Chapter 24 Wireless Network Security
|
|
- Marcus Williamson
- 5 years ago
- Views:
Transcription
1 Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocols o Mobility Wireless devices are far more portable and mobile, thus resulting in a number of risks o Resources Some wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware o Accessibility Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations, thus greatly increasing their vulnerability to physical attacks 1
2 Endpoint Access point Figure 24.1 Wireless Networking Components Wireless Network Threats Accidental association Malicious association Ad hoc networks Nontraditional networks Identity theft (MAC spoofing) Man-in-the middle attacks Denial of service (DoS) Network injection Securing Wireless Transmissions Principal threats are eavesdropping, altering or inserting messages, and disruption Countermeasures for eavesdropping: o Signal-hiding techniques o Encryption The use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions 2
3 Securing Wireless Networks The main threat involving wireless access points is unauthorized access to the network Principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control o The standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network Use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors Wireless Network Security Techniques Use encryption Allow only specific computers to access your wireless network Use anti-virus and anti-spyware software and a firewall Change your router s pre-set password for administration Turn off identifier broadcasting Change the identifier on your router from the default Mobile Device Security An organization s networks must accommodate: o Growing use of new devices Significant growth in employee s use of mobile devices o Cloud-based applications Applications no longer run solely on physical servers in corporate data centers o De-perimeterization There are a multitude of network perimeters around devices, applications, users, and data o External business requirements The enterprise must also provide guests, third-party contractors, and business partners network access using various devices from a multitude of locations 3
4 Security Threats Lack of physical security controls Use of untrusted networks Use of untrusted mobile devices Use of applications created by unknown parties Interaction with other systems Use of untrusted content Use of location services Mobile device is configured with security mechanisms and parameters to conform to organization security policy Traffic is encrypted; uses SSL or IPsec VPN tunnel Application/ database server Mobile device configuration server Authentication/ access control server Firewall Firewall limtts scope of data and application access Authentication and access control protocols used to verify device and user and establish limits on access Figure 24.2 Mobile Device Security Elements 4
5 Wireless Fidelity (Wi-Fi) Alliance b o First standard to gain broad industry acceptance Wireless Ethernet Compatibility Alliance (WECA) o Industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating o Later renamed the Wi-Fi Alliance Term used for certified b products is Wi-Fi o Has been extended to g products Wi-Fi Protected Access (WPA) o Wi-Fi Alliance certification procedures for IEEE security standards o WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification General IEEE 802 functions Specific IEEE functions Logical Link Control Flow control Error control Medium Access Control Physical Assemble data into frame Addressing Error detection Medium access Encoding/decoding of signals Bit transmission/ reception Transmission medium Reliable data delivery Wireless access control protocols Frequency band definition Wireless signal encoding Figure 24.3 IEEE Protocol Stack MAC Control Destination MAC Address Source MAC Address MAC Service Data Unit (MSDU) CRC MAC header MAC trailer Figure 24.4 General IEEE 802 MPDU Format 5
6 Distribution System AP 2 AP 1 Basic Service Set (BSS) STA 1 Basic Service Set (BSS) STA 8 STA 2 STA4 STA 6 STA 7 STA 3 Figure 24.5 IEEE Extended Service Set Distribution of Messages Within a DS The two services involved with the distribution of messages within a DS are: o Distribution o Integration Distribution The primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS Integration Enables transfer of data between a station on an IEEE LAN and a station on an integrated IEEE 802x LAN Service enables transfer of data between a station on an IEEE LAN and a station on an integrated IEEE 802.x LAN 6
