CS 393/682 Network Security

Size: px
Start display at page:

Download "CS 393/682 Network Security"

Transcription

1 CS 393/682 Network Security Nasir Memon Polytechnic University Module 9 Wireless LAN Security Course Logistics Start working on HW 6 Final homework. To be posted today. HW6 - Points for defending and attacking. Questions regarding homework are best answered by Vikram 4/29-31 Module 9 - Wireless 2 1

2 Wireless Dimension Access to Medium: Unlike wired medium (cables) wireless medium (air) is ubiquitous hence access restrictions to the medium must be handled explicitly, where as in wired environments it is implicit. War Dialing: Attacker gains access to wired medium by exhaustive dialing of phone numbers War Driving: Attacker gains access to wireless medium by just driving by the network coverage area. 4/29-31 Module 9 - Wireless 3 How is wireless different? The Medium Wireless medium has no explicit boundary This property weakens privacy and authentication mechanisms adopted from wired environment Portability Wireless devices are smaller in size and portable Data in portable devices require more protection than data on non-portable devices Mechanisms to recover stolen or lost devices are important Mechanisms for self-destruction of data are also important 4/29-31 Module 9 - Wireless 4 2

3 How is wireless different? Mobility - brings even bigger challenges Trust in infrastructure Wired networks assume certain level of trust in local infrastructure (we trust our routers) In wireless networks this is a weak assumption Would you put same level of trust on an Access Point in JFK as you put on your home AP? Security mechanisms should anticipate these variances in trust Security mechanisms should be independent of location. 4/29-31 Module 9 - Wireless 5 How is wireless different? Mobility Trust in location Wired networks implicitly assume network address is equivalent to physical location ( x.x is Poly s resources) In wireless networks physical location not tied to network address. Physical location may change transparent to end nodes. Privacy of location On wired network privacy of location is not a concern In wireless networks location privacy of the user is a serious issue because users can be tracked, their travel behaviors can be used for marketing purposes etc. Similar scenario exists on the Web: A user s web surfing pattern can be tracked and this raised several privacy issues in 1999 (Double Click s Cookie Tracking) 4/29-31 Module 9 - Wireless 6 3

4 How is wireless different? Processing power, memory & energy requirements Handheld devices have stringent processing power, memory, and energy requirements Current security solutions require expensive processing power & memory Handheld devices mandate inexpensive substitutes for Crypto algorithms (AES instead of 3-DES) Authentication schemes Better one-time password schemes with feasible remote key updates 4/29-31 Module 9 - Wireless 7 How is wireless different? Network Topologies Wired networks usually rely on network topology to deploy security solutions E.g: firewall is installed on a machine where all traffic is visible Wireless networks (esp. ad-hoc) have dynamic topologies Wireless networks may not have single point of convergence (hidden host problem!) Wireless networks put emphasis on host based solutions e.g: distributed firewalls 4/29-31 Module 9 - Wireless 8 4

5 Wireless LAN (WLAN) Technology Based on b technology Uses Direct Sequence Spread Spectrum (DSSS) modulation at 2.4 Ghz Free, public frequency Serves as an Ethernet-to-wireless bridge Speed between 1 and 11 Mbps (shared bandwidth) Most Access Points (APs) include: DHCP Client (LAN Port) DHCP Server (Wireless Port) NAT 4/29-31 Module 9 - Wireless Components Components of BSS (1) STA 1 (AP) DS STA 2 (AP) BSS (2) A MAC, PHY layer specification Serves mobile and portable devices Provides transparency of mobility Appears as 802 LAN to LLC Basic Service Set (BSS) Extended Service Set (ESS) Distribution System (DS) Station (STA) STA that is providing access to Distribution System Service (DSS) is an Access Point (AP) supports Ad-hoc networking Provides link level security 4/29-31 Module 9 - Wireless 10 5

6 WLAN Basic Service Set AP Connects WLAN to/ extends wired network More units deliver higher speed and greater area coverage Client Many media (PCI, PCMCIA, etc.) Support for multiple operating systems 4/29-31 Module 9 - Wireless 11 WLAN Extended Service Set Two or more wired networks connected by wireless bridge 4/29-31 Module 9 - Wireless 12 6

7 WLAN Ad Hoc (Peer-to-Peer) Service Set Two or more wireless-enabled devices create own wireless network without an AP 4/29-31 Module 9 - Wireless 13 Wired Equivalent Privacy (WEP) Wired equivalence privacy? Wireless medium has no packet boundaries WEP controls access to LAN via authentication Wireless is an open medium Provides link-level security equivalent to a closed medium No end-to-end privacy Security Goals of WEP Access Control Provide access control to the underlying medium through authentication Confidentiality Provide confidentiality to data on the underlying medium through encryption Data Integrity Provide means to determine integrity of data between links 4/29-31 Module 9 - Wireless 14 7

