WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Similar documents
Wireless technology Principles of Security

What is Eavedropping?

Wireless Technologies

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless# Guide to Wireless Communications. Objectives

Wireless Networking Basics. Ed Crowley

Wireless Attacks and Countermeasures

CWNP PW Wireless #

Wireless LAN Security (RM12/2002)

WNRT-627. Data Sheet. Europe/ ETSI: 2.412~2.472GHz (13 Channels) Japan/ TELEC: 2.412~2.484GHz (14 Channels) RF Power.

FAQ on Cisco Aironet Wireless Security

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

This course provides students with the knowledge and skills to successfully survey, install, and administer enterprise Wi-Fi networks.

Wireless Router at Home

EnGenius Quick Start Guide

Wireless Network Security

It is the process of sharing data, programs, and information between two or more computers.

New Windows build with WLAN access

1. INTRODUCTION. Wi-Fi 1

Product Description. HUAWEI B593s-931 LTE CPE V200R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Product Description. HUAWEI E5180s-610 LTE cube V200R001 HUAWEI TECHNOLOGIES CO., LTD. Issue. Date

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Wireless Networking based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Chapter 10: Wireless LAN & VLANs

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Family Structural Overview

Advanced Security and Mobile Networks

LESSON 12: WI FI NETWORKS SECURITY

Chapter 24 Wireless Network Security

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

Basic Wireless Settings on the CVR100W VPN Router

Wireless networking with three times the speed and five times the flexibility.

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 10 Networking Essentials

Multi-Function Gigabit Wireless-N Client Bridge 2.4GHz 300Mbps Client Bridge/AP/ WDS/Repeater

In-Building Wireless Networks. Mitchell Shnier Lance Communications

ECB N Multi-Function Gigabit Client Bridge

Overview of IEEE Networks. Timo Smura

A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, 5e. Chapter 10 Networking Essentials

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Wireless (Select Models Only) User Guide

PRODUCT DESCRIPTION. Learn more about EnGenius Solutions at

WIRELESS AS A BUSINESS ENABLER. May 11, 2005 Presented by: Jim Soenksen and Ed Sale, Pivot Group

Wi-Fi Scanner. Glossary. LizardSystems

Using Mobile Computers Lesson 12

VISUAL SUMMARY COMMUNICATION CHANNELS COMMUNICATIONS. Communications and Networks

Wireless LAN, WLAN Security, and VPN

M a/b/g Outdoor Layer-2 MESH AP

Wireless High power Multi-function AP

Wireless (Select Models Only) User Guide

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

3G / n Wireless Portable Router with 3G HSUPA

Unit title: Mobile Technology: Device Connectivity (SCQF level 5) Outcome 1

Table of Contents. Chapter1 About g Wireless LAN USB Adapter...1

Chapter 1 Introduction

Troubleshooting Microsoft Windows XP-based Wireless Networks in the Small Office or Home Office

Wireless SOHO Router/Bridge 2.4 GHz b/g 54 Mbps

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Naveen Kumar. 1 Wi-Fi Technology

Configuring the Wireless Parameters (CPE and WBS)

Configuring a VAP on the WAP351, WAP131, and WAP371

Release Notes for Avaya WLAN 9100 Access Point Operating System (AOS) Release

Product Description. HUAWEI E5186s-22a LTE CPE V200R001 HUAWEI TECHNOLOGIES CO., LTD. Issue. Date

Computer to Network Connection

Chapter 3 Wireless Configuration

Secure Mobility Challenges. Fat APs, Decentralized Risk. Physical Access. Business Requirements

Chapter 1 Describing Regulatory Compliance

Appendix E Wireless Networking Basics

ECB1221R. Wireless Long Range Multi-function Client Bridge PRODUCT DESCRIPTION

Certified Wireless Network Administrator

ECB3220. Wireless Long Range Multi-function Client Bridge PRODUCT DESCRIPTION. 2.4 GHz EIRP up to 1000mW

Outdoor High Power b/g/n Wireless USB Adapter USER MANUAL 4.0

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

WL 5011s g Wireless Network Adapter Client Utility User Guide

Chapter 5 Local Area Networks. Computer Concepts 2013

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

SAGEM Wi-Fi 11g USB ADAPTER Quick Start Guide

Wireless MAXg Technology

ECB GHz Super G 108Mbps Access Point/Client Bridge/Repeater/WDS AP/

Datasheet. Enterprise WiFi System. Models: UAP, UAP-LR, UAP-Pro, UAP-Outdoor, UAP-Outdoor5. Unlimited Indoor/Outdoor AP Scalability in a

Wireless (Select Models Only) User Guide

802.11g PC Card/USB Wireless Adapter

Security of WiFi networks MARCIN TUNIA

KX/3G ADSL2+ ROUTER MAIN FEATURES

Chapter 3.1 Acknowledgment:

ECB3500 Wireless Long Range Multi-function 7+1 AP 2.4GHz Super G 108Mbps EIRP up to 2000mW

ECE 4450:427/527 - Computer Networks Spring 2017

Configuring Security Solutions

WL-5420AP. User s Guide

ECB3500 Wireless Long Range Multi-function 7+1 AP

Wireless LANs. ITS 413 Internet Technologies and Applications

IEEE n Wireless PCI Adapter. User s Manual

Transcription:

WLAN Security Dr. Siwaruk Siwamogsatham ThaiCERT, NECTEC

Agenda Wireless Technology Overview IEEE 802.11 WLAN Technology WLAN Security Issues How to secure WLAN? WLAN Security Technologies

Wireless Technologies WPAN (Wireless Personal Area Network) Range 1-10 m Device-to-device links WLAN (Wireless Local Area Network) Range < 100 m, Indoor wireless network WMAN & WWAN (Wireless Metropolitan Area Network & Wireless Wide Area Network) Coverage over large areas, e.g., City & rural areas Outdoor wireless network

WPAN Range 1-10 m Low power consumption Technologies Infrared (IR Port) needs line of sight Bluetooth non-line of sight Data rate < 2 Mb/s Applications: Phone-to-phone data transfer Wireless headset Remote Control

WLAN Range < 100 m Home, office, indoor wireless networks 2.4 GHz: Unlicensed frequency band. Technologies: IEEE 802.11 (Wi-Fi) Data rate : 11-54 Mb/s (Bluetooth)

WMAN & WWAN Coverage over large areas, e.g. city & rural areas, outdoor wireless networks Typically, ISPs need licensed to operate Technologies: GPRS (GSM), CDMA Data rate < 128 kb/s 3G Cellular Networks Data rate < 2 Mb/s Wi-MAX (IEEE 802.16) Data rate > 2 Mb/s To be commercially available in about 2-3 years Laptop will have built-in Wi-Max devices

IEEE 802.11 Technology Home, office, indoor wireless networks Define Physical layer and MAC layer Wireless Ethernet 2.4 GHz: Unlicensed frequency band. ISM: 2.40-2.483 MHz Data rate < 54 Mb/s Range < 100 m (per base station device)

IEEE 802.11: CSMA/CA IEEE 802.3 Ethernet CSMA/CD (Carrier Sense Multiple Access/Collision Detection) Wait for random amount of time after carrier is not busy, before sending data Collision detection by checking for exceeded voltage If collision, restart the process IEEE 802.11 Wireless Ethernet CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) Collision detection is not possible due to wireless nature Collision avoidance by keeping track of carrier busy schedule When sending data, length of transmission is also broadcasted, so that every one know how long a user will use the medium

IEEE 802.11 Devices Client Devices Notebook WLAN Access Point Desktop PDA 3G phone Antenna

History of IEEE 802.11 WLAN 1997 IEEE 802.11 Data rate: 1-2 Mb/s 1999 IEEE 802.11b Wi-Fi Data rate: 11 Mb/s 2003 IEEE 802.11g, Data rate: 54 Mb/s 2004 IEEE 802.11i Enhanced Security (2006???) IEEE 802.11n Data rate: > 100 Mb/s

