowavepropagation
Concernsforwirelesssecurityaresimilartothosefoundina
wiredenvironment
Securityrequirementsarethesame:
•Confidentiality,integrity,availability,authenticity,
accountability
•Mostsignificantsourceofriskistheunderlying
communicationsmedium
3
Awirelessnetworkisanytypeofcomputernetworkthat
useswirelessdataconnectionsforconnectingnetworknodes.
Wirelessnetworksoperateusingradiofrequency
technology,afrequencywithintheelectromagneticspectrum
associatedwithradiowavepropagation
Concernsforwirelesssecurityaresimilartothosefoundina
wiredenvironment
Securityrequirementsarethesame:
•Confidentiality,integrity,availability,authenticity,
accountability
•Mostsignificantsourceofriskistheunderlying
communicationsmedium
3
Examining wireless LAN vulnerabilities
Overthelasttwelveyears,802.11WirelessLAN’shave
maturedandreallyreshapedthenetworklandscape.
802.11nisnowrapidlyreplacingEthernetasthemethodof
networkaccess.
Therapidincreasementofmobiledeviceshasledtoa
tremendousneedforwirelesslocalareanetworks(WLAN),
deployedinvarioustypesoflocations,includinghomes,
educationalinstitutions,airports,businessoffices,
governmentbuildings,militaryfacilities,coffeeshops,book
storesandmanyothervenues.
4
Overthelasttwelveyears,802.11WirelessLAN’shave
maturedandreallyreshapedthenetworklandscape.
802.11nisnowrapidlyreplacingEthernetasthemethodof
networkaccess.
Therapidincreasementofmobiledeviceshasledtoa
tremendousneedforwirelesslocalareanetworks(WLAN),
deployedinvarioustypesoflocations,includinghomes,
educationalinstitutions,airports,businessoffices,
governmentbuildings,militaryfacilities,coffeeshops,book
storesandmanyothervenues.
4
Cont..
However, the increased development of Wireless LAN has
increased the potential threats to the home user, small
businesses and the corporate world.
Unlike a wired network, a WLAN uses radio frequency
transmission as the medium for communication.
This necessarily exposes layer 1 and layer 2 to whoever can
listen into the RF ranges on the network. Wireless insecurity
has been a critical issue since Wired Equivalent Privacy
(WEP), an IEEE standard security algorithm for wireless
networks, was compromised.
5
However, the increased development of Wireless LAN has
increased the potential threats to the home user, small
businesses and the corporate world.
Unlike a wired network, a WLAN uses radio frequency
transmission as the medium for communication.
This necessarily exposes layer 1 and layer 2 to whoever can
listen into the RF ranges on the network. Wireless insecurity
has been a critical issue since Wired Equivalent Privacy
(WEP), an IEEE standard security algorithm for wireless
networks, was compromised.
5
WLAN VULNERABILITIES
WirelessLANshavegainedmuchmorepopularitythan
wirednetworksbecauseoftheirflexibility,cost-effectiveness
andeaseofinstallation.
However,theincreasingdeploymentofWLANspresents
thehackerorcrackerwithmoreopportunities.Unlikewired
networks,WLANstransmitdatathroughtheairusingradio
frequencytransmissionorinfrared.
Currentwirelesstechnologyinuseenablesanattackerto
monitorawirelessnetworkandintheworstcasemayaffect
theintegrityofthedata.
6
WirelessLANshavegainedmuchmorepopularitythan
wirednetworksbecauseoftheirflexibility,cost-effectiveness
andeaseofinstallation.
However,theincreasingdeploymentofWLANspresents
thehackerorcrackerwithmoreopportunities.Unlikewired
networks,WLANstransmitdatathroughtheairusingradio
frequencytransmissionorinfrared.
Currentwirelesstechnologyinuseenablesanattackerto
monitorawirelessnetworkandintheworstcasemayaffect
theintegrityofthedata.
6
WLANsaresusceptibletovariousvulnerabilitiesduetotheir
inherentcharacteristicsandthetechnologiestheyrelyon.Some
commonWLANvulnerabilitiesinclude:
UnauthorizedAccess:WLANsaresusceptibletounauthorized
accessifpropersecuritymeasuressuchasstrongencryptionand
authenticationprotocolsarenotimplemented.Attackerscan
interceptwirelesssignalsandgainaccesstothenetwork,
potentiallycompromisingsensitivedata.
WeakEncryption:WeakencryptionmethodssuchasWEP
(WiredEquivalentPrivacy)arevulnerabletovariousattacks,
includingpacketsniffingandbruteforceattacks.It'sessentialto
usestrongencryptionprotocolslikeWPA2(Wi-FiProtected
Access2)orWPA3tomitigatethisvulnerability.
7
inherentcharacteristicsandthetechnologiestheyrelyon.Some
commonWLANvulnerabilitiesinclude:
UnauthorizedAccess:WLANsaresusceptibletounauthorized
accessifpropersecuritymeasuressuchasstrongencryptionand
authenticationprotocolsarenotimplemented.Attackerscan
interceptwirelesssignalsandgainaccesstothenetwork,
potentiallycompromisingsensitivedata.
WeakEncryption:WeakencryptionmethodssuchasWEP
(WiredEquivalentPrivacy)arevulnerabletovariousattacks,
includingpacketsniffingandbruteforceattacks.It'sessentialto
usestrongencryptionprotocolslikeWPA2(Wi-FiProtected
Access2)orWPA3tomitigatethisvulnerability.
7
DenialofService(DoS)Attacks:WLANsaresusceptibleto
DoSattacks,whereattackersfloodthenetworkwithan
excessiveamountoftraffic,causingittobecomeunavailable
tolegitimateusers.Thiscandisruptoperationsandleadto
serviceoutages.
Man-in-the-Middle(MitM)Attacks:MitMattacksinvolve
interceptingandpossiblyalteringcommunicationbetween
twopartieswithouttheirknowledge.InWLANs,attackers
canpositionthemselvesbetweentheclientandtheaccess
point,interceptingandmanipulatingdatatransmitted
betweenthem
WPSVulnerabilities:Wi-FiProtectedSetup(WPS)is
designedtosimplifytheprocessofconnectingdevicestoa
wirelessnetwork.However,someimplementationsofWPS
havebeenfoundtocontainvulnerabilitiesthatcanbe
exploitedbyattackerstogainaccesstothenetwork.
8
DoSattacks,whereattackersfloodthenetworkwithan
excessiveamountoftraffic,causingittobecomeunavailable
tolegitimateusers.Thiscandisruptoperationsandleadto
serviceoutages.
Man-in-the-Middle(MitM)Attacks:MitMattacksinvolve
interceptingandpossiblyalteringcommunicationbetween
twopartieswithouttheirknowledge.InWLANs,attackers
canpositionthemselvesbetweentheclientandtheaccess
point,interceptingandmanipulatingdatatransmitted
betweenthem
WPSVulnerabilities:Wi-FiProtectedSetup(WPS)is
designedtosimplifytheprocessofconnectingdevicestoa
wirelessnetwork.However,someimplementationsofWPS
havebeenfoundtocontainvulnerabilitiesthatcanbe
exploitedbyattackerstogainaccesstothenetwork.
8
Cont..
SSIDSpoofing:Attackerscansetupfakewirelessaccess
pointswiththesameServiceSetIdentifier(SSID)as
legitimatenetworkstotrickusersintoconnectingtothem.
Onceconnected,attackerscaneavesdroponnetworktraffic
orlaunchfurtherattacks.
9
SSIDSpoofing:Attackerscansetupfakewirelessaccess
pointswiththesameServiceSetIdentifier(SSID)as
legitimatenetworkstotrickusersintoconnectingtothem.
Onceconnected,attackerscaneavesdroponnetworktraffic
orlaunchfurtherattacks.
9
Understanding WLAN security models
WirelessLocalAreaNetwork(WLAN)securitymodelsare
frameworksdesignedtoprotectwirelessnetworksfrom
variousthreatsandvulnerabilities.
Understandingthesemodelsisessentialforimplementing
effectivesecuritymeasures.HerearethekeyWLANsecurity
models:
-WEP(WiredEquivalentPrivacy):
-WPA(Wi-FiProtectedAccess):
-WPA2(Wi-FiProtectedAccess2):
-WPA3(Wi-FiProtectedAccess3):
10
WirelessLocalAreaNetwork(WLAN)securitymodelsare
frameworksdesignedtoprotectwirelessnetworksfrom
variousthreatsandvulnerabilities.
Understandingthesemodelsisessentialforimplementing
effectivesecuritymeasures.HerearethekeyWLANsecurity
models:
-WEP(WiredEquivalentPrivacy):
-WPA(Wi-FiProtectedAccess):
-WPA2(Wi-FiProtectedAccess2):
-WPA3(Wi-FiProtectedAccess3):
10
WEP (Wired Equivalent Privacy)
WEP(WiredEquivalentPrivacy)isoneoftheearliest
securityprotocolsdevelopedforwirelessnetworks,
specificallyWirelessLocalAreaNetworks(WLANs).
However,WEPhasseveralsignificantvulnerabilitiesthat
renderitineffectiveasasecureencryptionmethod.Hereare
somekeypointsaboutWEP:
Encryption:WEPencryptsdatatransmittedoverthe
wirelessnetworkusingasharedkeymechanism.Itusesthe
RC4encryptionalgorithmwitha40-bitor104-bitkeysize.
RC4(RivestCipher4)isastreamcipherdesignedbyRon
Rivestin1987.It'soneofthemostwidelyusedstream
ciphersduetoitssimplicityandspeed.
11
WEP(WiredEquivalentPrivacy)isoneoftheearliest
securityprotocolsdevelopedforwirelessnetworks,
specificallyWirelessLocalAreaNetworks(WLANs).
However,WEPhasseveralsignificantvulnerabilitiesthat
renderitineffectiveasasecureencryptionmethod.Hereare
somekeypointsaboutWEP:
Encryption:WEPencryptsdatatransmittedoverthe
wirelessnetworkusingasharedkeymechanism.Itusesthe
RC4encryptionalgorithmwitha40-bitor104-bitkeysize.
RC4(RivestCipher4)isastreamcipherdesignedbyRon
Rivestin1987.It'soneofthemostwidelyusedstream
ciphersduetoitssimplicityandspeed.
11
Encryption Procedure RC4
1.Theuserinputsaplaintextfileandasecretkey.
2.TheencryptionenginethengeneratesthekeystreambyusingKSA
andPRGAAlgorithm.
3.ThiskeystreamisnowXORwiththeplaintext,thisXORingisdone
bytebybytetoproducetheencryptedtext.
4.Theencryptedtextisthensenttotheintendedreceiver,theintended
receiverwillthendecryptedthetextandafterdecryption,thereceiver
willgettheoriginalplaintext.
12
1.Theuserinputsaplaintextfileandasecretkey.
2.TheencryptionenginethengeneratesthekeystreambyusingKSA
andPRGAAlgorithm.
3.ThiskeystreamisnowXORwiththeplaintext,thisXORingisdone
bytebybytetoproducetheencryptedtext.
4.Theencryptedtextisthensenttotheintendedreceiver,theintended
receiverwillthendecryptedthetextandafterdecryption,thereceiver
willgettheoriginalplaintext.
12
13
Cont..
Weak keys:
Itallowsanattackertodiscoverthedefaultkeybeing
usedbytheAccessPointandclientstations
Thisenablesanattackertodecryptallmessagesbeing
sentovertheencryptedchannel.
IV (initialization vector) reuse and small size:
There are 2
24
different IVs
On a busy network, the IV will surely be reused, if the
default key has not been changed and the original
message can be retrieved relatively easily.
14
Weak keys:
Itallowsanattackertodiscoverthedefaultkeybeing
usedbytheAccessPointandclientstations
Thisenablesanattackertodecryptallmessagesbeing
sentovertheencryptedchannel.
