WLAN Security Performance Study
|
|
- Andrea Gaines
- 5 years ago
- Views:
Transcription
1 WLAN Security Performance Study GHEORGHE MÜLEC *,. RADU VASIU *, FLAVIU M. FRIGURA-ILIASA **, DORU VATAU ** * Electronics and Telecommunication Faculty, ** Power and Electrical Engineering Faculty POLITEHNICA University of Timisoara, 2 V. Parvan Bvd., TIMISOARA ROMANIA george.mulec@rdslink.ro, radu.vasiu@etc.upt.ro, flaviu.frigura@et.upt.ro, Abstract: - Wireless network have gained popularity due to the flexibility and mobility that allow users access to the information. This research evaluated the effect of multiple security mechanisms of the performance for IEEE g wireless network using server-client architecture. The results showed that security mechanisms degrade the performance of network and we must know how much we pay for security features. Key-Words: - IEEE , security, performance, IDS, attacks, encryption, throughput 1 Introduction Since the ratification of the IEEE b standard in 1999, wireless LANs have became rifer. This is due the mobility of users by releasing the constraint of physical connections. Today, wireless LANs are widely deployed in places such as corporate office, conference rooms, airports, university campus. Besides these advantages, inherent broadcast nature of wireless networks, the IEEE based wireless LANs present new challenges for information security administrators [1].Network performance is characterized by certain parameters such as a time delay, system throughput, packet loss etc. Wireless networks are highly susceptible to many kinds of attacks since interception and eavesdropping of data in transit is possible for anyone with access to wireless network due to their inherent broadcast nature and shared air medium [2],[3]. For maintaining a specific level of network performance it is vital to determine the performance impact caused by security services in wireless network. At the most basic level wireless security requires authentication and encryption. Wireless network use more levels of security for data protecting [4]. Secure communication is typically achieved by employing security protocols at various layers of the network protocol stack. The building blocks of a security protocol are cryptographic algorithms, which are selected based on the security objectives that are to be achieved by the protocol. They include asymmetric and symmetric encryption algorithms, which are used to provide authentication and privacy, as well as hash or message digest algorithms that are used to provide message integrity. Security is achieved, generally, by using cryptographic primitives, e.g. encryption and authentication. The encryption and authentication algorithms need processing. Encrypting data traffic involves adding extra bytes to the frames. Authentication, on the other hand, involves adding extra messages. Adding extra bytes and extra messages to the original data result in throughput reduction and also increases the wait time. The overhead associated with applying encryption and authentication mechanisms to secure the wireless communication transactions represents an important issue as the network load becomes important. 2 Backgrounds Many networks are inadequately safeguarded against a variety of attacks. An intruder can use an insecure management frame to produce different kinds of attacks so that the whole wireless network will be unusable [10], [11]. Common recently attacks on management frames are as follow. A. MAC Address Spoofing MAC address is a vital piece of information that helps clients understand which AP they are talking to and vise versa. Unfortunately MAC address is not encrypted and spoofed easily which is one of common attacks on management frames whereby the intruders configure their wireless client to appear to have the same MAC address as an authorized access point or wireless client. When a legitimate client is not transmitting, the intruder will first reconfigure his terminal with the known information. Once this is done, the intruder s terminal will appear as the authorized terminal and will be able to access most of the resources. There are different known attacks using MAC address spoofing [10], [12] as follow: - Forged De-authentication - Forged Disassociation ISBN:
