- 87 Views
- Uploaded on
- Presentation posted in: General

Basic Wireless LAN Security Technologies

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

- Most wireless security incidents occur because system administrators do not implement available counter measures.
- It is important to verify that the countermeasure is in place and working properly
- Thus, WLAN security wheel which is a continuous security process is very effective

- The Four Steps of Wireless Security Policy:
Secure

Monitor

Test

Improve

- This step implements WLAN security solutions to stop or prevent unauthorized access or activities and to protect information using the following:
Authentication (802.1x)

Encryption (WEP or AES)

Traffic Filters

Controlled wireless coverage area

- This step involves the following actions:
Detecting violations to the WLAN security policy

Involving system auditing, logs, and real-time intrusion detection

Validating the security implementation in step 1

- Test: This step validates the effectiveness of the WLAN security policy through system auditing and wireless and wired vulnerability scanning
- Improve: This step involves the following:
Using info from step 3 to improve WLAN implementation

Adjusting the security policy

- Security was not a big concern
- Many WLANs used Service Set IDentifier (SSID) as the basic form of security.
- Some WLANs controlled access by entering the MAC address of each client into their wireless AP.
- Neither option was secure, because wireless sniffing could reveal both valid MAC addresses and the SSID

- SSID is a 1-32 character ASCII string that can be entered on the clients and APs
- In 802.11, any client with a NULL string associates to any AP regardless of SSID setting on an AP
- Broadcast SSIDs are required by the IEEE standard.
- Some vendors have options such as SSID broadcast and allow any SSID

- These features are enabled by default and make it easy to set up a wireless network
- Using the allow any SSID option lets the AP allow access to a client with blank SSID
- The SSID broadcast option sends beacon frames which advertise the SSID
- MAC based authentication is not defined in 802.11 specification

- IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from a casual eavesdropping
- IEEE 802.11 WEP standard specifies a static 40-bit key
- Most vendors have extended WEP to 128 bits or more.
- When using WEP, both AP and wireless client must have a matching WEP key
- WEP is based on Rivest Cipher 4 (RC4)

- Encryption based on key lengths greater than 64 bits are considered high encryption standard

- In RSA scheme messages are first represented as integers in the range (0,n-1)
- Each user chooses his/her own value of n and another pair of positive integers e and d.
- The user places the encryption key, (n,e) in the public directory
- The decryption key consists of the number pair (n,d)

- d is kept secret.
- Encryption:
- Decryption

- n is obtained by selecting two large prime numbers p and q such that n=pq
- Although n is made public, p and q are kept secret due to the great difficulty in factoring n
- Then the Euler totient function is formed. That is,

- The parameter has an interesting property that for any integer X in the range (0, n-1) and for any integer k
- A large integer d is randomly chosen so that it is relatively prime to , which means that and d must have no common divisors other than 1

- That is:gcd[ ,d]=1
Any prime number greater than the larger of (p,q) will suffice. Then the integer e, where 0<e< , is found from the relationship

which amounts to choosing e and d to satisfy: Thus,

- Let p=47, q=59. Therefore, n=pq=2773
- =(p-1)(q-1)=2668. d is chosen to be relatively prime to . For example, choose d=157. Next the value of e is computed as follows:
- Thus e=17

- Consider ITS ALL GREEK TO ME
- Replacing each letter with a two-digit number in the range (01, 26); encoding blank as 00
- 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500
- Each message needs to be expressed as an integer in the range (0, n-1); For this example, encryption is done on blocks of 4 digits at a time since this is the maximum number of digits that will always yield a number less than n-1=2772

- The first 4 digits (0920) of the plaintext are encrypted as:
- C=0948 2342 1084 1444 2663 2390 0778 0774 0219 1655