It is a PPT on Wireless LAN Security,made by ARPIT BHATIA(student of Sri Guru Nanak Public School, Adarsh Nagar) for Informatics Practices project.It has all necessary information with pictures about the wireless LAN. This PPT is made only for Educational Purpose.
4. Contents
❖ Acknowledgement
❖ Introduction
❖ Components of Wireless LAN
❖ Use of Wireless LAN
❖ Advantages in Wireless LAN
❖ Disadvantages in Wireless LAN
❖ Threats to wireless environments
❖ Types of Risks in Wireless LAN
❖ Known Risks
❖ Security Options
❖ Security Measures in Wireless Network
❖ Bibliography
5. I would like to express my special thanks of gratitude to my teacher MS. RICHA
mam who gave me the golden opportunity to do this wonderful project on the topic
Wireless LAN Security , which also helped me in doing a lot of Research and i came
to know about so many new things .
I am really thankful to them .
Secondly i would also like to thank my parents and friends who helped me a lot in
finishing this project within the limited time.
Acknowledgement
6. Introduction
➢ A wireless local area network (LAN) is a flexible data communications system
implemented as an extension to, or as an alternative for, a wired LAN.
➢ With Wireless Networking, no cables or wires are needed to network your computers
and share your Internet connection.
➢ Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity)
standards are one of today's fastest growing technologies in businesses, schools, and
homes, for good reasons.
7. Introduction
➢ WLANs offer a quick and effective extension of a wired network or
standard LAN.
➢ They provide mobile access to the Internet and to enterprise networks
so users can remain connected away from their desks.
➢ With a simple access point attached to the wired network, personal
computers, laptops, handheld devices, printers, and other network
devices can connect with the wired network at broadband speeds.
8. Components of Wireless LAN
➢ACCESS POINT~ A wireless Access Point (AP) is a device that allows wireless devices to connect
to a wired network using Wi-Fi, or related standards. The AP usually connects to a router (via a wired
network) as a standalone device, but it can also be an integral component of the router itself.
9. Components of Wireless LAN
➢ Bridge~ A wireless bridge is a hardware component used to connect two or more network
segments (LANs or parts of a LAN) which are physically and logically (by protocol) separated. It does not
necessarily always need to be a hardware device, as some operating systems (such as Windows,
GNU/Linux, Mac OS X and Freebsd) provide software to bridge different protocols.
10. Components of Wireless LAN
➢NIC~ A wireless network interface controller (NIC) is a network interface controller which connects
to a radio-based computer network rather than a wire-based network.A NIC is an essential component
for wireless desktop computer. This card uses an antenna to communicate through microwaves. A NIC in
a desktop computer usually is connected using the PCI bus.
11. Components of Wireless LAN
➢ANTENNA~ An
antenna (or aerial) is
an electrical device
which converts
electric power into
radio waves, and vice
versa. It is usually
used with a radio
transmitter or radio
receiver.
12. Components of Wireless LAN
➢AAA SERVER~ An AAA server is a server program that handles user requests for access to
computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA)
services.
13. Components of Wireless LAN
➢NMS SERVER~
Network monitoring is
the use of a system that
constantly monitors a
computer network for
slow or failing
components and that
notifies the network
administrator (via email,
SMS or other alarms) in
case of outages. It is part
of network
management.
14. Use of Wireless LAN
★Education
Connectivity to the University Network
for collaborative class activities.
Ability to access research sources without
requiring a hard point.
15. Use of Wireless LAN
★Finance
Facilitates electronic payments for goods
and services.
Improve the speed and quality of trades.
16. Use of Wireless LAN
★Manufacturing
Link factory floor workstations to servers.
Remote data collections.
Tracking of goods.
17. Advantages of Wireless LAN
❖ Productivity and convenience advantage
❖ Installation speed and simplicity
❖ Reduced cost of ownership
❖ Installation flexibility
❖ Scalability
❖ Mobility
19. Threats to WLAN
Environments
All wireless computer systems face security threats that
can compromise its systems and services. Unlike the wired
network, the intruder does not need physical access in
order to pose the following security threats:
20. ❏Eavesdropping
➢ This involves attacks against the confidentiality of
the data that is being transmitted across the
network.
➢ In the wireless network, eavesdropping is the most
significant threat because the attacker can
intercept the transmission over the air from a
distance away from the premise of the company.
21. ❏Tampering
➢ The attacker can modify the content of the
intercepted packets from the wireless network and
this result in a loss of data integrity.
22. ❏Unauthorised access
and spoofing
➢ The attacker could gain access to privileged data and resources in
the network by assuming the identity of a valid user. This kind of
attack is known as spoofing.
➢ To overcome this attack, proper authentication and access control
mechanisms need to be put up in the wireless network.
23. ❏Denial of Service
➢ In this attack, the intruder floods the network with
either valid or invalid messages affecting the
availability of the network resources.
➢ The attacker could also flood a receiving wireless
station thereby forcing to use up its valuable battery
power.
24. ❏Other Security
Threats
➢ The other threats come from the weakness in the
network administration and vulnerabilities of the
wireless LAN standards
➢ For e.g. the vulnerabilities of the Wired Equivalent
Privacy (WEP), which is supported in the IEEE 802.11
wireless LAN standard.
25. Concerns in Wireless LAN
● Anyone within the geographical network range of an
open, unencrypted wireless network can 'sniff' or record
the traffic, gain unauthorized access to internal network
resources as well as to the internet.
● If router security is not activated or if the owner
deactivates it for convenience, it creates a free hotspot.
27. Internal RIsks
❖ Rogue WLANs~ Unauthorized, “rogue” wireless LANs are clearly a
foreseeable internal risk to the security, confidentiality, and integrity of
customer information.
❖ Insecure WLANs~ Insecure wireless LANs are a recognized security
risk. While wireless LANs are often deployed for their productivity
benefits, security is often an afterthought.
❖ WLAN Policy violation~ WLAN policy violations are a recognized
internal risk to the security, confidentiality, and integrity of customer
information.
28. External Risks
❖ Network Eavesdropping~ Because wireless communication is
broadcast over radio waves, eavesdroppers who merely listen to the
airwaves can easily pick up unencrypted messages. Additionally,
messages encrypted with the Wired Equivalent Privacy (WEP) security
protocol.
❖ Theft of WLAN credentials~ The theft of an authorized WLAN
user’s identity poses one the greatest threats. Service Set Identifiers
(SSIDs) that act as crude passwords and Media Access Control (MAC)
addresses that act as personal identification numbers are often used to
verify that clients are authorized to connect with an access point.
29. Known Risks
❏ Insertion attacks
❏ Interception & unauthorized
monitoring
❏ Jamming
❏ Client to client attacks
❏ Brute force attacks
❏ Encryption attacks
❏ Misconfigurations
30. Security Options
1. For closed networks (home users and organization) configure
access restrictions in the access points.
1. For commercial providers it should to be isolated wireless network.
1. End to end encryption.
❏ There are three principle ways to secure a
wireless lan .
32. ❖SSID Hiding
● A simple but effective method to attempt to secure a wireless
network is to hide the SSID (Service Set Identifier). This provides
very little protection against anything but the most casual
intrusion efforts.
Additionally, devices which are configured to connect to a network
which does not broadcast its SSID may try to connect to the
network by broadcasting for the network, a behavior which
reveals the SSID to wireless snoopers in the vicinity of the device.
33. ❖Mac ID Filtering
● In computer networking, MAC Filtering (or GUI filtering, or layer
2 address filtering) refers to a security access control method
whereby the 48-bit address assigned to each network card is used
to determine access to the network.
One of the simplest techniques is to only allow access from known,
pre-approved MAC addresses. Most wireless access points contain
some type of MAC ID filtering. However, an attacker can simply
sniff the MAC address of an authorized client and spoof this
addresses.
34. Addressing
Typical wireless access points provide IP addresses to clients via
DHCP. Requiring clients to set their own addresses makes it
more difficult for a casual or unsophisticated intruder to log
onto the network, but provides little protection against a
sophisticated attacker.
35. ❖802.11 Security
IEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It
is part of the IEEE 802.1 group of networking protocols. It provides an
authentication mechanism to devices wishing to attach to a LAN or WLAN.
IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol
(EAP) over IEEE 802, which is known as "EAP over LAN" or EAPOL.
EAPOL was originally designed for IEEE 802.3 Ethernet in 802.1X-2001, but was
clarified to suit other IEEE 802 LAN technologies such as IEEE 802.11 wireless
and Fiber Distributed Data Interface (ISO 9314-2) in 802.1X-2004.
36. ❖Restricted
access Networks
Solutions include a newer system for authentication, IEEE
802.1x, that promises to enhance security on both wired and
wireless networks. Wireless access points that incorporate
technologies like these often also have routers built in, thus
becoming wireless gateways.
37. Encryption
With encryption on the router level or VPN, a single switch encrypts all traffic, even
UDP and DNS lookups. With end-to-end encryption on the other hand, each
service to be secured must have its encryption "turned on", and often every
connection must also be "turned on" separately.
For sending emails, every recipient must support the encryption method, and must
exchange keys correctly. For Web, not all websites offer https, and even if they
do, the browser sends out IP addresses in clear text.
The disadvantage with the end-to-end method is, it may fail to cover all traffic.
38. ❖802.11i Security
The newest and most rigorous security to implement into WLAN's today is the
802.11i RSN-standard. This full-fledged 802.11i standard (which uses WPAv2)
however does require the newest hardware (unlike WPAv1), thus potentially
requiring the purchase of new equipment. This new hardware required may be
either AES-WRAP (an early version of 802.11i) or the newer and better AES-
CCMP-equipment.
One should make sure one needs WRAP or CCMP-equipment, as the 2 hardware
standards are not compatible.
39. ❖WAPI
WAPI stands for WLAN Authentication and Privacy Infrastructure.
WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese National
Standard for Wireless LANs (GB 15629.11-2003). Although it was allegedly
designed to operate on top of WiFi, compatibility with the security protocol used
by the 802.11 wireless networking standard developed by the IEEE is in dispute.
Due to the limited access of the standard (only eleven Chinese companies had
access), it was the focus of a U.S.-China trade dispute
40. ❖Smart cards, USB tokens
and Software tokens
This is a very strong form of security. When combined with some server software,
the hardware or software card or token will use its internal identity code
combined with a user entered PIN to create a powerful algorithm that will very
frequently generate a new encryption code.
This is a very secure way to conduct wireless transmissions. Companies in this area
make USB tokens, software tokens, and smart cards.
Currently the safest security measures are the smart cards / USB tokens.
41. ❖RF Shielding
It’s practical in some cases to apply specialized wall paint and
window film to a room or building to significantly attenuate
wireless signals, which keeps the signals from propagating
outside a facility.
This can significantly improve wireless security because it’s
difficult for hackers to receive the signals beyond the
controlled area of an enterprise, such as within parking lots.