This document discusses security issues and solutions for wireless LANs. It begins by covering the standards, functionality, and uses of wireless LAN technology. It then outlines several security issues like sniffing, rogue networks, and vulnerabilities in the Wired Equivalent Privacy (WEP) protocol. Finally, it proposes some solutions for small, intermediate, and enterprise wireless network implementations including the use of VPNs, VLANs, custom authentication gateways, and the emerging 802.1x standard. The growing popularity of wireless LANs is increasing the need for improved security.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Wireless networks come in many different forms, cover various distances, and provide a range of low to
high bandwidth depending on the type installed. Wireless LAN – Wireless LAN enable Laptop users to
access the Network of a company.
An experience is a personal and emotional event we remember. Every experience is established based upon pre-determined expectations we conceive and create in our minds. It’s personal, and therefore, remains a moving and evolving target in every scenario. When our experience concludes and the moment has passed, the outcome remains in our memory. Think about what makes you happy when connecting with your own device and then think about what makes you really upset when things are hard, complicated, and slow. If the user has a bad experience in anyone of these areas (simple, fast, and smart), they are likely to leave, share their negative experience, and potentially never return. Users might forget facts or details about their computing environment but they find it difficult to forgot the feeling behind a bad network experience. When something goes wrong with the network or an application, do you always get the blame?
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
Large venues like stadiums or concert halls are challenging environments for Wi-Fi deployments. Most of today’s phones and tablets carry Wi-Fi interfaces. A safe assumption is that at least one device per person in a stadium carry a Wi-Fi interface. Monetizing those Wi-Fi interfaces with real time information of the event in the venue, targeted advertising, internet access, multimedia and social applications can create new revenues to the owner of the venue, if executed properly.
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
The line between the once mutually exclusive IT and engineering departments is beginning to blur as PC-based technologies familiar to the IT sector find their way into measurement applications. Learn how to create synergy between these two groups by understanding how enterprise security protocols apply to wireless/wired measurement systems.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Wireless networks come in many different forms, cover various distances, and provide a range of low to
high bandwidth depending on the type installed. Wireless LAN – Wireless LAN enable Laptop users to
access the Network of a company.
An experience is a personal and emotional event we remember. Every experience is established based upon pre-determined expectations we conceive and create in our minds. It’s personal, and therefore, remains a moving and evolving target in every scenario. When our experience concludes and the moment has passed, the outcome remains in our memory. Think about what makes you happy when connecting with your own device and then think about what makes you really upset when things are hard, complicated, and slow. If the user has a bad experience in anyone of these areas (simple, fast, and smart), they are likely to leave, share their negative experience, and potentially never return. Users might forget facts or details about their computing environment but they find it difficult to forgot the feeling behind a bad network experience. When something goes wrong with the network or an application, do you always get the blame?
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
Large venues like stadiums or concert halls are challenging environments for Wi-Fi deployments. Most of today’s phones and tablets carry Wi-Fi interfaces. A safe assumption is that at least one device per person in a stadium carry a Wi-Fi interface. Monetizing those Wi-Fi interfaces with real time information of the event in the venue, targeted advertising, internet access, multimedia and social applications can create new revenues to the owner of the venue, if executed properly.
Understanding IT Network Security for Wireless and Wired Measurement Applicat...cmstiernberg
The line between the once mutually exclusive IT and engineering departments is beginning to blur as PC-based technologies familiar to the IT sector find their way into measurement applications. Learn how to create synergy between these two groups by understanding how enterprise security protocols apply to wireless/wired measurement systems.
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...PinkySharma900491
Class khatm kaam kaam karne kk kabhi uske kk innings evening karni nnod ennu Tak add djdhejs a Nissan s isme sniff kaam GCC bagg GB g ghan HD smart karmathtaa Niven ken many bhej kaam karne Nissan kaam kaam Karo kaam lal mam cell pal xoxo
NO1 Uk Amil Baba In Lahore Kala Jadu In Lahore Best Amil In Lahore Amil In La...Amil baba
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
3. Uses
Key drivers are mobility and accessibility
Easily change work locations in the office
Internet access at airports, cafes, conferences,
etc.
4. Benefits
Increased productivity
– Improved collaboration
– No need to reconnect to the network
– Ability to work in more areas
Reduced costs
– No need to wire hard-to-reach areas
6. 802.11
Published in June 1997
2.4GHz operating frequency
1 to 2 Mbps throughput
Can choose between frequency hopping or
direct sequence spread modulation
7. 802.11b
Published in late 1999 as supplement to
802.11
Still operates in 2.4GHz band
Data rates can be as high as 11 Mbps
Only direct sequence modulation is specified
Most widely deployed today
8. 802.11a
Also published in late 1999 as a supplement to 802.11
Operates in 5GHz band (less RF interference than
2.4GHz range)
Users Orthogonal Frequency Division Multiplexing
(OFDM)
Supports data rates up to 54 Mbps
Currently no products available, expected in fourth
quarter
9. 802.11e
Currently under development
Working to improve security issues
Extensions to MAC layer, longer keys, and key
management systems
Adds 128-bit AES encryption
10. HiperLAN/2
Development led by the European
Telecommunications Standards Institute (ETSI)
Operates in the 5 GHz range, uses OFDM
technology, and support data rates over
50Mbps like 802.11a
11. Interoperability
802.11a and 802.11b work on different
frequencies, so little chance for interoperability
Can coexist in one network
HiperLAN/2 is not interoperable with 802.11a
or 802.11b
14. 802.11 Communication
CSMA/CA (Carrier Sense Multiple
Access/Collision Avoidance) instead of
Collision Detection
WLAN adapter cannot send and receive traffic
at the same time on the same channel
Hidden Node Problem
Four-Way Handshake
22. Security Issues and Solutions
Sniffing and War Driving
Rogue Networks
Policy Management
MAC Address
SSID
WEP
23. War Driving
Default installation allow any wireless NIC to
access the network
Drive around (or walk) and gain access to
wireless networks
Provides direct access behind the firewall
Heard reports of an 8 mile range using a 24dB
gain parabolic dish antenna.
24. Rogue Networks
Network users often set up rogue wireless
LANs to simplify their lives
Rarely implement security measures
Network is vulnerable to War Driving and
sniffing and you may not even know it
25. Policy Management
Access is binary
Full network access or no network access
Need means of identifying and enforcing
access policies
26. MAC Address
Can control access by allowing only defined
MAC addresses to connect to the network
This address can be spoofed
Must compile, maintain, and distribute a list of
valid MAC addresses to each access point
Not a valid solution for public applications
27. Service Set ID (SSID)
SSID is the network name for a wireless network
WLAN products common defaults: “101” for 3COM and
“tsunami” for Cisco
Can be required to specifically request the access
point by name (lets SSID act as a password)
The more people that know the SSID, the higher the
likelihood it will be misused.
Changing the SSID requires communicating the
change to all users of the network
28. Wired Equivalent Privacy (WEP)
Designed to be computationally efficient, self-
synchronizing, and exportable
Vulnerable to attack
– Passive attacks to decrypt traffic based on statistical analysis
– Active attacks to inject new traffic from unauthorized mobile
stations, based on known plaintext
– Dictionary-building attack that, after analysis of a day’s worth
of traffic, allows real-time automated decryption of all traffic
All users of a given access point share the same
encryption key
Data headers remain unencrypted so anyone can see
the source and destination of the data stream
29. WLAN Implementations
Varies due to organization size and security
concerns
Current technology not ideal for large-scale
deployment and management
Will discuss a few tricks that can help the
process and a few technologies under
development to ease enterprise deployments
30. Basic WLAN
Great for small (5-10 users) environments
Use WEP (some vendors provide 128-bit
proprietary solution)
Only allow specific MAC addresses to access
the network
Rotate SSID and WEP keys every 30-60 days
No need to purchase additional hardware or
software.
32. Secure LAN (SLAN)
Intent to protect link between wireless client and
(assumed) more secure wired network
Similar to a VPN and provides server authentication,
client authentication, data privacy, and integrity using
per session and per user short life keys
Simpler and more cost efficient than a VPN
Cross-platform support and interoperability, not highly
scaleable, though
Supports Linux and Windows
Open Source (slan.sourceforge.net)
34. SLAN Steps
1. Client/Server Version Handshake
2. Diffie-Hellman Key Exchange
3. Server Authentication (public key fingerprint)
4. Client Authentication (optional) with PAM on
Linux
5. IP Configuration – IP address pool and adjust
routing table
35. SLAN Client
SLAN Driver
User Space Process
Physical Driver
Client Application
ie Web Browser
Plaintext Traffic
Plaintext
Traffic Encrypted Traffic
Encrypted Traffic to
SLAN Server
Encrypted Traffic
36. Intermediate WLAN
11-100 users
Can use MAC addresses, WEP and rotate
keys if you want.
Some vendors have limited MAC storage
ability
SLAN also an option
Another solution is to tunnel traffic through a
VPN
38. VPN
Provides a scaleable authentication and
encryption solution
Does require end user configuration and a
strong knowledge of VPN technology
Users must re-authenticate if roaming between
VPN servers
41. Enterprise WLAN
100+ users
Reconfiguring WEP keys not feasible
Multiple access points and subnets
Possible solutions include VLANs, VPNs,
custom solutions, and 802.1x
42. VLANs
Combine wireless networks on one VLAN
segment, even geographically separated
networks.
Use 802.1Q VLAN tagging to create a wireless
subnet and a VPN gateway for authentication
and encryption
44. Customized Gateway
Georgia Institute of Technology
Allows students with laptops to log on to the campus
network
Uses VLANs, IP Tables, and a Web browser
No end user configuration required
– User access a web site and enters a userid and password
– Gateway runs specialized code authenticating the user with
Kerberos and packet filtering with IPTables, adding the user’s
IP address to the allowed list to provide network access
46. 802.1x
General-purpose port based network access control
mechanism for 802 technologies
Based on AAA infrastructure (RADIUS)
Also uses Extensible Authentication Protocol (EAP,
RFC 2284)
Can provide dynamic encryption key exchange,
eliminating some of the issues with WEP
Roaming is transparent to the end user
47. 802.1x (cont)
Could be implemented as early as 2002.
Cisco Aironet 350 supports the draft standard.
Microsoft includes support in Windows XP
49. Third-Party Products
NetMotion Wireless authenticates against a
Windows domain and uses better encryption
(3DES) than WEP. Also offers the ability to
remotely disable a wireless network card’s
connection.
Fortress Wireless Link Layer Security (WLLS).
Improves WEP and works with 802.1x.
Enterasys provides proprietary RADIUS
solution similar to 802.1x
50. Client Considerations
Cannot forget client security
Distributed Personal Firewalls
Strong end user security policies and
configurations
Laptop Theft Controls
51. Conclusion
Wireless LANs very useful and convenient, but
current security state not ideal for sensitive
environments.
Cahners In-Stat group predicts the market for
wireless LANs will be $2.2 billion in 2004, up
from $771 million in 2000.
Growing use and popularity require increased
focus on security