Scribd
Upload
229 views

Wireless LAN (Network) Security: © 2004, Cisco Systems, Inc. All Rights Reserved

WLAN security - is the process of preventing unauthorized access or damage to computers (damage data or damage application) using wireless network. WLAN vulnerabilities: 1Weak device - only authentication - Client device are authenticated, user aren't authenticated 2Weak data encryption 3No message integrity WLAN threats: 1Unstructured threats: - it happened by hackers, they use simple tools to steal the passwords.

Uploaded by

meme saleh alharbi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
229 views

Wireless LAN (Network) Security: © 2004, Cisco Systems, Inc. All Rights Reserved

WLAN security - is the process of preventing unauthorized access or damage to computers (damage data or damage application) using wireless network. WLAN vulnerabilities: 1Weak device - only authentication - Client device are authenticated, user aren't authenticated 2Weak data encryption 3No message integrity WLAN threats: 1Unstructured threats: - it happened by hackers, they use simple tools to steal the passwords.

Uploaded by

meme saleh alharbi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 15

Wireless LAN (network) security

© 2004, Cisco Systems, Inc. All rights reserved. 1


Wireless security

• - Is the process of preventing unauthorized access or damage to


computers (damage data or damage application) using wireless network .
• - WLAN vulnerabilities:
• 1- Weak device – only authentication
• - Client device are authenticated , user aren’t authenticated
• 2- Weak data encryption
• 3- No message integrity

• WLAN threats
• 1- Unstructured threats :
• - It happened by hackers who aren’t technical , they use simple tools to
steal the passwords.

© 2004, Cisco Systems, Inc. All rights reserved. 2


WLAN threats

2- Unstructured threats:
- It happened by hackers who are more technical
- - They can know the network vulnerabilities then they can provide a
script or a code or a program to use it in accessing to the network.
- 3- External threats:
- - It may be happened by a person or organized group from the
outside of the network , they aren’t authorized to access to the
network.
• 4- Internal threats :
• - It happened by a person who is has the permission and authorized
to access to the network from the internal employees , he can
damage the network.

© 2004, Cisco Systems, Inc. All rights reserved. 3


WLAN threats

Spy
-To gather information isn’t allowed to be known

-Access
- Unauthorized person access to the network ( doesn’t have any
account ), he can access by guessing the password or he know that the
password is weak.

-DOS (Denial Of Service)


-- Disable or corrupts wireless network.
-- The more danger and is difficult to prevent.

© 2004, Cisco Systems, Inc. All rights reserved. 4


The development of a good security
-1-Provide a process to audit existing wireless security.
-2- Provide a general frame work for implementing
security.
-3- Define behavior that is allowed and that isn’t allowed .
-4- Help determine which tools are needed for the
organization.
-5- Help communication among a group of key decision
makers and define responsibilities of users and
administrators.
-6- Define a process for handling wireless breaches.
-7- Create a basic for legal action.
© 2004, Cisco Systems, Inc. All rights reserved. 5
First generation wireless security

1- SSID – (Security Set Identifier) :


-Basic form of security.
1- to – 32 character (ASCII code)
-For clients and access points.

-Most of Access Points (APs) have options like:

-1- (SSID broadcast):


- It advertise the SSID , so it is easy to be known by any person
- This option is enabled by default , so for security must set to be
disabled .

-2- (Allow any SSID):


- Allow clients to access the wireless network with blank SSID , or with
any SSID .

© 2004, Cisco Systems, Inc. All rights reserved. 6


First generation wireless security

2 – MAC – based authentication


Each Access Point (AP) have a list of valid MAC – address ,or it being
saved on a centralized server , this can know which devices allowed to
access the network and prevent unauthorized devices by the MAC –
address .

- The problem in this way is that the MAC- addresses unencrypted , so


it is easy to be known.

© 2004, Cisco Systems, Inc. All rights reserved. 7


Authentication Process

• On a wired network, authentication is implicitly provided by the physical


cable from the PC to the switch.
• Authentication is the process to ensure that stations attempting to
associate with the network (AP) are allowed to do so.
• 802.11 specifies two types of authentication:
Open-system
Shared-key (makes use of WEP)
© 2004, Cisco Systems, Inc. All rights reserved. 8
Authentication Type: Open System Authentication

• The following steps occur when two devices use Open System Authentication:
The station sends an authentication request to the access point.
The access point authenticates the station.
The station associates with the access point and joins the network.
• The process is illustrated below.

© 2004, Cisco Systems, Inc. All rights reserved. 9


Open Authentication and WEP

Associated but data


cannot be sent or
received, since it
cannot be
unencrypted.
There is no
verification of the
user or machine ,
tied to a WEP key
• In some configurations, a client can associate to the access point with an
incorrect WEP key or even no WEP key.
The AP must be configured to allow this (coming).
• A client with the wrong WEP key will be unable to send or receive data, since the
packet payload will be encrypted.
• Keep in mind that the header is not encrypted by WEP.
• Only the payload or data is encrypted.
© 2004, Cisco Systems, Inc. All rights reserved. 10
Two methods 802.11 standard defines for clients
to connect to an access point

2- Shared key authentication:


- Require the client and the access point to have the same WEP
key.
- Access Point (AP) using shared key authenticated send a
challenge text packet to the client .
- If client has the wrong key or no key , it will fail (client fail)

© 2004, Cisco Systems, Inc. All rights reserved. 11


Encryption

- WEP ( Wired Equivalent Privacy )


- IEEE 802.11 standard include WEP ( Wired Equivalent Privacy ) to
protect authorized user of WLAN from attack .
-Is a technology which encrypt the traffic on your network.
- When using WEP , both the wireless client and the access point must
have a matching WEP key.
WEP keys :
First scheme : Set of up to four default key are shared by all station ,
so when the keys are distributed over the stations , it is easy to be
known by unauthorized person .
-Second scheme :
- Each client establish a key mapping relationship with other station.
- This is more secure
© 2004, Cisco Systems, Inc. All rights reserved. 12
Wi- Fi Protected Access (WPA)
-Wi- Fi Protected Access (WPA) More stronger than (WEP)
- WPA has two modes :
- 1- Personal :
- For small installation ( single password).

-2- Enterprise :
- For large installation ( username , password).

End- to – End Encryption


-Mean that all conversation is encrypted from your PC to the service or
the station you talking to.

-SSL ( Secure Socket Layer) – The most common , it makes private


conversation.
-SSH ( Secure Shell) - end – to – end method of encryption , make
the same job of telnet protocol put the connection is encrypted.
© 2004, Cisco Systems, Inc. All rights reserved. 13
Wireless security protocols

-1- WPA2
- Version of the final 802.11i standard .
- Support EAP (Extensible Authentication Protocol) authentication
method .

-2- 802.1x
- IEEE standard for access of wireless and wired LANs , Provide
authentication and authorization of LAN nodes .
- Define (EAP) protocol which use central authentication server.

- 3- LEAP ( Light Weight Extensible Authentication Protocol )


- Based on 802.1x , help minimize the original security flaws by using
WEP .
- Also use MAC –address authentication.
© 2004, Cisco Systems, Inc. All rights reserved. 14
Wireless security protocols

-4- PEAP ( Protected Extensible Authentication Protocol)


- Allow for a secure transport of data , password and encryption key
without the need of a certificate server .

-5- TKIP (Temporal Key Integrity Protocol)


- Provide a message integrity check .
- Part of IEEE 802.11i.

- 6- RADIUS (Remote Authentication Dial User and Service)


- Is AAA protocol ( Authentication , Authorization , and Accounting) .

© 2004, Cisco Systems, Inc. All rights reserved. 15

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy