Wireless security
Download as PPTX, PDF0 likes115 views
This document discusses wireless network security risks and solutions. It provides an overview of wireless technologies such as 802.11 standards. It then discusses security issues with early wireless encryption protocols like WEP and WEP2. Improved protocols that address weaknesses are described, such as WPA, WPA2, and associated standards like TKIP and CCMP. Common wireless network threats are outlined, including traffic analysis, eavesdropping, unauthorized access, and man-in-the-middle attacks. The document concludes with recommendations for improving wireless network security.
Wireless security
- 1. WEL-COME
- 3. Presented by: Vinay. V. Chitrakathi T.E. (C.S.E.) Wireless Security: Risks and Solutions Presented to: Prof. A. D. Pathak Seminar Guide
- 4. Overview of Wireless Technology. Security and Privacy issues in Wireless Network. Wireless Security Protocols. Wireless Equivalent Privacy (WEP). Wireless Equivalent Privacy (WEP2). Wi-Fi Protected Access (WPA). Temporal Key Integrity Protocol (TKIP). WPA Pre Shared Key (WPA-PSK). Wi-Fi Protected Access (WPA2). Counter-Mode with CBC-MAC Protocol (CCMP). Wireless Network Threats. Traffic Analysis. Passive Eavesdropping. Active Eavesdropping. Unauthorized Access. Man-in-the-middle Session High-Jacking Replay Denial of service (DoS) Contents
- 5. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved. 5 INTERNET Server Network Edge Blurred New Attack Vectors ‘Behind’ the Firewall WIRELESS SECURITY CONCERNS 1 Rogue AP Connected to Network (Network Breach) Hacker 3 Leaked Wired Traffic & Insertion (Data Leakage) Hotspot Evil Twin Mobile User2 Hotspot Phishing (Data Leakage) 5 Users Bypassing Network Security Controls (Data Leakage/Network Backdoor) 4 Non-Compliant AP (Network Breach/Data Leakage/ Data Compromise) Muni Wi-Fi or Neighbors
- 6. The wireless networks are based on the IEEE standards belonging to the 802 family. Following list is a simple overview of the 802.11 family: • 802.11b o Most widespread o 11Mb maximum, 2.4 GHZ band • 802.11a o Next generation o 54MB maximum, 5GHZ band • 802.11g o 54MB maximum, 2.4 GHZ band o Compatible with 802.11b • 802.11X o Uses Extensible Authentication Protocol (EAP) o Supports RADIUS • 802.11i OVERVIEW OF WIRELESS TECHNOLOGY.
- 7. NEED OF WIRELESS SECURITY Prevention of unauthorized access or damage to computers using wireless networks. Guard against unauthorized access to important resources. Protection from attacks on: Confidentiality: The protection of data from unauthorized disclosure. Integrity: The assurance that data received are exactly as sent by an authorized entity. Availability: Authorized users have reliable and timely access to information. 7
- 8. Wireless Equivalent Privacy (WEP) WEP algorithm is used to protect wireless communication from eavesdropping and to prevent unauthorized access to a wireless network. The original implementations of WEP supported so-called 40-bit encryption, having a key of length 40 bits and 24 additional bits of system- generated data (64 bits total). 40-bit WEP encryption is too easy to decode.
- 9. 128-bit encryption (key length of 104 bits, not 128 bits). WEP relies on a secret key. WEP uses the RC4 encryption algorithm, which is known as a stream cipher. stream cipher operates by expanding a short key into an infinite pseudo-random key stream. Wireless Equivalent Privacy (WEP) (Cont.)
- 10. WPA (Wi-Fi Protected Access) It is also known as WEP+. WEP+ enhances WEP security by avoiding "weak IVs“. It is only completely effective when WEP+ is used at both ends of the wireless connection. WPA use Temporal Key Integrity Protocol (TKIP) to addresses the encryption weaknesses of WEP. Key component of WPA is built-in authentication that WEP does not offer.
- 11. WPA (Wi-Fi Protected Access) (Cont.) One variation of WPA is called WPA Pre Shared Key or WPA-PSK. By using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them. WPA uses the RC4 cipher. Keys are rotated frequently, and the packet counter prevents packet replay or packet re- injection attacks.
- 12. WPA2 (Wi-Fi Protected Access) WPA2 (Wi-Fi Protected Access 2) gives wireless networks both confidentiality and data integrity. The Layer 2-based WPA2 better protects the network. WPA2 uses a new encryption method called CCMP (Counter-Mode with CBC-MAC Protocol). CCMP is based on Advanced Encryption Standard (AES). AES is stronger algorithm then RC4.
- 13. Wireless Network Threats Traffic Analysis. Passive Eavesdropping. Active Eavesdropping. Unauthorized Access. Man-in-the-middle Session High-Jacking Denial of service (DoS)
- 14. Traffic Analysis Traffic analysis allows the attacker to obtain three forms of information. The attacker preliminary identify that there is activity on the network. The identification and Physical location of the Wireless Access Point (AP). The type of protocol being used during the transmission.
- 15. Passive Eavesdropping Attacker Target Passive Eavesdropping allows the attacker to obtain two forms of information. The attacker can read the data transmitted in the session. The attacker can read the information i.e. source, destination, size, number and time of transmission.
- 16. Active Eavesdropping Active Eavesdropping allows the attacker inject the data into the communication to decipher the payload. Active Eavesdropping can take into two forms. The attacker can modify the packet. The attacker can inject complete packet into the data. The WEP by using CRC only check the integrity of the data into the packet.
- 17. Unauthorized Access Due to physical properties of the WLAN, the attacker will always have access to the Wireless components of the network. If attacker become successful to get unauthorized access to the network by using brute force attack, man in the middle and denial of service attack, attacker can enjoy the whole network services.
- 20. Changing Administrator Passwords and Usernames Upgrading your Wi-fi Encryption Changing the Default System ID MAC Address Filtering Stop Publicly Broadcasting your Network Auto-Connect to Open Wi-fi Networks? You've got a built-in firewall, so use it Positioning of the Router or Access Point When to Turn Off the Network