After studying chapter 4 you should be able to: Describe the basic IEEE 802.11 wireless security protections; define the vulnerabilities of open system authentication, WEP, and device authentication; describe the WPA and WPA2 personal security models; explain how enterprises can implement wireless security.
Wireless Network Security TJX Data Breach (Marshalls, T.J Maxx, HomeGoods, A.J Wright…) v TJX used WEP security v They lost 45 million customer records v They settled the lawsuits for $40.9 million Objectives v Describe the protections basic IEEE 802.11 wireless security v Define the vulnerabilities of open system authentication, WEP, and device authentication v Describe the WPA and WPA2 personal security models v Explain how enterprises can implement wireless security IEEE 802.11 Wireless Security Protections IEEE v Institute of Electrical and Electronics Engineers (IEEE), 1963 v In the early 1980s, the IEEE began work on developing computer network architecture standards v This work was called Project 802 v In 1990, the IEEE formed a committee to develop a standard for WLANs (Wireless Local Area Networks) v At that time WLANs operated at a speed of to million bits per second (Mbps) IEEE 802.11 WLAN Standard v In 1997, the IEEE approved the IEEE 802.11 WLAN standard v Revisions v IEEE 802.11 (2,4 GHz, Mbps) v IEEE 802.11a (5 GHz, 54 Mbps, 25- 75m) v IEEE 802.11b (2.4 GHz, 11 Mbps, 35- 100m) v IEEE 802.11g (2.4 GHz, 54 Mbps, 25- 75m) v IEEE 802.11n (2.4 GHz, 5GHz, 300 Mbps, 50- 125m) Controlling Access to a WLAN v Access is controlled by limiting a device’s access to the access point (AP) v Only devices that are authorized can connect to the AP v One way: Media Access Control (MAC) address filtering v CSE uses this technique (unfortunately) Controlling Access MAC Address Filtering Wired Equivalent Privacy (WEP) v Designed to ensure that only authorized parties can view transmitted wireless information v Uses encryption to protect traffic v WEP was designed to be: v Efficient and reasonably strong 802.1x Authentication IEEE 802.11i v Key-caching v Remembers a client, so if a user roams away from a wireless access point and later returns, she does not need to re-enter her credentials v Pre-authentication v Allows a device to become authenticated to an AP before moving into range of the AP v Authentication packet is sent ahead WPA Enterprise Security v Designed for medium to large-size organizations v Improved authentication and encryption v The authentication used is IEEE 802.1x and the encryption is TKIP WPA Enterprise Security v IEEE 802.1x Authentication v Provides an authentication framework for all IEEE 802- based LANs v Does not perform any encryption v TKIP Encryption v An improvement on WEP encryption v Designed to fit into the existing WEP procedure WPA2 Enterprise Security v The most secure method v Authentication uses IEEE 802.1x v Encryption is AES-CCMP Enterprise & Personal Wireless Security Models Enterprise Wireless Security Devices v Thin Access Point v An access point without the authentication and encryption functions v These features reside on the wireless switch v Advantages v The APs can be managed from one central location v All authentication is performed in the wireless switch Enterprise Wireless Security Devices Enterprise Wireless Security Devices v Wireless VLANs v Can segment traffic and increase security v The flexibility of a wireless VLAN depends on which device separates the packets and directs them to different networks Enterprise Wireless Security Devices v For enhanced security, set up two wireless VLANs v One for employee access v One for guest access Rogue Access Point Discovery Tools v Wireless protocol analyzer v Auditors carry it around sniffing for rogue access points v For more security, set up wireless probes to monitor the RF frequency Types of Wireless Probes v Wireless device probe v Desktop probe v Access point probe v Dedicated probe ... minutes v You need a special wireless card Personal Wireless Security WPA Personal Security v Wireless Ethernet Compatibility Alliance (WECA) v A consortium of wireless equipment manufacturers... authentication v Describe the WPA and WPA2 personal security models v Explain how enterprises can implement wireless security IEEE 802.11 Wireless Security Protections IEEE v Institute of Electrical... packets WPA2 Personal Security v Wi-Fi Protected Access (WPA2) v Introduced by the Wi-Fi Alliance in September 2004 v The second generation of WPA security v Still uses PSK (Pre-Shared Key) authentication