IEEE 802.11 Wireless Security Protections PDF
Document Details
Uploaded by AdoredCharoite
null
null
null
Tags
Summary
This document provides an overview of IEEE 802.11 wireless security protections, focusing on access controls, vulnerabilities, and the Wired Equivalent Privacy (WEP) protocol. It outlines various aspects of securing wireless local area networks (WLANs).
Full Transcript
IEEE 802.11 Wireless Security Protections Institute of Electrical and Electronics Engineers (IEEE) The most widely known and influential organization for computer networking and wireless communications In the e...
IEEE 802.11 Wireless Security Protections Institute of Electrical and Electronics Engineers (IEEE) The most widely known and influential organization for computer networking and wireless communications In the early 1980s, the IEEE began work on developing computer network architecture standards This work was called Project 802 In 1990, the IEEE formed a committee to develop a standard for WLANs That operate at a speed of 1 and 2 million bits per second (Mbps) Security+ Guide to Network Security Fundamentals, Third Edition 1 IEEE 802.11 Wireless Security Protections (continued) In 1997, the IEEE approved the IEEE 802.11 WLAN standard Revisions IEEE 802.11a IEEE 802.11b IEEE 802.11g IEEE 802.11n Security+ Guide to Network Security Fundamentals, Third Edition 2 Controlling Access Controlling wireless access of devices to the WLAN Accomplished by limiting a device’s access to the access point (AP) By restricting access to the AP, only those devices that are authorized are able to connect to the AP and become part of the wireless network The IEEE 802.11 standard does not specify how to implement controlling access Almost all wireless AP vendors implement access control through Media Access Control (MAC) address filtering Security+ Guide to Network Security Fundamentals, Third Edition 3 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 4 Controlling Access (continued) Security+ Guide to Network Security Fundamentals, Third Edition 5 Controlling Access (continued) MAC address filtering is usually implemented by permitting instead of preventing Wired Equivalent Privacy (WEP) Designed to ensure that only authorized parties can view transmitted wireless information Uses encryption to protect traffic The IEEE 802.11 committee designed WEP to meet the following criteria: Efficient, exportable, optional, self-synchronizing, and reasonably strong Security+ Guide to Network Security Fundamentals, Third Edition 6 Controlling Access (continued) IEEE 802.11 WEP shared secret keys must be a minimum of 64 bits in length The options for creating keys are as follows: 64-bit key 128-bit key Passphrase The AP and devices can hold up to four shared secret keys One of which must be designated as the default key Security+ Guide to Network Security Fundamentals, Third Edition 7 Security+ Guide to Network Security Fundamentals, Third Edition 8 Controlling Access (continued) Wireless LANs cannot limit access to the wireless signal by walls or doors Sometimes called data emanation Device authentication Types of authentication supported by the 802.11 standard Open system authentication See Figure 6-6 Shared key authentication See Figure 6-7 Security+ Guide to Network Security Fundamentals, Third Edition 9 Security+ Guide to Network Security Fundamentals, Third Edition 10 Security+ Guide to Network Security Fundamentals, Third Edition 11 Vulnerabilities of IEEE 802.11 Security The primary vulnerabilities are in the areas of open system authentication, MAC address filtering, and WEP Security+ Guide to Network Security Fundamentals, Third Edition 12 Open System Authentication Vulnerabilities Open system authentication is considered weak because authentication is based on only one factor: A match of SSID(server set identifier :name of the wireless network) The easiest way to discover the SSID is to actually do nothing Exploits the beaconing frame process(theses frames is sent by ap and the name of the wirless network is presented their) Once a wireless device receives a beacon frame, it can attempt to join the network By sending an association request frame back to the AP Security+ Guide to Network Security Fundamentals, Third Edition 13 Open System Authentication Vulnerabilities (continued) Passive scanning(is a method used by wireless devices (such as laptops, smartphones, or tablets) to discover available wireless networks) The most common type of scanning A wireless device simply listens for a beacon frame for a set period of time For a degree of protection, some wireless security sources encourage users to configure their APs to prevent the beacon frame from including the SSID But instead require the user to enter the SSID manually on the wireless device Security+ Guide to Network Security Fundamentals, Third Edition 14 Open System Authentication Vulnerabilities (continued) Problems arise when the SSID is not beaconed(hided) Can affect roaming(roaming issues) Can also affect devices running Microsoft Windows XP The SSID can be easily discovered even when it is not contained in beacon frames Still is transmitted in other management frames sent by the AP Configuring an access point to not allow the beacon frame to include the SSID provides virtually no protection Security+ Guide to Network Security Fundamentals, Third Edition 15 Security+ Guide to Network Security Fundamentals, Third Edition 16 MAC Address Filtering Weaknesses 1 )MAC addresses are initially exchanged in an unencrypted format through the WLAN(exchange their MAC addresses during the association process. This information is typically transmitted in an unencrypted form) An attacker can easily see the MAC address(whitelist) of an approved device and use it to join the network 2) Managing a large number of MAC addresses can pose significant challenges(if you have a large number of devices) MAC address filtering does not provide a means to temporarily allow a guest user to access the network Other than manually entering the user’s MAC address into the access point Security+ Guide to Network Security Fundamentals, Third Edition 17 WEP 1) To encrypt packets WEP can use only a 64-bit or 128-bit number Which is made up of a 24-bit initialization vector (IV)(random vector) and a 40-bit or 104-bit default key The relatively short length of the default key limits its strength 2) WEP implementation violates the cardinal rule of cryptography: Anything that creates a detectable pattern must be avoided at all costs IVs would start repeating in fewer than seven hours Security+ Guide to Network Security Fundamentals, Third Edition 18 WEP (continued) Because of the weaknesses of WEP Possible for an attacker to identify two packets derived from the same IV (called a collision) A collision occurs when two packets are encrypted with the same IV. In other words, if two different packets share the same IV and are encrypted with the same WEP key, Keystream attack A method of determining the keystream(keystream is generated by combining the IV and the shared secret key.) by analyzing two packets that were created from the same IV 19
