WLAN Security Overview

Similar documents
COPYRIGHTED MATERIAL. Contents

Wireless Attacks and Countermeasures

Chapter 3: Network Protocols and Communications CCENT Routing and Switching Introduction to Networks v6.0 Instructor Planning Guide

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Standard For IIUM Wireless Networking

CWTS Exam Objectives (Exam PW0-070)

TestsDumps. Latest Test Dumps for IT Exam Certification

Chapter 24 Wireless Network Security

Computer Communications and Network Basics p. 1 Overview of Computer Communications and Networking p. 2 What Does Computer Communications and

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Chapter 5 Local Area Networks. Computer Concepts 2013

Wireless technology Principles of Security

Wireless Technologies

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Chapter 2 Networking Standards and the OSI Model

Wireless LAN Security. Gabriel Clothier

Wednesday, May 16, 2018

Requirements for Building Effective Government WLANs

Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients

Cyber Security Guidelines for Public Wi-Fi Networks

Wireless LAN Overview

Basic Wireless Settings on the CVR100W VPN Router

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Wireless Network Security

Samsung Security AP WHITE PAPER

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Chapter 3: Network Protocols and Communications

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Wireless MAXg Technology

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Cyber Security Guidelines for Securing Home and Small Office Routers

CERTIFIED WIRELESS NETWORK PROFESSSIONAL CWNP Certified Wireless Network Administrator (CWNA)

Wireless Network Security

FAQ on Cisco Aironet Wireless Security

What is Eavedropping?

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED

Configuring a VAP on the WAP351, WAP131, and WAP371

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

5 Tips to Fortify your Wireless Network

Appendix E Wireless Networking Basics

Layered Architecture

Security in IEEE Networks

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Curriculum Catalog

LESSON 12: WI FI NETWORKS SECURITY

Authentication and Security: IEEE 802.1x and protocols EAP based

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

TEL2813/IS2820 Security Management

Certified Wireless Network Administrator

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

Wireless LAN Security (RM12/2002)

Securing Wireless LANs with Certificate Services

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

Understanding Networking Fundamentals

Wi-Fi Scanner. Glossary. LizardSystems

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Chapter 17. Wireless Network Security

Objectives. Upon completion you will be able to: Understand how the Internet came into being

Wireless LAN Solutions

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Chapter 3: Network Protocols and Communications. Introduction to Networks v5.1

ITU Forum Bridging the ICT standardization & development gap. The Internet Engineering Task Force (IETF) and Internet Standardisation

Chapter 1 Describing Regulatory Compliance

Cisco Wireless LAN Controller Module

Wireless Network Security Fundamentals and Technologies

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Solution Architecture

MTA_98-366_Vindicator930

Security Management Models And Practices Feb 5, 2008

Unit A - Connecting to the Network

802.1X: Port-Based Authentication Standard for Network Access Control (NAC)

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Computer Network : Lecture Notes Nepal Engineering College Compiled by: Junior Professor: Daya Ram Budhathoki Nepal Engineering college, Changunarayan

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Chapter 2 Communicating Over the Network

Cryptography MIS

Internetworking. from the Webopedia Computer Dictionary

Network Encryption 3 4/20/17

QuickSpecs. HPE OfficeConnect M n Access Point Series. Overview. HPE OfficeConnect M n Access Point Series

SoftLayer Security and Compliance:

Wireless AC1200 Concurrent Dual Band PoE Access Point

Chapter 1 Introduction

Cisco Unified Wireless Network Solution Overview

1. INTRODUCTION. Wi-Fi 1

802.1x. ACSAC 2002 Las Vegas

Secure Mobility Challenges. Fat APs, Decentralized Risk. Physical Access. Business Requirements

Cisco Desktop Collaboration Experience DX650 Security Overview

APNIC elearning: Cryptography Basics

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

Cisco How Virtual Private Networks Work

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Overcoming Concerns about Wireless PACs and I/O in Industrial Automation

Course Outline. CWTS Certified Wireless Technology Specialist. CWTS Certified Wireless Technology Specialist

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Securing Cisco Wireless Enterprise Networks ( )

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Security Enhancements

PA-DSS Implementation Guide for Sage MAS 90 and 200 ERP. and Sage MAS 90 and 200 Extended Enterprise Suite

Transcription:

WLAN Security Overview

This Chapter Explore the basic terminology of WLAN security. Discuss the organizations that create the standards, certifications, and recommendations that help guide and direct wireless security. Learn about wireless security standards and certifications.

