Wireless Network Security PDF
Document Details
Uploaded by AdoredCharoite
null
Tags
Summary
This document is a chapter on wireless network security from a textbook. It details different security protocols and concepts, such as WEP, WPA, and WPA2. It also covers vulnerabilities and methods of controlling access to wireless networks.
Full Transcript
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Wireless Network Security Objectives Describe the basic IEEE 802.11 wireless security protections Define the vulnerabilities of open system authentication,...
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Wireless Network Security Objectives Describe the basic IEEE 802.11 wireless security protections Define the vulnerabilities of open system authentication, WEP, and device authentication Describe the WPA and WPA2 personal security models Explain how enterprises can implement wireless security Security+ Guide to Network Security Fundamentals, Third Edition 2 IEEE 802.11 Wireless Security Protections Institute of Electrical and Electronics Engineers (IEEE) – The most widely known and influential organization for computer networking and wireless communications In the early 1980s, the IEEE began work on developing computer network architecture standards – This work was called Project 802 In 1990, the IEEE formed a committee to develop a standard for WLANs – That operate at a speed of 1 and 2 million bits per second (Mbps) Security+ Guide to Network Security Fundamentals, Third Edition 3 IEEE 802.11 Wireless Security Protections (continued) Security+ Guide to Network Security Fundamentals, Third Edition 4 Controlling Access Security+ Guide to Network Security Fundamentals, Third Edition 5 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 6 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 7 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 8 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 9 Security+ Guide to Network Security Fundamentals, Third Edition 10 Controlling Access (continued) CRC: Cyclic Redundancy Check ICV: Integrity check value PRNG: Pseudorandom number generator Security+ Guide to Network Security Fundamentals, Third Edition 11 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 12 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 13 Security+ Guide to Network Security Fundamentals, Third Edition 14 Security+ Guide to Network Security Fundamentals, Third Edition 15 Vulnerabilities of IEEE 802.11 Security Security+ Guide to Network Security Fundamentals, Third Edition 16 Open System Authentication Vulnerabilities Security+ Guide to Network Security Fundamentals, Third Edition 17 Open System Authentication Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 18 Open System Authentication Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 19 Security+ Guide to Network Security Fundamentals, Third Edition 20 MAC Address Filtering Weaknesses Security+ Guide to Network Security Fundamentals, Third Edition 21 WEP Security+ Guide to Network Security Fundamentals, Third Edition 22 WEP (continued) 23 WEP (continued) Security+ Guide to Network Security Fundamentals, Third Edition 24 WEP (continued) Security+ Guide to Network Security Fundamentals, Third Edition 25 Personal Wireless Security Security+ Guide to Network Security Fundamentals, Third Edition 26 WPA Personal Security Security+ Guide to Network Security Fundamentals, Third Edition 27 WPA Personal Security (continued) 28 WPA Personal Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 29 WPA Personal Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 30 WPA2 Personal Security Security+ Guide to Network Security Fundamentals, Third Edition 31 WPA2 Personal Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 32 WPA2 Personal Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 33 WPA2 Personal Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 34 WPA2 Personal Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 35 Enterprise Wireless Security Security+ Guide to Network Security Fundamentals, Third Edition 36 IEEE 802.11i Security+ Guide to Network Security Fundamentals, Third Edition 37 IEEE 802.11i (continued) Security+ Guide to Network Security Fundamentals, Third Edition 38 IEEE 802.11i (continued) Security+ Guide to Network Security Fundamentals, Third Edition 39 WPA Enterprise Security Security+ Guide to Network Security Fundamentals, Third Edition 40 WPA Enterprise Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 41 WPA Enterprise Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 42 WPA2 Enterprise Security Security+ Guide to Network Security Fundamentals, Third Edition 43 WPA2 Enterprise Security (continued) Security+ Guide to Network Security Fundamentals, Third Edition 44 Enterprise Wireless Security Devices Thin Access Point – An access point without the authentication and encryption functions These features reside on the wireless switch Advantages – The APs can be managed from one central location – All authentication is performed in the wireless switch Security+ Guide to Network Security Fundamentals, Third Edition 45 Enterprise Wireless Security Devices (continued) Security+ Guide to Network Security Fundamentals, Third Edition 46 Enterprise Wireless Security Devices (continued) Wireless VLANs – Can be used to segment traffic and increase security – The flexibility of a wireless VLAN depends on which device separates the packets and directs them to different networks See Figures 6-14 and 6-15 For enhanced security many organizations set up two wireless VLANs – One for employee access – One for guest access Security+ Guide to Network Security Fundamentals, Third Edition 47 Security+ Guide to Network Security Fundamentals, Third Edition 48 Security+ Guide to Network Security Fundamentals, Third Edition 49 Enterprise Wireless Security Devices (continued) Rogue Access Point Discovery Tools – Wireless protocol analyzer Allows auditing the airwaves for rogue access points – Monitoring the RF frequency requires a special sensor called a wireless probe Types of wireless probes: – Wireless device probe – Desktop probe – Access point probe – Dedicated probe Security+ Guide to Network Security Fundamentals, Third Edition 50 Security+ Guide to Network Security Fundamentals, Third Edition 51 Network Vulnerabilities There are two broad categories of network vulnerabilities: – Those based on the network transport media – Those found in the network devices themselves Security+ Guide to Network Security Fundamentals, Third Edition 52 Media-Based Vulnerabilities Monitoring network traffic – Helps to identify and troubleshoot network problems Monitoring traffic can be done in two ways – Use a switch with port mirroring To redirect traffic that occurs on some or all ports to a designated monitoring port on the switch – Install a network tap (test access point) A separate device that can be installed between two network devices, such as a switch, router, or firewall, to monitor traffic Security+ Guide to Network Security Fundamentals, Third Edition 53 Security+ Guide to Network Security Fundamentals, Third Edition 54 Security+ Guide to Network Security Fundamentals, Third Edition 55 Media-Based Vulnerabilities (continued) Security+ Guide to Network Security Fundamentals, Third Edition 56 Summary The initial IEEE 802.11 standard contained security controls for protecting wireless transmissions from attackers The Wi-Fi Alliance has introduced two levels of personal security – Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) Enterprise wireless security requires different security models from personal wireless security Additional wireless security devices can be used to defend against attackers Security+ Guide to Network Security Fundamentals, Third Edition 57
