Wireless Network Security

Category: Education

Presentation Description

No description available.


Presentation Transcript

Wireless Network Security:

Wireless Network Security By Shwet Solanki - 09030142022

Security Issues and Solutions:

Security Issues and Solutions Sniffing and War Driving Rogue Networks Policy Management MAC Address SSID WEP

War Driving:

War Driving Default installation allow any wireless NIC to access the network Drive around (or walk) and gain access to wireless networks Provides direct access behind the firewall Heard reports of an 8 mile range using a 24dB gain parabolic dish antenna.

Rogue Networks:

Rogue Networks Network users often set up rogue wireless LANs to simplify their lives Rarely implement security measures Network is vulnerable to War Driving and sniffing and you may not even know it

Policy Management:

Policy Management Access is binary Full network access or no network access Need means of identifying and enforcing access policies

MAC Address:

MAC Address Can control access by allowing only defined MAC addresses to connect to the network This address can be spoofed Must compile, maintain, and distribute a list of valid MAC addresses to each access point Not a valid solution for public applications

Service Set ID (SSID):

Service Set ID (SSID) SSID is the network name for a wireless network WLAN products common defaults: “101” for 3COM and “tsunami” for Cisco Can be required to specifically request the access point by name (lets SSID act as a password) The more people that know the SSID, the higher the likelihood it will be misused. Changing the SSID requires communicating the change to all users of the network

Wired Equivalent Privacy (WEP):

Wired Equivalent Privacy (WEP) Designed to be computationally efficient, self-synchronizing, and exportable Vulnerable to attack Passive attacks to decrypt traffic based on statistical analysis Active attacks to inject new traffic from unauthorized mobile stations, based on known plaintext Dictionary-building attack that, after analysis of a day’s worth of traffic, allows real-time automated decryption of all traffic All users of a given access point share the same encryption key Data headers remain unencrypted so anyone can see the source and destination of the data stream

WLAN Implementations:

WLAN Implementations Varies due to organization size and security concerns Current technology not ideal for large-scale deployment and management Will discuss a few tricks that can help the process and a few technologies under development to ease enterprise deployments

Basic WLAN:

Basic WLAN Great for small (5-10 users) environments Use WEP (some vendors provide 128-bit proprietary solution) Only allow specific MAC addresses to access the network Rotate SSID and WEP keys every 30-60 days No need to purchase additional hardware or software.

Basic WLAN Architecture:

Basic WLAN Architecture

Secure LAN (SLAN):

Secure LAN (SLAN) Intent to protect link between wireless client and (assumed) more secure wired network Similar to a VPN and provides server authentication, client authentication, data privacy, and integrity using per session and per user short life keys Simpler and more cost efficient than a VPN Cross-platform support and interoperability, not highly scaleable, though Supports Linux and Windows Open Source (slan.sourceforge.net)

SLAN Architecture:

SLAN Architecture

SLAN Steps:

SLAN Steps Client/Server Version Handshake Diffie-Hellman Key Exchange Server Authentication (public key fingerprint) Client Authentication (optional) with PAM on Linux IP Configuration – IP address pool and adjust routing table

SLAN Client:

SLAN Client SLAN Driver User Space Process Physical Driver Client Application ie Web Browser Plaintext Traffic Plaintext Traffic Encrypted Traffic Encrypted Traffic to SLAN Server Encrypted Traffic

Intermediate WLAN:

Intermediate WLAN 11-100 users Can use MAC addresses, WEP and rotate keys if you want. Some vendors have limited MAC storage ability SLAN also an option Another solution is to tunnel traffic through a VPN

Intermediate WLAN Architecture:

Intermediate WLAN Architecture


VPN Provides a scaleable authentication and encryption solution Does require end user configuration and a strong knowledge of VPN technology Users must re-authenticate if roaming between VPN servers

VPN Architecture:

VPN Architecture

VPN Architecture:

VPN Architecture

Enterprise WLAN:

Enterprise WLAN 100+ users Reconfiguring WEP keys not feasible Multiple access points and subnets Possible solutions include VLANs, VPNs, custom solutions, and 802.1x


VLANs Combine wireless networks on one VLAN segment, even geographically separated networks. Use 802.1Q VLAN tagging to create a wireless subnet and a VPN gateway for authentication and encryption

VLAN Architecture:

VLAN Architecture

Customized Gateway:

Customized Gateway Georgia Institute of Technology Allows students with laptops to log on to the campus network Uses VLANs, IP Tables, and a Web browser No end user configuration required User access a web site and enters a userid and password Gateway runs specialized code authenticating the user with Kerberos and packet filtering with IPTables, adding the user’s IP address to the allowed list to provide network access

Gateway Architecture:

Gateway Architecture


802.1x General-purpose port based network access control mechanism for 802 technologies Based on AAA infrastructure (RADIUS) Also uses Extensible Authentication Protocol (EAP, RFC 2284) Can provide dynamic encryption key exchange, eliminating some of the issues with WEP Roaming is transparent to the end user

802.1x (cont):

802.1x (cont) Could be implemented as early as 2002. Cisco Aironet 350 supports the draft standard. Microsoft includes support in Windows XP

802.1x Architecture:

802.1x Architecture

Third-Party Products:

Third-Party Products NetMotion Wireless authenticates against a Windows domain and uses better encryption (3DES) than WEP. Also offers the ability to remotely disable a wireless network card’s connection. Fortress Wireless Link Layer Security (WLLS). Improves WEP and works with 802.1x. Enterasys provides proprietary RADIUS solution similar to 802.1x

Client Considerations:

Client Considerations Cannot forget client security Distributed Personal Firewalls Strong end user security policies and configurations Laptop Theft Controls


Conclusion Wireless LANs very useful and convenient, but current security state not ideal for sensitive environments. Cahners In-Stat group predicts the market for wireless LANs will be $2.2 billion in 2004, up from $771 million in 2000. Growing use and popularity require increased focus on security

authorStream Live Help