Contents Standards organizations International Organization for Standardization (ISO) Institute of Electrical and Electronics Engineers (IEEE) Internet Engineering Task Force (IETF) Wi - Fi Alliance 802.11 networking basics 802.11 security basics Data Privacy Authentication, authorization, accounting (AAA) Segmentation Monitoring Policy 802.11 security history 802.11i security amendment and WPA certifications RSN The future of 802.11 security

Introduction The 802.11-2007 standard defines wireless local area network (WLAN) technology. Wi Fi communications - concern about the: ability to transmit data securely over a wireless medium and properly protect wired network resources. This concern is as valid now as it was in 1997 when 802.11 was introduced.

Standards Organizations The International Organization for Standardization (ISO) Open Systems Interconnection (OSI) model = architectural model for data communications. The Institute of Electrical and Electronics Engineers (IEEE) Creating standards for compatibility and coexistence between networking equipment inc. wireless equipment The Internet Engineering Task Force (IETF) Creating Internet standards -> wireless networking, security protocols etc. The Wi-Fi Alliance Performs certification testing wireless networking equipment conforms to the 802.11 WLAN communication guidelines, similar to the IEEE 802.11-2007 standard.

International Organization for Standardization (ISO) a global + non governmental organization identifies business, government, and society needs develops standards in partnership with the sectors that will put them to use. creation of the Open Systems Interconnection (OSI) model - standard reference for data communications between computers since the late 1970s. Website

International Organization for Standardization (ISO) The layers of the OSI model are as follows: Layer 7, Application Layer 6, Presentation Layer 5, Session Layer 4, Transport Layer 3, Network Layer 2, Data - Link LLC sublayer MAC sublayer Layer 1, Physical The IEEE 802.11-2007 standard defines communication mechanisms only at the Physical layer and MAC sublayer of D-L.

Institute of Electrical and Electronics Engineers (IEEE) a global professional society > 350,000 members. mission - to foster technological innovation and excellence for the benefit of humanity. IEEE is probably best known for its LAN standards, the IEEE 802 project. IEEE projects are subdivided into working groups to develop standards that address specific problems or needs. the IEEE 802.3 working group - creation of a standard for Ethernet, the IEEE 802.11 working group - creating the WLAN standard. the 11 = 11th working group Website

Institute of Electrical and Electronics Engineers (IEEE) IEEE 802.11, more commonly referred to as Wi Fi. standard for providing LAN communications using radio frequencies (RF). 802.11-2007 standard = the most current guideline to provide operational parameters for WLANs. Working groups -> task groups are formed. These task groups are assigned a sequential single letter that is added to the end of the standard number Eg. 802.11g, 802.11i, and 802.3af

Internet Engineering Task Force (IETF) international community of people in the networking industry goal is to make the Internet work better. no membership fees, and anyone may register for and attend an IETF meeting. one of five main groups that are part of the Internet Society (ISOC). IAB, ICANN, IESG, IRTF, and IETF. The IETF is broken into eight subject matter areas: Applications, General, Internet, Operations and Management, Real - Time Applications and Infrastructure, Routing, Security, and Transport. Website

Internet Engineering Task Force (IETF) The results of a working group = Request for Comments (RFC). RFCs describe network protocols, services, or policies may evolve into an Internet standard. numbered sequentially, and never reused. updated or supplemented by higher numbered RFCs. Eg. Mobile IPv4 is described in RFC 3344 and updated in RFC 4721. When RFC 3344 was created, it made RFC 3220 obsolete. At the top of the RFC document, it states whether it is updated by another RFC and also if it makes any other RFCs obsolete.

Wi - Fi Alliance Originally named the Wireless Ethernet Compatibility Alliance (WECA), Founded in August 1999. Renamed Wi-Fi Alliance in October 2002. is a global, nonprofit industry association promoting the growth of WLANs. primary tasks - to market the Wi-Fi brand + raise consumer awareness of new 802.11 technologies. 450 m users immediately recognize the Wi-Fi logo. website

Wi - Fi Alliance main task - ensure the interoperability of WLAN products - certification testing. Products pass the Wi - Fi certification process receive a Wi - Fi Interoperability Certificate (next slide) provides detailed information about the individual product s Wi-Fi certifications This certification includes radio interoperability such as 802.11a and 802.11b + additional capabilities -> security, multimedia, convergence, and supported special features.

Wi - Fi Alliance iphone 4s

802.11 Networking Basics Wireless bridge links - provide connectivity between buildings in the same way that county or state roads provide distribution of traffic between neighbourhoods. The purpose of wireless bridging is to connect two separate, wired networks wirelessly. An 802.11 bridge link is an example of wireless technology being implemented at the distribution layer.