IV (initialization vector) reuse and small size:
There are 2
24
different IVs
On a busy network, the IV will surely be reused, if the
default key has not been changed and the original
message can be retrieved relatively easily.
14
Cont..
SecurityFlaws:WEP'ssecurityflawsbecamewell-known
soonafteritsintroduction.Researchersdemonstratedthat
WEPcouldbecrackedwithinminutesusingfreelyavailable
tools.
Replacement:Duetoitsvulnerabilities,WEPhasbeen
largelydeprecatedandreplacedbymoresecureencryption
protocolssuchasWPA(Wi-FiProtectedAccess)andWPA2.
15
SecurityFlaws:WEP'ssecurityflawsbecamewell-known
soonafteritsintroduction.Researchersdemonstratedthat
WEPcouldbecrackedwithinminutesusingfreelyavailable
tools.
Replacement:Duetoitsvulnerabilities,WEPhasbeen
largelydeprecatedandreplacedbymoresecureencryption
protocolssuchasWPA(Wi-FiProtectedAccess)andWPA2.
15
WPA (Wi-Fi Protected Access)
New technique in 2002
Replacement of security flaws of WEP
Improved data encryption
Strong user authentication
Because of many attacks related to static key, WPA minimize
shared secret key in accordance with the frame transmission
Use the RC4 algorithm in a proper way and provide fast
transfer of the data before someone can decrypt the data.
While more secure than WEP, WPA is still susceptible to
certain attacks.
16
New technique in 2002
Replacement of security flaws of WEP
Improved data encryption
Strong user authentication
Because of many attacks related to static key, WPA minimize
shared secret key in accordance with the frame transmission
Use the RC4 algorithm in a proper way and provide fast
transfer of the data before someone can decrypt the data.
While more secure than WEP, WPA is still susceptible to
certain attacks.
16
WPA2 (Wi-Fi Protected Access 2)
BasedontheIEEE802.istandard
2versions:Personal&Enterprise
TheprimaryenhancementoverWPAistheuseoftheAES
(AdvancedEncryptionStandard)algorithm
TheencryptioninWPA2isdonebyutilizingeitherAESor
TKIP
ThePersonalmodeusesaPSK(Pre-sharedkey)&doesnot
requireaseparateauthenticationofusers
Theenterprisemoderequirestheuserstobeseparately
authenticatedbyusingtheEAPprotocol
17
BasedontheIEEE802.istandard
2versions:Personal&Enterprise
TheprimaryenhancementoverWPAistheuseoftheAES
(AdvancedEncryptionStandard)algorithm
TheencryptioninWPA2isdonebyutilizingeitherAESor
TKIP
ThePersonalmodeusesaPSK(Pre-sharedkey)&doesnot
requireaseparateauthenticationofusers
Theenterprisemoderequirestheuserstobeseparately
authenticatedbyusingtheEAPprotocol
17
Cont..
WPA2 has immunity against many types of hacker
attacks
Man-in-the middle
Replay
Key collision
Weak keys
Packet forging
Dictionary attacks
18
WPA2 has immunity against many types of hacker
attacks
Man-in-the middle
Replay
Key collision
Weak keys
Packet forging
Dictionary attacks
18
How to defend when using WPA
Passphrases–theonlywaytocrackWPAistosniffthe
passwordPMKassociatedwiththehandshakeauthentication
process,andifthispasswordisextremelycomplicateditwill
bealmostimpossibletocrack
PassphraseComplexity–selectarandompassphrasethatis
notmadeupofdictionarywords.Selectacomplex
passphraseofaminimumof20charactersinlengthand
changeitatregularintervals
Changerouterdefaultusernameandpassword
19
Passphrases–theonlywaytocrackWPAistosniffthe
passwordPMKassociatedwiththehandshakeauthentication
process,andifthispasswordisextremelycomplicateditwill
bealmostimpossibletocrack
PassphraseComplexity–selectarandompassphrasethatis
notmadeupofdictionarywords.Selectacomplex
passphraseofaminimumof20charactersinlengthand
changeitatregularintervals
Changerouterdefaultusernameandpassword
19
Cont..
ChangetheinternalIPsubnetifpossible
ChangedefaultnameandhidebroadcastingoftheSSID
(ServiceSetIdentifier)
Noneoftheattackmethodsarefasteroreffectivewhena
largerpassphraseisused.
Restrictaccesstoyourwirelessnetworkbyfilteringaccess
basedontheMAC(MediaAccessCode)addresses
UseEncryption
20
ChangetheinternalIPsubnetifpossible
ChangedefaultnameandhidebroadcastingoftheSSID
(ServiceSetIdentifier)
Noneoftheattackmethodsarefasteroreffectivewhena
largerpassphraseisused.
Restrictaccesstoyourwirelessnetworkbyfilteringaccess
basedontheMAC(MediaAccessCode)addresses
UseEncryption
20
Securing wireless transmission using VPN
Virtualprivatenetwork(VPN)isanetworkthatusesa
publictelecommunicationinfrastructure,toprovideremote
officesorindividualuserswithsecureaccesstotheir
organization'snetwork.
TheVPNfollowsaclientandserverapproach.
ForconnectionstoanopennetworksuchasaWi-Fihotspot
andthosecommonlyprovidedbyhotels,Starbucks,
McDonaldsandsoon,
avirtualprivatenetwork(VPN)canbeagoodsecurity
solutiontodeliverconsistentprotectionoveranyinternet
connectionandprovideend-to-endsecurityonwireless
devices.
21
Virtualprivatenetwork(VPN)isanetworkthatusesa
publictelecommunicationinfrastructure,toprovideremote
officesorindividualuserswithsecureaccesstotheir
organization'snetwork.
TheVPNfollowsaclientandserverapproach.
ForconnectionstoanopennetworksuchasaWi-Fihotspot
andthosecommonlyprovidedbyhotels,Starbucks,
McDonaldsandsoon,
avirtualprivatenetwork(VPN)canbeagoodsecurity
solutiontodeliverconsistentprotectionoveranyinternet
connectionandprovideend-to-endsecurityonwireless
devices.
21
Cont..
TheVPNclientsandVPNserversareusedinthreedifferent
scenarios
1.Supportremoteaccesstoanintranet.
2.Supportconnectionsbetweenmultipleintranetswithinthe
sameorganization.
3.Joinnetworksbetweentwoorganizations,formingan
extranet.
22
TheVPNclientsandVPNserversareusedinthreedifferent
scenarios
1.Supportremoteaccesstoanintranet.
2.Supportconnectionsbetweenmultipleintranetswithinthe
sameorganization.
3.Joinnetworksbetweentwoorganizations,formingan
extranet.
22
Wireless security policies ?
Wirelessdevicesandnetworksenableun-tethered
communicationstomobileusers.
Improperlyinstalled,configuredormanagedwireless
technologypresentsasignificantrisktotheconfidentialityof
information.
Wirelessnetworksecurityreferstotheprotectionofwireless
networkhardware,software,andtheinformationcontained
inthemfromthreatscausedbytheinherentvulnerabilitiesin
thetechnologyanditsimplementation.
Thispolicyistoensurethatthedeploymentofwireless
networkingiscontrolledandmanagedinacentralizedwayto
providefunctionalityandoptimumlevelsofservicewhilst
maintainingnetworksecurity.
23
Wirelessdevicesandnetworksenableun-tethered
communicationstomobileusers.
Improperlyinstalled,configuredormanagedwireless
technologypresentsasignificantrisktotheconfidentialityof
information.
Wirelessnetworksecurityreferstotheprotectionofwireless
networkhardware,software,andtheinformationcontained
inthemfromthreatscausedbytheinherentvulnerabilitiesin
thetechnologyanditsimplementation.
Thispolicyistoensurethatthedeploymentofwireless
networkingiscontrolledandmanagedinacentralizedwayto
providefunctionalityandoptimumlevelsofservicewhilst
maintainingnetworksecurity.
23
Thank you!
24
24
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 340
- Slides 24
- Age 584 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views