1 Security in IEEE Networks Mário Nunes, Rui Silva, António Grilo March 2013
2 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE Hidden SSID (Service Set Identifier) do AP 2.2 MAC address restriction at the Access Point 3 WEP (IEEE ) 4 - IEEE802.11i 4.1 TKIP 4.2 CCMP 5 - IEEE 802.1X 6 Complementary security solutions 6.1 Layer3: Virtual Private Network (VPN) 6.2 Layer4: IP Address Control and Firewall 6.3 Layer 7: Proxy/Gateway
3 1- Introduction to the Security Services 1. Confidentiality 2. Data Integrity 3. Authentication 4. Non-repudiation 5. Service Availability 6. Access Control
4 1. Introduction to the Security Services 1. Confidentiality Sender Receiver Transformation Coded! Attacker s Domain
5 1. Introduction to the Security Services 2. Data Integrity Insertion Transformation Integrity Check Error! Attacker s Domain Receiver s Domain
6 1. Introduction to the Security Services 3. Authentication To verify the sender s identity Identity Check Ok! Error! Receiver s Domain
7 1. Introduction to the Security Services 3.1. Digital Certificate issued by Certificate Authority (typical contents): Serial Number: Used to uniquely identify the certificate. Subject: The person, or entity identified. Signature Algorithm: The algorithm used to create the signature. Signature: The actual signature to verify that it came from the issuer. Issuer: The entity that verified the information and issued the certificate. Valid-From: The date the certificate is first valid from. Valid-To: The expiration date. Key-Usage: Purpose of the public key (e.g. encypherment, signature, certificate signing...). Public Key: The public key. Thumbprint Algorithm: The algorithm used to hash the public key certificate. Thumbprint: The hash itself, used as an abbreviated form of the public key certificate.
8 1. Introduction to the Security Services 4. Non-Repudiation Sending Receipt Reception Receipt Sender s Domain
9 1. Introduction to the Security Services 5. Service Availability (corresponding attack: denial of service ) Service Access Service Blocking Attacker s Domain
10 1. Introduction to the Security Services 6. Access Control Access Request Access Request Receiver s Domain User Validation Username/ Password Ok! Error!
11 2 Basic IEEE Mechanisms 2.1 Hidden SSID (Service Set Identifier) by the AP To avoid the periodic broadcast of the Access Point (AP) identity in order to prevent its interception and misuse by an attacker Restriction of authorized MAC addresses by the Access Point To specify the MAC addresses that are allowed to use the network and associate with the AP.
12 2.1 Hidden SSID B Beacon, periodically sent by the APs, without SSID SuperFrame SuperFrame B B B t (s)... ; SSID;... Beacon w/o SSID AP Beacon w/o SSID Beacon Frame B AP B SSID??? Beacon w/o SSID B
13 2.1 Hidden SSID
14 2.1 Hidden SSID AP A user who knows the SSID, sends a Probe Request The attacker waits for the Probe Response Probe Response includes the SSID!
15 2.2 MAC Address restriction by the AP Type: SubType: 00 Management Probe 01 Control Beacon 10 Data Association Re/, Des/ 11 Reserved Authentication Des/ RTS, CTS, ACK, CF, CF+ACK Power-Save Poll Protocol Type SubType To From Version DS DS (2bits) (2bits) (4bits) (1bit) (1bit) More Frag. (1bit) Retry (1bit) Distribution System AP AP Pwr. More Mgmt. Data (1bit) (1bit) WEP Order (1bit) (1bit) AP Valid MAC ADDRESS Captured Generic MAC IEEE Frame Format Frame Duration/ Address Address Address Sequence Address Frame FCS Control ID Control 4 Body (2 Octetos) (2 Octetos) (6 Octetos) (6 Octetos) (6 Octetos) (2 Octetos) (6 Octetos) ( Octetos) (4 Octetos) - The MAC addresses are transmitted in plain text and thus can be captured by the attacker. - Most Wi-Fi cards allow the user to dynamically re-configure the MAC address.
16 3 - Wired Equivalent Privacy (WEP) Characteristics: - Included in IEEE Symmetric Key protocol - Key distribution is not addressed by the standard - Uses the RC4 cipher Ron Cipher 4 created in 1987 and publicly broken in the Internet in 1994 Supported Services: - Authentication: 1º) Open System Authentication: in means no Authentication 2º) Shared Key Authentication: Performs authentication (Pseudo) based on a shared secret key - Data Integrity: Adds a CRC to the message, sending it encrypted. - Confidentiality: Encrypts the data based on a secret key shared by the communicating parites and the RC4 algorithm.
17 3 - Wired Equivalent Privacy (WEP) Authentication Shared Key Authentication (request) Authentication (challenge) AP The challenge text is an arbitrary number of 128 bits Authentication (response) Authentication (sucess) Authentication (Failure) Response Check OK! ERRO!
18 3 - Wired Equivalent Privacy (WEP) Shared Key Authentication Attacks [1/3] 1 Collection of <challenge; response> pairs followed by an authentication attempt AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) Data Base <c1; r1>... <cn; rn> Attacker s Domain Captured challenge? YES No! Abort!!!
19 3 - Wired Equivalent Privacy (WEP) Shared Key Authentication Attacks [2/3] 2 Collection of <challenge; response> pairs followed by Cryptanalysis Authentication (request) Authentication (challenge) AP Authentication (response) Authentication (sucess) Attacker s Domain Secret Key Data Base <c1; r1>... <cn; rn>
20 3 - Wired Equivalent Privacy (WEP) Shared Key Authentication Attacks [3/3] 3 Collection of IVs and creation of KeyStream library Note: The Initialization Vector (IV) is a 24 bit string that is sent in plain text and constitutes the first 24 bits of the cipher key AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) Data Base <IV 1; KeyStream 1>... <IV n; KeyStream n> IV x <IV x; KeyStream x> <challenge> XOR <response> = <KeyStream> Attacker s Domain
21 3 - Wired Equivalent Privacy (WEP) RC4 Algorithm - Secret Key - Operation in Two Phases: 1ª) KSA Key Setup Algorithm System Initialization 2ª) PRNG Pseudo-Random Number Generator Byte Encryption in Stream Mode
24 3 - Wired Equivalent Privacy (WEP) RC4 Algorithm Weakness XOR Function Properties: a XOR b = c c XOR a = b c XOR b = a <Original Message> XOR <KeyStream> = <Ciphertext> <Original Message> XOR <Ciphertext> = <KeyStream> <Ciphertext> XOR <KeyStream> = <Original Message> Since the KeyStream is always the same for the same Key, if we the attacker knows the KeyStream it is not necessary to know the Key in order to calculate the Original Message, based on the Ciphertext. The IVs are used to make the KeyStream variable for the same secret key. E.g. 40-bit secret key + 24-bit IV = 64-bit key
25 3 - Wired Equivalent Privacy (WEP) Integrity Check Attack on the ICV: Due to CRC-32 s linear properties, it is easy to modify the frame and fix the encrypted CRC-32 accordingly
27 3 - Wired Equivalent Privacy (WEP) Confidentiality Attack (Eavesdropping) 1º) To collect <IV, KeyStream> pairs - Walker, J Unsafe at any key size: an analysis of the WEP encapsulation. IEEE /362. 2º) To explore certain characteristics resulting from the concatenation of the IVs with the Secret Key, which originate Keys with predictable properties in RC4 - Fluhrer, S., I. Martin, and A. Shamir Weaknesses in the key scheduling algorithm of RC4. In Eigth Annual Workshop on Selected Areas in Cryptography. FMS attack
28 3 - Wired Equivalent Privacy (WEP) Confidentiality Attacks: Collection of IVs b at 11Mbps Method 1: Taking advantage of the Shared Key Authentication messages AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) Maximum frame length is 2346 bytes bits 586 frames per second 586/4 authentication procedures per second It takes seconds (circa 32 hours) to repeat the Ivs (2 24 = ) Data Base <IV 1; KeyStream 1>... <IV n; KeyStream n> IV x <IV x; KeyStream x> <challenge> XOR <response> = <KeyStream> Attacker s Domain
29 3 - Wired Equivalent Privacy (WEP) Confidentiality Attacks: Collection of IVs Method 2: To send know messages from the fixed network to the WLAN and retrieving the Ciphertext at the WLAN. By obtaining the Plaintext and the corresponding Ciphertext, it is possible: 1) To collect <IV, KeyStream> pairs. 2) To obtain the Key based on Cryptanalysis. This method is potentially faster, but requires the attacker s domain to encompass the fixed network (e.g., internal attacker).
30 3 - Wired Equivalent Privacy (WEP) Problems of WEP key distribution: Key is manually set in the driver. The key cannot be protected from local users. When a user leaves the organization, technically you must change the key information on all stations. What if a station is stolen? For a large organization, there is a need to publish the key which is a security problem.
