Wireless security is the prevention of
unauthorized access or damage to
computers using wireless networks.
Network supported by radio
communications
Wireless networks are exposed to
speciallized attacks
concerns for wireless security are similar
to those found in a wired environment
no inherent physical protection
 – physical connections between devices are replaced by
logical associations
 – sending and receiving messages do not need physical
access to the network
 infrastructure (cables, hubs, routers, etc.)
broadcast communications
 – wireless usually means radio, which has a broadcast
nature
 – transmissions can be overheard by anyone in range
 – anyone can generate transmissions,
 • which will be received by other devices in range
 • which will interfere with other nearby transmissions and
may prevent their
 correct reception (jamming)
 eavesdropping is easy
 injecting bogus messages into the network is
easy
 replaying previously recorded messages is
easy
 illegitimate access to the network and its
services is easy
 denial of service is easily achieved by
jamming
confidentiality
 – messages sent over wireless links must be
encrypted
authenticity
 – origin of messages received over wireless
links must be verified
replay detection
 – freshness of messages received over
wireless links must be checked
integrity
 – modifying messages on-the-fly (during radio
transmission) is not so easy,
 but possible …
 – integrity of messages received over wireless
links must be verified
access control
 – access to the network services should be
provided only to legitimate
 entities
 – access control should be permanent
 protection against jamming
 part of the IEEE 802.11 specification
goal
 – make the WiFi network at least as secure as a
wired LAN (that
 has no particular protection mechanisms)
 – WEP has never intended to achieve strong
security
 – (at the end, it hasn’t achieved even weak
security)
services
 – access control to the network
 – message confidentiality
 – message integrity
 WEP relies on a secret key which is shared
between the sender (mobile station) and the
receiver (access point).
 Secret Key : packets are encrypted using the
secret key before they are transmitted.
 Integrity Check : it is used to ensure that
packets are not modified in transit
◦ Wi-Fi Protected Access (WPA)
 set of security mechanisms that eliminates most
802.11 security issues
 Wi-Fi Protected Access (WPA) and Wi-Fi Protected
Access II (WPA2) are two security protocols and
security certification programs developed by the Wi-Fi
to secure wireless computer networks
 based on the current state of the 802.11i standard
 Wired Equivalent Privacy (WEP) and WEP2
 Media access control (MAC) addresses:
configuring access points to permit only
particular MAC addresses onto the network.
Easy to implement, but fairly easy to defeat.
 VPNs: using a VPN to encrypt data on
wireless networks. VPNs require a lot of
management and client configuration.
 User authentication
 The Temporal Key Integrity Protocol (TKIP)
[IEEE 802.11i]
 Change default names
 Add passwords to all devices
 Disable broadcasting on network hubs
 Don't give the network a name that identifies your
company
 Move wireless hubs away from windows
 Use the built-in encryption
 Disable the features you don't use
 Put a firewall between the wireless network and
other company computers
 Encrypt data
 Regularly test wireless network security

WIRELESS_SECURITY.pptx

  • 1.
    Wireless security isthe prevention of unauthorized access or damage to computers using wireless networks. Network supported by radio communications Wireless networks are exposed to speciallized attacks concerns for wireless security are similar to those found in a wired environment
  • 2.
    no inherent physicalprotection  – physical connections between devices are replaced by logical associations  – sending and receiving messages do not need physical access to the network  infrastructure (cables, hubs, routers, etc.) broadcast communications  – wireless usually means radio, which has a broadcast nature  – transmissions can be overheard by anyone in range  – anyone can generate transmissions,  • which will be received by other devices in range  • which will interfere with other nearby transmissions and may prevent their  correct reception (jamming)
  • 3.
     eavesdropping iseasy  injecting bogus messages into the network is easy  replaying previously recorded messages is easy  illegitimate access to the network and its services is easy  denial of service is easily achieved by jamming
  • 4.
    confidentiality  – messagessent over wireless links must be encrypted authenticity  – origin of messages received over wireless links must be verified replay detection  – freshness of messages received over wireless links must be checked
  • 5.
    integrity  – modifyingmessages on-the-fly (during radio transmission) is not so easy,  but possible …  – integrity of messages received over wireless links must be verified access control  – access to the network services should be provided only to legitimate  entities  – access control should be permanent  protection against jamming
  • 6.
     part ofthe IEEE 802.11 specification goal  – make the WiFi network at least as secure as a wired LAN (that  has no particular protection mechanisms)  – WEP has never intended to achieve strong security  – (at the end, it hasn’t achieved even weak security) services  – access control to the network  – message confidentiality  – message integrity
  • 7.
     WEP relieson a secret key which is shared between the sender (mobile station) and the receiver (access point).  Secret Key : packets are encrypted using the secret key before they are transmitted.  Integrity Check : it is used to ensure that packets are not modified in transit
  • 8.
    ◦ Wi-Fi ProtectedAccess (WPA)  set of security mechanisms that eliminates most 802.11 security issues  Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi to secure wireless computer networks  based on the current state of the 802.11i standard
  • 9.
     Wired EquivalentPrivacy (WEP) and WEP2  Media access control (MAC) addresses: configuring access points to permit only particular MAC addresses onto the network. Easy to implement, but fairly easy to defeat.  VPNs: using a VPN to encrypt data on wireless networks. VPNs require a lot of management and client configuration.  User authentication  The Temporal Key Integrity Protocol (TKIP) [IEEE 802.11i]
  • 10.
     Change defaultnames  Add passwords to all devices  Disable broadcasting on network hubs  Don't give the network a name that identifies your company  Move wireless hubs away from windows  Use the built-in encryption  Disable the features you don't use  Put a firewall between the wireless network and other company computers  Encrypt data  Regularly test wireless network security