7 Association-Related Services Transition types, based on mobility: o No transition A station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS o BSS transition Station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station o ESS transition Station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by cannot be guaranteed Services Association Establishes an initial association between a station and an AP Reassociation Enables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to another Disassociation A notification from either a station or an AP that an existing association is terminated Wireless LAN Security Wired Equivalent Privacy (WEP) algorithm o privacy Wi-Fi Protected Access (WPA) o Set of security mechanisms that eliminates most security issues and was based on the current state of the i standard Robust Security Network (RSN) o Final form of the i standard Wi-Fi Alliance certifies vendors in compliance with the full i specification under the WPA2 program 7
8 Robust Security Network (RSN) Services Access Control Authentication and Key Generation Confidentiality, Data Origin Authentication and Integrity and Replay Protection Protocols IEEE Port-based Access Control Extensible Authentication Protocol (EAP) TKIP CCMP (a) Services and Protocols Robust Security Network (RSN) Services Confidentiality Integrity and Data Origin Authentication Key Generation Algorithms TKIP (RC4) NIST Key Wrap CCM (AES- CTR) CCM TKIP HMAC- HMAC- (AES- (Michael SHA-1 MD5 CBC- MIC) MAC) HMAC- RFC SHA (b) Cryptographic Algorithms CBC-MAC = Cipher Block Block Chaining Message Authentication Code (MAC) CCM Counter Mode with Cipher Block Chaining Message Authentication Code CCMP Counter Mode with Cipher Block Chaining MAC Protocol TKIP = Temporal Key Integrity Protocol Figure 24.6 Elements of IEEE i STA AP AS End Station Phase 1 - Discovery Phase 2 - Authentication Phase 3 - Key Management Phase 4 - Protected Data Transfer Phase 5 - Connection Termination Figure 24.7 IEEE i Phases of Operation STA AP AS Station sends a request Probe request to join network AP sends possible Probe response security parameter (security capabilties set Open system per the security policy) Station sends a authentication request request to perform null authentication Open system authentication response AP performs null authentication Station sends a request to Association request associate with AP with security parameters Association response AP sends the associated security parameters Station sets selected security parameters 802.1X controlled port blocked 802.1x EAP request 802.1x EAP response Access request (EAP request) Extensible Authentication Protocol Exchange Accept/EAP-success key material 802.1x EAP success 802.1X controlled port blocked Figure 24.8 IEEE i Phases of Operation: Capability Discovery, Authentication, and Association 8
9 Uncontrolled port Authentication server Access point Station Controlled port Controlled port To other wireless stations on this BSS To DS Figure X Access Control MPDU Exchange Authentication phase consists of three phases: o Connect to AS The STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS o EAP exchange Authenticates the STA and AS to each other o Secure key delivery Once authentication is established, the AS generates a master session key and sends it to the STA Out-of-band path EAP method path PSK AAAK or MSK Pre-shared key AAA key 256 bits User-defined 256 bits EAP cryptoid authentication Legend PMK No modification Pairwise master key Possible truncation 256 bits following EAP authentication PRF (pseudo-random or PSK function) using HMAC-SHA-1 PTK Pairwise transient key 384 bits (CCMP) During 4-way handshake 512 bits (TKIP) KCK KEK TK EAPOL key confirmation key EAPOL key encryption key Temporal key 128 bits 128 bits 128 bits (CCMP) 256 bits (TKIP) These keys are components of the PTK (a) Pairwise key hierarchy GMK (generated by AS) Group master key 256 bits Changes periodically or if compromised GTK Group temporal key 40 bits, 104 bits (WEP) 128 bits (CCMP) 256 bits (TKIP) Changes based on policy (disassociation, deauthentication) (b) Group key hierarchy Figure IEEE i Key Hierarchies 9