31 3 - Wired Equivalent Privacy (WEP) Problems of WEP key distribution (cont.): Weakness in the Key Scheduling Algorithm: A weakness of RC4 in generating the keystream. Hacker attack: using weak IV to attack a particular byte of the secret portion of the RC4 key. The time to attack is a linear algorithm to the key length. This is a complete break for WEP.
32 3 - Wired Equivalent Privacy (WEP) WEPCrack breaks keys AirSnort breaks keys Needs only 5-10 million packets NetStumbler access point reconnaissance
33 4 IEEE i Robust Secure Network 4.1 Temporal Key Interchange Protocol TKIP (WPA - Wi-Fi Protected Access) Employs RC4 as the Cipher basis Supports the improvement of existing WEP products (the user is allowed to configure either WEP or TKIP) Temporary security solution for Wi-Fi Counter Mode-CBC MAC Protocol CCMP Employs AES as the Cipher basis Incompatible with WEP Final security solution implemented in i WLANs 4.3 Wi-Fi and the introduction of IEEE i WPA (Wi-Fi Protected Access) WPA2
34 4.1 Temporal Key Integrity Protocol (TKIP) Problems to Solve Problems detected in WEP 1 Short IV and its Fast Reuse 2 Direct attachment of the IV to the Secret Key FMS Attack 3 Does not use a trustable Integrity Check 4 Use of a Unique Key; There are no Session Keys 5 Does not avoid Message-Replay attacks Solutions implemented in TKIP 1 Extends the IV Dimension to avoid its reuse and the IV generation is based on a counter TSC 2 Generation of a New Session Key for each MPDU 3 Uses a Trustable Integrity Check to avoid message-replay attack 4 Uses a scheme to exchange and distribute Broadcast Keys
35 4.2 Counter Mode-CBC MAC Protocol (CCMP) Implementation challenge:
36 4.1 Temporal Key Integrity Protocol (TKIP) IV Generation and Sequence Number System of TKIP - WEP is vulnerable to Message-Replay Attack - The TKIP Solution includes: - Sequence Numbering of each MPDU - MPDUs with lower Sequence Numbers are discarded - The possibility of implementing a Sliding-Window mechanism - Sliding-Windows for 16 MPDUs replay-window - The Sliding-Window records the last well received 16 MPDUs - According to the TCS of the received MPDUs, they are classified as: ACCEPT / REJECT / WINDOW
38 4.1 Temporal Key Integrity Protocol (TKIP) Message Integrity Check (MIC) Generation for each MSDU Michael Mechanism Integrity Check = Just with CRC???
39 4.1 Temporal Key Integrity Protocol (TKIP) New Key Generation for each MPDU
40 4.2 Counter Mode-CBC MAC Protocol (CCMP) Counter Mode-CBC MAC Protocol CCMP: Uses AES as the Cipher basis Adopted for use in i WLANs Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government in The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively.
41 4.3. Wi-Fi e IEEE i Wi-Fi Alliance Strategy for the introduction of i 1) Interim standard WPA (Wi-Fi Protected Access) - TKIP or AES X - For immediate implementation - Changes the SW at the APs and NICs 2) WPA2 - Fully implements i
42 5. IEEE 802.1X Logical level solution for all IEEE 802 networks (both cabled and wireless). Based on the access control to logical entities (ports). The AP opens the network port if the Authentication Server (AS) validates the supplicants s authentication data. In the beginning, the AP only opens the AS communication port. Supplicant EAP over LAN Authenticator EAP over RADIUS Authentication Server (RADIUS) EAP - Extensible Authentication Protocol
43 5. IEEE 802.1X (2) Remaining resources Supplicant AP Authenticator (1) LAN/ VLAN Authentication Server (RADIUS)
44 5. IEEE 802.1X Extensible Authentication Protocol (EAP) EAP is an IETF standard (RFC 2284) and adopted by IEEE as the basis for 802.1X. It is called the port based network access control. (also known as post-based authentication protocol) EAP supports both wired and wireless authentication. MD5 TLS TTLS LEAP PEAP EAP PPP TLS: Transport Layer Security TTLS: Tunnel TLS LEAP: Lightweight EAP PEAP: Protected EAP
45 5. IEEE 802.1X EAP Authentication Methods: MD5 (Message Digest 5) - Username/Password. This is similar to MS_CHAP. TLS (Transport Layer Security) - PKI (certificates), strong authentication TTLS (Tunnel TLS) - Username/Password LEAP - Cisco proprietary lightweight EAP. It is to be phased out in favor of PEAP. PEAP Protected EAP. Supported on Windows XP.
46 5. IEEE 802.1X EAP over LAN EAP over RADIUS Supplicant AP Authenticator Authentication Server (RADIUS) EAP Start Identity request Identity response EAP Request EAP Response Access request Access challenge Access response EAP Start Ask client for identity Provide identity Pass request to RADIUS Perform sequence defined by authentication method e.g. EAP-TLS, LEAP, etc EAP success EAPoW key Access success Pass session key to AP Deliver broadcast key encrypted with session key Note: Applicable to TKIP or any other system that uses session keys 46
47 5. IEEE 802.1X New Product: Wireless Switch: It is not cost effective to implement 802.1X on all Access points. It is also a management issue. Authenticator (Wireless Switch) RADIUS Supplicant
48 5. IEEE 802.1X Client AP Attacker EAP Request EAP Response EAP success MAC Dissociate MAC Associate Dados (1) The client is authenticated at the AP (2) The attacker captures the client s MAC address and sends it Dissociate command, using the AP s MAC address as sender address (it simulates the AP) The client jumps to the Unassociate state, but is still authenticated. (3) The attacker sends an Associate frame with the client s MAC address and is now authenticated (it simulates the client). Nota: It is assumed that the attacker knows the Cipher Key
49 5. IEEE 802.1X EAP was initially conceived in association with PPP and adapted to 802.1X The AP only allows the EAP traffic into the DS EAP was not conceived for wireless networks - The communication between clients and the AP during the EAP procedures should be encrypted - There may not be mutual authentication
50 6. Complementary Security Solutions 6.1 Layer3: Virtual Private Network (VPN) 6.2 Layer4: IP Address Control and Firewall 6.3 Layer 7: Proxy
51 6.1 - Layer3: VPN What is a VPN Secure (encrypted) communication channel between two points (called tunnel) What is Tunneling Putting a packet inside another packet Advantages of VPN Provides secure channel: authentication, privacy and integrity Easy to setup because it uses the same infrastructure Easy to deploy
52 6.1 - Layer3: VPN VPN: Creation of a Tunnel between the wireless users and the organization s VPN. VPN Gateway LAN Layer 2/3 tunnel over a layer 3 protocol Data (encrypted) VPN Tunnel IP IP Wireless LAN LAN RADIUS server
53 6.1 - Layer3: VPN Local VPN (company, campus) Public location VPN
54 6.1 - Layer3: VPN Disadvantages of VPN Overhead: encryption, encapsulation Single failure (Gateway) in the path disconnects the entire network Hard to troubleshoot because headers are encrypted IDS (Intrusion Detection System) is less effective because traffic is encrypted Integration difficulties with NAT (Ipsec Authentication Header only) Not scalable (Gateway must encrypt/decrypt all packets from all users )
56 6.2 Layer4: Router / Firewall LAN temporary IP authentication official IP Security Server Internet 1. Standard WLAN and DHCP procedure for a temporary IP to the wireless station. 2. The temporary IP address is used for authentication only. All other traffic is blocked by the router. 3. After user authentication, the station is given an official IP address which can go through the router. 4. May also register the MAC address to reduce the risk of hacker attack.
57 6.3 Layer7: Proxy Gateway Security Server LAN Proxy Gateway 1. Standard WLAN and DHCP procedure for an IP address to the wireless station. 2. User types any URL and the request is routed to the security server web page. All other traffic is blocked. Internet 3. After entering account info or credit card, the user is authenticated. 4. The gateway authorizes the traffic from the authenticated station.
CHAPTER 11 WIRELESS LAN TECHNOLOGY AND THE IEEE 802.11 WIRELESS LAN STANDARD These slides are made available to faculty in PowerPoint form. Slides can be freely added, modified, and deleted to suit student
Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed  2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng email@example.com 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
A Configuration Protocol for Embedded Devices on Secure Wireless Networks Larry Sanders firstname.lastname@example.org 6 May 2003 Introduction Wi-Fi Alliance Formally Wireless Ethernet Compatibility Alliance (WECA)
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: email@example.com Content
University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses 5-21-2004 Security and Authentication for 802.11 Wireless Networks Michel Getraide
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
Part V ECHONET Lite System Design Guidelines i 2011 (2012) ALL RIGHTS RESERVED The specifications published by the ECHONET Consortium are established without regard to industrial property rights (e.g.,
TDC 363 Introductions to LANs Lecture 7 Wireless LAN 1 Outline WLAN Markets and Business Cases WLAN Standards WLAN Physical Layer WLAN MAC Layer WLAN Security WLAN Design and Deployment 2 The Mobile Environment
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
CHAPTER 7 This chapter explains how to use ADU to view the client adapter s status and its transmit and receive statistics. The following topics are covered in this chapter: Overview of ADU and Statistics
1 Session Number Denver Tech Days 2002 WLAN Security Mike Morrato System Engineer Cisco Systems April 10, 2002 2 Agenda Past security methods in Wireless LANs The problem with 802.11 - Wireless Insecurity
CHAPTER 9 The Cisco Secure Router 520 Series routers support a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required
CS 393/682 Network Security Nasir Memon Polytechnic University Module 9 Wireless LAN Security Course Logistics Start working on HW 6 Final homework. To be posted today. HW6 - Points for defending and attacking.
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
Advanced Security and Mobile Networks W.Buchanan (1) 9. GSM/3G Unit 7: Mobile Networks. Wireless. Security. Mobile IP. Mobile Agents. Spread spectrum. Military/Emergency Networks 8. Ad-hoc 7. Mobile Networks
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
CUA-854 Wireless-G Long Range USB Adapter with Antenna User s Guide Table of Contents Chapter 1. Introduction...5 1.1. About CUA-854...5 1.2. Key Features...5 1.3. Package Included...5 Chapter 2. Connect
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : PW0-200 Title : Certified wireless security professional(cwsp) Vendors : CWNP Version : DEMO Get Latest & Valid PW0-200
APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols
Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point
10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
2013 Summer Camp: Wireless LAN Security Exercises 2013 JMU Cyber Defense Boot Camp Questions Have you used a wireless local area network before? At home? At work? Have you configured a wireless AP before?
802.11 b/g/n 1T1R Wireless USB Adapter User s Manual Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device,
CHAPTER 5 This chapter explains how to configure profile parameters. The following topics are covered in this chapter: Overview, page 5-2 Setting General Parameters, page 5-3 Setting Advanced Parameters,
Wireless Networks Authors: Marius Popovici Daniel Crişan Zagham Abbas Technical University of Cluj-Napoca Group 3250 Cluj-Napoca, 24 Nov. 2003 Presentation Outline Wireless Technology overview The IEEE
EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao firstname.lastname@example.org http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
1 next CITS3002 help3002 CITS3002 schedule The IEEE-802.11 Wireless LAN protocol We'll next examine devices implementing the IEEE-802.11 family of wireless networking protocols, and get an appreciation
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN
CHAPTER 6 This chapter describes how to configure up to 16 WLANs for your Cisco UWN Solution. It contains these sections: WLAN Overview, page 6-2 Configuring WLANs, page 6-2 6-1 WLAN Overview Chapter 6
Security in 802.11 Data Link Protocols Gianluca Dini Dept. of Ingegneria dell Informazione University of Pisa, Italy Via Diotisalvi 2, 56100 Pisa email@example.com If you believe that any security
A Comparison of Data-Link and Network Layer Security for IEEE 802. Networks Group #8 Harold L. McCarter, Ryan Calme, Hongwu Zang, Wayne Jones INFS 62 Professor Yih-Feng Hwang July 7, 2006 Abstract This
11B/G Wireless Mini PCI Adapter WL533MAM User s Manual FCC Information This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 1. This device may not cause
Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE COURSE TITLE WIRELESS TECHNOLOGY SPECIALIST COURSE DURATION 13 Hours of Interactive Training COURSE OVERVIEW This course will teach you
CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS Mohammad O. Pervaiz, Mihaela Cardei, and Jie Wu Department of Computer Science &Engineering, Florida Atlantic University 777 Glades Road, Boca Raton, Florida
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
Cisco 300-375 Dumps with Valid 300-375 Exam Questions PDF  The Cisco 300-375 Securing Cisco Wireless Enterprise Networks (WISECURE) exam is an ultimate source for professionals to retain their credentials
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication
[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
to users of Microsoft Windows 7: Cisco plug-in software modules such as EAP-FAST and PEAP are compatible with Windows 7. You do not need to upgrade these modules when you upgrade to Windows 7. This document