Basic wireless lan security technologies
1 / 18

Basic Wireless LAN Security Technologies - PowerPoint PPT Presentation

  • Uploaded on

Basic Wireless LAN Security Technologies. Most wireless security incidents occur because system administrators do not implement available counter measures. It is important to verify that the countermeasure is in place and working properly

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Basic Wireless LAN Security Technologies' - emerald-mills

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Basic wireless lan security technologies
Basic Wireless LAN Security Technologies

  • Most wireless security incidents occur because system administrators do not implement available counter measures.

  • It is important to verify that the countermeasure is in place and working properly

  • Thus, WLAN security wheel which is a continuous security process is very effective

Wlan security wheel
WLAN Security Wheel

  • The Four Steps of Wireless Security Policy:






  • This step implements WLAN security solutions to stop or prevent unauthorized access or activities and to protect information using the following:

    Authentication (802.1x)

    Encryption (WEP or AES)

    Traffic Filters

    Controlled wireless coverage area


  • This step involves the following actions:

    Detecting violations to the WLAN security policy

    Involving system auditing, logs, and real-time intrusion detection

    Validating the security implementation in step 1

Test improve
Test & Improve

  • Test: This step validates the effectiveness of the WLAN security policy through system auditing and wireless and wired vulnerability scanning

  • Improve: This step involves the following:

    Using info from step 3 to improve WLAN implementation

    Adjusting the security policy

First generation wireless security
First Generation Wireless Security

  • Security was not a big concern

  • Many WLANs used Service Set IDentifier (SSID) as the basic form of security.

  • Some WLANs controlled access by entering the MAC address of each client into their wireless AP.

  • Neither option was secure, because wireless sniffing could reveal both valid MAC addresses and the SSID

Basic wireless lan security technologies

  • SSID is a 1-32 character ASCII string that can be entered on the clients and APs

  • In 802.11, any client with a NULL string associates to any AP regardless of SSID setting on an AP

  • Broadcast SSIDs are required by the IEEE standard.

  • Some vendors have options such as SSID broadcast and allow any SSID

Basic wireless lan security technologies

  • These features are enabled by default and make it easy to set up a wireless network

  • Using the allow any SSID option lets the AP allow access to a client with blank SSID

  • The SSID broadcast option sends beacon frames which advertise the SSID

  • MAC based authentication is not defined in 802.11 specification

Wired equivalent privacy wep
Wired Equivalent Privacy (WEP)

  • IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from a casual eavesdropping

  • IEEE 802.11 WEP standard specifies a static 40-bit key

  • Most vendors have extended WEP to 128 bits or more.

  • When using WEP, both AP and wireless client must have a matching WEP key

  • WEP is based on Rivest Cipher 4 (RC4)

Basic wireless lan security technologies

  • Encryption based on key lengths greater than 64 bits are considered high encryption standard

Rivest shamir adelman rsa encryption scheme
Rivest-Shamir-Adelman (RSA) Encryption Scheme

  • In RSA scheme messages are first represented as integers in the range (0,n-1)

  • Each user chooses his/her own value of n and another pair of positive integers e and d.

  • The user places the encryption key, (n,e) in the public directory

  • The decryption key consists of the number pair (n,d)

Rsa scheme
RSA Scheme

  • d is kept secret.

  • Encryption:

  • Decryption

Rsa scheme1
RSA Scheme

  • n is obtained by selecting two large prime numbers p and q such that n=pq

  • Although n is made public, p and q are kept secret due to the great difficulty in factoring n

  • Then the Euler totient function is formed. That is,

Rsa scheme2
RSA Scheme

  • The parameter has an interesting property that for any integer X in the range (0, n-1) and for any integer k

  • A large integer d is randomly chosen so that it is relatively prime to , which means that and d must have no common divisors other than 1

Rsa scheme3
RSA Scheme

  • That is: gcd[ ,d]=1

    Any prime number greater than the larger of (p,q) will suffice. Then the integer e, where 0<e< , is found from the relationship

    which amounts to choosing e and d to satisfy: Thus,

Example of rsa scheme
Example of RSA Scheme

  • Let p=47, q=59. Therefore, n=pq=2773

  • =(p-1)(q-1)=2668. d is chosen to be relatively prime to . For example, choose d=157. Next the value of e is computed as follows:

  • Thus e=17

Rsa scheme4
RSA Scheme

  • Consider ITS ALL GREEK TO ME

  • Replacing each letter with a two-digit number in the range (01, 26); encoding blank as 00

  • 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500

  • Each message needs to be expressed as an integer in the range (0, n-1); For this example, encryption is done on blocks of 4 digits at a time since this is the maximum number of digits that will always yield a number less than n-1=2772

Rsa scheme5
RSA Scheme

  • The first 4 digits (0920) of the plaintext are encrypted as:

  • C=0948 2342 1084 1444 2663 2390 0778 0774 0219 1655