10 (Table can be found on page 757 in the textbook.) STA AP AP s 802.1X controlled port blocked Message 2 delivers another nonce to the AP so that it can also generate the PTK. It demonstrates to the AP that the STA is alive, ensures that the PTK is fresh (new) and that there is no man-in-the-middle Message 4 serves as an acknowledgement to Message 3. It serves no cryptographic function. This message also ensures the reliable start of the group key handshake. Message 1 EAPOL-key (Anonce, Unicast) Message 1 delivers a nonce to the STA so that it can generate the PTK. Message 2 EAPOL-key (Snonce, Unicast, MIC) Message 3 EAPOL-key (Install PTK, Unicast, MIC) Message 3 demonstrates to the STA that the authenticator is alive, ensures that the PTK is fresh (new) and that there is no Message 4 man-in-the-middle. EAPOL-key (Unicast, MIC) AP s 802.1X controlled port unblocked for unicast traffic The STA decrypts the GTK and installs it for use. Message 2 is delivered to the AP. This frame serves only as an acknowledgment to the AP. Message 1 EAPOL-key (GTK, MIC) Message 2 EAPOL-key (MIC) Message 1 delivers a new GTK to the STA. The GTK is encrypted before it is sent and the entire message is integrity protected The AP installs the GTK. Figure IEEE i Phases of Operation: Four-Way Handshake and Group Key Handshake Temporal Key Integrity Protocol (TKIP) Designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP Provides two services: Message integrity Adds a message integrity code to the MAC frame after the data field Data confidentiality Provided by encrypting the MPDU 10
11 Counter Mode-CBC MAC Protocol (CCMP) Intended for newer IEEE devices that are equipped with the hardware to support this scheme Provides two services: Message integrity Data confidentiality Uses the cipherblock-chaining message authentication code (CBC-MAC) Uses the CTR block cipher mode of operation with AES for encryption A 0 B i + 1 K HMAC-SHA-1 R = HMAC-SHA-1(K, A 0 B i) Figure IEEE i Pseudorandom Function Summary Wireless Security o Wireless network threats o Wireless security measures Mobile device security o Security threats o Mobile device security strategy IEEE wireless LAN overview o The Wi-Fi alliance o IEEE 802 protocol o IEEE network components and architectural model o IEEE services IEEE i wireless LAN security IEEE i services IEEE i phases of operation Discovery phase Authentication phase Key management phase Protected data transfer phase The IEEE i pseudorandom function 11
Chapter 17. Wireless Network Security
Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand
More informationWireless Network Security
Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so
More informationWireless Network Security
Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationLink & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationIEEE i and wireless security
Blog IEEE 802.11i and wireless security David Halasz 8/25/2004 10:00 PM EDT 0 comments post a comment Tweet Share 1 2 IEEE's wireless security amendment adds stronger encryption, authentication, and key
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationWPA Passive Dictionary Attack Overview
WPA Passive Dictionary Attack Overview TakehiroTakahashi This short paper presents an attack against the Pre-Shared Key version of the WPA encryption platform and argues the need for replacement. What
More informationChapter - 6 WIRELESS NETWORK SECURITY
Chapter - 6 WIRELESS NETWORK SECURITY Bhargavi H Goswami Assistant Professor Sunshine Group of Institutes Rajkot, Gujarat, India. Mob: 9426669020 Email: bhargavigoswami@gmail.com Topic List 1. IEEE 802.11
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationWPA-GPG: Wireless authentication using GPG Key
Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication
More informationNetwork Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: WLAN Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline Wireless LAN technology Threats against WLANs (Weak security mechanisms and historical WEP)
More informationNetwork Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: WLAN Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline Wireless LAN technology Threats against WLANs Weak security mechanisms and historical WEP
More informationAppendix E Wireless Networking Basics
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
More informationTable of Contents 1 WLAN Security Configuration Commands 1-1
Table of Contents 1 WLAN Security Configuration Commands 1-1 authentication-method 1-1 cipher-suite 1-2 gtk-rekey client-offline enable 1-2 gtk-rekey enable 1-3 gtk-rekey method 1-4 ptk-lifetime 1-5 security-ie
More informationCOPYRIGHTED MATERIAL. Contents
Contents Foreword Introduction xxv xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical
More informationConfiguring Layer2 Security
Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationWLAN The Wireless Local Area Network Consortium
WLAN The Wireless Local Area Network Consortium WPA Station MAC Layer Test Suite Version 2.5 Technical Document Last Updated: February 18, 2013 Wireless LAN Consortium 121 Technology Drive, Suite 2 Durham,
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationEXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.
CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of
More informationTroubleshooting WLANs (Part 2)
SharkFest 17 Europe Troubleshooting WLANs (Part 2) Troubleshooting WLANs using 802.11 Management & Control Frames 8. November 2017 Breaking News: Including KRACK!!! Rolf Leutert Leutert NetServices Switzerland
More informationOpen System - No/Null authentication, anyone is able to join. Performed as a two way handshake.
Five components of WLAN Security 1. Data Privacy 1. Privacy is important because transmission occurs over the air in freely licensed bands. The Data can be sniffed by anyone within range. 2. Eavesdropping
More informationConfiguring a WLAN for Static WEP
Restrictions for Configuring Static WEP, page 1 Information About WLAN for Static WEP, page 1 Configuring WPA1+WPA2, page 3 Restrictions for Configuring Static WEP The OEAP 600 series does not support
More informationSecurity in IEEE Networks
Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set
More informationCsci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
More informationLink Security A Tutorial
Link Security A Tutorial Fortress Technologies, Inc. Slide 1 Five basic security services Data confidentiality Data integrity Access control and access rights Authentication/Roaming Non-repudiation These
More informationWireless Networked Systems
Wireless Networked Systems CS 795/895 - Spring 2013 Lec #5: Medium Access Control High Throughput, Security Tamer Nadeem Dept. of Computer Science High Throughput Networks (802.11n) Slides adapted from
More informationWireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities
Wireless Security Comp Sci 3600 Security Outline 1 2 3 Wired versus wireless Endpoint Access point Figure 24.1 Wireless Networking Components Locations and types of attack Outline 1 2 3 Wired Equivalent
More informationWi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018
Perry Correll Aerohive, Wi-Fi Alliance member October 2018 1 Value of Wi-F1 The value Wi-Fi provides to the global economy rivals the combined market value of Apple Inc. and Amazon. The fact that Wi-Fi
More informationWireless Security i. Lars Strand lars (at) unik no June 2004
Wireless Security - 802.11i Lars Strand lars (at) unik no June 2004 802.11 Working Group 11 of IEEE 802 'Task Groups' within the WG enhance portions of the standard: 802.11 1997: The IEEE standard for
More informationFIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points
FIPS 140-2 Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points November 4, 2010 Version 2.2 Contents This security policy
More informationWireless Network Security
Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless
More informationWLAN Roaming and Fast-Secure Roaming on CUWN
802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP
More informationCisco Wireless LAN Controller Module
Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN
More informationChapter 1 Describing Regulatory Compliance
[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know
More informationStandard For IIUM Wireless Networking
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationSecuring a Wireless LAN
Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access
More informationPhysical and Link Layer Attacks
Physical and Link Layer Attacks CMSC 414 November 1, 2017 Attenuation Physical links are subject to attenuation Copper cables have internal resistance, which degrades signal over large distances Fiber
More informationSecure Wireless LAN Design and Deployment
Secure Wireless LAN Design and Deployment Mark Krischer CTO, Enterprise Networks Asia Pacific, Japan and Greater China Abstract The proliferation of mobile devices and the rise of BYOD has raised the profile
More informationECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED
Part V ECHONET Lite System Design Guidelines i 2011 (2012) ALL RIGHTS RESERVED The specifications published by the ECHONET Consortium are established without regard to industrial property rights (e.g.,
More informationWIRELESS LAN SECURITY AND IEEE I
MIGRATION TOWARDS 4G WIRELESS C OMMUNICATIONS WIRELESS LAN SECURITY AND IEEE 802.11I JYH-CHENG CHEN, MING-CHIA JIANG, AND YI-WEN LIU NATIONAL TSING HUA UNIVERSITY Foreign AP Authentication server A A A
More informationExam Questions CWSP-205
Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism
More informationSecure Initial Access Authentication in WLAN
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 13 (2014), pp. 1299-1303 International Research Publications House http://www. irphouse.com Secure Initial
More informationLESSON 12: WI FI NETWORKS SECURITY
LESSON 12: WI FI NETWORKS SECURITY Raúl Siles raul@taddong.com Founder and Security Analyst at Taddong Introduction to Wi Fi Network Security Wireless networks or Wi Fi networks IEEE 802.11 Standards Information
