SlideShare a Scribd company logo

A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptx

Download as PPTX, PDF
Yousef Al-Mutayeb
Yousef Al-Mutayeb

This guide summarizes best practices and technical guidance for securing networks against wireless threats and for implementing wireless access to networks securely. Focused on IEEE 802.11 Wi-Fi technology This guide does not include commercial mobile networks (e.g., 3GPP, LTE).

Engineering
1 of 35
www.slideproject.com 1 1
www.slideproject.com 3 Team Yousef S. Almatieb ID:120220023 Prof. Dr. Eng. Mohammad A. Mikki Supervisor
www.slideproject.com Outline 4 4 INTRODUCTION Threat Types Budget Estimation Guide Recommended Requirements for Enterprise Wireless Networking Recommended Requirements for WIDS/WIPS Recommended Requirements for Wireless Surveys Threat Remediation Bluetooth Security Considerations
www.slideproject.com 1. Introduction 5 5 This guide summarizes best practices and technical guidance for securing networks against wireless threats and for implementing wireless access to networks securely. Focused on IEEE 802.11 Wi-Fi technology. This guide does not include commercial mobile networks (e.g., 3GPP, LTE). Because Wi-Fi is everywhere, we must think about the risks and how they could affect confidentiality, availability, and integrity in risk assessments.
www.slideproject.com Cont. 6 6 https://www.cisecurity.org/controls/service-provider-management https://www.cisecurity.org/controls/network-infrastructure-management Due to more network attacks and widespread wireless tech, various security guides emerged from businesses, the government, and Department of Defense (DoD).  Two SANS CIS Critical Security Controls (CSC 12 and CSC 15) target wireless risks.  SANS Institute (SysAdmin, Audit, Network, and Security)
www.slideproject.com Cont. 7 7  The main recommendation is to deploy wireless intrusion detection system (WIDS) and wireless intrusion prevention system (WIPS) on all networks, even if they don't offer wireless access.  To detect and disconnect unauthorized wireless users.  CSC 12 and CSC 15 recommend monitoring inter-trust network communication, emphasizing the use of WIDS in the technical approach.  (WIPS) : monitors your wireless network traffic and stops any unauthorized network activity.  What is the difference between WIPS and WIDS?
www.slideproject.com 2. Threat Types 8 8 Failure to address wireless security exposes enterprise networks to the following threats:
www.slideproject.com Cont. 9 9  Hidden or Rogue Access Points (APs) – Unauthorized wireless APs attached to the enterprise network may not transmit their service set identifier (SSID) to hide their existence.  Evil Twin
www.slideproject.com Cont. 10 10  Misconfigured APs  Examples of a default username/password database for some of the Linksys wireless home devices are  Some AP configurations are left to factory defaults, like usernames and passwords or default WLAN's broadcasted (SSID's) and default settings may be found in manuals of the specific vendor on the internet.
www.slideproject.com Cont. 11 11  Banned Devices: devices not allowed on the network by organizational policy (e.g., wireless storage devices).
www.slideproject.com Cont. 12 12  Client Mis-association
www.slideproject.com Cont. 13 13  Rogue Clients :unauthorized clients attaching to the network.
www.slideproject.com Cont. 14 14  Unauthorized Association an AP-to-AP association that can violate the security perimeter of the network.
www.slideproject.com Cont. 15 15  Ad hoc Connections a peer-to-peer network connection that can violate the security perimeter of the network.
www.slideproject.com Cont. 16 16  Denial of Service (DoS) Attacks an attack that seeks to overwhelm the system causing it to fail or degrade its usability.
www.slideproject.com Cont. 17 17 So, what can we do about it?
www.slideproject.com 18 18
www.slideproject.com Cont. 19 19
www.slideproject.com Cont. 20 20
www.slideproject.com Cont. 21 21
www.slideproject.com 3.Threat Remediation 22 22  (WIDS) and (WIPS) are used to continuously protect a wireless network and in some cases, a wired network, from unauthorized users.  A WIDS/WIPS capability provides immediate automated alerts to the enterprise security operations center (SOC) and can be configured to automatically prevent any clients from attaching to rogue APs.  WIDS/WIPS provides the ability to centrally monitor and manage enterprise wireless security.  WIDS/WIPS capabilities are also useful for physically locating rogue APs in order to remove them.
www.slideproject.com Cont. 23 23  WIDS and WIPS operate 24/7 and generally require no management or admin involvement.  Most of the systems currently available fundamentally act as a WIPS because they re designed to detect and prevent wireless intrusion.
www.slideproject.com Recommended Requirements for Enterprise Wireless Networking 24 24  These requirements are derived from the sources listed in Appendix A 1- Use safe, problem-free existing equipment when you can. 3- Follow National Institute of Standards and Technology (NIST) 800-53 controls compliance 2- Comply with Federal Information Processing Standards (FIPS) 140-2 encryption standards. 4- Utilize PIV card certificates for user authentication to meet OMB HSPD-12 compliance. Figure The PIV Card 5- Offer an alternative authentication method when PIV cards are unavailable. https://www.osp.va.gov/PIV_Information.asp
www.slideproject.com Cont. 25 25 6- Use AES-CCMP sparingly in WAP 2 enterprise networks. WPA2 replaces RC4 and TKIP with two stronger encryption and authentication mechanisms: 1.Advanced Encryption Standard (AES), an encryption mechanism; and 2.Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an authentication mechanism. Temporal Key Integrity Protocol (TKIP)
www.slideproject.com 5. Recommended Requirements for WIDS/WIPS 26 26 Even wired networks without wireless access should use a WIDS/WIPS solution to detect rogue APs and unauthorized connections.  WIDS/WIPS systems should include the following characteristics: 1- Rogue client detection capability. 2- Detect and classify mobile Wi-Fi devices such as iPads, iPods, iPhones, Androids, Nooks, and MiFi devices.. 3- Detect 802.11a/b/g/n/ac devices connected to the wired or wireless network 5- Detect and report additional attacks . 4- Be able to enforce a “no Wi-Fi” policy per subnet and across multiple. 6- Provide customizable reports.
www.slideproject.com 6. Recommended Requirements for Wireless Surveys 27 27 Many integrators of wireless solutions can perform a predictive or virtual site survey as part of the proposal or estimating process. This approach utilizes a set of building blueprints or floor plans to determine the optimal placement of sensors and APs within the facility. A predictive site survey takes into account the building dimension and structure but cannot account for potential RF sources because no direct examination of the site is conducted. This approach may be sufficient for some enterprises and is significantly less expensive than a more thorough RF site survey
www.slideproject.com Cont. 28 28 Issues that a wireless survey seeks to identify include  External and Internal Interference Sources– RF signals used by Wi-Fi are not the only users in that frequency. Identification of interference sources assists in designing a solution that achieves the desired coverage in the most efficient manner  RF Coverage Barriers– materials used in construction may not transmit RF signals resulting in unexpected loss of strength and reduced range.  Multipath Distortion – distortion of RF signals caused by multiple RF reflective paths between the transmitter and receiver.
www.slideproject.com Cont. 29 29 Before beginning a wireless survey, the following information should be obtained 1- Where in the facility is Wi-Fi access needed? 2- Will there be more than one wireless network, such as a work and guest network? 3- How many devices and connections will be supported over Wi-Fi? 5- A facility map or floor plan is essential to overlay the survey results on. 4- What are the data rate needs of these devices over Wi-Fi?
www.slideproject.com Cont. 30 30 The wireless survey should produce the following documents as a product: 1- Interference sources and strength. 2- Any existing networks’ signal strength and coverage contours. 3- External network sources available in the facility with signal strength coverage contours. 5- Recommended WAP placement. 4- Identification of areas where multipath distortion may occur.  A facilities map(s) showing wireless coverage with the following indicated: 6- Recommended WIDS/WIPS placement. 7- Indication of signal strength coverage contours using recommended placement.
www.slideproject.com Cont. 31 31 1- RF interference sources. 2- Measurement of signal-to-noise ratio (SNR). 3- RF power peaks. 4- Wi-Fi channel interference.  The report should include a RF spectrum analysis that will minimally indicate:  The survey information enables optimization of AP channels, antenna type, AP transmit power levels, and placement for the proposed wireless network installation.
www.slideproject.com 7. Budget Estimation Guide 32 32 The following factors should be accounted for to ensure a comprehensive estimate of the total project costs 1- Site Evaluation 2- Labor 3- Physical and Virtual Infrastructure 4- Maintenance and Support
www.slideproject.com Cont. 33 33
www.slideproject.com 8. Bluetooth Security Considerations 34 34 Bluetooth technologies (IEEE 802.15) in mobile devices present additional risks for the loss of data and the potential to eavesdrop on conversations. This increases confidentiality risks on department and agency devices due to Bluetooth use during operations on any capable device like laptops, cell phones, and tablets. Bluetooth tech creates a PAN for connecting devices like audio, keyboards, mice, and data storage to a system. All versions of the Bluetooth specification include unsecured modes of connection, and these are typically the easiest connections to establish More detailed information on threats and mitigations for Bluetooth technologies can be found in NIST SP 800-121 rev 1.
www.slideproject.com 35

Recommended

Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationCARMEN ALCIVAR
 
Wireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isWireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isssuser5b84591
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan SecuritySANDEEPONSLIDESHARE
 

Recommended

Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationCARMEN ALCIVAR
 
Wireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isWireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isssuser5b84591
 
Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan SecuritySANDEEPONSLIDESHARE
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceinventy
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxrock73
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET Journal
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksAltaware, Inc.
 
You have persuaded XelPharms CIO that wireless networking would be.pdf
You have persuaded XelPharms CIO that wireless networking would be.pdfYou have persuaded XelPharms CIO that wireless networking would be.pdf
You have persuaded XelPharms CIO that wireless networking would be.pdfarpittradersjdr
 
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.comCyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.comUOPCourseHelp
 
Cyb 360 cyb360 cyb 360 education for service uopstudy.com
Cyb 360 cyb360 cyb 360 education for service uopstudy.comCyb 360 cyb360 cyb 360 education for service uopstudy.com
Cyb 360 cyb360 cyb 360 education for service uopstudy.comUOPCourseHelp
 
PACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security ConsiderationsPACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security ConsiderationsPace IT at Edmonds Community College
 
A Review on Wireless Technologies
A Review on Wireless TechnologiesA Review on Wireless Technologies
A Review on Wireless TechnologiesIRJET Journal
 
CSE5 ITP High Density Wireless Design REPORT
CSE5 ITP High Density Wireless Design REPORTCSE5 ITP High Density Wireless Design REPORT
CSE5 ITP High Density Wireless Design REPORTsaieshwar chellapuram
 
Device (Wi-Fi) Security Study HKCERT.pptx
Device (Wi-Fi) Security Study HKCERT.pptxDevice (Wi-Fi) Security Study HKCERT.pptx
Device (Wi-Fi) Security Study HKCERT.pptxYousef Al-Mutayeb
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Dân Chơi
 
Security Assessment Report and Business Continuity Plan
Security Assessment Report and Business Continuity PlanSecurity Assessment Report and Business Continuity Plan
Security Assessment Report and Business Continuity PlanChanaka Lasantha
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Cisco Service Provider Mobility
 
Wifi- technology_moni
Wifi- technology_moniWifi- technology_moni
Wifi- technology_moniMD MONIRUZZAMAN
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
IT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 5 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 5 Exam AnswersITExamAnswers.net
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011Risk Analysis Consultants, s.r.o.
 
It 241 Week 1 Cp Essay
It 241 Week 1 Cp EssayIt 241 Week 1 Cp Essay
It 241 Week 1 Cp EssayDeborah Gastineau
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIkoyaldeepu123
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 

More Related Content

Similar to A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptx

Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceinventy
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxrock73
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET Journal
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksAltaware, Inc.
 
You have persuaded XelPharms CIO that wireless networking would be.pdf
You have persuaded XelPharms CIO that wireless networking would be.pdfYou have persuaded XelPharms CIO that wireless networking would be.pdf
You have persuaded XelPharms CIO that wireless networking would be.pdfarpittradersjdr
 
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.comCyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.comUOPCourseHelp
 
Cyb 360 cyb360 cyb 360 education for service uopstudy.com
Cyb 360 cyb360 cyb 360 education for service uopstudy.comCyb 360 cyb360 cyb 360 education for service uopstudy.com
Cyb 360 cyb360 cyb 360 education for service uopstudy.comUOPCourseHelp
 
A Review on Wireless Technologies
A Review on Wireless TechnologiesA Review on Wireless Technologies
A Review on Wireless TechnologiesIRJET Journal
 
CSE5 ITP High Density Wireless Design REPORT
CSE5 ITP High Density Wireless Design REPORTCSE5 ITP High Density Wireless Design REPORT
CSE5 ITP High Density Wireless Design REPORTsaieshwar chellapuram
 
Device (Wi-Fi) Security Study HKCERT.pptx
Device (Wi-Fi) Security Study HKCERT.pptxDevice (Wi-Fi) Security Study HKCERT.pptx
Device (Wi-Fi) Security Study HKCERT.pptxYousef Al-Mutayeb
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2LinkedIn
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Dân Chơi
 
Security Assessment Report and Business Continuity Plan
Security Assessment Report and Business Continuity PlanSecurity Assessment Report and Business Continuity Plan
Security Assessment Report and Business Continuity PlanChanaka Lasantha
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Cisco Service Provider Mobility
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
IT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 5 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 5 Exam AnswersITExamAnswers.net
 

Similar to A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptx (20)

Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network Security
 
White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless Networks
 
You have persuaded XelPharms CIO that wireless networking would be.pdf
You have persuaded XelPharms CIO that wireless networking would be.pdfYou have persuaded XelPharms CIO that wireless networking would be.pdf
You have persuaded XelPharms CIO that wireless networking would be.pdf
 
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.comCyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
Cyb 360 cyb360 cyb 360 best tutorials guide uopstudy.com
 
Cyb 360 cyb360 cyb 360 education for service uopstudy.com
Cyb 360 cyb360 cyb 360 education for service uopstudy.comCyb 360 cyb360 cyb 360 education for service uopstudy.com
Cyb 360 cyb360 cyb 360 education for service uopstudy.com
 
PACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security ConsiderationsPACE-IT, Security+1.5: Wireless Security Considerations
PACE-IT, Security+1.5: Wireless Security Considerations
 
A Review on Wireless Technologies
A Review on Wireless TechnologiesA Review on Wireless Technologies
A Review on Wireless Technologies
 
CSE5 ITP High Density Wireless Design REPORT
CSE5 ITP High Density Wireless Design REPORTCSE5 ITP High Density Wireless Design REPORT
CSE5 ITP High Density Wireless Design REPORT
 
Device (Wi-Fi) Security Study HKCERT.pptx
Device (Wi-Fi) Security Study HKCERT.pptxDevice (Wi-Fi) Security Study HKCERT.pptx
Device (Wi-Fi) Security Study HKCERT.pptx
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011
 
Security Assessment Report and Business Continuity Plan
Security Assessment Report and Business Continuity PlanSecurity Assessment Report and Business Continuity Plan
Security Assessment Report and Business Continuity Plan
 
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
Architecture for Mobile Data Offload over Wi-Fi Access Networks (White Paper)
 
Wifi- technology_moni
Wifi- technology_moniWifi- technology_moni
Wifi- technology_moni
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate Environment
 
IT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 5 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 5 Exam Answers
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
It 241 Week 1 Cp Essay
It 241 Week 1 Cp EssayIt 241 Week 1 Cp Essay
It 241 Week 1 Cp Essay
 

Recently uploaded

EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIkoyaldeepu123
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage examplePragyanshuParadkar1
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture designssuser87fa0c1
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 

Recently uploaded (20)

EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AI
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
DATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage exampleDATA ANALYTICS PPT definition usage example
DATA ANALYTICS PPT definition usage example
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture design
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 

A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptx

  • 2.
  • 3. www.slideproject.com 3 Team Yousef S. Almatieb ID:120220023 Prof. Dr. Eng. Mohammad A. Mikki Supervisor
  • 4. www.slideproject.com Outline 4 4 INTRODUCTION Threat Types Budget Estimation Guide Recommended Requirements for Enterprise Wireless Networking Recommended Requirements for WIDS/WIPS Recommended Requirements for Wireless Surveys Threat Remediation Bluetooth Security Considerations
  • 5. www.slideproject.com 1. Introduction 5 5 This guide summarizes best practices and technical guidance for securing networks against wireless threats and for implementing wireless access to networks securely. Focused on IEEE 802.11 Wi-Fi technology. This guide does not include commercial mobile networks (e.g., 3GPP, LTE). Because Wi-Fi is everywhere, we must think about the risks and how they could affect confidentiality, availability, and integrity in risk assessments.
  • 6. www.slideproject.com Cont. 6 6 https://www.cisecurity.org/controls/service-provider-management https://www.cisecurity.org/controls/network-infrastructure-management Due to more network attacks and widespread wireless tech, various security guides emerged from businesses, the government, and Department of Defense (DoD).  Two SANS CIS Critical Security Controls (CSC 12 and CSC 15) target wireless risks.  SANS Institute (SysAdmin, Audit, Network, and Security)
  • 7. www.slideproject.com Cont. 7 7  The main recommendation is to deploy wireless intrusion detection system (WIDS) and wireless intrusion prevention system (WIPS) on all networks, even if they don't offer wireless access.  To detect and disconnect unauthorized wireless users.  CSC 12 and CSC 15 recommend monitoring inter-trust network communication, emphasizing the use of WIDS in the technical approach.  (WIPS) : monitors your wireless network traffic and stops any unauthorized network activity.  What is the difference between WIPS and WIDS?
  • 8. www.slideproject.com 2. Threat Types 8 8 Failure to address wireless security exposes enterprise networks to the following threats:
  • 9. www.slideproject.com Cont. 9 9  Hidden or Rogue Access Points (APs) – Unauthorized wireless APs attached to the enterprise network may not transmit their service set identifier (SSID) to hide their existence.  Evil Twin
  • 10. www.slideproject.com Cont. 10 10  Misconfigured APs  Examples of a default username/password database for some of the Linksys wireless home devices are  Some AP configurations are left to factory defaults, like usernames and passwords or default WLAN's broadcasted (SSID's) and default settings may be found in manuals of the specific vendor on the internet.
  • 11. www.slideproject.com Cont. 11 11  Banned Devices: devices not allowed on the network by organizational policy (e.g., wireless storage devices).
  • 13. www.slideproject.com Cont. 13 13  Rogue Clients :unauthorized clients attaching to the network.
  • 14. www.slideproject.com Cont. 14 14  Unauthorized Association an AP-to-AP association that can violate the security perimeter of the network.
  • 15. www.slideproject.com Cont. 15 15  Ad hoc Connections a peer-to-peer network connection that can violate the security perimeter of the network.
  • 16. www.slideproject.com Cont. 16 16  Denial of Service (DoS) Attacks an attack that seeks to overwhelm the system causing it to fail or degrade its usability.
  • 22. www.slideproject.com 3.Threat Remediation 22 22  (WIDS) and (WIPS) are used to continuously protect a wireless network and in some cases, a wired network, from unauthorized users.  A WIDS/WIPS capability provides immediate automated alerts to the enterprise security operations center (SOC) and can be configured to automatically prevent any clients from attaching to rogue APs.  WIDS/WIPS provides the ability to centrally monitor and manage enterprise wireless security.  WIDS/WIPS capabilities are also useful for physically locating rogue APs in order to remove them.
  • 23. www.slideproject.com Cont. 23 23  WIDS and WIPS operate 24/7 and generally require no management or admin involvement.  Most of the systems currently available fundamentally act as a WIPS because they re designed to detect and prevent wireless intrusion.
  • 24. www.slideproject.com Recommended Requirements for Enterprise Wireless Networking 24 24  These requirements are derived from the sources listed in Appendix A 1- Use safe, problem-free existing equipment when you can. 3- Follow National Institute of Standards and Technology (NIST) 800-53 controls compliance 2- Comply with Federal Information Processing Standards (FIPS) 140-2 encryption standards. 4- Utilize PIV card certificates for user authentication to meet OMB HSPD-12 compliance. Figure The PIV Card 5- Offer an alternative authentication method when PIV cards are unavailable. https://www.osp.va.gov/PIV_Information.asp
  • 25. www.slideproject.com Cont. 25 25 6- Use AES-CCMP sparingly in WAP 2 enterprise networks. WPA2 replaces RC4 and TKIP with two stronger encryption and authentication mechanisms: 1.Advanced Encryption Standard (AES), an encryption mechanism; and 2.Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an authentication mechanism. Temporal Key Integrity Protocol (TKIP)
  • 26. www.slideproject.com 5. Recommended Requirements for WIDS/WIPS 26 26 Even wired networks without wireless access should use a WIDS/WIPS solution to detect rogue APs and unauthorized connections.  WIDS/WIPS systems should include the following characteristics: 1- Rogue client detection capability. 2- Detect and classify mobile Wi-Fi devices such as iPads, iPods, iPhones, Androids, Nooks, and MiFi devices.. 3- Detect 802.11a/b/g/n/ac devices connected to the wired or wireless network 5- Detect and report additional attacks . 4- Be able to enforce a “no Wi-Fi” policy per subnet and across multiple. 6- Provide customizable reports.
  • 27. www.slideproject.com 6. Recommended Requirements for Wireless Surveys 27 27 Many integrators of wireless solutions can perform a predictive or virtual site survey as part of the proposal or estimating process. This approach utilizes a set of building blueprints or floor plans to determine the optimal placement of sensors and APs within the facility. A predictive site survey takes into account the building dimension and structure but cannot account for potential RF sources because no direct examination of the site is conducted. This approach may be sufficient for some enterprises and is significantly less expensive than a more thorough RF site survey
  • 28. www.slideproject.com Cont. 28 28 Issues that a wireless survey seeks to identify include  External and Internal Interference Sources– RF signals used by Wi-Fi are not the only users in that frequency. Identification of interference sources assists in designing a solution that achieves the desired coverage in the most efficient manner  RF Coverage Barriers– materials used in construction may not transmit RF signals resulting in unexpected loss of strength and reduced range.  Multipath Distortion – distortion of RF signals caused by multiple RF reflective paths between the transmitter and receiver.
  • 29. www.slideproject.com Cont. 29 29 Before beginning a wireless survey, the following information should be obtained 1- Where in the facility is Wi-Fi access needed? 2- Will there be more than one wireless network, such as a work and guest network? 3- How many devices and connections will be supported over Wi-Fi? 5- A facility map or floor plan is essential to overlay the survey results on. 4- What are the data rate needs of these devices over Wi-Fi?
  • 30. www.slideproject.com Cont. 30 30 The wireless survey should produce the following documents as a product: 1- Interference sources and strength. 2- Any existing networks’ signal strength and coverage contours. 3- External network sources available in the facility with signal strength coverage contours. 5- Recommended WAP placement. 4- Identification of areas where multipath distortion may occur.  A facilities map(s) showing wireless coverage with the following indicated: 6- Recommended WIDS/WIPS placement. 7- Indication of signal strength coverage contours using recommended placement.
  • 31. www.slideproject.com Cont. 31 31 1- RF interference sources. 2- Measurement of signal-to-noise ratio (SNR). 3- RF power peaks. 4- Wi-Fi channel interference.  The report should include a RF spectrum analysis that will minimally indicate:  The survey information enables optimization of AP channels, antenna type, AP transmit power levels, and placement for the proposed wireless network installation.
  • 32. www.slideproject.com 7. Budget Estimation Guide 32 32 The following factors should be accounted for to ensure a comprehensive estimate of the total project costs 1- Site Evaluation 2- Labor 3- Physical and Virtual Infrastructure 4- Maintenance and Support
  • 34. www.slideproject.com 8. Bluetooth Security Considerations 34 34 Bluetooth technologies (IEEE 802.15) in mobile devices present additional risks for the loss of data and the potential to eavesdrop on conversations. This increases confidentiality risks on department and agency devices due to Bluetooth use during operations on any capable device like laptops, cell phones, and tablets. Bluetooth tech creates a PAN for connecting devices like audio, keyboards, mice, and data storage to a system. All versions of the Bluetooth specification include unsecured modes of connection, and these are typically the easiest connections to establish More detailed information on threats and mitigations for Bluetooth technologies can be found in NIST SP 800-121 rev 1.