This document summarizes wireless network security and best practices. It discusses how wireless networks are less secure than wired due to packet sniffing and remote access. It describes common wireless attacks like man-in-the-middle and denial of service. WEP encryption is shown to be flawed and easily cracked. WPA was introduced as an improvement over WEP but still has some vulnerabilities. The document recommends using strong encryption like AES, along with other security measures such as MAC filtering, static IPs, network separation, and policy to help secure a wireless network.

1. Wireless Network SecurityThomas LiuMorgan Quirk1

2. IntroductionWireless NetworkBSSID: cs440xWEP Open Key: BEEFFACADEhttp://thomas/2

3. Today’s Topics3Wireless vs. WiredWireless security concernsWhy WEP is AwfulWhy WPA is Less AwfulGood Wireless Practices

4. Wireless vs. Wired4Packet SniffingRemote AccessMultiple targetsEase of Use

5. Wireless Security Concerns5Man in the middle attacksAccidental/Malicious associationAd-hoc networksDenial of serviceUnauthorized network access

6. Attacker Incentive6Free internet![Industrial] espionageGeneral maliceFun and profit

7. Wired Equivalent Privacy7Wireless security as good as having a wire!Turns out it isn’t so great.Introduced in 1997Deprecated in 2004Still widely used

8. WEP Encryption8

9. Cracking WEP9Sniff the air for packetsLook for IV collisionsUse statistical analysisNot enough packets?De-authentication attackReplay attacksChop-chop

10. Wi-Fi Protected Access / TKIP10WEP replacement without replacing legacy hardwareSoon to be deprecatedTKIP – Temporal Key ProtocolMixes IV and Key instead of simple concatenationUses sequence numbers to prevent replay attacksMessage integrity checkIEEE standard for WPA requires handshakingGenerates a session key to be used in packet encryption

11. TKIP Encryption11

12. TKIP: It fixes things, but it could be better12Still vulnerable to Chop-chop, but it takes longer.QoS packet injection

13. AES – Advanced Encryption Standard13Adopted by the U.S. government15 competing designs, won by RijndaelReplaces parts of TKIP/WEP

14. The AES Process14Key ExpansionAdd Round KeyPer round:Byte SubstitutionShift RowsMix ColumnsAdd Round KeyFinal RoundListen, it’s complicated.http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

15. Best Practices15Use good encryptionMAC FilteringStatic IPsNetwork separationPolicy

16. Questions?16