Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Size: px
Start display at page:

Download "Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer"

Transcription

1 Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April (section 8.8) Also based on: LAN Switch Security, Eric Vyncke, Christopher Paggen Cisco Press, 2008 (chapters 2 to 6) 7: Securing LANs 7-1 Chapter 7: Securing LANs Chapter goals: security in practice: Security in the data link layer Securing Wireless LANs Securing Switched Ethernet LANs 7: Securing LANs 7-2 1

2 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-3 WEP Design Goals Symmetric key crypto Confidentiality Station authorization Data integrity Self-synchronizing: each packet separately encrypted Given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost Unlike Cipher Block Chaining (CBC) in block ciphers Efficient Can be implemented in hardware or software 7: Securing LANs 7-4 2

3 Review: Symmetric Stream Ciphers key keystream generator keystream Combine each byte of keystream with byte of plaintext to get ciphertext m(i) = i th unit of message ks(i) = i th unit of keystream c(i) = i th unit of ciphertext c(i) = ks(i) m(i) ( = exclusive or) m(i) = ks(i) c(i) WEP uses RC4 7: Securing LANs 7-5 Stream cipher and packet independence Recall design goal: each packet separately encrypted If for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted Need to know where we left off for packet n WEP approach: initialize keystream with key + new IV for each packet: Key+IV packet keystream generator keystream packet 7: Securing LANs 7-6 3

4 WEP encryption (1) Sender calculates Integrity Check Value (ICV) over data four-byte hash/crc for data integrity Each side has 104-bit shared key Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key Sender also appends keyid (in 8-bit field) 128-bit key input into pseudo random number generator to get keystream data in frame + ICV is encrypted with RC4: Bytes of keystream are XORed with bytes of data & ICV IV & keyid are appended to encrypted data to create payload Payload inserted into frame encrypted IV Key ID data ICV MAC payload 7: Securing LANs 7-7 WEP encryption (2) Sender-side IV (per frame) K s : 104-bit secret symmetric key key sequence generator (for given K s, IV) IV IV IV IV IV IV k 1 k 2 k 3 k N k N+1 k N header IV WEP-encrypted data + CRC Plaintext frame data + CRC d 1 d 2 d 3 d N CRC 1 CRC 4 c 1 c 2 c 3 c N c N+1 c N+4 new IV for each frame 7: Securing LANs 7-8 4

5 WEP decryption overview encrypted IV Key ID data ICV MAC payload Receiver extracts IV Inputs IV and shared secret key into pseudo random generator, gets keystream XORs keystream with encrypted data to decrypt data + ICV Verifies integrity of data with ICV Note: message integrity approach used here is different from the MAC (message authentication code) and signatures (using PKI) 7: Securing LANs 7-9 End-point authentication with nonce STA: client station I am Alice R AP: access point authentication as in protocol ap4.0 K A-B (R) host requests authentication from access point access point sends 128-bit nonce: R host encrypts nonce using shared symmetric key: K A-B (R) access point decrypts nonce, authenticates host Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! 7: Securing LANs

6 WEP Authentication authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce authentication: knowing the shared key is enough. But no key distribution mechanism - Not all APs do it, even if WEP is being used - AP indicates if authentication is necessary in beacon frame - Done before association 7: Securing LANs 7-11 Breaking WEP encryption security hole: 24-bit IV, one IV per frame -> IV s eventually reused After 12,000 frames, 99% probability to have reused same IV Could be as short as a few seconds at full LAN capacity! IV transmitted in plaintext -> IV reuse detected attack: Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 Trudy sees: c i = d i XOR k i IV Trudy knows c i and d i, so can compute k i IV Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV Next time IV is used, Trudy can decrypt! 7: Securing LANs

7 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs i: improved security numerous (stronger) forms of encryption possible replacing WEP e.g., CCMP based on AES, or strengthened WEP provides key distribution one key per station, not the same key for all! uses authentication server separate from access point good thing for mobility 7: Securing LANs

