A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
this ppt is useful for both b.e/b.tech students as well as for mca students. in this ppt u will find different types of security issues in manet and their countermeasures.
An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
In this talk, we will explain the functioning of Wireless LANs in theory and in practice.
We will present the IEEE 802.11 standard in general and MAC protocols in particular, by discussing the functions of MAC sublayer management entity and the MAC layer frames in detail.
We will discuss the changes in the states of a WiFi client as it goes through the process of WiFi communication.
Towards the end, we will briefly talk about various vantage points ( at the client side as well as in the air ) that allow us to capture network traffic.
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
Small Brief on Next Generation SD-WAN
Dynamic business landscape and uncompromised demands of applications and users have driven dramatic transformation in IT Networking after many years of relative stability. Frequent changes in technologies are shifting networking from static Infrastructure to more agile, secured, future ready and hybrid-cloud infrastructure. This created un-precedented network management complexities that has become a growing concern for the enterprise.
Early Generation of SD-WAN providers were primarily focused on cost reduction via replacing MPLS with low-cost broadband.
Infinxt Next Generation SD-WAN handles data and network security with in-built NGFW, SLA based Application Performance Enhancement, Traffic Shaping, Multi/ Hybrid Cloud App aware routing, in addition to the traditional SD-WAN features
Infinxt Product Variants
1. Infinxt – Next Generation SD-WAN
Infinxt provides you with the best of the SD-WAN features that can address any of your WAN challenges. The device itself being a Zone based firewall, provides application visibility and control. The decoupled Data Plane and Control plane provides you with the needed flexibility and efficiency in addressing Day 0, Day 1 and Day 2 challenges.
The solution is industry and business agnostic whereby it would be able to meet any type of WAN requirements. The offering being indigenously made would be able to address unique requirements for niche industries too through customization
Features
2. Infinxt - Next Generation Firewall Powered by Palo Alto Networks
Legacy firewall security solutions react to new threats. Intelligent network security stays ahead of attackers and increases business agility. Infinxt SD-WAN comes with a pre-hosted Palo Alto Networks VM in the Infinxt iEdge devices. This offering is a boon for customers to convert their branches into next generation secured branches with the NGFW security capability of Palo Alto Networks.
3. Infinxt - Next Generation Secure SD-WAN Powered by Palo Alto Networks
The Secure Next Generation SD-WAN offering from Infinity Labs provides its customers with the best of both Network connectivity and Application security. It’s a unique combination where both the VMs are service chained to leverage their proficiency to provide a secured application experience to the users. Along with SD-WAN features it also gives NGFW features Powered by Palo Alto Networks.
Infinxt SD-WAN Console gives a Single UI for both SD-WAN and NGFW for ease of Network Operation and Management.
This feature gives the enterprises a unique proposition to have Palo Alto NGFW on tried and tested Infinxt Edge Device.
Palo Alto Networks Advantages
The Differences Between Bluetooth, ZigBee and WiFiMostafa Ali
Understanding Differences Between Bluetooth, ZigBee and WiFi.
It's not about what is the best it's just a description, the best you have to choose for your project what is suitable more?
This is the the technology which is very basic understanding on Wi- Fi technology..
What is Wi-Fi technology and how is working and also the advantages of wi-fi.....
this ppt is useful for both b.e/b.tech students as well as for mca students. in this ppt u will find different types of security issues in manet and their countermeasures.
An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
In this talk, we will explain the functioning of Wireless LANs in theory and in practice.
We will present the IEEE 802.11 standard in general and MAC protocols in particular, by discussing the functions of MAC sublayer management entity and the MAC layer frames in detail.
We will discuss the changes in the states of a WiFi client as it goes through the process of WiFi communication.
Towards the end, we will briefly talk about various vantage points ( at the client side as well as in the air ) that allow us to capture network traffic.
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
Small Brief on Next Generation SD-WAN
Dynamic business landscape and uncompromised demands of applications and users have driven dramatic transformation in IT Networking after many years of relative stability. Frequent changes in technologies are shifting networking from static Infrastructure to more agile, secured, future ready and hybrid-cloud infrastructure. This created un-precedented network management complexities that has become a growing concern for the enterprise.
Early Generation of SD-WAN providers were primarily focused on cost reduction via replacing MPLS with low-cost broadband.
Infinxt Next Generation SD-WAN handles data and network security with in-built NGFW, SLA based Application Performance Enhancement, Traffic Shaping, Multi/ Hybrid Cloud App aware routing, in addition to the traditional SD-WAN features
Infinxt Product Variants
1. Infinxt – Next Generation SD-WAN
Infinxt provides you with the best of the SD-WAN features that can address any of your WAN challenges. The device itself being a Zone based firewall, provides application visibility and control. The decoupled Data Plane and Control plane provides you with the needed flexibility and efficiency in addressing Day 0, Day 1 and Day 2 challenges.
The solution is industry and business agnostic whereby it would be able to meet any type of WAN requirements. The offering being indigenously made would be able to address unique requirements for niche industries too through customization
Features
2. Infinxt - Next Generation Firewall Powered by Palo Alto Networks
Legacy firewall security solutions react to new threats. Intelligent network security stays ahead of attackers and increases business agility. Infinxt SD-WAN comes with a pre-hosted Palo Alto Networks VM in the Infinxt iEdge devices. This offering is a boon for customers to convert their branches into next generation secured branches with the NGFW security capability of Palo Alto Networks.
3. Infinxt - Next Generation Secure SD-WAN Powered by Palo Alto Networks
The Secure Next Generation SD-WAN offering from Infinity Labs provides its customers with the best of both Network connectivity and Application security. It’s a unique combination where both the VMs are service chained to leverage their proficiency to provide a secured application experience to the users. Along with SD-WAN features it also gives NGFW features Powered by Palo Alto Networks.
Infinxt SD-WAN Console gives a Single UI for both SD-WAN and NGFW for ease of Network Operation and Management.
This feature gives the enterprises a unique proposition to have Palo Alto NGFW on tried and tested Infinxt Edge Device.
Palo Alto Networks Advantages
The Differences Between Bluetooth, ZigBee and WiFiMostafa Ali
Understanding Differences Between Bluetooth, ZigBee and WiFi.
It's not about what is the best it's just a description, the best you have to choose for your project what is suitable more?
This is the the technology which is very basic understanding on Wi- Fi technology..
What is Wi-Fi technology and how is working and also the advantages of wi-fi.....
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
Device to device (D2D) communications facilitate proximal devices to directly communicate with each other, by passing cellular base stations or access points, and bring many benefits such as improvement in both spectral efficiency and energy efficiency. Among existing D2D enabling techniques, the recently released Wi-Fi Direct is one promising protocol that offers high data rate D2D communications in local areas.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
2. WIRELESS NETWORKS-OVERVIEW
Wireless networks have become common place in the past few
years in homes and offices.
Wireless networks have had a significant impact in our society by
enabling:
individuals to transport laptops and other devices to and from
meetings in office buildings, increasing employee productivity.
Devices within close range to synchronize without a physical
connection.
Mobile users to receive email, messages etc while on the move.
Connection to the internet, throughout a home, without time
consuming and difficult task of running cable through the structure
of the home.
3. WIRELESS NETWORKING-INTRODUCTION
Wireless networks (LANs) function in one of two ways:
Clients connect to a central access point (AP) which acts as a
hub to other clients and to a wired network, or
Clients connect in an ad-hoc peer to peer mode.
Examples of wireless networks:
In homes and offices, laptops utilize WLAN technologies.
Mobile devices like smart phones n PDAs use cellular technology
to communicate.
Devices synchronize themselves over very short ranges to other
devices or networked desktops through bluetooth standard.
4. SERVICE SET IDENTIFIER (SSID)
One way to connect to a LAN is through AP.
Clients need to locate AP and connect to it.
APs facilitate their ability to be located by broadcasting a Service
Set Identifier at a fixed interval, typically 10 times per second, but
the broadcast time may be configurable by the administrator of
the AP.
SSID is just the name of the AP which may be used by clients to
connect to the wireless network.
Clients, equipped with a wireless NIC, will see a list of available
AP’s SSIDs. The client may then select from the available AP’s
SSIDs.
If the AP is unsecured, the client may connect to the network,
allowing it to use the network resources supported by that AP
without authentication, otherwise authentication will be required.
5. IEEE 802.11 STANDARDS
These standards can be segmented into two different categories:
Basic communication standards
Security standards that help protect the exchange of information
through the communication channel.
Communication Standards:
802.11A
802.11B
802.11G
Year Released
1999
1999
2003
Communication Band
5GHz
2.4 GHz
2.4GHz
Bandwidth
54Mbps
11Mbps
54Mbps
Communication
Distance
50 m
100 m
100 m
Channels
8
14
14
Compatibility
none
G
B
6. IEEE 802.11 STANDARDS (CONTD.)
Security standards:
WEP
WPA
WPA2
Year Ratified
1999
2003
2004
Key Size
40 bit
128 bit
128,192 or 256 bit
Key State
Static
Dynamic
Dynamic
Central Key Management
None
RADIUS
RADIUS
Authentication
WEP Key Challenge
802.1x authentication
protocol with
Extensible
Authentication Protocol
802.1x authentication
protocol with Extensible
Authentication Protocol
Temporal Key Integrity
Protocol (TKIP)
TKIP and AES for client
to client
802.11a,b,g
802.11a,b,g
Encryption Scheme
Device Compatibility
802.11a,b,g
7. WIRED EQUIVALENT PRIVACY (WEP)
Protection mechanism offered by IEEE 802.11 standard.
Operates on the Media Access Control (MAC) layer.
Aim is to provide data privacy equivalent to the level of wired
network.
WEP algorithm is used to protect wireless communication from
eavesdropping.
WEP design objectives:
It was not designed to be the ultimate “killer” security feature.
The intention was to make it hard to break in.
8. WEP ENCRYPTION
Based on symmetric shared key encryption, uses RC4 stream
cipher.
Plain text
Plain text
CRC
XOR
IV
key
Secret
RC4
Keystrea
m
IV
Ciphertext
Ciphertext
10. WEP VULNERABILITY
IV mechanism has made the protocol vulnerable.
The IEEE 802.11 does not specify how to generate IVs.
Uses 40 or 104 bit keys with 24 bits IV.
RC4 keystream repeats if IVs are repeated, major flaw in the
WEP design/implementation.
Attacker can identify when IV collision occurs.
Attacker can pick two packets derived from the same key and
obtain the unknown plaintext using C1 XOR C2 = P1 XOR P2.
Same IV can be used with every packet.
Cannot differentiate between the forged packets and the original
packets.
Difficult to keep secret, when the same key is shared among
multiple users/devices.
11. WEP WEAKNESSES
At the time of WEP’s introduction, cryptographic keys for export to
international markets was limited to 40 bit keys.
To further compound the weakness presented by short keys, the
WEP standard uses a single, static shared key without a dynamic
key update method.
Some WEP implementations include longer keys of 128, 152 or
256 bits, but these are non-standard and therefore incompatible.
These weaknesses led to the adoption of new standards (WPA).
12. WI-FI PROTECTED ACCESS (WPA)
The WiFi Protected Access (WPA) standard, addresses all
deficiencies found in the WEP standard.
This standard was introduced by the WiFi Alliance in 2003 to
bridge the security gaps of WEP, prior to the formal adoption of
the 802.11i (WPA2) standard.
WPA is a subset of the 802.11i standard (WPA2).
The WPA security standard is designed to secure all versions of
802.11 devices, including 802.11a, 802.11b and 802.11g
13. WPA (CONTD.)
WPA can frequently be installed on WiFi certified devices as a
software upgrade.
Access Points (AP) require a software upgrade. Client
workstations require a software upgrade to their network interface
card (NIC) and possibly an additional upgrade to their operating
system (OS).
Enterprises may choose to use a Remote Authentication Dial-In
User Service (RADIUS) authentication server.
In homes, by utilizing a shared password mode, users may avoid
the additional setup and support of a RADIUS authentication
server.
14. WPA - FUNCTIONING
WPA supports a strong encryption algorithm and user
authentication. The WPA standard employs Temporal Key
Integrity Protocol (TKIP) for encryption, using 128 bit keys that
are dynamically generated.
In a corporate environment, keys are generated leveraging the
802.1X authentication protocol with Extensible Authentication
Protocol (EAP). The 802.1X protocol, adopted by the IEEE in
August of 2001, is a network access control method used on both
wired and wireless networks.
The 802.1X protocol’s use of EAP, enables the support of a
variety of user credential types, including username/password,
smart cards, secure IDs, or any other type of user identification.
Clients and Access Points (AP) authenticate against the RADIUS
server which validates client access to the network, as well as,
enabling connected clients to know they are talking to valid APs
15. WPA – FUNCTIONING (CONTD.)
In a home environment, “pre-shared keys” (PSK) or passwords
are used to provide TKIP encryption.
In the WPA standard, if enterprise security is employed, a user
supplies credentials to the RADIUS server which authenticates
the user, or if enterprise security is NOT employed, supplies a
manually entered password on the client device and Access
Point.
Once a user is authenticated, a unique master or “pair-wise” key
is created for the session. TKIP distributes the key to the client
and Access Point (AP), using the pair-wise key to generate
unique data encryption keys to encrypt every data packet that is
sent during the session.
16. WPA – FUNCTIONING (CONTD.)
A Message Integrity Check (MIC), when enterprise security
(RADIUS) is employed, prevents a “man in the middle” alteration
of packets by requiring both the sender and receiver to compute
and compare the MIC, assuming an attack and discarding the
packet if the MIC doesn’t match.
17. WI-FI PROTECTED ACCESS 2 (WPA2)
The WiFi Protected Access 2 (WPA2) standard, also known as
802.11i, is a superset of WPA.
It includes the 802.1X/EAP authentication for corporate
environments and PSK authentication for home environments.
In addition, a new encryption scheme called Advanced Encryption
Standard (AES) has been added.
Its addition is to support ad hoc networking security between
client workstations.
It supports encryption, using keys of 128, 192 or 256 bits.
The WPA2 standard is fully compatible with existing WiFi devices,
including WPA devices.
This standard was adopted in 2004.
18. VULNERABILITIES OF WIRELESS NETWORKS,
DEVICES AND PROTOCOLS
•
There are a number of vulnerabilities in the security protocols
listed above. Some of these are described here.
Insertion attacks
Insertion attacks are based on deploying unauthorized devices or
creating new wireless networks without going through security
process and review.
Unauthorized Clients – An attacker tries to connect a wireless
client, typically a laptop or PDA, to an access point without
authorization. Access points can be configured to require a
password for client access. If there is no password, an intruder
can connect to the internal network simply by enabling a wireless
client to communicate with the access point.
19. VULNERABILITIES (CONTD.)
•
Unauthorized or Renegade Access Points – An organization may
not be aware that internal employees have deployed wireless
capabilities on their network in the form of an unauthorized
access point, attached to the wired network.. This lack of
awareness could lead to the previously described attack, with
unauthorized clients gaining access to corporate resources
through the rogue access point.
20. VULNERABILITIES (CONTD.)
Interception and Monitoring of Wireless Traffic
As in wired networks, it is possible to intercept and monitor
network traffic across a wireless LAN. The attacker needs to be
within range of an access point (approximately 300 feet for
802.11b) for this attack to work, whereas a wired attacker can be
anywhere there is a functioning network connection. The
advantage for a wireless interception is that a wired attack
requires the placement of a monitoring agent on a compromised
system. All a wireless intruder needs is access to the network
data stream travelling over public air waves.
21. VULNERABILITIES (CONTD.)
Some of the monitoring techniques:
• Wireless Packet Analysis – Attacker captures wireless traffic
using techniques similar to those employed on wired networks.
Many of these tools capture the first part of the connection
session, where the data would typically include the username and
password. An intruder can then masquerade as a legitimate user
by using this captured information to hijack the user session and
issue unauthorized commands.
• Broadcast Monitoring – If an access point is connected to a hub
rather than a switch, any network traffic across that hub can be
potentially broadcast out over the wireless network. Because the
Ethernet hub broadcasts all data packets to all connected devices
including the wireless access point, an attacker can monitor
sensitive data on the wireless network, not even intended for any
wireless clients.
22. VULNERABILITIES (CONTD.)
•
Access Point Clone (Evil Twin) Traffic Interception – The
availability of WiFi in coffee shops, airports and other high-traffic
areas led to the evolution of the Evil Twin Network. The Evil Twin
is essentially a wireless version of a phishing scam - users think
they're connecting to a genuine hot spot but are actually
connecting to a rogue access point set up by a phisher. Once
connected, the attacker serves up pages mimicking actual
websites. Banking, EBay or PayPal sites are the websites of
choice. All the attacker needs is the hardware for an access point
(with a higher signal strength than the target network) and off-theshelf software tools like Karma which is a set of wireless sniffing
tools to discover clients and their preferred/trusted networks by
passively listening for 802.11 Probe Request frames. Once
identified, clients can be targeted by creating a Rogue AP for one
of their probed networks (which they may join automatically) or
using a custom driver that responds to probes and association
requests for any SSID. Higher-level fake services can then
capture credentials or exploit client-side vulnerabilities on the
host.
23. VULNERABILITIES (CONTD.)
Jamming
Denial of service attacks are also easily applied to wireless
networks, where legitimate traffic can not reach clients or the
access point because illegitimate traffic overwhelms the
frequencies. An attacker with the proper equipment and tools can
easily flood the 2.4 GHz frequency (or the other frequencies in
which WiFi operates), corrupting the signal until the wireless
network ceases to function. In addition, cordless phones,baby
monitors and other devices that operate on the 2.4 GHz band can
disrupt a wireless network using this frequency. These denials of
service attacks can originate from outside the work area serviced
by the access point, or can inadvertently arrive from other WiFi
devices installed in other work areas that degrade the overall
signal.
24. CLIENT-TO-CLIENT ATTACKS
Two wireless clients can talk directly to each other, bypassing the
access point. Users therefore need to defend clients not just
against an external threat but also against each other
•
• File Sharing and Other TCP/IP Service Attacks – Wireless
•
clients running TCP/IP services such as a Web server or file
sharing are open to the same exploits and misconfigurations as
any user on a wired network.
• DOS (Denial of Service) – A wireless device floods another
wireless client with bogus packets, creating a denial of service
attack. In addition, duplicate IP or MAC addresses, both
intentional and accidental, can cause disruption on the network.
25. BRUTE FORCE ATTACKS AGAINST ACCESS POINT
PASSWORDS
Most access points use a single key or password that is shared
with all connecting wireless clients. Brute force dictionary attacks
attempt to compromise this key by methodically testing every
possible password. The intruder gains access to the access point
once the password is guessed.
In addition, passwords can be compromised through less
aggressive means. A compromised client can expose the access
point. Not changing the keys on a frequent basis or when
employees leave the organization also opens the access point to
attack. Managing a large number of access points and clients
only complicates this issue, encouraging lax security practices .
26. The following tools to automate WEP cracking were developed
• WEPCrack
• AirSnort
In response to the weaknesses in WEP new security mechanisms
were developed.
• Cisco developed the Lightweight Extensible Authentication
Protocol (LEAP)
• WiFi protected access (WPA) was developed to replace WEP. It
had 2 sub-parts WPA-PSK (Pre-Shared key)
WPA-Radius
27. MISCONFIGURATION
Many access points ship in an unsecured configuration in order to
emphasize ease of use and rapid deployment. Unless
administrators understand wireless security risks and properly
configure each unit prior to deployment, these access points will
remain at a high risk for attack or misuse. The following section
examines three leading access points, one each from Cisco,
Lucent and 3Com. Although each vendor has its own
implementation of 802.11b, the underlying issues should be
broadly applicable to products from other vendors
28. Server Set ID (SSID) – SSID is a configurable identification
that allows clients to communicate with an appropriate access
point. With proper configuration, only clients with the correct
SSID can communicate with access points. In effect, SSID
acts as a single shared password between access points and
clients. Access points come with default SSIDs. If not
changed, these units are easily compromised. Here are
common default SSID’s
29.
SSIDs go over the air as clear text if WEP is disabled, allowing
the SSID to be captured by monitoring the network’s traffic.
Another common vulnerability regarding the SSID is setting it to
something meaningful such as the AP's location or department, or
setting them to something easily guessable.
By default, the Access Point broadcasts the SSID every few
seconds in what are known as 'Beacon Frames'. While this
makes it easy for authorized users to find the correct network, it
also makes it easy for unauthorized users to find the network
name. This feature is what allows most wireless network
detection software to find networks without having the SSID
upfront.
30.
SNMP Community Passwords – Many wireless access points
run SNMP agents. If the community word is not properly
configured, an intruder can read and potentially write sensitive
data on the access point. If SNMP agents are enabled on the
wireless clients, the same risk applies to them as well
31.
Client Side Security Risk – Clients connected to an
access point store sensitive information for authenticating and
communicating to the access point. This information can be
compromised if the client is not properly configured. Cisco client
software stores the SSID in the Windows registry, and the WEP
key in the firmware, where it is more difficult to access.
Lucent/Cabletron client software stores the SSID in the Windows
registry. The WEP key is stored in the Windows registry, but it is
encrypted using an undocumented algorithm. 3Com client
software stores the SSID in the Windows registry. The WEP key
is stored in the Windows registry with no encryption.
32. POSSIBLE LOSSES
•
•
The possible losses because of WiFi vulnerabilities are the same
as in wired networking technologies plus the additional losses
because of the wireless access. These include:
Loss of network access, including email, Web, and other services
that can cause business downtime.
Loss of confidential information, including passwords, customer
data, intellectual property, and more.
•
Data interception and theft is difficult to detect and can lead to
even more losses.
•
Unauthorized access – the mobility of wireless devices means
that they are far more susceptible to loss, which could result in
the theft of information from the device. In addition, if
authentication is weak at the device level, unauthorized
individuals will gain access to sensitive information.
33. • Legal liabilities associated with unauthorized users.
• Loss of information integrity – wireless devices or data
transmission methods may not have the capability to check
data integrity, which could result in data being deleted or
altered in transmission.
• Network Abuses – Since the speed of the wireless networks is
still less compared to wired networks, any abuse on the
wireless network could impact the performance of WLAN.
For example, WLAN users will encounter network
performance degradation due to network congestion when
users are doing large file transfer across WLAN. The WLAN
802.11 standard is a shared media until after it gets onto the
network. Additionally, the protocol requires large headers for
each packet transferred.
34. • Cyber criminals have begun to use the unsecured WiFi networks of
unsuspecting consumers and businesses to help cover their tracks in
cyberspace.
Defense options: What can be done to make
wireless networks more secure ??
Based on the known threats affecting WiFi networks it is
possible to make pragmatic decisions regarding effective
defense options. However, no single defense is sufficient to
mitigate all threats; instead a multilayered approach is
required. Yet, the very nature of a multilayered approach
introduces complexities and it is important that security be
easy to implement, use, and manage. Although defense
measures are important, they are only one piece of a good
security framework. This is because a good security
framework is based on risks, defense, and deterrence