8 Wired Equivalent Privacy (WEP) An attack on WEP should compromise at least one of these properties Three levels of security Open system WEP is disabled in this mode. No security. Shared Key Authentication provides access control to medium Encryption provides confidentiality to data on network You can have confidentiality on an open system! That is, you can encrypt all the traffic and not have access control to the medium! Also means a wily hacker can have all his traffic encrypted on our network so that no one see what he is doing! 4/29-31 Module 9 - Wireless 15 Claimed Properties of WEP It is reasonably strong Withstands brute force attacks and cryptanalysis It is self-synchronizing Uses self-synchronizing stream cipher It is efficient Hardware/software implementation It is exportable (Does not matter anymore). Rest of the world needs security too! It is optional WEP layer should be independent of other layers NOT REALLY!! 4/29-31 Module 9 - Wireless 16 8

9 Current Security SSID MAC address filtering WEP Unfortunately, most of these mechanisms are off by default All of these mechanisms have problems 4/29-31 Module 9 - Wireless b Network Security Issues Out-of-the-Box settings create open network No real user identification and authentication No support for SecureID, PKI, etc. Encryption methods vulnerable to known plain text attack WEP implementation of RC4 Default keys proliferation Service Set Identifiers (SSID) broadcast in the clear Unauthorized users can join network and inject traffic 4/29-31 Module 9 - Wireless 18 9

10 802.11b Issues (cont.) Wireless cards broadcast their MAC address Easily captured and programmed onto another card Use of network name as the shared-secret for authentication 1. Sniff network name 2. Reconfigure device to show membership 3. Reboot 4. Access target network Rogue APs Shared-key authentication one-way only User cannot authenticate an AP Unauthorized access can serve as launch pad for DOS attacks by hijacking legitimate clients 4/29-31 Module 9 - Wireless 19 Vernam Ciphers The WEP encryption algorithm RC4 is a Vernam Cipher: Encryption Key K Pseudo-random number generator Random byte b Plaintext data byte p Ciphertext data byte p Decryption works the same way: p = c b 4/29-31 Module 9 - Wireless 20 10

11 pad (6) Key id (2) WEP crypto function IV init. vector secret key plaintext seed 64 integrity algorithm WEP PRNG key sequence ICV + cipher text message WEP uses RC4 PRNG CRC-32 for integrity algorithm IV is renewed for each packet (usu. iv++) actual key size = (vendor advertised size 24) ICV is Integrity Check Value (CRC-32) 4/29-31 Module 9 - Wireless 21 WEP Frame IV 4 PDU >=1 ICV 4 IV 3 Key id is used to choose between four secret keys ICV is integrity check sum (CRC-32) Pad is zero. Unused. 4/29-31 Module 9 - Wireless 22 11

12 RC4 algorithm Proprietary algorithm belonging to RSADS Inc. Secret key stream cipher. Variable length key (up to 2048 bits). Fairly fast (1Mbyte/sec on 33MHz processor). Claimed to be very strong. Exportable outside the U.S. Algorithm leaked onto the Internet in /29-31 Module 9 - Wireless 23 Properties of Vernam Ciphers What happens when p 1 and p 2 are encrypted under the same random byte b? Then: c 1 = p 1 b c 2 = p 2 b c 1 c 2 = (p 1 b) (p 2 b) = p 1 p 2 Conclusion: it is a very bad idea to encrypt any two bytes of data using the same byte output by a Vernam Cipher PRNG. Ever. 4/29-31 Module 9 - Wireless 24 12

13 Attacks on WEP Stream ciphers and keystream reuse Stream ciphers expand a secret key to a stream of pseudo random numbers Message is XORed (denoted by + here after) with random number stream to produce the cipher text Suppose two messages used the same secret key then stream cipher is easily broken so WEP uses an IV to extend the life of secret key But, reusing IV is same as reusing the secret key! C 1 = P 1 + RC4(IV, key) C 2 = P 2 + RC4(IV, key) but (C 1 +C 2 ) = (P 1 +P 2 ) and (P 1 +P 2 ) can be easily cryptanalyzed Given two cipher texts with the same IV, we can remove the effects of XORing with the RC4 stream! (for the same secret key) 4/29-31 Module 9 - Wireless 25 Attacks on WEP Two assumptions for this attack Availability of ciphertexts with same IV IV length is fixed 24 bits (2 24 = 16,777,216) Implementations make the reuse factor worse! Every time a card is initialized IV is set to zero! IV is collision usually after only 5,000 packets! So, obtaining cipher text with same IV is practical Partial knowledge of plaintexts Can use legitimate traffic to obtain known plain texts e.g: Login:, password: prompts in a telnet session Bouncing Spam off a mail server through wireless network 4/29-31 Module 9 - Wireless 26 13