2 B. Denial of Service (DoS) Attack In this attack, the intruder sends a continually stream of different kinds of management frames to the WLAN [10], [11]. An attacker can spoof MAC address of AP or client and flood the WLAN with different kinds of forgery de-authentication, disassociation, association, authentication or bacon management frames by using both directions of the communication. In this case the WLAN overloads and will be unusable for even legitimate users. C. Session Hijacking Session hijacking combines denial of service and MAC spoofing attacks. Typically an intruder forces a legitimate client to terminate its connection to an AP by sending it a forgery disassociation or de-authentication management frame with the MAC address spoofed of the AP, therefore the client will be disconnected from the network. The intruder can now associate with the AP, to forge the MAC address of the client, and hence captures its session. D. Man-in-the-Middle Attack For Man-in-the-Middle attack, intruders insert themselves between an AP and a client to capture management frames in transmission. The idea behind this attack is to enter between the sender and the recipient, access to the management frame, modify it and forward it to the recipient. The client sees the intruder as an authorize AP, while the AP sees the intruder as an authorize client. Both authorize devices fail to detect the intruder and continue transmitting information. As a result, all these mentioned attacks are because there is no any security mechanism to check integrity and authentication of the management frames (MF) in none of IEEE standards, therefore these standards are vulnerable to such mentioned attacks. Man-in-the-middle attacks have two major forms: eavesdropping and manipulation. Eavesdropping occurs when an attacker receives a data communication stream. This is not so much a direct attack as much as it is a leaking of information. An eavesdropper can record and analyze the data that he is listening to. A manipulation attack requires the attacker to not only have the ability to receive the victim s data but then be able to retransmit the data after changing. 1. Eavesdropping In a wireless network, eavesdropping is easy because wireless communications are not easily confined to a physical area. A nearby attacker can receive the radio waves on the wireless network without any substantial effort or equipment (passive eavesdropping). All frames sent across the wireless medium can be examined in real time or stored for later examination. 2. Manipulation Manipulation takes eavesdropping a step further. An attacker who can successfully manipulate data on a network can effectively send data masquerading as a victim computer. Furthermore, the attacker can gather sensitive data by introducing a rogue access point into the WLAN coverage area. The rogue AP can be configured to look like a legitimate AP and, since many wireless clients simply connect to the AP with the best signal strength, users can be "tricked" into inadvertently associating with the rogue AP. Once a user is associated, all communications can be monitored by the attacker through the rogue AP (active eavesdropping). If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. This is the role of Intrusion Detection and Prevention System. The current rules-based and anomaly-based intrusion detection systems detect intrusions either by matching patterns of network and users activities with the predefined rules or define normal profile of system usages, and then looks for the deviation[13]. Any implementation of Intrusion Detection and Prevention System introduce an overload for network traffic and has a direct influence of the hardware resource (cpu, memory, power) especially on mobile devices. In the first stages of development, the WLAN security was based on two mechanisms: Service Set Identifier (SSID) and Wireless Equivalent Privacy (WEP). When the weaknesses of WEP were identified, IEEE ratified a new standard, IEEE 802.1X, that provides a way to leverage traditional strong authentication mechanisms such as RADIUS Server in a wireless network [5]. The IEEE 802.1x defines a mechanism for port-based network access control. It is based upon Extensible Authentication Protocol (EAP) to provide compatible authentication and authorization mechanisms for devices interconnected by IEEE There are three main components in the IEEE 802.1x authentication system: supplicant, authenticator and authentication server. In a WLAN, supplicant usually is AP ( Acces Point ) that represents an authenticator. Authentication, Authorization, and Accounting (AAA) server such as RADIUS server is the authentication server. The port in 802.1x represents the association between supplicant and authenticator. Both supplicant and authenticator have a Port Access Entity (PAE) that operates the algorithms and protocols associated with the authentication mechanisms. The authenticator's controlled port is in unauthorized state. Messages will be directed only to the Authenticator PAE, which will further direct 802.1x messages to the authentication server. The authenticator PAE will close the controlled port after the supplicant is authenticated successfully. IEEE 802.1X specifies how to run the EAP directly over a link layer protocol. EAP is a transport protocol that can use a variety of different authentication types known as EAP methods [6], [7], [8]. ISBN:
3 Figure X EAP Message Flow In figure 1 is illustrate the 802.1X EAP Message Flow for an authentication process. Among the EAP methods developed specifically for wireless networks are a family of methods base on public key certificates and the Transport Layer Security (TLS) protocols. These are EAP-TLS, EAP-TTLS and EAP-PEAP. 3 Experimental part A. Configuration topology Our test platform is a miniature of WLAN compound by an access point, an authentication RADIUS server, a local area network, a wireless laptop and a PC station. Figure 2 shows the testbed architecture used on this experiment. Figure 2. Testbed architecture ISBN:
4 B. Hardware configuration Access point (AP) used in experiment is a D-link DWL 2100AP [18]. At this access point, are wireless connected a wireless client with Laptop HP (Celeron 1.5 GHz, 256 MB RAM) and a D-link DWL G650 wireless cardbus adapter [14]. For RADIUS Server we used a desktop PC (P IV, 2.6 GHz, 512 MB RAM) and for PC station another desktop PC (AMD 1,3 GHz, 256 MB RAM). All the Ethernet adapter are fast adapter (100 Mbps). C. Software configuration All the systems have installed Windows XP Home Edition as a operating system. We have installed following software components for various protocol used in testbed: RADIUS server is implemented with opensource software FreeRADIUS [19], X.509 Certificate (CA, Server, Client ) are issued with open-source software OpenSSL [16], Capturing packets are made with Ethereal packet analyzer. [17], TCP / UDP tuning and throughput measurement are made with Iperf [14] and Qcheck [19]. D. Experimental analysis Many factors affect network performance and some of them interact to provide overall performance results. Performance results depending on the choice of hardware device, software application, security policy and network topology. On the same conditions (hardware, software and network topology) we have measured the authentication time, throughput and response time for different types of security policy. Authentication time is defined as the time involved in a authentication phase of security protocol. Throughput refers to actual measured bandwidth, at a specific time of day, using specific routes, and while a specific set of data is transmitted on the network. The throughput (Th) can be calculated as (1): D Th= a R (1) D+ H where D is the payload length in, H is the length of all the protocol overheads associated with a specific transmission technology, R is the channel data rate, a is the packages transmission success rate. A possibility to evaluate the secured transfer efficiency could be the ratio between the throughput with no security overheads and the throughput with security overheads. Starting from the general formula for throughput as in (1) and considering S as being the security overheads, we have a modified equation, pointing on security affected throughput ThS (2): D Th S = a R (2) D+ H + S A degradation factor related to overheads for a given channel can be defined as a ratio between the secured throughput ThS and the throughput for a non-secured channel: Th s L = 100 [%] with L=D+H (3) Th L+ S where D is data field length, H are the usual protocol overheads and S are the overheads introduced by the different encryption methods. Response time is a measure of the delay in transmission of data between a sender and a receiver for a specific packet size. For this experimental analyze we have used the Iperf, Qcheck and Ethereal software programs. 1. Security configuration IEEE provides two mechanism of security: authentication and encryption. Authentication may be made with Shared key authentication mechanism and with different type of authentication mechanism run over the EAP protocol. In our research we used the EAP based on 802.1x family protocol for authentication (EAP TLS, EAP TTLS, EAP PEAP).For data encryption we used WEP (40 and 128 ), TKIP and AES encryption protocol. 2. Measurement methods For each security service configured, experimental data were collected in two phases, in a not congested network (normal situation). The first phase collects measurements from authentication protocols. The second phase focuses on generating different traffic and measurement the throughput and response time. In the first phase, we used Ethereal packet analyzer to capture the packets exchanged during authentication process. Data obtained here were used to compare the authentication time for different authentication protocols. On the second phase we used Iperf and Qcheck for generate TCP and UDP traffic between Wireless Laptop and PC station for measures the throughput and response time.for all tests, the wireless link was at a constantly 54 Mbps with level of radio signal more than 95%. 4. Results and discussion 1. Authentication Time Figure 3 show authentication time (in sec) for EAP TLS, EAP TTLS, EAP PEAP authentication protocols. Our research is based only to the 802.1x authentication framework. The shared key authentication not achieves the mutual authentication and when the authentication is completed does not result a session key. Authentication time for all the Certificates based protocol mention above is mostly the same. We can see that authentication process is smaller than 1 sec and appear after association phase. ISBN:
5 UDP Throughput EAP-PEAP EAP-TTLS 14,20 14,00 13,80 13,60 EAP-TLS No authentication 0,000 0,200 0,400 0,600 0,800 Figure 3. Authentication time 2. Throughput Figure 4 illustrates the throughput of TCP traffic for different encryption protocol. Performance measures were gathered by running seven repetitive tests at each encryption protocol. The throughput is smaller if we use the AES instead of TKIP (RC4) cipher. If we use the same protocol the throughputs decrease if increasing the secret key length. Mbps 18,20 18,00 17,80 17,60 17,40 17,20 17,00 16,80 16,60 16,40 AES TKIP WEP 128 s TCP Throughput WEP 40 Figure 4. Throughput for TCP No secure Figure 5 illustrates the throughput of UDP traffic for different encryption protocol. In this case, the trend is the same as in TCP traffic, but throughput is with cca. 20% lesser. 3. Response time Figure 6 illustrate the response time for TCP and UDP traffic. In this case, we measure the response time for 1K byte packet size (in a not congested network). Mbps 13,40 13,20 13,00 12,80 12,60 12,40 AES TKIP WEP 128 WEP 64 No secure AES TKIP WEP 128 WEP 40 Figure 5. Throughput for UDP 0,00 10,00 20,00 30,00 ms Figure 6. Per packet response time No secure UDP TCP 5 Conclusion In this paper, we presented experimental results of impact incurred by security policies on system performance in a not congested network. The results demonstrate that WEP policies cause least overhead, while AES and TKIP cause significant overhead but provide stronger security. Authentication process 802.1x with EAP-TLS cause lesser overhead than 802.1x with EAP- PEAP. The delay produce by the authentication process is smaller than 1 sec. Because the WLAN isn t very mobile (WLAN is implemented in relative limited area college campuses, airports, shops) the need for authentication is not very frequent and the benefits of that is evident. The authentication delay is bigger for EAP-PEAP towards other authentication Certificate based protocols. Using AES as encryption protocol we have obtained a smaller throughput and obviously the possibility of delivery less amount of data in a given time than in case of using TKIP or WEP, but this is the price for having a higher security. ISBN:
6 References: [1] Y. Zahur and T.A. Yang, Wireless LAN security and Laboratory design, Journal of Computing Science in Colleges, vol. 19, pp , January 2004 [2] W. A. Arbaugh, N. Shankar, J. Wang and K. Zhang, Your network has no clothes, IEEE Wireless Communication Magazine, December 2002 [3] D.B. Faria and D.R.Cheriton, DoS and authentication in Wireless Public Access Networks, pp , September [4] E Bertino, S. Jajodia, L. Mancini and I. Ray,Advanced transaction processing in Multilevel secure File Stores, IEEE Transactions on Knowledge and Data Engineering, vol. 10, pp , February 1998 [5] IEEE Std 802.1x-2001x: Port Based Network Access Control, June 2001 [6] Blunk, L., & J. Vollbrecht. (1998). PPP Extensible Authentication Protocol (EAP), RFC2284: Internet Engineering Task Force. [7] IEEE 802 Standards, [8] IETF, PPP EAP TLS Authentication Protocol, RFC 2716, October 1999 [9] Microsoft Wireless Security Windows XP, [10] Bellardo J. and Savage S Denial-of- Service Attacks: Real Vulnerabilities and Practical Solutions. Proceedings of the USENIX Security Symposium, Washington D.C. [11] Welch D., and Lathrop S Wireless Security Threat Taxonomy. Proceedings of the 2003 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY, ISBN /03, [12] Xiao Y., Pan Y., Du X., Bandela C., and Dass K Security mechanisms, Attacks, and Security Enhancements for the IEEE WLANs. International journal of wireless and mobile computing. [13] Chen M., Kuo S., Li P., and Zhu M., Intrusion Detection in Wireless Mesh Networks, CRC Press 2007 [14] [15] [16] [17] [18] [19] ISBN:
How Insecure is Wireless LAN?
Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationSecure Initial Access Authentication in WLAN
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 13 (2014), pp. 1299-1303 International Research Publications House http://www. irphouse.com Secure Initial
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationWireless LAN Security (RM12/2002)
Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationPort-based authentication with IEEE Standard 802.1x. William J. Meador
Port-based authentication 1 Running head: PORT-BASED AUTHENTICATION Port-based authentication with IEEE Standard 802.1x William J. Meador Port-based authentication 2 Port based authentication Preface You
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More informationAppendix E Wireless Networking Basics
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
More informationA Secure Wireless LAN Access Technique for Home Network
A Secure Wireless LAN Access Technique for Home Network *Ju-A Lee, *Jae-Hyun Kim, **Jun-Hee Park, and **Kyung-Duk Moon *School of Electrical and Computer Engineering Ajou University, Suwon, Korea {gaia,
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationThe 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013
The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013 Florin OGÎGĂU-NEAMŢIU National Defense University of Romania "Carol I"/ The Regional
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationJu-A A Lee and Jae-Hyun Kim
Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE 802.11i standard supports a secure access control for wireless LAN and
More informationSecuring Wireless LANs with Certificate Services
1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationConfiguring Cipher Suites and WEP
10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast
More informationWireless Networking WiFi Standards 802.11a 5GHz 54MB 802.11b 2.4 GHz 11MB 802.11g 2.4GHz 52MB 802.11n 2.4/5GHz 108MB 802.11b The 802.11b standard has a maximum raw data rate of 11 Mbit/s, and uses
More informationSecurity in IEEE Networks
Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set
More informationCYBER ATTACKS EXPLAINED: WIRELESS ATTACKS
CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these
More informationSecurity Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
More informationSecuring Your Wireless LAN
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationWireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.
Wireless Networks Authors: Marius Popovici Daniel Crişan Zagham Abbas Technical University of Cluj-Napoca Group 3250 Cluj-Napoca, 24 Nov. 2003 Presentation Outline Wireless Technology overview The IEEE
More informationInterworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...
Interworking 2006 Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks Interworking Conference, 15th - 17th of January 2007 Dr-Ing Kai-Oliver Detken Business URL: http://wwwdecoitde
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationWireless# Guide to Wireless Communications. Objectives
Wireless# Guide to Wireless Communications Chapter 8 High-Speed WLANs and WLAN Security Objectives Describe how IEEE 802.11a networks function and how they differ from 802.11 networks Outline how 802.11g
More informationSecuring a Wireless LAN
Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationAdvanced Security and Mobile Networks
Advanced Security and Mobile Networks W.Buchanan (1) 9. GSM/3G Unit 7: Mobile Networks. Wireless. Security. Mobile IP. Mobile Agents. Spread spectrum. Military/Emergency Networks 8. Ad-hoc 7. Mobile Networks
More informationViewing Status and Statistics
CHAPTER 7 This chapter explains how to use ADU to view the client adapter s status and its transmit and receive statistics. The following topics are covered in this chapter: Overview of ADU and Statistics
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationENHANCING PUBLIC WIFI SECURITY
ENHANCING PUBLIC WIFI SECURITY A Technical Paper prepared for SCTE/ISBE by Ivan Ong Principal Engineer Comcast 1701 John F Kennedy Blvd Philadelphia, PA 19103 215-286-2493 Ivan_Ong@comcast.com 2017 SCTE-ISBE
More informationWireless Security Security problems in Wireless Networks
Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security
More informationWIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK
WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK S.DEEPTHI 1 G.MARY SWARNALATHA 2 PAPARAO NALAJALA 3 Assoc. Professor, Dept. of Electronics &Communication Engineering at Institute of Aeronautical Engineering,
More informationCITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule
1 next CITS3002 help3002 CITS3002 schedule The IEEE-802.11 Wireless LAN protocol We'll next examine devices implementing the IEEE-802.11 family of wireless networking protocols, and get an appreciation
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationWIDS Technology White Paper
Technical white paper WIDS Technology White Paper Table of contents Overview... 2 Background... 2 Functions... 2 Rogue detection implementation... 2 Concepts... 2 Operating mechanism... 2 Operating modes...
More informationTABLE OF CONTENTS CHAPTER TITLE PAGE
vii TABLE OF CONTENTS CHAPTER TITLE PAGE DECLARATION ACKNOWLEDGMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF APPENDICES ii iv v vi vii xiii xiv xvi 1 OVERVIEW 1 1.1 Introducation
More informationStandard For IIUM Wireless Networking
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
More informationWPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)
WPA SECURITY (Wi-Fi Protected Access) Presentation By Douglas Cheathem (csc 650.01 Spring 2007) OUTLINE Introduction Security Risk Vulnerabilities Prevention Conclusion Live Demo Q & A INTRODUCTION! WPA
More informationWi-Fi Scanner. Glossary. LizardSystems
Wi-Fi Scanner Glossary LizardSystems 2 Table of Contents 802 6 802.11 6 802.11a 6 802.11b 6 802.11d 6 802.11e 6 802.11g 6 802.11h 6 802.11i 6 802.11j 6 802.11n 7 802.1X 7 802.3 7 A 8 Ad-Hoc mode 8 AES
More informationLESSON 12: WI FI NETWORKS SECURITY
LESSON 12: WI FI NETWORKS SECURITY Raúl Siles raul@taddong.com Founder and Security Analyst at Taddong Introduction to Wi Fi Network Security Wireless networks or Wi Fi networks IEEE 802.11 Standards Information
More informationCsci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
More informationAssignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson
Project Whitepaper ITEC495-V1WW Instructor: Wayne Smith Jim Patterson Table of Contents 1. Abstract Page 3 2. Introduction Page 3 3. Analysis Page 4 4. Solution Discussion Page 7 5. Evaluation Criteria
More informationMONTEREY, CALIFORNIA THESIS SESSION HIJACKING ATTACKS IN WIRELESS LOCAL AREA NETWORKS. Hulusi ONDER
MONTEREY, CALIFORNIA THESIS SESSION HIJACKING ATTACKS IN WIRELESS LOCAL AREA NETWORKS by Hulusi ONDER March 2004 Thesis Advisor: Second Reader: Geoffrey XIE John GIBSON Approved for public release; distribution
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationConfiguring WEP and WEP Features
CHAPTER 9 This chapter describes how to configure Wired Equivalent Privacy (WEP), Message Integrity Check (MIC), and Temporal Key Integrity Protocol (TKIP). This chapter contains these sections: Understanding
More informationNetwork Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol
Bibliography General principles about Radius server Bibliography Network System Radius Protocol Claude Duvallet University of Le Havre Faculty of Sciences and Technology 25 rue Philippe Lebon - BP 540
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationChapter 4 Configuring 802.1X Port Security
Chapter 4 Configuring 802.1X Port Security Overview HP devices support the IEEE 802.1X standard for authenticating devices attached to LAN ports. Using 802.1X port security, you can configure an HP device
More informationConfiguring the Client Adapter
CHAPTER 5 This chapter explains how to configure profile parameters. The following topics are covered in this chapter: Overview, page 5-2 Setting General Parameters, page 5-3 Setting Advanced Parameters,
More informationSubject: Adhoc Networks
ISSUES IN AD HOC WIRELESS NETWORKS The major issues that affect the design, deployment, & performance of an ad hoc wireless network system are: Medium Access Scheme. Transport Layer Protocol. Routing.
More informationMobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE
Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE COURSE TITLE WIRELESS TECHNOLOGY SPECIALIST COURSE DURATION 13 Hours of Interactive Training COURSE OVERVIEW This course will teach you
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationWireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design
Protocol Analysis and Design 1 Networks 1. WIRELESS NETWORKS 2 Networks 1. WIRELESS NETWORKS 1.1 WiFi 802.11 3 Networks OSI Structure 4 Networks Infrastructure Networks BSS : Basic Set Service ESS : Extended
More informationEXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.
CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of
More informationCisco Exam Securing Wireless Enterprise Networks Version: 7.0 [ Total Questions: 53 ]
s@lm@n Cisco Exam 300-375 Securing Wireless Enterprise Networks Version: 7.0 [ Total Questions: 53 ] Question No : 1 An engineer configures the wireless LAN controller to perform 802.1x user authentication.
More informationProcedure: You can find the problem sheet on the Desktop of the lab PCs.
University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Advance Networks Laboratory 907529 Lab.3 WLAN Security Objectives 1. Configure administrator accounts.
More informationPreventing wireless deauthentication attacks over Networks
Preventing wireless deauthentication attacks over 802.11 Networks Ananay Arora Attribution under NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) ( https://creativecommons.org/licenses/by-nc-sa/4.0/
More informationWLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC
WLAN Security Dr. Siwaruk Siwamogsatham ThaiCERT, NECTEC Agenda Wireless Technology Overview IEEE 802.11 WLAN Technology WLAN Security Issues How to secure WLAN? WLAN Security Technologies Wireless Technologies
More informationWireless Networking Basics. Ed Crowley
Wireless Networking Basics Ed Crowley 2014 Today s Topics Wireless Networking Economic drivers and Vulnerabilities IEEE 802.11 Family WLAN Operational Modes Wired Equivalent Privacy (WEP) WPA and WPA2
More informationMeasuring Performance impact of Authentication and Encryption protocols on a Wireless LAN
Measuring Performance impact of Authentication and Encryption protocols on a Wireless LAN D.S. Dawoud R.NGOGA Said P. Dawoud University of UKZN National University of Rwanda University of UKZN Abstract
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More informationTestsDumps. Latest Test Dumps for IT Exam Certification
TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : PW0-200 Title : Certified wireless security professional(cwsp) Vendors : CWNP Version : DEMO Get Latest & Valid PW0-200
More informationRole of Cross Layer Based Intrusion Detection System for Wireless Domain
Int. J. Communications, Network and System Sciences, 2012, 5, 81-85 http://dx.doi.org/10.4236/ijcns.2012.52010 Published Online February 2012 (http://www.scirp.org/journal/ijcns) 81 Role of Cross Layer
More informationExam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]
s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationOverview of Security
Overview of 802.11 Security Bingdong Li Present for CPE 601 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 1 Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations
More informationPERFORMANCE EVALUATION OF WPA2 SECURITY PROTOCOL IN MODERN WIRELESS NETWORKS
Impact of Internet on Business activities in Serbia and Worldwide Uticaj Interneta na poslovanje u Srbiji i svetu doi: 10.15308/SInteZa-2014-600-605 PERFORMANCE EVALUATION OF WPA2 SECURITY PROTOCOL IN
More informationChapter 1 Describing Regulatory Compliance
[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know
More informationExam : PW Title : Certified wireless security professional(cwsp) Version : DEMO
Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationSecurity and Authentication for Wireless Networks
University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses 5-21-2004 Security and Authentication for 802.11 Wireless Networks Michel Getraide
More informationStatus of P Sub-Specification
Status of P1451.5 802.11 Sub-Specification June 7, 2004 Ryon Coleman Senior Systems Engineer 802.11 Subgroup rcoleman@3eti.com Agenda 1. IEEE 802.11 Architecture 2. Scope within the 1451 Reference Model
More informationDETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM
DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM Rajalakshmi 1, Umamaheswari 2 and A.Vijayaraj 3 1 Department
More informationWL 5011s g Wireless Network Adapter Client Utility User Guide
WL 5011s 802.11g Wireless Network Adapter Client Utility User Guide 10/2005 1 1. Introduction WL5011s client utility is a clean, straightforward GUI (Graphic User Interface) tool, which is designed for
More informationCross-organisational roaming on wireless LANs based on the 802.1X framework Author:
Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More informationEnhanced Authentication Protocol EAP-TTLS using encrypted ECDSA
www.ijcsi.org 173 Enhanced Authentication Protocol EAP-TTLS using encrypted ECDSA Nazanin Bahrami 1, Mohamad Ebrahim Shiri 2, Morteza Salari-Akhgar 3 1 Department of Computer Engineering, Kish Azad University,
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationAn Integrated Scheme for Intrusion Detection in WLAN +
An Integrated Scheme for Intrusion Detection in WLAN + Dong hil Kim, Seok Joo Koh and Sang Wook Kim Department of Computer Science, Kyungpook National University, Korea {dpkim, sjkoh, swkim}@cs.knu.ac.kr
More informationNXC Series. Handbook. NXC Controllers NXC 2500/ Default Login Details. Firmware Version 5.00 Edition 19, 5/
NXC Series NXC 2500/ 5500 NXC Controllers Firmware Version 5.00 Edition 19, 5/2017 Handbook Default Login Details LAN Port IP Address https://192.168.1.1 User Name admin Password 1234 Copyright 2017 ZyXEL
More informationIP network that supports DHCP or manual assignment of IP address, gateway, and subnet mask
Network Requirements, page 1 Wireless LAN, page 2 Wi-Fi Network Components, page 3 802.11 Standards for WLAN Communications, page 6 Security for Communications in WLANs, page 9 WLANs and Roaming, page
More informationA Configuration Protocol for Embedded Devices on Secure Wireless Networks
A Configuration Protocol for Embedded Devices on Secure Wireless Networks Larry Sanders lsanders@ittc.ku.edu 6 May 2003 Introduction Wi-Fi Alliance Formally Wireless Ethernet Compatibility Alliance (WECA)
More informationWireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS
How to Set Up a Secure Home Wireless Network What you don t know about setting up a home wireless network can hurt you. 2008 APCUG Convention Session Tom Jones, P.E., RCDD-NTS CQS-CWLSS AGENDA Some Terms
More informationChapter 3 Wireless Configuration
Chapter 3 Wireless Configuration This chapter describes how to configure the wireless features of your WNR854T router. In planning your wireless network, you should consider the level of security required.
More informationWiMAX Security: Problems & Solutions
(JCSCR) - ISSN 2227-328X WiMAX Security: Problems & Solutions Paul Semaan LACSC Lebanese Association for Computational Sciences Registered under No. 957, 2011, Beirut, Lebanon Abstract This paper is a
More informationWireless-N Business Notebook Adapter
Wireless-N Business Notebook Adapter USER GUIDE BUSINESS SERIES Model No. WPC4400N Model Model No. No. Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered
More information802.1x. ACSAC 2002 Las Vegas
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
More informationCUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide
CUA-854 Wireless-G Long Range USB Adapter with Antenna User s Guide Table of Contents Chapter 1. Introduction...5 1.1. About CUA-854...5 1.2. Key Features...5 1.3. Package Included...5 Chapter 2. Connect
More informationThe WiMAX Technology
Page 2 Oeconomics of Knowledge, Volume 2, Issue 2, 2Q 2010 The WiMAX Technology Felician ALECU, PhD, University Lecturer Department of Economic Informatics Academy of Economic Studies, Bucharest, Romania
More informationSecurity Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router
Security Enhanced IEEE 802.1x Method for WLAN Mobile Router Keun Young Park*, Yong Soo Kim*, Juho Kim* * Department of Computer Science & Engineering, Sogang University, Seoul, Korea kypark@sogang.ac.kr,
More information