8 802.11i: four phases of operation (802.1x) STA: client station 1 Discovery of security capabilities AP: access point wired network AS: Authentication server (AAA) 2 STA and AS mutually authenticate, together generate Master Key (MK). AP serves as pass through 3 STA derives Pairwise Master Key (PMK) 3 AS derives same PMK, sends to AP 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 7: Securing LANs 7-15 EAP: extensible authentication protocol EAP: end-end client (mobile) to authentication server protocol EAP sent over separate links mobile-to-ap (EAP over LAN) defines the way to encapsulate EAP messages in frames AP-to-AS (RADIUS over UDP) allows non local communication (including roaming through a Radius proxy) EAP-TLS: uses X.509v3 PKI-issued certificates and TLS mechanisms for strong end-end mutual authentication Mobile AP wired network AS EAP over LAN (EAPoL) IEEE EAP TLS EAP RADIUS UDP/IP 7: Securing LANs

9 Other standards WPA: WiFi Protected Access Implements the majority of the IEEE i standard Existed before IEEE i Still uses RC4 Two modes: Enterprise: uses 802.1x, so PMK is specific to client station Personal: does not use 802.1x, PMK is replaced by a pre-shared key, simpler, use for SOHO (Small Office Home Office) environments, no need for AS server WPA2 Implements the full IEEE i But may not work with older WiFi cards 7: Securing LANs 7-17 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

10 Switched Ethernet Reminder Switches build a spanning tree to avoid loops Root bridge, root ports, forwarding/blocking ports Switches self-learn mapping between MAC addresses and ports, by looking at MAC source addresses They build a CAM (Content Addressable Memory) table When a MAC address is not in the table, the switch floods the frame Switches are transparent to routers and hosts A set of interconnected switches form a LAN For IP, this LAN is a subnet IP addresses are mapped on MAC addresses by the ARP protocol Don t confuse MAC forwarding tables and ARP tables! 7: Securing LANs 7-19 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

11 MAC spoofing attack MAC spoofing B sends a frame with source MAC address C Switch «learns» that C is reachable via interface 2! B can now see the frames destined for C Some switches will overwrite C s entry C cannot see frames any longer! DoS attack! A Spoofed source: C Dest: A C A B C 7: Securing LANs 7-21 MAC flooding attack B generates a large number of frames with spoofed MAC addresses Switch (CAM) table will overflow Capacity of table may vary from a few thousands to more than 100,000 entries Older entries will be removed from table Switch now floods frames on all interfaces for removed (unknown) MAC addresses Usually one table per switch, not one per VLAN All VLANs impacted A Y? X? B C 7: Securing LANs

12 Preventing MAC spoofing and flooding attacks MAC address activity notification Many switches can be configured to warn about frequent MAC address changes Port security Associate a (few) MAC address(es) with every port (Why not just 1?) Can be static or dynamic Violations are notified Unicast flooding protection Limited flooding is normal But continuous flooding is not! Alert! DHCP snooping See next slides 7: Securing LANs 7-23 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

13 Attack against DHCP DHCP is not a datalink protocol but solutions to DHCP attacks are also useful to thwart layer 2 attacks DHCP reminder: Client discovers server(s): broadcast packet DHCP server broadcasts an offer Client broadcasts interest in (one) offer DHCP acks Client gets IP address and mask, but also default router and DNS servers! A (quick) rogue DHCP server can easily redirect client to a fake router and/or fake DNS server Solution: DHCP snooping Monitor and restrict DHCP operations on a (V)LAN A host has no reason to send DHCP offers (nor ACKs)! Don t let DHCP offers enter the switch on «untrusted» ports In addition: DHCP snooping allows to learn IP-to-MAC bindings Learns IP address assigned to client and knows client MAC address (present in request) 7: Securing LANs 7-25 DHCP snooping to thwart IP/ MAC spoofing attacks IP spoofing Source: B Spoofed source IP is IP C Dest: A B A IP packet B: attacker MAC spoofing Spoofed source: C Dest: A Source IP is IP B C A IP packet B: attacker A C: victim A C: victim DHCP snooping: discard frames with invalid <IP, MAC> source address pairs 7: Securing LANs

14 ARP spoofing/poisoning Telling that IP C is at MAC B ARP reminder: ARP request: MAC broadcast frame searching for an IP address ARP reply: unicast Gratuitous ARP: Reply sent without prior request Useful when MAC address changes ARP spoofing/poisoning Sends gratuitous ARP with wrong IP-to-MAC mapping: attacker s MAC address (MAC B ) mapped to victim s IP address (IP C ) All traffic to C is actually sent to B. Then B can silently forward it to C after sniffing: Man-in-the- Middle attack Note: B needs a second ARP spoofing attack to also sniff the return traffic A Source: B Solutions: Dest: A B A gratuitous ARP C: victim B: attacker Ignore gratuitous ARP Use an IDS to track changes in IP-to-MAC mappings Rely on DHCP snooping 7: Securing LANs 7-27 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

15 Attacking the Spanning Tree Protocol Taking over the root bridge Attacker sends BPDUs with smallest id Becomes root bridge If attacker is dualhomed some traffic can be redirected to cross attacker s device BPDU flooding DoS attack Solution: Discard BPDUs on access ports End stations are not supposed to send BPDUs! 7: Securing LANs 7-29 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs

16 VLANs Reminder VLAN: Virtual LAN Multiple VLANs can be deployed on the same set of switches (same LAN infrastructure) 802.1Q: Extended frame format, with VLAN id Frames cannot jump from one VLAN to another without crossing a router Broadcast frames remain on their VLAN A VLAN can be switch-port-based or MAC-addressbased One can define VLANs within VLANs: VLAN ids can be stacked in the 802.1Q frame When a frame has no VLAN id on a trunk line, there is a default VLAN id which the frame is considered to be associated with 7: Securing LANs 7-31 Attacking the VLAN tag stack Victim A: is on VLAN 2 Switch strips off 1st tag (equal to default) B being on VLAN 1? A 2 Trunk line with default VLAN = 1. Frames on VLAN 1 travel untagged? A 1 2 Inner VLAN Outer VLAN VLAN hopping Frame hops from VLAN 1 to VLAN 2! Victim on VLAN 2 can receive killer packets from an attacker on VLAN 1 without crossing any router! Solutions Don t assign default VLAN to any access port, or Force all traffic on trunk to always carry a tag, even the default one 7: Securing LANs

17 Summary Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE i IEEE 802.1x EAP Radius Same AAA principles can also be used with Switched Ethernet LANs Securing Switched Ethernet LANs Securing the MAC selflearning process MAC spoofing MAC flooding Securing DHCP and ARP Rogue DHCP server ARP spoofing/poisoning Securing the spanning tree protocol Securing VLANs VLAN hopping 7: Securing LANs

COSC4377. Chapter 8 roadmap

COSC4377. Chapter 8 roadmap Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

CSC 4900 Computer Networks: Security Protocols (2)

CSC 4900 Computer Networks: Security Protocols (2) CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above

More information

05 - WLAN Encryption and Data Integrity Protocols

05 - WLAN Encryption and Data Integrity Protocols 05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks

More information

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015 Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA

More information

Wireless Network Security Spring 2016

Wireless Network Security Spring 2016 Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project

More information

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device

More information

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,

More information

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder. Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/

More information

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols

More information

Security in IEEE Networks

Security in IEEE Networks Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set

More information

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities Wireless Security Comp Sci 3600 Security Outline 1 2 3 Wired versus wireless Endpoint Access point Figure 24.1 Wireless Networking Components Locations and types of attack Outline 1 2 3 Wired Equivalent

More information

Chapter 24 Wireless Network Security

Chapter 24 Wireless Network Security Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically

More information

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802. WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the

More information

Overview of Security

Overview of Security Overview of 802.11 Security Bingdong Li Present for CPE 601 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 1 Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations

More information

"$% "& & Thanks and enjoy! JFK/KWR. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved. 8: Network Security 8-1

$% & & Thanks and enjoy! JFK/KWR. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved. 8: Network Security 8-1 A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete slides (including this

More information

Selected Network Security Technologies

Selected Network Security Technologies Selected Network Security Technologies Petr Grygárek rek Agenda: Security in switched networks Control Plane Policing 1 Security in Switched Networks 2 Switch Port Security Static MAC addresses assigned

More information

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,

More information

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8 CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 8 Announcements Reminder: Project 1 is due on tonight by midnight. Midterm 1 will be held next Thursday, Feb. 8th. Example midterms

More information

CIT 380: Securing Computer Systems. Network Security Concepts

CIT 380: Securing Computer Systems. Network Security Concepts CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines

More information

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE

More information

Physical and Link Layer Attacks

Physical and Link Layer Attacks Physical and Link Layer Attacks CMSC 414 November 1, 2017 Attenuation Physical links are subject to attenuation Copper cables have internal resistance, which degrades signal over large distances Fiber

More information

Chapter 8 Security. Computer Networking: A Top Down Approach

Chapter 8 Security. Computer Networking: A Top Down Approach Chapter 8 A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

CCNP Switch Questions/Answers Securing Campus Infrastructure

CCNP Switch Questions/Answers Securing Campus Infrastructure What statement is true about a local SPAN configuration? A. A port can act as the destination port for all SPAN sessions configured on the switch. B. A port can be configured to act as a source and destination

More information

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?

More information

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 Chapter 8 Andrei Gurtov All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley

More information

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

More information

Securing Your Wireless LAN

Securing Your Wireless LAN Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP

More information

Wireless Security Security problems in Wireless Networks

Wireless Security Security problems in Wireless Networks Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security

More information

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13 INDEX Numerics 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC 1-8 802.11g 3-6, 3-9 802.1x authentication 4-13 A AAA server group 4-25 aaa authentication login command 4-24 aaa authorization command 4-27 aaa

More information

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step RC4 RC4 1 RC4 Invented by Ron Rivest o RC is Ron s Code or Rivest Cipher A stream cipher Generate keystream byte at a step o Efficient in software o Simple and elegant o Diffie: RC4 is too good to be true

More information

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018 Network Security The Art of War in The LAN Land Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018 Part I MAC Attacks MAC Address/CAM Table Review 48 Bit Hexadecimal Number Creates Unique

More information

Campus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs

Campus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs Campus Networking Workshop Layer 2 engineering Spanning Tree and VLANs Switching Loop When there is more than one path between two switches What are the potential problems? Switching Loop If there is more

More information

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 8: Network Security Chapter goals: understand principles of

More information

Configuring a Wireless LAN Connection

Configuring a Wireless LAN Connection CHAPTER 9 The Cisco Secure Router 520 Series routers support a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required

More information

A Framework for Optimizing IP over Ethernet Naming System

A Framework for Optimizing IP over Ethernet Naming System www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul

More information

Computer and Network Security

Computer and Network Security CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 7 Announcements First project: Due: TOMORROW at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Plan for Today: Networks:

More information

Securing a Wireless LAN

Securing a Wireless LAN Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access

More information

Problem Set 10 Due: Start of class December 11

Problem Set 10 Due: Start of class December 11 CS242 Computer Networks Handout # 20 Randy Shull December 4, 2017 Wellesley College Problem Set 10 Due: Start of class December 11 Reading: Kurose & Ross, Sections 7.1 7.3, 8.1 8.4 Wireshark Lab [16] Recall

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

WPA Migration Mode: WEP is back to haunt you

WPA Migration Mode: WEP is back to haunt you Black Hat USA 2010 WPA Migration Mode: WEP is back to haunt you Leandro Meiners (lmeiners@coresecurity.com / @gmail.com) Diego Sor (dsor@coresecurity.com / diegos@gmail.com) Page 1 WPA Migration Mode:

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so

More information

Wireless Networked Systems

Wireless Networked Systems Wireless Networked Systems CS 795/895 - Spring 2013 Lec #5: Medium Access Control High Throughput, Security Tamer Nadeem Dept. of Computer Science High Throughput Networks (802.11n) Slides adapted from

More information

Chapter 8 Network Security

Chapter 8 Network Security Advanced Computer Networking Graduate Course from Electrical Engineering School A. Beheshti Communication Group Iran University of Science and Technology Chapter 8 Text Book: Computer Networking: A Top

More information

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design Protocol Analysis and Design 1 Networks 1. WIRELESS NETWORKS 2 Networks 1. WIRELESS NETWORKS 1.1 WiFi 802.11 3 Networks OSI Structure 4 Networks Infrastructure Networks BSS : Basic Set Service ESS : Extended

More information

Chapter 8 Network Security

Chapter 8 Network Security Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

The Final Nail in WEP s Coffin

The Final Nail in WEP s Coffin 1/19 The Final Nail in WEP s Coffin Andrea Bittau 1 Mark Handley 1 Joshua Lackey 2 May 24, 2006 1 University College London. 2 Microsoft. Wired Equivalent Privacy 2/19 WEP is the 802.11 standard for encryption.

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Configuring the WMIC for the First Time

Configuring the WMIC for the First Time Configuring the WMIC for the First Time This document describes how to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. Before You Start Before you install

More information

Wireless Security i. Lars Strand lars (at) unik no June 2004

Wireless Security i. Lars Strand lars (at) unik no June 2004 Wireless Security - 802.11i Lars Strand lars (at) unik no June 2004 802.11 Working Group 11 of IEEE 802 'Task Groups' within the WG enhance portions of the standard: 802.11 1997: The IEEE standard for

More information

Exam Questions CWSP-205

Exam Questions CWSP-205 Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism

More information

Wireless technology Principles of Security

Wireless technology Principles of Security Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the

More information

Configuring a VAP on the WAP351, WAP131, and WAP371

Configuring a VAP on the WAP351, WAP131, and WAP371 Article ID: 5072 Configuring a VAP on the WAP351, WAP131, and WAP371 Objective Virtual Access Points (VAPs) segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of

More information

Chapter 17. Wireless Network Security

Chapter 17. Wireless Network Security Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless

More information

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) HW/Lab 4: IPSec and Wireless Security CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) This HW/Lab assignment covers Lectures 8 (IPSec) and 10 (Wireless Security). Please review these

More information

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

More information

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide Introduction This is the first of a series of documents on the design and implementation of a wireless

More information

Chapter 2. Switch Concepts and Configuration. Part II

Chapter 2. Switch Concepts and Configuration. Part II Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools

More information

Configuring Authentication Types

Configuring Authentication Types CHAPTER 11 This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understanding Authentication Types, page 11-2, page 11-10 Matching Access

More information

EEC-682/782 Computer Networks I

EEC-682/782 Computer Networks I EEC-682/782 Computer Networks I Lecture 24 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004. Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

More information

FAQ on Cisco Aironet Wireless Security

FAQ on Cisco Aironet Wireless Security FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most

More information

Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch

Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection

More information

Cisco Networking Academy CCNP

Cisco Networking Academy CCNP Semester 3 v5 -Chapter 8 Cisco Networking Academy CCNP Minimizing Service Loss and Data Theft in a Campus Network Switch security concerns Network security coverage often focuses on edge-routing devices

More information

CCNP SWITCH (22 Hours)

CCNP SWITCH (22 Hours) CCNP SWITCH 642-813 (22 Hours) Chapter-1 Enterprise Campus Network Design 1.1 IIN & SONA 1.2 Campus Network 1.3 Enterprise Model 1.4 Nonhierarchical Network Devices Layer-2 Switching, Layer-3 Routing Multilayer

More information

Authentication and Security: IEEE 802.1x and protocols EAP based

Authentication and Security: IEEE 802.1x and protocols EAP based Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright

More information

Configuring Management Frame Protection

Configuring Management Frame Protection Information About Management Frame Protection, page 1 Restrictions for Management Frame Protection, page 3 (GUI), page 3 Viewing the Management Frame Protection Settings (GUI), page 3 (CLI), page 4 Viewing

More information

Switching & ARP Week 3

Switching & ARP Week 3 Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly

More information

Security in Data Link Protocols

Security in Data Link Protocols Security in 802.11 Data Link Protocols Gianluca Dini Dept. of Ingegneria dell Informazione University of Pisa, Italy Via Diotisalvi 2, 56100 Pisa gianluca.dini@ing.unipi.it If you believe that any security

More information

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these

More information

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product. CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of

More information

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services CHAPTER 11 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access point/bridges for wireless domain services

More information

From wired internet to ubiquitous wireless internet

From wired internet to ubiquitous wireless internet WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1 Classical intranet. Network access is

More information

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions 4.4 IEEE 802.11 MAC Layer 4.4.1 Introduction 4.4.2 Medium Access Control 4.4.3 MAC Management 4.4.4 Extensions 4.4.3 802.11 - MAC management Synchronization try to find a LAN, try to stay within a LAN

More information

Manual:Interface/Wireless

Manual:Interface/Wireless Manual:Interface/Wireless RouterOS wireless comply with IEEE 802.11 standards, it provides complete support for 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac as long as additional features like WPA,

More information

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design

More information

Session Overview. ! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs

Session Overview. ! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs Session Overview! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs! RIP, IGRP, EIGRP and OSPF! Attacking tunnels! GRE intrusion

More information

Switched environments security... A fairy tale.

Switched environments security... A fairy tale. Switched environments security... A fairy tale. Cédric Blancher 10 july 2002 Outline 1 Network basics Ethernet basics ARP protocol Attacking LAN Several ways to redirect network

More information

Network Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals

Network Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 2 Network Fundamentals Roadmap Network Fundamentals

More information

Review. Error Detection: CRC Multiple access protocols. LAN addresses and ARP Ethernet. Slotted ALOHA CSMA/CD

Review. Error Detection: CRC Multiple access protocols. LAN addresses and ARP Ethernet. Slotted ALOHA CSMA/CD Review Error Detection: CRC Multiple access protocols Slotted ALOHA CSMA/CD LAN addresses and ARP Ethernet Some slides are in courtesy of J. Kurose and K. Ross Overview Ethernet Hubs, bridges, and switches

More information

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services 12 CHAPTER Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access points for wireless domain services (WDS),

More information

Configuring the Client Adapter through Windows CE.NET

Configuring the Client Adapter through Windows CE.NET APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:

More information

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window 9. Security DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide Port Security 802.1X AAA RADIUS TACACS IMPB DHCP Server Screening ARP Spoofing Prevention MAC Authentication Web-based

More information

Security and Authentication for Wireless Networks

Security and Authentication for Wireless Networks University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses 5-21-2004 Security and Authentication for 802.11 Wireless Networks Michel Getraide

More information

Appendix E Wireless Networking Basics

Appendix E Wireless Networking Basics Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical

More information

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security Objectives: 1) Understanding the basic operations of WLANs 2) WLAN security 3) Wireless body area networks (IEEE 802.15.6) Readings: 1. Kurose & Ross, Computer Networking: A Top-Down Approach (6th Edition),

More information

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner Analysis of 802.11 Security or Wired Equivalent Privacy Isn t Nikita Borisov, Ian Goldberg, and David Wagner WEP Protocol Wired Equivalent Privacy Part of the 802.11 Link-layer security protocol Security

More information

Configuring Hybrid REAP

Configuring Hybrid REAP 13 CHAPTER This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains the following sections: Information About Hybrid REAP, page 13-1,

More information

CS 393/682 Network Security

CS 393/682 Network Security CS 393/682 Network Security Nasir Memon Polytechnic University Module 9 Wireless LAN Security Course Logistics Start working on HW 6 Final homework. To be posted today. HW6 - Points for defending and attacking.

More information

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Securing Wireless Networks by By Joe Klemencic Mon. Apr http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies

More information

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule 1 next CITS3002 help3002 CITS3002 schedule The IEEE-802.11 Wireless LAN protocol We'll next examine devices implementing the IEEE-802.11 family of wireless networking protocols, and get an appreciation

More information

Exam Advanced Network Security

Exam Advanced Network Security Exam Advanced Network Security Jaap-Henk Hoepman, Joeri de Ruiter July 2, 2018 NOTE: READ THIS CAREFULLY: This exam consists of two alternatives. The first alternative is the regular exam for students

More information