Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017
|
|
- Melissa Harrington
- 5 years ago
- Views:
Transcription
1 Network Security: WLAN Mobility Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017
2 Outline Link-layer mobility in WLAN Password-based authentication for WLAN Eduroam case study 2
3 LINK-LAYER MOBILITY IN WLAN
4 Wireless LAN roaming latency! Moving between APs is slow: May require full association and WPA2- Enterprise authentication Many roundtrips to a remote authentication server Many messages between STA and AP, and the channel acquisition time for each message can be long on a busy WLAN Packets buffered in the old AP are dropped Lost packets trigger TCP retransmission How to speed up the handover? 4
5 Reassociation and IAPP When STA moves between APs, it sends Reassociation Request Association Request that includes the old AP address New AP could contact the old AP over the wire network to delete the old association there Old AP could forward to the new AP any packets that are buffered or still arrive there Communication between the new and old AP has not been standardized Inter-access point protocol (IAPP) Protocol for communication between APs over the wire network Draft specification f in 2003, never standardized
6 PMK caching! Speeding up reauthentication to the same AP: AP and STA may cache previous pair-wise master keys (PMK) and reuse them if the same client returns to the same AP only the 4-way handshake is needed after (re)association to refresh the PTK Mechanism: STA may send a list of key identifiers (PMKID) in (re)association request; AP may select one of them in Message 1 of the 4-way handshake Standardized in i, included in WPA2 6
7 WLAN switch and opportunistic PMK caching Proprietary protocol WLAN switch EAP over RADIUS Authentication server PMK PTK1 PTK2 Thin AP1 1. Associate first time STA PMK 2. Associate with cached PMK Thin AP2 7
8 WLAN switch! Speeding up reauthentication to a different AP: Authenticator moved from APs to a switch Switch caches PMKID and PMK and computes new PTKs for all APs connected to it Opportunistic PMK caching: client STA sends PMKIDs for cached PMKs to all APs in the ESS, even if the PMK was created at a different AP Communication between switch and AP has not been standardized; proprietary solutions from equipment manufacturers (Recall that ESS basically means the APs with the same SSID.) 8
9 802.1X preauthentication Distribution system, usually a switched Ethernet Intranet EAP over RADIUS Authentication server EAP over LAN 3. Preauhentication over the LAN with the other APs Current AP 1. Association & open port at AP STA 2. Scan for potential new APs 4. Associate with cached PMK Potential next AP 9
10 802.1X preauthentication! Speeding up reauthentication to a different AP: Client STA scans for potential new APs and authenticates to them before deassociation from the old AP AP advertises the preauthentication capability in its beacon STA communicates with the new AP over the wire LAN, through the old AP STA uses the BSSID (= MAC address) of the new AP as the destination address of the frames it sends to the new AP new AP must be on the same IP segment AP caches the PMK, just as if the STA had associated with it previously Finally, STA reauthenticates to the new AP and uses the cached PMK 10
11 Local handoff problem Handoff between local APs Internet or a large network Remote authentication server Even local handoffs require connection to the AS, which may be far away 11
12 802.11r fast BSS transition! Amendment r adds mechanisms for fast handover With PSK or cached MSK, piggyback the 4-way handshake on authentication and association messages only 2 roundtrips between STA and AP Mobility domain = group of APs close to each other + local server that helps in local handoffs AP advertises its capability for fast BSS transition, and a mobility domain identifier Key hierarchy within the mobility domain: local server (R0KH) holds first-level key (PMK-R0), which is used to derive secondlevel keys (PMK-R1) for APs (R1KH) in the same domain avoid contacting a remote authentication server in local mobility In practice: R0KH = WLAN switch, R1KH = AP Also, pre-reservation of resources for QoS (see e) done in parallel with the 4-way handshake 12