More informationThe 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013
The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013 Florin OGÎGĂU-NEAMŢIU National Defense University of Romania "Carol I"/ The Regional
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationTestsDumps. Latest Test Dumps for IT Exam Certification
TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : PW0-200 Title : Certified wireless security professional(cwsp) Vendors : CWNP Version : DEMO Get Latest & Valid PW0-200
More informationCSE 713: Wireless Networks Security Principles and Practices. Ad hoc networks security and sensor networks security (1 hour)
CSE 713: Wireless Networks Security Principles and Practices Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Lecture 2 February 6, 2017 Outline TKIP and AES-CCMP (1 hour) Break
More informationSecuring Wireless LANs with Certificate Services
1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the
More informationCHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS
CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS Mohammad O. Pervaiz, Mihaela Cardei, and Jie Wu Department of Computer Science &Engineering, Florida Atlantic University 777 Glades Road, Boca Raton, Florida
More informationKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef @vanhoefm CCS 2017, 1 October 2017 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned 2 Overview
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationImproved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018
Improved KRACK Attacks Against WPA2 Implementations Mathy Vanhoef @vanhoefm OPCDE, Dubai, 7 April 2018 Overview Key reinstalls in 4-way handshake New KRACKs Practical impact Lessons learned 2 Overview
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationConfiguring Security Solutions
3 CHAPTER This chapter describes the security solutions for wireless LANs. It contains the following sections: Cisco Unified Wireless Network Solution Security, page 3-1 Interpreting the Security Tab,
More information4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions
4.4 IEEE 802.11 MAC Layer 4.4.1 Introduction 4.4.2 Medium Access Control 4.4.3 MAC Management 4.4.4 Extensions 4.4.3 802.11 - MAC management Synchronization try to find a LAN, try to stay within a LAN
More informationWireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013
Wireless Security K. Raghunandan and Geoff Smith Stevens Institute t of Technology September 21, 2013 Topics Cyber Security hacking community Familiarity with IP networks What is the security yprocess
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
More informationThe security of existing wireless networks
Security and Cooperation in Wireless Networks Cellular networks o o GSM UMTS WiFi LANs Bluetooth Security in Wireless Networks Wireless networks are more vulnerable to security issues: Broadcast communications
More informationA Configuration Protocol for Embedded Devices on Secure Wireless Networks
A Configuration Protocol for Embedded Devices on Secure Wireless Networks Larry Sanders lsanders@ittc.ku.edu 6 May 2003 Introduction Wi-Fi Alliance Formally Wireless Ethernet Compatibility Alliance (WECA)
More informationConfiguring WEP and WEP Features
CHAPTER 9 This chapter describes how to configure Wired Equivalent Privacy (WEP), Message Integrity Check (MIC), and Temporal Key Integrity Protocol (TKIP). This chapter contains these sections: Understanding
More informationInterworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...
Interworking 2006 Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks Interworking Conference, 15th - 17th of January 2007 Dr-Ing Kai-Oliver Detken Business URL: http://wwwdecoitde
More informationExam : PW Title : Certified wireless security professional(cwsp) Version : DEMO
Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point
More informationFast and Secure Roaming in WLAN
Final thesis Fast and Secure Roaming in WLAN Performed for Ericsson AB by Magnus Falk LITH-IDA-EX--04/116--SE 2004-12-22 i Final thesis Fast and Secure Roaming in WLAN by Magnus Falk LiTH-IDA-EX--04/116--SE
More informationMeru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009
Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety
More informationConfiguring the Client Adapter through Windows CE.NET
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
More information2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp
2013 Summer Camp: Wireless LAN Security Exercises 2013 JMU Cyber Defense Boot Camp Questions Have you used a wireless local area network before? At home? At work? Have you configured a wireless AP before?