IEEE 802.11: Usable Frequencies 2.4 2.483 GHz (ISM) 11 sub-channels (overlapping) 22 MHz Bandwidth for each channel 3 non-overlapping channels Channel 1 Channel 6 Channel 11

Wireless Security Issues Difficult to control signal radiation Difficult (impossible) to know if someone is listening/sniffing Difficult to track location of attackers Antenna can further extend attacking ranges Access point Wireless Hub Data Sniffing Unauthorized Access & Spy Signal Jamming/Interference

WLAN Security Threats Data Sniffing Tools: - AiroPeek,Kismet, Username/password User Email messages Internet chat Credit card Info. Access point Wireless Hub Hacker Invisible Sniffer!

WLAN Security Threats Unauthorized Client Access Internet War-Driving Internet attack MAC spoofing User Invisible Hacker

WLAN Security Threats Unauthorized/Rogue/Faked Access Points User Spy, Backdoor Man-in-the-Middle Attacks Inverse war-driving Mutual Authentication Issue! Rogue AP Hacker

WLAN Security Threats Jamming attack User 2.4 GHz RF jamming Packet flooding RF Jamming cannot be prevented! Hacker

How to secure SOHO WLAN? SOHO Small Office Home Office Use shared-key encryption feature of WLAN device every one uses the same share encryption key! WEP (Wired Equivalent Privacy) Ok! But out-of-date now coz it can be cracked! using software like Aircrack & Airsnort WPA-PSK New technology to replace WEP

How to Secure Enterprise WLAN? According to computer security principles, we need to address Technology Encryption & authentication People User security awareness Process Security Policy

Technology for Enterprise 802.11i (WPA) User Database Radius Switch Internet Router/Gateway AP AP

WPA & IEEE 802.11i WPA = Wi-Fi Protected Access (2003) TKIP (Temporal Key Integrity Protocol) Dynamic WEP per user per packet keying IEEE 802.11i (2004) AES or TKIP Authentication & automatic key management via IEEE 802.1x protocol Mutual client/server authentication

WPA/IEEE 802.11i Requirements WPA/IEEE 802.11i Access Points Client Windows XP Windows xx + 3 rd party software (e.g. Funk) (Linux) Authentication Server, e.g. RADIUS Odyssey by Funk (Commercialized) Windows 2000/2003 server (Commercialized) FreeRADIUS (Opensource)

Additional Technologies Firewall Treat WLAN as untrusted network Separate WLAN from Intranet Server farm Hub Intranet Firewall AP AP Internet

Additional Technologies Virtual AP & VLAN Multiple user groups for one AP Different security policy each group MAC Address Filtering Weak user authentication Hotspot gateway Widely used, e.g, Starbuck & True Wi-Fi User must login in before gaining access No encryption required! VPN User authentication + encryption

Solutions VPN Secured tunnel VPN Server Switch Internet Router/Gateway AP AP

Research at ThaiCERT/NECTEC Develop user-friendly multi-purpose secure WLAN server WPA/IEEE 802.11i support Hotspot gateway RADIUS Firewall VPN services Web-base user interface

ThaiCERT Wireless Manager Develop friendly graphic user interface for managing user account Features Add/Edit/Delete user account Generate user certification Status of users Manage RADIUS server

Solutions Authentication Gateway Commonly used in Wi-Fi hotspot User login is required before access the Internet Opensource Authentication Gateway Goal to create an authentication gateway appliance Develop friendly graphic user interface of gateway management Evaluate the performance

Solutions VPN Create secured tunnel to protect wireless communication Opensource VPN Server Goal to create a VPN server appliance Develop friendly graphic user interface of server management Support wide range of VPN solutions (i.e., PPTP, L2TP/IPSec, SSL) Support wide range of VPN clients (i.e., Windows OS, MAC OS, Linux) Evaluate the performance

Wireless Security Total Solution WLAN Manager (Radius, MySQL) VPN Server Switch Internet Auth. Gateway AP AP

Thank you siwaruk.siwamogsatham@nectec.or.th www.thaicert.nectec.or.th 02-564-6900

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback