3 Data Link Layer Security
|
|
- Kelly McDowell
- 5 years ago
- Views:
Transcription
1 Information Security 2 (InfSi2) 3 Data Link Layer Security Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) A. Steffen, , 03-DataLinkLayer.pptx 1
2 Security Protocols for the OSI Stack Communication layers Security protocols Application layer Transport layer Platform Security, Web Application Security, VoIP Security, SW Security TLS Network layer IPsec Data Link layer Physical layer [PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE i (WPA2) Quantum Cryptography A. Steffen, , 03-DataLinkLayer.pptx 2
3 Information Security 2 (InfSi2) 3.1 Port-Based Network Access Control - IEEE 802.1X A. Steffen, , 03-DataLinkLayer.pptx 3
4 IEEE 802.1X Access Control using EAP Methods L2 EAPOL* EAP RADIUS 802.1X Supplicant User Credentials 802.1X Authenticator (WLAN AP, LAN Switch) 802.1X Authentication Server User Credentials 802.1X Supplicants and Authenticators are both Port Access Entities (PAEs) * EAP over LAN (Ethertype 0x888E) A. Steffen, , 03-DataLinkLayer.pptx 4
5 Information Security 2 (InfSi2) 3.2 Secure Device Identity IEEE 802.1AR - DevID A. Steffen, , 03-DataLinkLayer.pptx 5
6 IEEE 802.1AR Secure Device Identifier DevID Secure Device Identifier Secure Device Identifier IDevID Initial Device Identifier Created during manufacturing and cannot be modified Either reaches end of lifetime (certificate) or can be disabled LDevID Locally Significant Device Identifier One or several may be created by network administrator DevID Module Hardware module which stores the DevID secrets, credentials and the entire credential chain up to the root certificate Contains a strong Random Number Generator (RNG) Implements Asymmetric Algorithms (2048 bit RSA and/or 256 bit ECDSA) Implements SHA-256 Hash Function A. Steffen, , 03-DataLinkLayer.pptx 6
7 IEEE 802.1AR DevID Module Applications & Operating System Management Interface Service Interface Storage Asymmetric Cryptography Random Number Generator DevID Secret[s] DevID Credentials[s] Hash Algorithms Credential Chain A. Steffen, , 03-DataLinkLayer.pptx 7
8 Use of DevIDs DevID use EAP-TLS Authentication Device authentication can be based on its DevID certificate. DevID use in Consumer Devices Similar but more secure than access control based on a MAC address list which can easily be spoofed, a switch, router or access point can allow access based on a registered commonname (CN), serialnumber (SN) or a subjectaltname contained in the DevID certificate. DevID use in Enterprise Devices Similar to the consumer device use case but the DevID is usually registered with a centralaaa server. DevID Module based on Trusted Platform Module (TPM) Each TPM has a unique non-erasable Endorsement Key (EK) to which DevID secrets and credentials can be bound. A. Steffen, , 03-DataLinkLayer.pptx 8
9 Information Security 2 (InfSi2) 3.3 Media Access Layer Security IEEE 802.1AE - MACsec A. Steffen, , 03-DataLinkLayer.pptx 9
10 Four Stations Attached to a LAN PAE PAE PAE PAE Port Access Entity A. Steffen, , 03-DataLinkLayer.pptx 10
11 Connectivity Association (CA) CAK (CA Key) CAK CAK SecY MAC Security Entity Station D is not part of the CA A. Steffen, , 03-DataLinkLayer.pptx 11
12 Secure Channel (SC) and Secure Association (SA) Each SC comprises a succession of SAs each with a different SAK (SA Key) A. Steffen, , 03-DataLinkLayer.pptx 12
13 Secure Channel and Secure Association Identifiers Association Number System Identifier Port Identifier SCI Secure Channel Identifier SAI Secure Association Identifier The Association Number (2 bits) allows the overlapping rekeying of the Secure Association during which two different SAKs co-exist. A. Steffen, , 03-DataLinkLayer.pptx 13
14 Two Stations in a point-to-point LAN PAE PAE A. Steffen, , 03-DataLinkLayer.pptx 14
15 Connectivity Association (CA) CAK CAK SecY SecY A. Steffen, , 03-DataLinkLayer.pptx 15