More informationWireless KRACK attack client side workaround and detection
Wireless KRACK attack client side workaround and detection Contents Introduction Components used Requirements EAPoL Attack protections Why this works Possible impact How to identify if a client is deleted
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More informationHooray, w Is Ratified... So, What Does it Mean for Your WLAN?
Global Leader in Wireless Security Hooray, 802.11w Is Ratified... So, What Does it Mean for Your WLAN? A Brief Tutorial on IEEE 802.11w Gopinath K N and Hemant Chaskar AirTight Networks www.airtightnetworks.com
More informationWIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK
WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK S.DEEPTHI 1 G.MARY SWARNALATHA 2 PAPARAO NALAJALA 3 Assoc. Professor, Dept. of Electronics &Communication Engineering at Institute of Aeronautical Engineering,
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationLab Configure Enterprise Security on AP
Lab 8.5.4.1 Configure Enterprise Security on AP Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, students will demonstrate an understanding
More informationStatus of P Sub-Specification
Status of P1451.5 802.11 Sub-Specification June 7, 2004 Ryon Coleman Senior Systems Engineer 802.11 Subgroup rcoleman@3eti.com Agenda 1. IEEE 802.11 Architecture 2. Scope within the 1451 Reference Model
More informationWIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security
Objectives: 1) Understanding the basic operations of WLANs 2) WLAN security 3) Wireless body area networks (IEEE 802.15.6) Readings: 1. Kurose & Ross, Computer Networking: A Top-Down Approach (6th Edition),
More informationKRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018
KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned
More informationConfiguring a VAP on the WAP351, WAP131, and WAP371
Article ID: 5072 Configuring a VAP on the WAP351, WAP131, and WAP371 Objective Virtual Access Points (VAPs) segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of
More informationWi-Fi Scanner. Glossary. LizardSystems
Wi-Fi Scanner Glossary LizardSystems 2 Table of Contents 802 6 802.11 6 802.11a 6 802.11b 6 802.11d 6 802.11e 6 802.11g 6 802.11h 6 802.11i 6 802.11j 6 802.11n 7 802.1X 7 802.3 7 A 8 Ad-Hoc mode 8 AES
More informationSecurity and Authentication for Wireless Networks
University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses 5-21-2004 Security and Authentication for 802.11 Wireless Networks Michel Getraide
More informationAdd a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)
Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP) Objective A Wireless Access Point (WAP) is a networking device that allows wireless-capable devices to connect to
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationAssignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson
Project Whitepaper ITEC495-V1WW Instructor: Wayne Smith Jim Patterson Table of Contents 1. Abstract Page 3 2. Introduction Page 3 3. Analysis Page 4 4. Solution Discussion Page 7 5. Evaluation Criteria
More informationTHOUGHTS ON TSN SECURITY
THOUGHTS ON TSN SECURITY Contributed by Philippe Klein, PhD (philippe@broadcom.com) 1 METWORK SECURITY PROTOCOLS Description Complexity Performance Layer 4..7 Layer 3 Layer 2 SSL / TLS, IPsec MACsec Application
More informationConfiguring Authentication Types
CHAPTER 11 This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understanding Authentication Types, page 11-2, page 11-10 Matching Access
More informationHacking Air Wireless State of the Nation. Presented By Adam Boileau
Hacking Air Wireless State of the Nation Presented By Adam Boileau Introduction Wireless in 2006 802-dot-what? Threats to Wireless Networks Denial of Service Attacks against Authentication Attacks against
More informationCSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology
CSNT 180 Wireless Networking Chapter 7 WLAN Terminology and Technology Norman McEntire norman.mcentire@servin.com Founder, Servin Corporation, http://servin.com Technology Training for Technology Professionals
More informationWireless# Guide to Wireless Communications. Objectives
Wireless# Guide to Wireless Communications Chapter 8 High-Speed WLANs and WLAN Security Objectives Describe how IEEE 802.11a networks function and how they differ from 802.11 networks Outline how 802.11g
More information