Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wireless network security


Published on


Published in: Technology
  • Be the first to comment

  • Be the first to like this

Wireless network security

  1. 1. Securing a Wireless Network<br />
  2. 2. Wireless Network Security<br />Presented by :<br />Aurobindo Nayak Regd.No.>0701288307<br />
  3. 3. AGENDA:<br />Wireless network overview<br />IEEE Specifications<br />Security considerations<br />Security vulnerabilities<br />Solutions and precautions<br />Questions and comments<br />
  4. 4. Wi-Fi is an abbreviation for Wireless Fidelity and a catch all phrase for the several different standards and recommendations that comprise wireless networking. <br />Wi-Fi enables the user to deploy a computer network without needing to run cable throughout the facility.<br />What is Wi-Fi: <br />
  5. 5. Standards:<br />IEEE 802.11.b –2.4GHz – 11Mbps<br />IEEE 802.11.a – 5GHz – 54 Mbps<br />IEEE 802.11g – 2.4Ghz – Hybrid 11/54Mbps <br />
  6. 6. IEEE 802.11.a 5GHz – 54Mbps<br />International standard for wireless networking that operates in the 5 GHz frequency range (5.725 GHz to 5.850 GHz) with a maximum 54 Mbps data transfer rate. The 5 GHz frequency band is not as crowded as the 2.4 GHz frequency, because the 802.11a specification offers more radio channels than the 802.11b. These additional channels can help avoid radio and microwave interference. <br />Cost of 802.11a equipment is approximately twice that of 802.11b and current deployment is limited.<br />
  7. 7. IEEE 802.11.b 2.4GHz – 11Mbps<br />International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 2.4835 GHz) and provides a throughput of up to 11 Mbps with a range of just over 300 feet indoors. This is a very commonly used frequency. Microwave ovens, cordless phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band. <br />802.11b enables transfers of up to 11 Mbps. Comparable to 10BaseT in speeds, 802.11b is the most common wireless standard deployed today. In comparison T1 speeds are 1.54Mbps and DSL is normally in the 640Kbps range.<br />
  8. 8. Securing a Wireless Network: <br />Most wireless networks today use the 802.11 standard for communication. 802.11b became the standard wireless ethernet networking technology for both business and home in 2000. The IEEE 802.11 Standard is an interoperability standard for wireless LAN devices, that identifies three major distribution systems for wireless data communication: <br />Direct Sequence Spread Spectrum (DSSS) Radio Technology<br />Frequency Hopping Spread Spectrum (FHSS) Radio Technology<br />Infrared Technology<br />
  9. 9. Independent Basic Service Set (IBSS) <br />
  10. 10. [Basic Service Set (BSS)] Network<br />
  11. 11. Extended Service Set (ESS) Network <br />
  12. 12. Security (Encryption, Content Filtering, Privacy, etc.)<br />Encryption:<br /><ul><li>Encryption on the pubic network can be used but would create administrative overhead. Encryption keys would have to be changed regularly and anyone using their own laptop would have to be given the key.
  13. 13. Encryption works best in a network that does not allow people to use their own laptops.</li></li></ul><li>Content Filtering & Proxy Servers:<br /><ul><li>Web content filtering that has generally been software on the desktop would have to be handled by a server if people are allowed to use their own laptops.
  14. 14. Proxy servers allow you to control what information people have access to. This is a good practice anyway, allowing you to control at a global level what information travels over your network. It also allows you to track usage.</li></li></ul><li>Security Vulnerabilities:<br /><ul><li>packet sniffing - war drivers; hi-gain antenna
  15. 15. War driver mapping
  16. 16. Antenna on the Cheap (er, Chip) - Pringle's can’s antenna
  17. 17. traffic redirection - modifying ARP tables
  18. 18. resource stealing - using a valid station's MAC address
  19. 19. rogue networks and station redirection [network administrators also rely on manufacturers' default Service Set IDentifiers (SSIDs)
  20. 20. DoS (any radio source including 2.4 Ghz cordless phones)</li></li></ul><li><ul><li>WEP uses the RC4 encryption algorithm, known as a stream cipher. A stream cipher expands a short key into infinite pseudo-random key stream. The sender XORs the key stream with the plaintext to produce cipher text. The receiver has a copy of the same key, and uses it to generate identical key stream. XORing the key stream with the cipher text yields the original plaintext.
  21. 21. If an attacker flips a bit in the cipher text, then upon decryption, the corresponding bit in the plaintext will be flipped. Also, if an eavesdropper intercepts two cipher texts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. Once one of the plaintexts becomes known, it is trivial to recover all of the others.
  22. 22. IEEE 802.1X: This standard, supported by Windows XP, defines a framework for MAC-level authentication. Susceptible to session-hijacking and man-in-the-middle attacks. </li></li></ul><li>Security Solutions:<br /><ul><li>Advanced Encryption Standard (AES) encryption [IEEE 802.11i]
  23. 23. "Key-hopping" technology that can change the encryption key as often as every few seconds.
  24. 24. EAP-TTLS (Extensible Authentication Protocol (EAP) -Tunneled Transport Layer Security)
  25. 25. Enhanced Security Network (ESN) - Extended Service Set with : </li></ul>enhanced authentication mechanism for both STAs and APs based on 802.11x <br />enhanced data encapsulation using AES <br />dynamic, association-specific cryptographic keys <br />key management <br />
  26. 26. Wireless Protocol Analyzers:<br /><ul><li>check for unknown MAC (Media Access Control) addresses and alert the network manager
  27. 27. log attempts to gain unauthorized access to the network
  28. 28. filter access attempts based on the type of network card
  29. 29. conduct site survey of traffic usage
  30. 30. find dead zones in the wireless network</li></li></ul><li>Wireless Security Precautions<br />Change default names <br />Add passwords to all devices <br />Disable broadcasting on network hubs <br />Don't give the network a name that identifies your company <br />Move wireless hubs away from windows <br />Use the built-in encryption <br />Disable the features you don't use <br />Put a firewall between the wireless network and other company computers <br />Encrypt data <br />Regularly test wireless network security<br />
  31. 31. Questions?<br /> Comments?<br />