Basic wireless lan security technologies
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Basic Wireless LAN Security Technologies PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on
  • Presentation posted in: General

Basic Wireless LAN Security Technologies. Most wireless security incidents occur because system administrators do not implement available counter measures. It is important to verify that the countermeasure is in place and working properly

Download Presentation

Basic Wireless LAN Security Technologies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Basic wireless lan security technologies

Basic Wireless LAN Security Technologies

  • Most wireless security incidents occur because system administrators do not implement available counter measures.

  • It is important to verify that the countermeasure is in place and working properly

  • Thus, WLAN security wheel which is a continuous security process is very effective


Wlan security wheel

WLAN Security Wheel

  • The Four Steps of Wireless Security Policy:

    Secure

    Monitor

    Test

    Improve


Secure

Secure

  • This step implements WLAN security solutions to stop or prevent unauthorized access or activities and to protect information using the following:

    Authentication (802.1x)

    Encryption (WEP or AES)

    Traffic Filters

    Controlled wireless coverage area


Monitor

Monitor

  • This step involves the following actions:

    Detecting violations to the WLAN security policy

    Involving system auditing, logs, and real-time intrusion detection

    Validating the security implementation in step 1


Test improve

Test & Improve

  • Test: This step validates the effectiveness of the WLAN security policy through system auditing and wireless and wired vulnerability scanning

  • Improve: This step involves the following:

    Using info from step 3 to improve WLAN implementation

    Adjusting the security policy


First generation wireless security

First Generation Wireless Security

  • Security was not a big concern

  • Many WLANs used Service Set IDentifier (SSID) as the basic form of security.

  • Some WLANs controlled access by entering the MAC address of each client into their wireless AP.

  • Neither option was secure, because wireless sniffing could reveal both valid MAC addresses and the SSID


Basic wireless lan security technologies

SSID

  • SSID is a 1-32 character ASCII string that can be entered on the clients and APs

  • In 802.11, any client with a NULL string associates to any AP regardless of SSID setting on an AP

  • Broadcast SSIDs are required by the IEEE standard.

  • Some vendors have options such as SSID broadcast and allow any SSID


Basic wireless lan security technologies

SSID

  • These features are enabled by default and make it easy to set up a wireless network

  • Using the allow any SSID option lets the AP allow access to a client with blank SSID

  • The SSID broadcast option sends beacon frames which advertise the SSID

  • MAC based authentication is not defined in 802.11 specification


Wired equivalent privacy wep

Wired Equivalent Privacy (WEP)

  • IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from a casual eavesdropping

  • IEEE 802.11 WEP standard specifies a static 40-bit key

  • Most vendors have extended WEP to 128 bits or more.

  • When using WEP, both AP and wireless client must have a matching WEP key

  • WEP is based on Rivest Cipher 4 (RC4)


Basic wireless lan security technologies

WEP

  • Encryption based on key lengths greater than 64 bits are considered high encryption standard


Rivest shamir adelman rsa encryption scheme

Rivest-Shamir-Adelman (RSA) Encryption Scheme

  • In RSA scheme messages are first represented as integers in the range (0,n-1)

  • Each user chooses his/her own value of n and another pair of positive integers e and d.

  • The user places the encryption key, (n,e) in the public directory

  • The decryption key consists of the number pair (n,d)


Rsa scheme

RSA Scheme

  • d is kept secret.

  • Encryption:

  • Decryption


Rsa scheme1

RSA Scheme

  • n is obtained by selecting two large prime numbers p and q such that n=pq

  • Although n is made public, p and q are kept secret due to the great difficulty in factoring n

  • Then the Euler totient function is formed. That is,


Rsa scheme2

RSA Scheme

  • The parameter has an interesting property that for any integer X in the range (0, n-1) and for any integer k

  • A large integer d is randomly chosen so that it is relatively prime to , which means that and d must have no common divisors other than 1


Rsa scheme3

RSA Scheme

  • That is:gcd[ ,d]=1

    Any prime number greater than the larger of (p,q) will suffice. Then the integer e, where 0<e< , is found from the relationship

    which amounts to choosing e and d to satisfy: Thus,


Example of rsa scheme

Example of RSA Scheme

  • Let p=47, q=59. Therefore, n=pq=2773

  • =(p-1)(q-1)=2668. d is chosen to be relatively prime to . For example, choose d=157. Next the value of e is computed as follows:

  • Thus e=17


Rsa scheme4

RSA Scheme

  • Consider ITS ALL GREEK TO ME

  • Replacing each letter with a two-digit number in the range (01, 26); encoding blank as 00

  • 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500

  • Each message needs to be expressed as an integer in the range (0, n-1); For this example, encryption is done on blocks of 4 digits at a time since this is the maximum number of digits that will always yield a number less than n-1=2772


Rsa scheme5

RSA Scheme

  • The first 4 digits (0920) of the plaintext are encrypted as:

  • C=0948 2342 1084 1444 2663 2390 0778 0774 0219 1655


  • Login