13 *********** Passphrase 802.1X authentication r key hierarchy! Pre-Shared Key PSK = PBKDF2(Passphrase) Pairwise Master Key, first level PMK-R0 = R0-Key-Data = KDF(PSK/MSK, "FT-R0", SSID, MDID, R0KH-ID, MAC STA ) Pairwise Temporal Key PTK = PTK = KDF(PMK-R1, "FT-PTK", N STA, N AP, BSSID, MAC STA ) Key Confirmation Key KCK split Key Encryption Key KEK (for encrypting the group i.e. broadcast key) Master Session Key MSK Pairwise Master Key, second level PMK-R1 = PMK-R1 = KDF(PMK-R0, FT-R1 BSSID, MAC STA ) Temporal Key TK (key material for session keys) PMK-R0 = key shared by STA and the mobility domain (WLAN switch); derived from MSK (or PSK) PMK-R1 = key shared by STA and AP; derived locally from PMK-R0 AP only knows PMK- R1, STA knows PMK-R0 and can compute PMK-R1 for each new AP 13
14 802.11r mobility domains R1KH AP Mobility domain R1KH AP WLAN switch R0KH R1KH AP R1KH AP Mobility domain R1KH AP R0KH WLAN switch Internet or a large network Remote authentication server Handoff within a mobility domain is supported by the local R0KH EAP with AS only when moving between mobility domains r specifies the key hierarchy and communication between STA and AP; the protocol between APs and the R0KH is not standardized 14
15 AAAA Authentication, authorization and accounting architecture (AAAA) Architecture and protocols for managing network access Standard protocols: DIAMETER (newer), RADIUS (old, still widely used) Roaming support (but no fast local mobility): Visited AAA server (AAAF) acts as a proxy for home AAA (AAAH) AAA brokers can be used to create roaming federations Many hierarchical mobility schemes proposed but not standardized AAAA and r both support roaming and hierarchical authentication AAAA is an IETF standard and runs on TCP or SCTP r is standardized by Wi-Fi equipment vendors and IEEE AAAF (RADIUS server of foreign network) AAA broker (proxy RADIUS server) AAAH (RADIUS server of user s home domain) Internet AP=NAS 15
16 PASSWORD AUTHENTICATION FOR WLAN 16
17 Captive portal! Web-based authentication for network access; also called universal access method (UAM) Used in hotels and wireless hotspots for credit-card payment or password authentication New users are directed to an authentication web page ( captive portal ) when they open a web browser Redirection usually based on spoofed HTTP redirection; sometimes DNS spoofing or IP-layer interception Authenticated users MAC addresses are added to a whitelist to allow Internet access
18 PEAP! Protected EAP (PEAP) is an EAP method defined by Microsoft General idea: authenticate the server with TLS, then the client inside the encrypted tunnel Round 1: EAP-TLS with server-only authentication Instead of EAP-Success, start encryption and move to round 2 Round 2: any EAP authentication method with mutual authentication In practice, the authentication in round 2 is MSCHAPv2: called EAP-PEAP-MSCHAPv2, PEAPv0, or usually just PEAP What does PEAP achieve: Password authentication takes place inside an encrypted tunnel prevents offline password cracking from MSCHAPv2 messages EAP-Response-Identity sent twice, both in inner and outer EAP layer: outer layer may reveal only the domain ) for identity protection Similar protocols: LEAP by Cisco (insecure and no longer used) and EAP-TTLS by Funk Software/Juniper 18
19 EDUROAM CASE STUDY 19
20 Eduroam WLAN roaming between academic institutions Roaming enabled by federation between RADIUS servers WPA2 with AES encryption Aalto RADIUS server is radius.org.aalto.fi Aalto user s NAI looks like the address, e.g. tuomas.aura@aalto.fi Aalto users are authenticated with EAP-PEAP Microsoft s proprietary EAP method with TLS for the server authentication and password for the client 20
21 / \ / \ edu....nl....ac.uk / \ \ / \ \ / \ \ utk.edu utah.edu case.edu hva.nl surfnet.nl soton.ac.uk user: paul@surfnet.nl surfnet.nl Authentication server Eduroam RADIUS hierarchy Initially RADIUS messages passed through the root server Now RADIUS peering between countries Dynamic IdP discovery with DNS PKI for authorization Routing based on the realm part of NAI Figure 2: eduroam RADIUS Hierarchy [RFC 7593]
22 Eduroam Eduroam is a federation for wireless roaming between educational institutions User is registered at the home university, which has a RADIUS server (AAAH) National educational and research network (NREN), e.g. Funet, operates a national roaming broker National brokers are connected to a regional broker for international roaming EAP authentication: user s home institution determines the EAP authentication method Aalto uses PEAP Users identified by NAI: username@realm NAI for Aalto users: firstname.lastname@aalto.fi (earlier also username@aalto.fi, seems to be no longer in use) In PEAP, the outer NAI only needs to have only correct realm, but Aalto seems to require the username to be correct as well (should test if this is still the case) 22
23 Network authentication?! IN EAP-TLS and PEAP, the client authenticates the RADIUS server based on a certificate To verify the certificate, the client needs to know: trusted CAs name of the RADIUS server On many clients, any commercial CA and any name in the certificate is accepted anyone with any commercial certificate can set up a fake AP and pretend to be the RADIUS server MitM attacker can sniff the unprotected MSCHAPv2 and crack the password (or DES key) Have you configured he network authentication for Eduroam correctly on your clients? 23
24 Security protocol design and standardization: case EAP-NOOB Tuomas Aura, Aalto University
25 EAP-NOOB Team: Tuomas Aura, Mohit Sethi, Shiva TP at al. Cooperation with Ericsson Research Nimble out-out-of-band authentication for EAP Internet-Draft draft-aura-eap-noob EAP method for secure bootstrapping of cloudconnected smart appliances Register device to cloud + get Wi-Fi access One user-assisted out-of-band message Long path from research publication to a real protocol specification 25
26 EAP-NOOB user experience example aalto.fi aalto.fi aalto.fi AAA/cloud account login Aura, Sethi: draft-aura-eap-noob 26
27 Fundamental protocol design Security protocol design ECDH + OOB authentication Communication channels Fit into the AAA architecture and EAP protocol Authentication vs. first registration No pre-established device id (NAI) or credentials AAA server does not know that the device exists Device ownership Linking to one cloud service and one user account Lifecycle from bootstrapping to ownership handover and reuse
28 Scenario: cloud-connected IoT appliance Remote AAA (in cloud) IoT appliances Local AAA Wireless AP Trust Scan Aura, Sethi: draft-aura-eap-noob 28
29 Scenario: cloud-connected IoT appliance Remote AAA (in cloud) IoT appliances Local AAA Wireless AP Trust Scan Web page / API RADIUS EAP in-band OOB Output / Input User-assisted OOB channel Aura, Sethi: draft-aura-eap-noob 29
30 EAP-NOOB in the background 1. EAP-NOOB initial exchange: ECDH in-band aalto.fi aalto.fi 2. OOB message: secret + hash aalto.fi 3. EAP-NOOB completion: authentication and key confirmation in-band AAA/cloud account login Aura, Sethi: draft-aura-eap-noob 30
31
32 Design challenges 1 Identifier allocation Initial authentication without pre-allocated name Device selection without secure name Identifier squatting Fail-stop vs. deadlock freeness Protocol state machine, formal model (Promela) Generality vs. immediate usefulness OOB directions Implementation as fully-fledged EAP method Roaming support
33 Design challenges 2 Avoid rerun of user-assisted authentication From ephemeral state to persistent association Timeouts Must have values, but how many seconds? Error reporting and handling Failure recovery Avoid permanent failure from DoS Back-off behavior vs DoS
34 Design challenges 3 Rekeying without user interaction Use master key from persistent association Algorithm update with master-key update Must update persistent association Spec complexity Mismatches with existing EAP software architecture User experience evaluation Standards group process issues and politics
35 Summary: EAP-NOOB Research on security protocol design Nimble out-of-band authentication for EAP: bootstrapping security for smart appliances Spec: Code:
Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: WLAN Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline Wireless LAN technology Threats against WLANs (Weak security mechanisms and historical WEP)
More informationNetwork Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: WLAN Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline Wireless LAN technology Threats against WLANs Weak security mechanisms and historical WEP
More informationWLAN Roaming and Fast-Secure Roaming on CUWN
802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 642-737 Title : Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Vendor : Cisco Version : DEMO Get
More informationCOPYRIGHTED MATERIAL. Contents
Contents Foreword Introduction xxv xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical
More informationConfiguring WLANsWireless Device Access
CHAPTER 6 This chapter describes how to configure up to 16 WLANs for your Cisco UWN Solution. It contains these sections: WLAN Overview, page 6-2 Configuring WLANs, page 6-2 6-1 WLAN Overview Chapter 6
More informationConfiguring a WLAN for Static WEP
Restrictions for Configuring Static WEP, page 1 Information About WLAN for Static WEP, page 1 Configuring WPA1+WPA2, page 3 Restrictions for Configuring Static WEP The OEAP 600 series does not support
More informationConfiguring Layer2 Security
Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring
More information802.11r or Fast Transition (FT) for fast secure Roaming
802.11r or Fast Transition (FT) for fast secure Roaming Karthickeyan Prabanandhan is a Senior Test Engineer (CCNP, CWNP) in Wireless Engineering Team currently preparing for his CCIE Wireless lab. In this
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More information802.11r Fast Transition Roaming
802.11r, which is the IEEE standard for fast roaming, introduces a new concept of roaming where the initial handshake with the new AP is done even before the client roams to the target AP, which is called
More informationConfiguring Authentication Types
CHAPTER 11 This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understanding Authentication Types, page 11-2, page 11-10 Matching Access
More informationChapter 17. Wireless Network Security
Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationWireless Network Security
Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so
More informationExam Questions CWSP-205
Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationCisco Exactexams Questions & Answers
Cisco Exactexams 642-737 Questions & Answers Number: 642-737 Passing Score: 800 Time Limit: 120 min File Version: 23.4 http://www.gratisexam.com/ Cisco 642-737 Questions & Answers Exam Name: Implementing
More informationNumerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13
INDEX Numerics 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC 1-8 802.11g 3-6, 3-9 802.1x authentication 4-13 A AAA server group 4-25 aaa authentication login command 4-24 aaa authorization command 4-27 aaa
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationCreating Wireless Networks
WLANs, page 1 Creating Employee WLANs, page 2 Creating Guest WLANs, page 4 Internal Splash Page for Web Authentication, page 7 Managing WLAN Users, page 9 Adding MAC for Local MAC Filtering on WLANs, page
More informationLink & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationilight/gigapop eduroam Discussion Campus Network Engineering
ilight/gigapop eduroam Discussion Campus Network Engineering By: James W. Dickerson Jr. May 10, 2017 What is eduroam?» eduroam (education roaming) is an international roaming service for users in research,
More informationENHANCING PUBLIC WIFI SECURITY
ENHANCING PUBLIC WIFI SECURITY A Technical Paper prepared for SCTE/ISBE by Ivan Ong Principal Engineer Comcast 1701 John F Kennedy Blvd Philadelphia, PA 19103 215-286-2493 Ivan_Ong@comcast.com 2017 SCTE-ISBE
More informationNetwork Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
More informationYour wireless network
Your wireless network How to ensure you are meeting Government security standards Cabinet Office best practice Wi-Fi guidelines Overview Cyber Security is a hot topic but where do you start? The Cabinet
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 5 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 10 Configuring WLAN-VLAN Mappings on FlexConnect Groups, page 11 Information About FlexConnect
More informationConfiguring the Client Adapter through Windows CE.NET
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationWPA Passive Dictionary Attack Overview
WPA Passive Dictionary Attack Overview TakehiroTakahashi This short paper presents an attack against the Pre-Shared Key version of the WPA encryption platform and argues the need for replacement. What
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationCisco Exam Questions & Answers
Cisco 300-208 Exam Questions & Answers Number: 300-208 Passing Score: 800 Time Limit: 120 min File Version: 38.4 http://www.gratisexam.com/ Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access
More informationRelease Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0
WLAN 9100 Release Notes Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release 8.1.0 WAP9114 Release 8.1.0 Avaya Inc - External Distribution 1. Introduction This document provides
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationConfiguring a VAP on the WAP351, WAP131, and WAP371
Article ID: 5072 Configuring a VAP on the WAP351, WAP131, and WAP371 Objective Virtual Access Points (VAPs) segment the wireless LAN into multiple broadcast domains that are the wireless equivalent of
More information802.1X: Deployment Experiences and Obstacles to Widespread Adoption
802.1X: Deployment Experiences and Obstacles to Widespread Adoption Terry Simons University of Utah; open1x.org Terry.Simons@utah.edu Jon Snyder Portland State University jon@pdx.edu 802.1X Adoption Ratified
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo
Vendor: Cisco Exam Code: 642-737 Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Version: Demo QUESTION 1 Which statement describes the major difference between PEAP and EAP-FAST
More informationConfiguring the Client Adapter
CHAPTER 5 This chapter explains how to configure profile parameters. The following topics are covered in this chapter: Overview, page 5-2 Setting General Parameters, page 5-3 Setting Advanced Parameters,
More informationConfiguring Hybrid REAP
13 CHAPTER This chapter describes hybrid REAP and explains how to configure this feature on controllers and access points. It contains the following sections: Information About Hybrid REAP, page 13-1,
More informationExam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]
s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?
More informationAerohive Private PSK. solution brief
Aerohive Private PSK solution brief Table of Contents Introduction... 3 Overview of Common Methods for Wi-Fi Access... 4 Wi-Fi Access using Aerohive Private PSK... 6 Private PSK Deployments Using HiveManager...
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in this appendix: Overview, page
More informationRequirements and best practices for enabling Enhanced PTT over Wi-Fi networks
Requirements and best practices for enabling Enhanced PTT over Wi-Fi networks The following guide is intended for users of Enhanced PTT to ensure that their Wi-Fi networks meet minimum requirements for
More informationTestsDumps. Latest Test Dumps for IT Exam Certification
TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : PW0-200 Title : Certified wireless security professional(cwsp) Vendors : CWNP Version : DEMO Get Latest & Valid PW0-200
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationVendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo
Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the
More informationTopGlobal MB8000 Hotspots Solution
MB8000 s MB8000 is a mobile/portable wireless communication gateway. It combines the best of Wi-Fi technology and 2.5G/3G mobile communication technology. WISP can deploy their wireless hotspots with MB8000
More informationIEEE i and wireless security
Blog IEEE 802.11i and wireless security David Halasz 8/25/2004 10:00 PM EDT 0 comments post a comment Tweet Share 1 2 IEEE's wireless security amendment adds stronger encryption, authentication, and key
More informationIT Quick Reference Guides Connecting to SU-Secure using Windows 8
IT Quick Reference Guides Connecting to SU-Secure using Windows 8 Windows Guides CONNECTING TO SU-SECURE WI-FI This document will give you instructions on how to connect your Windows 8 Computer to our
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
More informationCisco Questions & Answers
Cisco 642-737 Questions & Answers Number: 642-737 Passing Score: 800 Time Limit: 120 min File Version: 25.6 http://www.gratisexam.com/ Cisco 642-737 Questions & Answers Exam Name: Implementing Advanced
More informationConfiguring EAP-FAST CHAPTER
CHAPTER 3 This chapter explains how to configure EAP-FAST module settings, such as connection settings, user credentials, and authentication methods. The following topics are covered in this chapter: Accessing
More informationNetwork Policy Controller UAM/RADIUS Guide
Network Policy Controller UAM/RADIUS Guide 1. Introduction... 3 1.1. Terminology... 3 2. Web Authentication... 5 2.1. Redirect URL Parameters... 5 2.2. UAM Login URL... 5 2.3. UAM Logout URL... 6 3. UAM/RADIUS
More informationConfiguring FlexConnect Groups
Information About FlexConnect Groups, page 1, page 3 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 8 Information About FlexConnect Groups To organize and manage your FlexConnect access points,
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationMobile WiMAX Security
WHITE PAPER WHITE PAPER Makes Mobile WiMAX Simple Mobile WiMAX Security Glossary 3 Abstract 5 Introduction to Security in Wireless Networks 6 Data Link Layer Security 8 Authentication 8 Security Association
More informationcnpilot Enterprise AP Release Notes
cnpilot Enterprise AP Release Notes cnpilot E400/e410/e430w/E500/E501S/E502S/e600 System Release 3.6 System Release 3.4.1-R9 Sections Included: Supported Platforms Supported Features Problems Corrected
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationCisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]
s@lm@n Cisco Exam 642-737 Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] Cisco 642-737 : Practice Test Question No : 1 RADIUS is set up with multiple servers
More informationIEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association
IEEE 802.1X workshop Networkshop 34, 4 April 2006. Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association 2005 1 Introduction Introduction (5 mins) Authentication overview
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationSecurity Issues of Roaming in Wireless Networks
Security Issues of Roaming in Wireless Networks Jaroslav Kadlec 1, Radek Kuchta 1, Radimir Vrba 1 1 Dept. of Microelectronics, Faculty of Electrical Engineering and Communication Brno University of Technology,
More informationExam : PW Title : Certified wireless security professional(cwsp) Version : DEMO
Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point
More informationCisco Actualtests Exam Questions & Answers
Cisco Actualtests 642-737 Exam Questions & Answers Number: 642-737 Passing Score: 800 Time Limit: 120 min File Version: 25.4 http://www.gratisexam.com/ Sections 1. 1 2. 2 3. 3 4. 4 5. 5 6. 6 Cisco 642-737
More informationLab Configure Enterprise Security on AP
Lab 8.5.4.1 Configure Enterprise Security on AP Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, students will demonstrate an understanding
More informationSecuring a Wireless LAN
Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access
More information802.1X: Background, Theory & Implementation
Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve
More informationConfiguring r BSS Fast Transition
Finding Feature Information, on page 1 Restrictions for 802.11r Fast Transition, on page 1 Information About 802.11r Fast Transition, on page 2 How to Configure 802.11r Fast Transition, on page 4 Additional
More informationAP Management and Handover support (802.11f)
AP Management and Handover support (802.11f) Renato Lo Cigno http://disi.unitn.it/locigno/index.php/teaching-duties/nomadiccommunications ...Copyright Quest opera è protetta dalla licenza Creative Commons
More informationChapter 1 Describing Regulatory Compliance
[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More informationWireless Specifications. Wi-Fi Roaming Architecture and Interfaces Specification. WR-SP-WiFi-ROAM-I ISSUED. Notice
Wireless Specifications Wi-Fi Roaming Architecture and Interfaces Specification ISSUED Notice This CableLabs Wireless specification is the result of a cooperative effort undertaken at the direction of
More informationHow to connect to Wi-Fi
41 How to connect to Wi-Fi LSBU uses the eduroam service to connect Wi-Fi devices. Once you are set up you will automatically be connected whenever you are in range. Wireless Internet access is available
More informationConnect to eduroam WiFi
Connect to eduroam WiFi List Procedure for Windows 10... 2 Procedure for Windows 8... 4 Procedure for Windows 7... 6 Procedure for Mac... 11 Procedure for iphone, ipod Touch and ipad... 15 Procedure for
More informationSelecting transition process for WLAN security
WIRELESS COMMUNICATIONS AND MOBILE COMPUTING Wirel. Commun. Mob. Comput. 2008; 8:921 925 Published online 17 August 2007 in Wiley InterScience (www.interscience.wiley.com).538 Selecting transition process
More informationAppendix E Wireless Networking Basics
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
More informationCUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide
CUA-854 Wireless-G Long Range USB Adapter with Antenna User s Guide Table of Contents Chapter 1. Introduction...5 1.1. About CUA-854...5 1.2. Key Features...5 1.3. Package Included...5 Chapter 2. Connect
More informationCSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology
CSNT 180 Wireless Networking Chapter 7 WLAN Terminology and Technology Norman McEntire norman.mcentire@servin.com Founder, Servin Corporation, http://servin.com Technology Training for Technology Professionals
More informationCsci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
More informationNew Windows build with WLAN access
New Windows build with WLAN access SecRep 24 17-18 May 2016 Ahmed Benallegue/Hassan El Ghouizy/Priyan Ariyansinghe ECMWF network_services@ecmwf.int ECMWF May 19, 2016 Introduction Drivers for the new WLAN
More informationCisco Securing Cisco Wireless Enterprise Networks (WISECURE) Download Full Version :
Cisco 300-375 Securing Cisco Wireless Enterprise Networks (WISECURE) Download Full Version : https://killexams.com/pass4sure/exam-detail/300-375 QUESTION: 42 Which two considerations must a network engineer
More informationApplication Example (Standalone EAP)
Application Example (Standalone EAP) CHAPTERS 1. Determine the Network Requirements 2. Build the Network Topology 3. Log In to the EAP 4. Configure the EAP 5. Test the Network This guide applies to: EAP225-Outdoor
More informationWireless Security i. Lars Strand lars (at) unik no June 2004
Wireless Security - 802.11i Lars Strand lars (at) unik no June 2004 802.11 Working Group 11 of IEEE 802 'Task Groups' within the WG enhance portions of the standard: 802.11 1997: The IEEE standard for
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationStandard For IIUM Wireless Networking
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
More informationWi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018
Perry Correll Aerohive, Wi-Fi Alliance member October 2018 1 Value of Wi-F1 The value Wi-Fi provides to the global economy rivals the combined market value of Apple Inc. and Amazon. The fact that Wi-Fi
More informationConfiguring OfficeExtend Access Points
Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security
More informationUsing the Cisco Unified Wireless IP Phone 7921G Web Pages
CHAPTER 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages You can use the Cisco Unified Wireless IP Phone 7921G web pages to set up and configure settings for the phone. This chapter describes
More informationSecurewireless Windows 7 Setup Guide
Securewireless Windows 7 Setup Guide 1. Click on the wireless icon in the lower right-hand corner of the taskbar and then click on Open Network and Sharing Center. 2. From the Network and Sharing Center
More information802.1x Port Based Authentication
802.1x Port Based Authentication Johan Loos Johan at accessdenied.be Who? Independent Information Security Consultant and Trainer Vulnerability Management and Assessment Wireless Security Next-Generation
More informationSummary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL
Summary Numerous papers have been written on the topic of IEEE 802.11 security for wireless LANs (WLANs). The major vulnerabilities of 802.11 security can be summarized as follows: Weak device-only authentication:
More informationPhysical and Link Layer Attacks
Physical and Link Layer Attacks CMSC 414 November 1, 2017 Attenuation Physical links are subject to attenuation Copper cables have internal resistance, which degrades signal over large distances Fiber
More informationCertifyMe. CISCO EXAM QUESTIONS & ANSWERS
CertifyMe Number: 642-737 Passing Score: 800 Time Limit: 120 min File Version: 28.9 http://www.gratisexam.com/ CISCO 642-737 EXAM QUESTIONS & ANSWERS Exam Name: Implementing Advanced Cisco Unified Wireless
More informationConfiguring 802.1X Authentication Client for Windows 8
Configuring 802.1X Authentication Client for Windows 8 1. At the Metro Screen, press the windows key on your keyboard together with the alphabets x to go to the Control Panel. Page 1 1.1 In the Control
More informationWho can use eduroam. Participating Organizations. How does eduroam work
eduroam which stands for "Education Roaming" allows students, researchers and staff from participating institutions to access the wireless network at other participating organizations using their home
More informationGrandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide
Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide Table of Contents INTRODUCTION... 4 DISCOVER AND PAIR GWN76XX ACCESS POINTS... 5 Discover GWN76xx... 5 Method 1: Discover
More information