14 Dictionary Attack Once plaintext corresponding to ciphertext obtained, it is possible to decrypt any ciphertext for same key and IV. Can be done in real time! A dictionary of IVs (~2 24 entries) can be built For each IV find the associated key stream C i = P i + RC4(IV i, key) Tabulate these two fields searchable by IV For each packet, scan the table to find the IV first and then XOR the message with corresponding keystream in the dictionary to decrypt the message. C n = P n + RC4(IV, key) we know RC4(IV, key) from the dictionary, we know C n so we can find P n! Size of the dictionary depends on size of the IV, which is fixed by the standard at 24 bits! Increasing key size has no affect on this attack! 4/29-31 Module 9 - Wireless 27 Key Management WEP does not specify how keys are to be managed. Assumes array of four possible keys is somehow populated. Each message contains index of key used. Most installations use single key for entire network. Changing keys requires every single user to reconfigure their wireless drivers!! Hence keys seldom changed. 4/29-31 Module 9 - Wireless 28 14

15 Message Modification ICV is not key based - CRC-32. It is linear, i.e. crc(x + y) = crc(x) + crc(y). Given C = RC4(v,k) + (M, crc(m)) is is possible to find new ciphertext C which decrypts to M = M + d where d is arbitrary!! To do this XOR (d, crc(d)) with C. C = C + (d, c(d)) = RC4(v,k) + (M, crc(m)) + (d, crc(d)) = RC4(v,k) + (M + d, crc(m) + crc(d)) = RC4(v,k) + (M + d, crc(m+d)) = RC4(v,k) + (M, crc(m )) So you can change first bit of plaintext by choosing d to be And so on 4/29-31 Module 9 - Wireless 29 Message Injection If you know one (C, P) ciphertext, plaintext pair for a IV and key, then you can inject any message with the same IV. This is because P + C = P + (P + RC4(v, k)) = RC4(v,k). Which is the key stream!!! And it can be reused indefinitely (almost)!! Key seldom gets changed and IV reuse happens often so this is not a problem. 4/29-31 Module 9 - Wireless 30 15

16 Attack on Access Control nonce+rc4(iv, key) Request.Authentication 128 nonce nonce+rc4(iv, key) IV Request received Decrypt the packet and verify nonce Normal session nonce+rc4(iv, key) client hacker Request.Authentication 128 nonce nonce+rc4(iv, key) IV server Request received Decrypt the packet and verify nonce Hacker Using Data Obtained From Previous Session It is possible to get authenticated without knowing the secret key! (shown in red) We only need a plaintext, ciphertext pair of one legitimate authentication. (shown in black) and we can authenticate ourselves for the same key. 4/29-31 Module 9 - Wireless 31 ARP Spoofing Wireless AP is a transparent bridge New hardware, same old problems (and a few new ones Subject to a man-in-the-middle attack I am A B --> A Attacker Victim B Switch Copy and Forward Victim A 4/29-31 Module 9 - Wireless 32 16

17 ARP Spoofing This attack also translates to a wireless network It also may compromise the integrity of a wired network (from the parking lot ) So much for wired security I am A B --> A Access Point b Attacker Victim B Switch Copy and Forward Victim A 4/29-31 Module 9 - Wireless 33 Other Mechanisms If these mechanisms are insufficient, what else can we do? Don t trust the wireless network Put it behind a firewall Place the AP on its own network segment Use a VPN to secure the connection Encrypted application protocols SSH, SSL/TLS, etc. 4/29-31 Module 9 - Wireless 34 17

18 General authentication requirements for access to networks Unique identification of users at the edge of the network Identity take-over must be impossible Ease of use for the end-user Per-institution provisioning of users in one database of the institutions network Low maintenance Ease of use for guests Enabling various authentication-mechanisms 4/29-31 Module 9 - Wireless 35 WEP2 Some Proposed Modifications Increases size of IV space to 128 bits Possible Exam Question: How does increasing IV size help? VPN Use of EAP for authentication within IEEE 802.1X (Off line password guessing attacks) Key may be changed periodically via IEEE 802.1X reauthentication to avoid staleness No keyed MIC No authentication for re-associate, disassociate (Denial of Service attacks) No IV replay protection 4/29-31 Module 9 - Wireless 36 18

19 VPN-based Security Children s Hospital Enterprise Network Private Network - Unencrypted Contivity Public Network - Encrypted APs terminals 4/29-31 Module 9 - Wireless 37 RC4 and IPSec Use IPSec Security WEP Security AP VPN Device Wireless client 4/29-31 Module 9 - Wireless 38 19

