802 11 3


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

802 11 3

  1. 1. Wireless Ethernet 802.11 Presentation 3 1
  2. 2. How do we make a buck with 802.11  Setup secured hot spots for client access. Sales force that is constantly mobile. Wireless internet service Provider.  Working with communities to offer free WiFi.  Combining Office networks to share one connection.  Implementation of sound security for users. Consult and configure network security. 2
  3. 3. 802.11 Offers  Roaming freedom ◦ No longer constrained to the office ◦ Smaller devices now have same function as laptops and tablets ◦ Never have to worry about access to external and internal network resources. ◦ Real Time Data Updates – Workers in the field can receive information in real-time. ◦ High Speed Data Transmission – Very close to LAN speeds and faster then Dial up. 3
  4. 4. 802.11 Security and Privacy 4
  5. 5. Authentication and privacy  Goal: to prevent unauthorized access & eavesdropping  Realized by authentication service prior access  Open system authentication ◦ station wanting to authenticate sends authentication management frame - receiving station sends back frame for successful authentication  Shared key authentication (included in WEP*) ◦ Secret, shared key received by all stations by a separate, 802.11 independent channel ◦ Stations authenticate by a shared knowledge of the key properties  WEP’s privacy (blocking out eavesdropping) is based on ciphering: 5 *WEP: Wired Equivalent Privacy
  6. 6. 802.11 Wired Encryption Protocol  Part of 802.11 specification  Shared key – 40/104 bits  Initialization vector (IV) = 24 bits  Uses RC4 for encryption  WEP2 added, increases key length to 128 bits http://i.msdn.microsoft.com/Aa503279.Native_802_11_wep(en-us,MSDN.10).gif http://www.cs.wustl.edu/~jain/cse574-06/ftp/wireless_security/fig14.gif 6
  7. 7. 802.1x Access Control • Designed as a general purpose network access control mechanism • Not Wi-Fi specific • Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) • Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not • AP forces the user into an unauthorized state • user send an EAP start message • AP return an EAP message requesting the user’s identity • Identity send by user is then forwared to the authentication server by AP • Authentication server authenticate user and return an accept or reject message back to the AP • If accept message is return, the AP changes the client’s state to authorized and normal traffic flows 7
  8. 8. 802.1x Access Control 8
  9. 9. Wireless Protected Access (WPA) • WPA is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system. • User Authentication • 802.1x • EAP • TKIP (Temporal Key Integrity Protocol) encryption • RC4, dynamic encryption keys (session based) • 48 bit IV • per packet key mixing function • Fixes all issues found from WEP • Uses Message Integrity Code (MIC) Michael • Ensures data integrity 9