Wireless Network Security Dr. John P. Abraham Professor UTPA.

11
Wireless Network Security Dr. John P. Abraham Professor UTPA

Transcript of Wireless Network Security Dr. John P. Abraham Professor UTPA.

Page 1: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security

Dr. John P. AbrahamProfessorUTPA

Page 2: Wireless Network Security Dr. John P. Abraham Professor UTPA.

802.11 Protocols

802.11-1997 (802.11 legacy) 1997 up to 2Mbps. Used 2.4Ghz band

802.11a Theoretically 20Mbps, but could not penetrate walls, practically yielded 1Mbps. Used 5GHz band. 50’

802.11b 1999. 5Mbps. 375’ used 2.4GHz802.11g 2003. 22Mbps (theoretical 54Mbps)802.11n 2009.over 50Mbps 820’

Page 3: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Controlling Access Control connection to access points (AP) Best method – control through MAC address

– but requires registration first. Wired Equivalent Privacy (WEP) – same

secret key should installed on AP and on workstation (64 to 128 bits long – 5 to 13 characters). Know the steps for WEP encryption. P.195

Page 4: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Device Authentication Service Set Identifier (SSID) is a name associated with the

access point. This SID can be set to broadcast or not. If it is not broadcasted the user will have to know it; show all wireless networks will not show it.

The Open Systems authentication. The wireless device sends an association request frame to the AP. The frame will contain the SSID and the data rate it can support. The AP receives the frame, if the SSID matches to self, it authenticates the device.

The Shared key authentication. The WEP’s default key is used. The AP sends a challenge text to the device wanting connection. The device must encrypt challenge text with the default WEP key and return it to the AP. The AP decrypts and compares the text. It matches connection is given.

Page 5: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Vulnerabilities of 802.11 security Open system authentication is weak. The attacker only has

to know the SSID (which is mostly broadcast). Roaming is difficult if SSID is not beaconed. Even if the SSID is not beaconed, other management frames will contain SSID, and freely available tools can discover it. So turning of SSID beaconing does not give much protection.

MAC address filtering – an attacker can capture an already connected MAC address and use it get connection (spoofing). There are programs available to do this.

WEP - if longer than 128 bit number is used, the initialization vector defaults to 24 bits which can be broken easily. WEP creates detectable patterns for the attacker and an attacker now can crack it in minutes.

Page 6: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Security+ Guide to Network Security Fundamentals, Third Edition

WEP To encrypt packets WEP can use only a

64-bit or 128-bit number Which is made up of a 24-bit initialization

vector (IV) and a 40-bit or 104-bit default key

The relatively short length of the default key limits its strength

WEP implementation violates the cardinal rule of cryptography: Anything that creates a detectable pattern

must be avoided at all costs IVs would start repeating in fewer than

seven hours6

Page 7: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Personal wireless security WPA – Wi-Fi Protected Access, PSK for

authentication and TKIP for encryption. PSK (preshared key) Uses a passphrase generate

the encryption key. This must be entered both at the AP and wireless device. PSK authenticates the user and it gives a seed key for encryption.

TKIP (Temporal Key Integrity Protocol). Replaces WEP. Uses longer than 128-bity key. It can generate 280 trillion possible keys for each packet.

Page 8: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Enterprise wireless Security TKIP replaces WEP encryption and makes wireless

transmissions more secure WPA2 Enterprise security model provides the highest

level of secure authentication and encryption on wireless.

Enterprise wirless security devices can be used such as Thin Access Points, Wireless VLANs and Rogue Access Point discovery tools. Thin access points: An access point with limited

functionality, authentication and encryption is removed and placed on a wireless switch.

Wireless VLANS – to manage traffic. Rogue Access Point Discovery tools. Protocol analyzer

captures wirless traffic which is then compared with a list of known approved devices. A continuess wireless probe monitors the RF traffic.

Page 9: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Security+ Guide to Network Security Fundamentals, Third Edition

Enterprise Wireless Security Devices (continued)

9

Page 10: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Security+ Guide to Network Security Fundamentals, Third Edition 10

Page 11: Wireless Network Security Dr. John P. Abraham Professor UTPA.

Security+ Guide to Network Security Fundamentals, Third Edition 11