20 IEEE 802.1X Access solution (Layer 2) between client and AP Several available authentication-mechanisms (EAP- MD5, EAP-TLS, EAP-TTLS, PEAP) Standardised Also encrypts all data, using dynamic keys RADIUS back end: Scaleable Re-use existing Trust relationships Client software necessary (OS-built in or thirdparty) 4/29-31 Module 9 - Wireless X x x is sometimes used to summarise all ethernet standards (i.e a, b) but it is not a standard! 802.1X is a standard from the 802.1a, 1b series, developed by 3Com, HP, and Microsoft 802.1X is a transport mechanism. The actual authentication takes place in the EAP-protocol on top of 802.1X. 4/29-31 Module 9 - Wireless 40 20

21 802.1x Framework 4/29-31 Module 9 - Wireless 41 Pre-Authentication State 4/29-31 Module 9 - Wireless 42 21

22 Post-Authentication State 4/29-31 Module 9 - Wireless 43 EAP over 802.1x Extensible Authentication Protocol (RFC 2284) provides an architecture in which several authentication-mechanisms can be used EAP-MD5 Username/Password (unsafe) EAP-TLS PKI (certificates), strong authentication EAP-TTLS Username/Password (safe) MS-CHAPv2 Microsoft Username/Password (not safe) LEAP/PEAP Microsoft/Cisco tunnel module for safe transport of MS-CHAPv2 4/29-31 Module 9 - Wireless 44 22

23 Protocol Overview PAP PAP CHAP CHAP EAP EAP EAP EAP MD5 TLS TLS TTLS PEAP MS-CHAPv2 EAP EAP 802.1X PPP PPP /29-31 Module 9 - Wireless 45 EAP Messages 4/29-31 Module 9 - Wireless 46 23

24 LEAP Lightweight Extensible Authentication Protocol An authentication protocol based on IETF RFC2284, Extensible Authentication Protocol, or EAP Provides mutual authentication between Cisco Aironet client cards and a backend RADIUS server Developed by Cisco Systems Also called, EAP-Cisco Wireless Implemented in Cisco Aironet wireless NICs 4/29-31 Module 9 - Wireless 47 Simplified Architecture of LEAP Radio transmissions Wired Ethernet LAN Radius Server Auth db Access Point User Machine (with client adapter) 4/29-31 Module 9 - Wireless 48 24

25 LEAP / Cisco Solution 1 Client associates with access point 2 Access point blocks all user requests to access LAN 5 RADIUS server delivers session key to access point Auth db Access Point 4 RADIUS server and client mutually authenticate and derive WEP session key 3 User performs network log-on (User ID and password) 6 Client and access point activate WEP. 7 Client and access point use WEP and key for protection of transmissions. 4/29-31 Module 9 - Wireless 49 LEAP / Cisco Solution Sequence of Events Step 1. A wireless client performs an b association with an access point (AP). Step 2. The AP blocks all attempts to gain access to the network (access control is provided until successful authentication occurs). Step 3. The user supplies a user ID and password in the network logon box (or equivalent). Step 4. The wireless client and the RADIUS server mutually authenticate (several methods exist). If bilateral authentication is successful, the client and RADIUS server compute a pair-wise WEP session key. 4/29-31 Module 9 - Wireless 50 25

26 LEAP / Cisco Solution Sequence of Events Step 5. The RADIUS server communicates the user WEP key to the AP. Step 6. Both the client and AP activate WEP for encryption. Step 7. The client and AP use the WEP session key and WEP for encryption of radio traffic. 4/29-31 Module 9 - Wireless 51 Mutual Authentication Are you who you say you are? Are you who you say you are? Wired Ethernet LAN Auth db Access Point Radius Server User Machine (with client adapter) 4/29-31 Module 9 - Wireless 52 26

27 K 3 K 4 MD5 Authentication of User to Network Conceptually Auth db User ID Password Password Key Hash Hash Challenge Response Key Hash Hash =? Determine Action 4/29-31 Module 9 - Wireless 53 Secure Channels Unique Keys per User per Session Keys are shared between AP and all users Radius Server User 1 K 1 Wired Ethernet LAN Auth db K 2 K 5 User 2 User 5 User 3 User 4 4/29-31 Module 9 - Wireless 54 27

28 Anonymity within LEAP Radius Server Wired Ethernet LAN Auth db Access Point User Machine (with client adapter) User / client will disclose Disclosed some information Parameters: violating MAC Address anonymity. Programmed SSID User ID 4/29-31 Module 9 - Wireless 55 Wireless Snooping of Responses on Password-based schemes Radio transmissions Wired Ethernet LAN Radius Server Auth db Access Point User Machine (with client adapter) Adversary can eavesdrop on wireless link Capture: User IDs Random challenges Responses (Hashed passwords) 4/29-31 Module 9 - Wireless 56 28

29 MD5 Authentication of User to Network Conceptually Auth db User ID Password Password Key Hash Hash Challenge Response Key Hash Hash =? Stolen Parameters Determine Action 4/29-31 Module 9 - Wireless 57 Conceptual Dictionary Attack Beating Low Entropy passwords Select User User User ID, challenges, responses Dictionaries Index Index database Response Challenge Hash Possible password Increment Index Captured Response password cracked Password located Yes Hash =? Computed Response No Check next database entry Masquerade 4/29-31 Module 9 - Wireless 58 29

30 EAP-TTLS Auth db User Machine (with client adapter) Access Point TLS Server secure password authentication tunnel Radius Server secure data tunnel 4/29-31 Module 9 - Wireless 59 EAP-TTLS Protocol Overview Two phases TLS handshake phase TLS tunnel phase Phase 1 is used to authenticate TTLS server to client (and optionally, vice versa) Results is activation of cipher suite Allows Phase 2 to proceed (using TLS record) Phase 2 uses TLS record layer to tunnel information between client and server 4/29-31 Module 9 - Wireless 60 30

31 Simplified Architecture of EAP-TTLS Radius Server Auth db Radio transmissions Wired Ethernet LAN Access Point TTLS Server User Machine (with client adapter) 4/29-31 Module 9 - Wireless 61 What s Right Protection of the infrastructure Authentication mechanism can change as needed address flaws in existing wireless security Lightweight No encapsulation, no per packet overhead simply periodic authentication transactions 4/29-31 Module 9 - Wireless 62 31

32 What s Wrong Technical One way Authentication Gateway authenticates the client Client has no explicit means to authenticate the Gateway Rouge gateways put client at risk Remember the loudest access point wins Still no Authentication of management frames (assoc/deassoc/beacons/etc ) 4/29-31 Module 9 - Wireless 63 What s Wrong - Technical MITM Send Authentication Successful to client Client associates with malicious AP Hijacking Send deassociation message to client AP is in the dark Change MAC to client and have live connection 4/29-31 Module 9 - Wireless 64 32

33 What s Wrong Technical RADIUS uses shared secret with the Authenticator Same issue as WEP, but on a more reasonable scale Authentication after association presents roaming problems Authentication takes a non-trivial amount of time can disrupt data in transit Failure of RADIUS server == failure of network Many AP implementations don t allow multiple RADIUS servers Most RADIUS server failover is non-transparent 4/29-31 Module 9 - Wireless 65 What s Next Integration of existing solutions to raise the bar Limited 802.1x implementations i (Task Group I Security) On track the right track Mutual auth, per packet auth 802.1x a part of 4/29-31 Module 9 - Wireless 66 33

34 Temporal Key Integrity Protocol (TKIP) Designed as a wrapper around WEP Can be implemented in software Reuses existing WEP hardware Runs WEP as a sub-component Fast Packet Keying Packet MAC Dynamic Rekeying Key distribution via 802.1x Still RC4 based to be backward compatible AES with 802.1x keying in the distant future 4/29-31 Module 9 - Wireless 67 TKIP design challenges Mask WEP s weaknesses Prevent data forgery Prevent replay attacks Prevent encryption misuse Prevent key reuse On existing AP hardware 33 or 25 MHz ARM7 or i486 already running at 90% CPU utilization before TKIP Utilize existing WEP off-load hardware Software/firmware upgrade only Don t unduly degrade performance 4/29-31 Module 9 - Wireless 68 34

35 TKIP Design Build a better per-packet encryption key by preventing weak-key attacks and decorrelating WEP IV and per-packet key must be efficient on existing hardware Base key Phase 1 Mixer Intermediate key Transmit Address: 00-A0-C9-BA-4D-5F Packet Sequence # 4 msb 2 lsb Phase 2 Mixer Per-packet key 4/29-31 Module 9 - Wireless 69 Further Reading WLAN Security 802.1x pdf RFC s: see EAP RFC 2284 EAP-MD5 RFC 1994, RFC 2284 EAP-TLS RFC 2716 EAP-TTLS PEAP RADIUS RFC 2865, 2866, 2867, 2868, 2869 (I/w EAP) Overview of IEEE b Security, Sultan Weatherspoon Intercepting Mobile Communications: The Insecurity of , Nikita Borisov, Ian Goldberg et al. Coping with Risk: Moving to Coping with Risk: Moving to Wireless Wireless Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, Adam Stubblefield, John Ioannidis, et al. 4/29-31 Module 9 - Wireless 70 35

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE

More information

Security in IEEE Networks

Security in IEEE Networks Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set

More information

Overview of Security

Overview of Security Overview of 802.11 Security Bingdong Li Present for CPE 601 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 1 Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations

More information

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder. Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/

More information

Wireless technology Principles of Security

Wireless technology Principles of Security Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also

More information

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015 Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Wireless Network Security Spring 2016

Wireless Network Security Spring 2016 Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project

More information

How Insecure is Wireless LAN?

How Insecure is Wireless LAN? Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost

More information

Wireless Security Security problems in Wireless Networks

Wireless Security Security problems in Wireless Networks Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security

More information

Wireless Security i. Lars Strand lars (at) unik no June 2004

Wireless Security i. Lars Strand lars (at) unik no June 2004 Wireless Security - 802.11i Lars Strand lars (at) unik no June 2004 802.11 Working Group 11 of IEEE 802 'Task Groups' within the WG enhance portions of the standard: 802.11 1997: The IEEE standard for

More information

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted. Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

FAQ on Cisco Aironet Wireless Security

FAQ on Cisco Aironet Wireless Security FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

Securing Your Wireless LAN

Securing Your Wireless LAN Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP

More information

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these

More information

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content

More information

Appendix E Wireless Networking Basics

Appendix E Wireless Networking Basics Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical

More information

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

A Configuration Protocol for Embedded Devices on Secure Wireless Networks A Configuration Protocol for Embedded Devices on Secure Wireless Networks Larry Sanders lsanders@ittc.ku.edu 6 May 2003 Introduction Wi-Fi Alliance Formally Wireless Ethernet Compatibility Alliance (WECA)

More information

Chapter 24 Wireless Network Security

Chapter 24 Wireless Network Security Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically

More information

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design

More information

Network Access Flows APPENDIXB

Network Access Flows APPENDIXB APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies

More information

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved. 1 Session Number Denver Tech Days 2002 WLAN Security Mike Morrato System Engineer Cisco Systems April 10, 2002 2 Agenda Past security methods in Wireless LANs The problem with 802.11 - Wireless Insecurity

More information

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.

More information

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003 Attacking 802.11 Networks Joshua Wright Joshua.Wright@jwu.edu LightReading LIVE! October 1, 2003 Attention The material presented here reflects the personal experience and opinions of the author, and not

More information

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov. Wireless Networks Authors: Marius Popovici Daniel Crişan Zagham Abbas Technical University of Cluj-Napoca Group 3250 Cluj-Napoca, 24 Nov. 2003 Presentation Outline Wireless Technology overview The IEEE

More information

05 - WLAN Encryption and Data Integrity Protocols

05 - WLAN Encryption and Data Integrity Protocols 05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless

More information

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802. WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Securing a Wireless LAN

Securing a Wireless LAN Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access

More information

Security Setup CHAPTER

Security Setup CHAPTER CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP

More information

Stream Ciphers. Stream Ciphers 1

Stream Ciphers. Stream Ciphers 1 Stream Ciphers Stream Ciphers 1 Stream Ciphers Generate a pseudo-random key stream & xor to the plaintext. Key: The seed of the PRNG Traditional PRNGs (e.g. those used for simulations) are not secure.

More information

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8 CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 8 Announcements Reminder: Project 1 is due on tonight by midnight. Midterm 1 will be held next Thursday, Feb. 8th. Example midterms

More information

COPYRIGHTED MATERIAL. Contents

COPYRIGHTED MATERIAL. Contents Contents Foreword Introduction xxv xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical

More information

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo Vendor: HP Exam Code: HP2-Z32 Exam Name: Implementing HP MSM Wireless Networks Version: Demo QUESTION 1 A network administrator deploys several HP MSM APs and an HP MSM Controller. The APs discover the

More information

Advanced Security and Mobile Networks

Advanced Security and Mobile Networks Advanced Security and Mobile Networks W.Buchanan (1) 9. GSM/3G Unit 7: Mobile Networks. Wireless. Security. Mobile IP. Mobile Agents. Spread spectrum. Military/Emergency Networks 8. Ad-hoc 7. Mobile Networks

More information

TestsDumps. Latest Test Dumps for IT Exam Certification

TestsDumps.  Latest Test Dumps for IT Exam Certification TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : PW0-200 Title : Certified wireless security professional(cwsp) Vendors : CWNP Version : DEMO Get Latest & Valid PW0-200

More information

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ... Interworking 2006 Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks Interworking Conference, 15th - 17th of January 2007 Dr-Ing Kai-Oliver Detken Business URL: http://wwwdecoitde

More information

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Securing Wireless Networks by By Joe Klemencic Mon. Apr http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies

More information

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd. Today s challenge on Wireless Networking David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd. Agenda How Popular is Wireless Network? Threats Associated with Wireless Networking

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Network Security 1. Module 7 Configure Trust and Identity at Layer 2 Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure

More information

Wireless LAN Security (RM12/2002)

Wireless LAN Security (RM12/2002) Information Technology in Education Project Reference Materials Wireless LAN Security (RM12/2002) Infrastructure Division Education Department The Government of HKSAR www.ited.ed.gov.hk December 2002 For

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks CS 393 Network Security Nasir Memon Polytechnic University Module 13 Virtual Private Networks Course Logistics HW due Monday. HW 6 posted. Due in a week. Questions regarding homework are best answered

More information

Configuring Cipher Suites and WEP

Configuring Cipher Suites and WEP 10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast

More information

Security and Authentication for Wireless Networks

Security and Authentication for Wireless Networks University of New Orleans ScholarWorks@UNO University of New Orleans Theses and Dissertations Dissertations and Theses 5-21-2004 Security and Authentication for 802.11 Wireless Networks Michel Getraide

More information

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point

More information

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp 2013 Summer Camp: Wireless LAN Security Exercises 2013 JMU Cyber Defense Boot Camp Questions Have you used a wireless local area network before? At home? At work? Have you configured a wireless AP before?

More information

Analyzing Wireless Security in Columbia, Missouri

Analyzing Wireless Security in Columbia, Missouri Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon Johnathan Walton Abstract The current state of wireless security in most areas can be estimated based on trends

More information

Security in Data Link Protocols

Security in Data Link Protocols Security in 802.11 Data Link Protocols Gianluca Dini Dept. of Ingegneria dell Informazione University of Pisa, Italy Via Diotisalvi 2, 56100 Pisa gianluca.dini@ing.unipi.it If you believe that any security

More information

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel TDC 363 Introductions to LANs Lecture 7 Wireless LAN 1 Outline WLAN Markets and Business Cases WLAN Standards WLAN Physical Layer WLAN MAC Layer WLAN Security WLAN Design and Deployment 2 The Mobile Environment

More information

Standard For IIUM Wireless Networking

Standard For IIUM Wireless Networking INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version

More information

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author:

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:

More information

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PrepAwayExam.   High-efficient Exam Materials are the best high pass-rate Exam Dumps PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco

More information

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?

More information

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1 IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service

More information

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

Hacking Air Wireless State of the Nation. Presented By Adam Boileau Hacking Air Wireless State of the Nation Presented By Adam Boileau Introduction Wireless in 2006 802-dot-what? Threats to Wireless Networks Denial of Service Attacks against Authentication Attacks against

More information

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner Analysis of 802.11 Security or Wired Equivalent Privacy Isn t Nikita Borisov, Ian Goldberg, and David Wagner WEP Protocol Wired Equivalent Privacy Part of the 802.11 Link-layer security protocol Security

More information

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities Wireless Security Comp Sci 3600 Security Outline 1 2 3 Wired versus wireless Endpoint Access point Figure 24.1 Wireless Networking Components Locations and types of attack Outline 1 2 3 Wired Equivalent

More information

A Comparison of Data-Link and Network Layer Security for IEEE Networks

A Comparison of Data-Link and Network Layer Security for IEEE Networks A Comparison of Data-Link and Network Layer Security for IEEE 802. Networks Group #8 Harold L. McCarter, Ryan Calme, Hongwu Zang, Wayne Jones INFS 62 Professor Yih-Feng Hwang July 7, 2006 Abstract This

More information

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS Mohammad O. Pervaiz, Mihaela Cardei, and Jie Wu Department of Computer Science &Engineering, Florida Atlantic University 777 Glades Road, Boca Raton, Florida

More information

802.1x. ACSAC 2002 Las Vegas

802.1x. ACSAC 2002 Las Vegas 802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:

More information

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content

More information

Wireless Networking Basics. Ed Crowley

Wireless Networking Basics. Ed Crowley Wireless Networking Basics Ed Crowley 2014 Today s Topics Wireless Networking Economic drivers and Vulnerabilities IEEE 802.11 Family WLAN Operational Modes Wired Equivalent Privacy (WEP) WPA and WPA2

More information

Configuring Layer2 Security

Configuring Layer2 Security Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring

More information

COSC4377. Chapter 8 roadmap

COSC4377. Chapter 8 roadmap Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7

More information

Configuring Authentication Types

Configuring Authentication Types CHAPTER 11 This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understanding Authentication Types, page 11-2, page 11-10 Matching Access

More information

Overview of IEEE b Security

Overview of IEEE b Security Overview of IEEE 802.11b Security Sultan Weatherspoon, Network Communications Group, Intel Corporation Index words: 802.11b, wireless, WLAN, encryption, security ABSTRACT There is much regulatory and standards

More information

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) HW/Lab 4: IPSec and Wireless Security CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) This HW/Lab assignment covers Lectures 8 (IPSec) and 10 (Wireless Security). Please review these

More information

From wired internet to ubiquitous wireless internet

From wired internet to ubiquitous wireless internet WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1 Classical intranet. Network access is

More information

Summary on Crypto Primitives and Protocols

Summary on Crypto Primitives and Protocols Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance

More information

Ju-A A Lee and Jae-Hyun Kim

Ju-A A Lee and Jae-Hyun Kim Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE 802.11i standard supports a secure access control for wireless LAN and

More information

Configuring OfficeExtend Access Points

Configuring OfficeExtend Access Points Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security

More information

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007) WPA SECURITY (Wi-Fi Protected Access) Presentation By Douglas Cheathem (csc 650.01 Spring 2007) OUTLINE Introduction Security Risk Vulnerabilities Prevention Conclusion Live Demo Q & A INTRODUCTION! WPA

More information

Securing Wireless LANs with Certificate Services

Securing Wireless LANs with Certificate Services 1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the

More information

CE Advanced Network Security Wireless Security

CE Advanced Network Security Wireless Security CE 817 - Advanced Network Security Wireless Security Lecture 23 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially

More information

CS263: Wireless Communications and Sensor Networks

CS263: Wireless Communications and Sensor Networks CS263: Wireless Communications and Sensor Networks Matt Welsh Lecture 5: The 802.11 Standard October 7, 2004 2004 Matt Welsh Harvard University 1 All about 802.11 Today's Lecture CSMA/CD MAC and DCF WEP

More information

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule 1 next CITS3002 help3002 CITS3002 schedule The IEEE-802.11 Wireless LAN protocol We'll next examine devices implementing the IEEE-802.11 family of wireless networking protocols, and get an appreciation

More information

Networking interview questions

Networking interview questions Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected

More information

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Exam : Title : Security Solutions for Systems Engineers. Version : Demo Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized

More information

CSE 713: Wireless Networks Security Principles and Practices

CSE 713: Wireless Networks Security Principles and Practices CSE 713: Wireless Networks Security Principles and Practices Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Introductory Lecture January 30, 2017 Acknowledgments DoD Capacity

More information

Configuring the WMIC for the First Time

Configuring the WMIC for the First Time Configuring the WMIC for the First Time This document describes how to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. Before You Start Before you install

More information

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL Summary Numerous papers have been written on the topic of IEEE 802.11 security for wireless LANs (WLANs). The major vulnerabilities of 802.11 security can be summarized as follows: Weak device-only authentication:

More information

Wireless-N Business Notebook Adapter

Wireless-N Business Notebook Adapter Wireless-N Business Notebook Adapter USER GUIDE BUSINESS SERIES Model No. WPC4400N Model Model No. No. Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered

More information

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE COURSE TITLE WIRELESS TECHNOLOGY SPECIALIST COURSE DURATION 13 Hours of Interactive Training COURSE OVERVIEW This course will teach you

More information

The security of existing wireless networks

The security of existing wireless networks Security and Cooperation in Wireless Networks Cellular networks o o GSM UMTS WiFi LANs Bluetooth Security in Wireless Networks Wireless networks are more vulnerable to security issues: Broadcast communications

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Wi-Fi Protected Access (WPA) Implementation at the Children s Health System

Wi-Fi Protected Access (WPA) Implementation at the Children s Health System Wi-Fi Protected Access (WPA) Implementation at the Children s Health System Kalyana Sannedhi kalyan@uab.edu HI 699 Masters in Health Informatics University of Alabama at Birmingham 1 Table of Contents

More information

Wireless# Guide to Wireless Communications. Objectives

Wireless# Guide to Wireless Communications. Objectives Wireless# Guide to Wireless Communications Chapter 8 High-Speed WLANs and WLAN Security Objectives Describe how IEEE 802.11a networks function and how they differ from 802.11 networks Outline how 802.11g

More information

Wireless-N. User Guide. USB Network Adapter WUSB300N WIRELESS. Model No.

Wireless-N. User Guide. USB Network Adapter WUSB300N WIRELESS. Model No. 2.4 GHz WIRELESS Wireless-N USB Network Adapter User Guide Model No. WUSB300N Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered trademark or trademark

More information

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols

More information

WLAN Security Performance Study

WLAN Security Performance Study WLAN Security Performance Study GHEORGHE MÜLEC *,. RADU VASIU *, FLAVIU M. FRIGURA-ILIASA **, DORU VATAU ** * Electronics and Telecommunication Faculty, ** Power and Electrical Engineering Faculty POLITEHNICA

More information

Exam Questions CWSP-205

Exam Questions CWSP-205 Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism

More information

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product. CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of

More information

SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents

SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION Table of Contents 1. Introduction...2 1.1 System Requirement...2 1.2 Objects Counting...2 2. Installation...2 2.1 Install Wireless PCI Adapter...3 2.2 Install

More information