16 Secure Channel (SC) and Secure Association (SA) CKN (CAK Name) CAK CKN CAK SecY SecY SA A SAK A0, SAK A1, SA B SAK B0, SAK B1, SA A SAK A0, SAK A1, SA B SAK B0, SAK B1, A. Steffen, , 03-DataLinkLayer.pptx 16
17 IEEE 802.1AE MACsec Frame Format VLAN Tag PT User Data MAC Addresses MSDU DA SA PT User Data Data Integrity Optional Encryption 8 or 16 8 to 16 DA SA SecTag Secure Data ICV FCS MAC Addresses MPDU MSDU MAC Service Data Unit MPDU MACsec Protocol Data Unit ICV Integrity Check Value A. Steffen, , 03-DataLinkLayer.pptx 17
18 SecTag Security Tag or 8 0x88E5 TCI AN SL PN SCI (optional encoding) MACsec Ethertype is 0x88E5 TCI TAG Control Information (6 bits) AN Association Number (2 bits) SL Short Length (6 bits) length of User Data if < 48 octets, 0 otherwise PN Packet Number replay protection and IV for encryption SCI Secure Channel Identifier identifies Secure Association (SA). In point-to-point links the SCI consists of the Source MAC Address and the Port Identifier and thus the SCI doesn t have to be encoded. A. Steffen, , 03-DataLinkLayer.pptx 18
19 TCI TAG Control Information Bits Bit V=0 ES SC SCB E C AN V Version (currently 0) ES End Station if set means that the Source MAC Address is part of the SCI and the SCI shall not be explicitly encoded. SC shall be set only if an explicitly encoded SCI is present SCB Single Copy Broadcast capability if ES and SCB are set then the implicit SCI comprises a reserved Port Identifier of E Encryption if set encryption is enabled C Changed Text if clear the Secure Data exactly equals User Data A. Steffen, , 03-DataLinkLayer.pptx 19
20 Authenticated Encryption with Associated Data SCI PN 0 SCI PN 1 SCI PN 2 Key K Key K AEAD is based on special block cipher modes: Block size: 128 bits Key size: 128/256 bits Tag size : 128 bits Nonce size: 128 bits SCI PN Counter 64 bits 32 bits 32 bits AES-Galois/Counter Mode AES-GMAC (auth. only) Hash Subkey Derivation 0..0 Key K ICV Hash Subkey H A. Steffen, , 03-DataLinkLayer.pptx 20
21 Information Security 2 (InfSi2) 3.4 MACsec Key Agreement IEEE 802.1X - MKA A. Steffen, , 03-DataLinkLayer.pptx 21
22 MKA distributes random SAK using CAK MKPDU MKPDU MACsec Key Agreement Protocol Data Unit carried via EAPOL CAK Connectivity Association Key pairwise or group root key ICK ICV Key used for MKPDU Data Integrity KEK Key Encrypting Key used for AES Key Wrap in MKPDU SAK Secure Association Key A. Steffen, , 03-DataLinkLayer.pptx 22
23 MKA Key Derivation Function - KDF The MKA KDF is a Pseudo Random Function (PRF) based on AES-CMAC with a 128 or 256 bit key. Output KDF(Key, Label, Context, Length) KEK KDF(CAK, IEEE8021 KEK, CKN[0..15], 128/256) ICK KDF(CAK, IEEE8021 ICK, CKN[0..15], 128/256) SAK KDF(CAK, IEEE8021 SAK, KS-nonce MI-value list KN, 128/256) KS Key Server either elected or EAP Authenticator MI Member Identifier all members of a CA KN Key Number assigned by Key Server A. Steffen, , 03-DataLinkLayer.pptx 23
24 Connectivity Association Key CAK CAK as a Pre-Shared-Key (PSK) Can be used either as a pairwise CAK or group CAK Statically configured PSK CKN can be chosen arbitrarily with a size of octets CAK via EAP Can be used as a pairwise CAK. Dynamically derived CAK and CKN between two PAEs via EAP CAK KDF(MSK[0..15]/MSK[0..31], IEEE8021 EAP CAK, mac1 mac2, 128/256) CKN KDF(MSK[0..15]/MSK[0..31], IEEE8021 EAP CKN, EAP Session-ID mac1 mac2, 128/256) where mac1 < mac2 are the MAC addresses of the PAEs and the Master Session Key (MSK) and Session-ID of the EAP method (EAP-TLS, EAP-PEAP, etc) is included. A. Steffen, , 03-DataLinkLayer.pptx 24
25 Use of Pairwise CAKs to Distribute a Group CAK MKPDU MKPDU MKPDU A. Steffen, , 03-DataLinkLayer.pptx 25
26 IEEE 802.1AE Enabled Products Cisco Catalyst 3750-X / 3560-X LAN Access Switch Supports MACsec and MKA on both user/downlink and network/uplink ports Juniper EX Series Switches 802.1AE available with the controlled version of Junos OS A. Steffen, , 03-DataLinkLayer.pptx 26
S Series Switches. MACsec Technology White Paper. Issue 1.0. Date HUAWEI TECHNOLOGIES CO., LTD.
S Series Switches MACsec Technology White Paper Issue 1.0 Date 2016-03-25 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2016. All rights reserved. No part of this document may be
More informationMACSec Security Service FIPS Validation. Richard Wang May 19, 2017 International Crypto Module Conference
MACSec Security Service FIPS Validation Richard Wang May 19, 2017 International Crypto Module Conference Topics! MACSec Overview! MACSec Authentication Mechanisms! MACSec with FIPS! Draft IG A.5! References!
More informationTHOUGHTS ON TSN SECURITY
THOUGHTS ON TSN SECURITY Contributed by Philippe Klein, PhD (philippe@broadcom.com) 1 METWORK SECURITY PROTOCOLS Description Complexity Performance Layer 4..7 Layer 3 Layer 2 SSL / TLS, IPsec MACsec Application
More informationImplementing MACsec Encryption
This module describes how to implement Media Access Control Security (MACsec) encryption on the ASR 9000 Series Aggregation Services Routers. MACsec is a Layer 2 IEEE 802.1AE standard for encrypting packets
More informationNetwork Device Collaborative Protection Profile (NDcPP) Extended Package MACsec Ethernet Encryption. October 5, 2015 Version 1.0
Network Device Collaborative Protection Profile (NDcPP) Extended Package MACsec Ethernet Encryption October 5, 2015 Version 1.0 1 Table of Contents 1 Introduction... 5 1.1 Conformance Claims...5 1.2 How
More informationSSCI assignment for MACsec XPN Cipher Suites
SSCI assignment for MACsec XPN Cipher Suites SSCI assignment for MACsec XPN Cipher Suites Mick Seaman Background for an IEEE 0.X Maintenance Request and a proposed response/change. Updated following review
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationSecurity in IEEE Networks
Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
More informationWireless Network Security
Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationWireless Network Security
Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti piero[at]studioreti.it 802-1-X-2008-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by
More informationNetwork Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationSecuring Your Wireless LAN
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
More informationLink & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols
More informationChapter 17. Wireless Network Security
Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand
More informationCisco Exam Questions & Answers
Cisco 300-208 Exam Questions & Answers Number: 300-208 Passing Score: 800 Time Limit: 120 min File Version: 38.4 http://www.gratisexam.com/ Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationConfiguring a VAP on the WAP351, WAP131, and WAP371
Article ID: 5072 Configuring a VAP on the WAP351, WAP131, and WAP371 Objective Virtual Access Points (VAPs) segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of
More informationLayer 2 authentication on VoIP phones (802.1x)
White Paper www.siemens.com/open Layer 2 authentication on VoIP phones (802.1x) IP Telephony offers users the ability to log-on anywhere in the world. Although this offers mobile workers great advantages,
More informationCisco MACsec Solution Design and Deployment for a Secure Enterprise
Cisco MACsec Solution Design and Deployment for a Secure Enterprise Technical Marketing Engineer BRKCRS-2892 kural@cisco.com Agenda MACsec Overview Need for a Layer 2 Encryption Technology Part 1: MACsec
More informationInnovations in Ethernet Encryption (802.1AE - MACsec) for Securing High Speed (1-100GE) WAN Deployments
White Paper Innovations in Ethernet Encryption (802.1AE - MACsec) for Securing High Speed (1-100GE) WAN Deployments Authors Introduction Craig Hill Over the course of the past decade, customer demand for
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in
More informationMACSEC and MKA Configuration Guide, Cisco IOS XE Release 3S
MACSEC and MKA Configuration Guide, Cisco IOS XE Release 3S WAN MACSEC and MKA Support Enhancements 2 Finding Feature Information 2 Prerequisites for WAN MACsec and MKA Support Enhancements 2 Restrictions
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationConfiguring the Client Adapter through Windows CE.NET
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationNetwork Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol
Bibliography General principles about Radius server Bibliography Network System Radius Protocol Claude Duvallet University of Le Havre Faculty of Sciences and Technology 25 rue Philippe Lebon - BP 540
More informationIEEE WiMax Security
IEEE 80.6 WiMax Security Dr. Kitti Wongthavarawat Thai Computer Emergency Response Team (ThaiCERT) National Electronics and Computer Technology Center Thailand Presented at 7 th Annual FIRST Conference,
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationSecurity Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router
Security Enhanced IEEE 802.1x Method for WLAN Mobile Router Keun Young Park*, Yong Soo Kim*, Juho Kim* * Department of Computer Science & Engineering, Sogang University, Seoul, Korea kypark@sogang.ac.kr,
More informationNetwork Security. Chapter 11 Security Protocols of the Data Link Layer. Scope of Link Layer Security Protocols
Network Security Chapter 11 Security Protocols of the Data Link Layer! IEEE 802.1Q, IEEE 802.1X & IEEE 802.1AE! Point-to-Point Protocol (PPP)! Point-to-Point Tunneling Protocol (PPTP)! Layer 2 Tunneling
More informationEXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.
CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of
More informationIPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43
0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link
More informationCisco IP Phone Security
Overview, page 1 Security Enhancements for Your Phone Network, page 2 View the Current Security Features on the Phone, page 2 View Security Profiles, page 3 Supported Security Features, page 3 Overview
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationCisco Exam Questions & Answers
Cisco 300-208 Exam Questions & Answers Number: 300-208 Passing Score: 800 Time Limit: 120 min File Version: 38.4 http://www.gratisexam.com/ Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access
More informationCisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps
Cisco 300-375 Dumps with Valid 300-375 Exam Questions PDF [2018] The Cisco 300-375 Securing Cisco Wireless Enterprise Networks (WISECURE) exam is an ultimate source for professionals to retain their credentials
More informationWPA-GPG: Wireless authentication using GPG Key
Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationENHANCING PUBLIC WIFI SECURITY
ENHANCING PUBLIC WIFI SECURITY A Technical Paper prepared for SCTE/ISBE by Ivan Ong Principal Engineer Comcast 1701 John F Kennedy Blvd Philadelphia, PA 19103 215-286-2493 Ivan_Ong@comcast.com 2017 SCTE-ISBE
More informationSecure channel, VPN and IPsec. stole some slides from Merike Kaeo
Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified
More informationExample: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch
Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch 802.1x Port-Based Network Access Control (PNAC) authentication on EX Series switches provides
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationConfiguring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services
12 CHAPTER Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access points for wireless domain services (WDS),
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationGET VPN Resiliency. Finding Feature Information. Prerequisites for GET VPN Resiliency
The feature improves the resiliency of Cisco Group Encrypted Transport (GET) VPN so that data traffic disruption is prevented or minimized when errors occur. Finding Feature Information, page 1 Prerequisites
More informationCisco Systems 5760 Wireless LAN Controller
Cisco Systems 5760 Wireless LAN Controller FIPS 140-2 Non Proprietary Security Policy Level 1 Validation Version 1.2 April 10, 2015 1 Table of Contents 1 INTRODUCTION... 3 1.1 PURPOSE... 3 1.2 MODEL...
More informationIEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
SESSION ID: PDAC-F01 IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud Emil Isaakian Security Architect ViaSat Enterprise Networks are Wide-Open Past Front Door 99% of your Enterprise Network
More informationVPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1
VPN, IPsec and TLS stole slides from Merike Kaeo apricot2017 1 Virtual Private Network Overlay Network a VPN is built on top of a public network (Internet)
More informationSecuring a Wireless LAN
Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationIEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association
IEEE 802.1X workshop Networkshop 34, 4 April 2006. Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association 2005 1 Introduction Introduction (5 mins) Authentication overview
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More information802.1x Port Based Authentication
802.1x Port Based Authentication Johan Loos Johan at accessdenied.be Who? Independent Information Security Consultant and Trainer Vulnerability Management and Assessment Wireless Security Next-Generation
More informationCryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
More informationCOPYRIGHTED MATERIAL. Contents
Contents Foreword Introduction xxv xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in this appendix: Overview, page
More informationConfiguring 802.1X Settings on the WAP351
Article ID: 5078 Configuring 802.1X Settings on the WAP351 Objective IEEE 802.1X authentication allows the WAP device to gain access to a secured wired network. You can configure the WAP device as an 802.1X
More informationChanges to 802.1Q necessary for 802.1Qbz (bridging media)
Changes to 802.1Q necessary for 802.1Qbz (bridging 802.11 media) Norman Finn March, 2013 v01 bz-nfinn-802-1q-changes-0313-v01.pdf 1 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
More information802.1x Configuration. FSOS 802.1X Configuration
FSOS 802.1X Configuration Contents 1.1 802.1x Overview... 1 1.1.1 802.1x Authentication...1 1.1.2 802.1x Authentication Process...3 1.2 802.1X Configuration... 6 1.2.1 Configure EAP...6 1.2.2 Enable 802.1x...
More informationSENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY
SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY WHO SHOULD READ THIS DOCUMENT System Integrators, Cloud and Data Centre Service Providers, Layer 2 Data Networks
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationConfiguring a WLAN for Static WEP
Restrictions for Configuring Static WEP, page 1 Information About WLAN for Static WEP, page 1 Configuring WPA1+WPA2, page 3 Restrictions for Configuring Static WEP The OEAP 600 series does not support
More informationNumerics. Index 1. SSH See SSH. connection inactivity time 2-3 console, for configuring authorized IP managers 11-5 DES 6-3, 7-3
Numerics 3DES 6-3, 7-3 802.1X See port-based access control. 8-1 A aaa authentication 4-8 aaa port-access See Web or MAC Authentication. access levels, authorized IP managers 11-3 accounting address authorized
More informationQuestion: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?
Volume: 385 Questions Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? A. tcp/8905 B. udp/8905 C. http/80 D. https/443 Answer: A Question:
More information802.1X: Background, Theory & Implementation
Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationPort-based authentication with IEEE Standard 802.1x. William J. Meador
Port-based authentication 1 Running head: PORT-BASED AUTHENTICATION Port-based authentication with IEEE Standard 802.1x William J. Meador Port-based authentication 2 Port based authentication Preface You
More informationExample: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN
Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN Requirements Ethernet LAN switches are vulnerable to attacks that involve spoofing (forging) of source IP
More informationExam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]
s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?
More informationExam Questions CWSP-205
Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism
More informationConfigure Network Access Manager
This chapter provides an overview of the Network Access Manager configuration and provides instructions for adding and configuring user policies and network profiles. About Network Access Manager, on page
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationCisco Live /11/2016
1 Cisco Live 2016 2 3 4 Connection Hijacking - prevents the authentication happening and then an attacker jumping in during the keyexchange messaging 5 6 7 8 9 Main Mode - (spoofing attack) DH performed
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationEffects of Residential Ethernet Standard on other 802.1/ Yong Kim
Effects of Residential Ethernet Standard on other 802.1/802.3 Yong Kim 1 802.1 Dependencies 802.1D Bridge Residential Ethernet is compatible and deemed to be complaint to 802.1D Bridges for existing services.
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationCsci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
More informationInstall Certificate on the Cisco Secure ACS Appliance for PEAP Clients
Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients Document ID: 64067 Contents Introduction Prerequisites Requirements Components Used Conventions Microsoft Certificate Service Installation
More informationIntroducing Hardware Security Modules to Embedded Systems
Introducing Hardware Security Modules to Embedded Systems for Electric Vehicles charging according to ISO/IEC 15118 V1.0 2017-03-17 Agenda Hardware Trust Anchors - General Introduction Hardware Trust Anchors
More informationCisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)
Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) HOME SUPPORT PRODUCT SUPPORT WIRELESS CISCO 4400 SERIES WIRELESS LAN
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationWLAN Roaming and Fast-Secure Roaming on CUWN
802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP
More informationP ART 3. Configuring the Infrastructure
P ART 3 Configuring the Infrastructure CHAPTER 8 Summary of Configuring the Infrastructure Revised: August 7, 2013 This part of the CVD section discusses the different infrastructure components that are
More informationMobile WiMAX Security
WHITE PAPER WHITE PAPER Makes Mobile WiMAX Simple Mobile WiMAX Security Glossary 3 Abstract 5 Introduction to Security in Wireless Networks 6 Data Link Layer Security 8 Authentication 8 Security Association
More informationECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED
Part V ECHONET Lite System Design Guidelines i 2011 (2012) ALL RIGHTS RESERVED The specifications published by the ECHONET Consortium are established without regard to industrial property rights (e.g.,
More informationOpen System - No/Null authentication, anyone is able to join. Performed as a two way handshake.
Five components of WLAN Security 1. Data Privacy 1. Privacy is important because transmission occurs over the air in freely licensed bands. The Data can be sniffed by anyone within range. 2. Eavesdropping
More informationNetwork Configuration Example
Network Configuration Example Configuring Media Access Control Security (MACsec) over an MPLS Circuit Cross-Connect (CCC) Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California
More informationIEEE 802.1X RADIUS Accounting
The feature is used to relay important events to the RADIUS server (such as the supplicant's connection session). The information in these events is used for security and billing purposes. Finding Feature
More informationHP0-Y44. Implementing and Troubleshooting HP Wireless Networks.
HP HP0-Y44 Implementing and Troubleshooting HP Wireless Networks http://killexams.com/exam-detail/hp0-y44 C. The user s access list does not permit any traffic. D. The users egress VLAN does not match
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationARUBA INSTANT DOT1X TROUBLESHOOTING
ARUBA INSTANT DOT1X TROUBLESHOOTING Technical Climb Webinar 12:00 GMT 13:00 CET 15:00 GST June 21st, 2016 Presenter: Barath Srinivasan barath.srinivasan@hpe.com Welcome to the Technical Climb Webinar Listen
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 642-737 Title : Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Vendor : Cisco Version : DEMO Get
More informationFIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points
FIPS 140-2 Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points November 4, 2010 Version 2.2 Contents This security policy
More information