802.11 Security Basics Securing a wireless 802.11 network, five major components are typically required: Data privacy Authentication, authorization, and accounting (AAA) Segmentation Monitoring Policy

802.11 Security Basics Because data is transmitted freely and openly in the air, proper protection is needed to ensure data privacy, -> so strong encryption is needed. Wireless portal must be protected, -> authentication solution is needed to ensure that only authorized users can pass through the portal via a wireless access point. After users have been authorized to pass through the wireless portal, VLANs and identity - based mechanisms are needed to further restrict access to network resources (Segmentation). 802.11 wireless networks can be further protected with continuous monitoring by a wireless intrusion detection system (Monitoring). All of these security components should also be cemented with policy enforcement.

Data Privacy 802.11 wireless - > all data transmissions travel in the open air. Data privacy in a wired network -> easier because physical access to the wired medium is more restricted. Wireless transmissions is available to anyone in listening range. cipher encryption technologies - > obscure information - > proper data privacy in wireless networks. A cipher is an algorithm used to perform encryption.

Data Privacy Encrypt and decrypt information forms the science known as cryptology The term cryptology - > Greek language and translates to mean hidden word. The goal - > take a piece of information, often referred to as plaintext, and, using a process or algorithm, also referred to as a key or cipher, to transform the plaintext into encrypted text, also known as ciphertext.

Data Privacy Steganography - Greek language and is translated as concealed writing. steganography strives to hide the fact that there is a message. Steganography vs Cryptography This is often referred to as security through obscurity or hiding a message in plain sight. A classic example - write a document with the first letter of each sentence or word as the hidden message Case- speaks in different language?

Data Privacy Steganography -> digital watermarking embeds an artist or photographer s information in an image so that ownership can be proven in case someone tries to use the image without permission. Case : microsoft word

Authentication, Authorization, Accounting (AAA) Authentication is the verification of user identity and credentials. Users must identify themselves and present credentials, - usernames and passwords or digital certificates. More secure authentication systems use multifactor authentication, which requires at least two sets of different credentials to be presented. Authorization involves granting access to network resources and services. Before authorization - authentication must occur. Accounting is tracking the use of network resources by users. It is an important aspect of network security that is used to keep a paper trail of who used which resource and when. A record is kept of user identity, which resource was accessed, and at what time.

Segmentation Although it is of the utmost importance to secure an enterprise wireless network by utilizing both strong encryption and an AAA solution, an equally important aspect of wireless security is segmentation. Important to separate users into proper groups. Once authorized onto network resources, users can be further restricted as to what resources they may access and where they can go. Segmentation can be achieved through a variety of means, including firewalls, routers, VPNs, and VLANs. The most common wireless segmentation strategy used in 802.11 enterprise WLANs is Layer 3 segmentation using VLANs.

Monitoring After designed and installed -> important to monitor it. make sure that it is performing up to your expectations and those of your users, it is necessary to monitor it for attacks and intrusions constantly. Like cctv = important for the wireless network administrator to monitor the wireless traffic of a secured network. install a wireless intrusion detection system (WIDS). + wireless intrusion prevention system (WIPS). Both have the ability to classify valid and invalid devices on the network.

Policy Securing a wireless network and monitoring for threats are absolute necessities, but both are worthless unless proper security policies are in place. What good is an 802.1X/EAP solution if the end users share their passwords? Why purchase an intrusion detection system if a policy has not been established for dealing with rogue access points? WLAN security policies must be clearly defined and enforced to solidify the effectiveness of all WLAN security components. In most countries, mandated regulations exist for protecting and securing data communications within all government agencies. - USIM In the United States, the National Institute of Standards and Technology (NIST) maintains the Federal Information Processing Standards (FIPS). Of special interest to wireless security is the FIPS 140-2 standard, which defines security requirements for cryptography modules. Additionally, protecting information and communications in certain industries such as healthcare and banking.

Summary This chapter explained the roles and responsibilities of four key organizations involved with wireless security and networking: ISO, IEEE, IETF & Wi - Fi Alliance provide a basic understanding of the relationship between networking fundamentals and 802.11 technologies: OSI model, Core, distribution, and access provide a basic knowledge of data privacy, some of the basic components of security: Cryptology, Cryptography, Cryptanalysis, Steganography, Plaintext, Key, Cipher, Ciphertext Discussed five major components that are typically required to secure an 802.11: Data privacy, Authentication, authorization, and accounting (AAA), Segmentation, Monitoring, Policy The 802.11 security history

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback