1 / 14

Wireless Security

fahim
Download Presentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Wireless Security

    2. Agenda - .11i, IPS/IDS, Ranging WPA WPA2 IEEE 802.11i AES Encryption WPA and WPA2 Comparison Cisco TKIP, WPA, WPA2 Comparison

    3. Wireless Security?

    4. 802.1x (EAP) Client associates

    5. WPA Wi-Fi Protected Access (WPA) Standards-based security solution from the Wi-Fi Alliance Addresses the vulnerabilities in native WLANs using Wired Equivalent Privacy (WEP) Supports IEEE 802.1X and Pre-Shared Key (PSK) authentication Temporal Key Integrity Protocol (TKIP) for encryption Fully supported by the Cisco Wireless Security Suite

    6. WPA2 Announced 9/1/04: Next generation of Wi-Fi security Follows IEEE 802.11i standard Supports IEEE 802.1X and Pre-Shared Key (PSK) authentication Advanced Encryption Standard (AES) encryption algorithm using CCMP Facilitates government FIPS 140-2 compliance Pre-authentication is optional Backward compatible with WPA Mandatory with an optional (18 month) phase-in period Fully supported by the Cisco Wireless Security Suite

    7. IEEE 802.11i Ratified June 2004 Defines security standards for wireless LANs Details stronger encryption, authentication, and key management strategies for wireless data and system security Required hardware accelerator chip in radio Includes the following: Two new data-confidentiality protocols TKIP and AES-CCMP Negotiation process for selecting the correct confidentiality protocol Key system for each traffic type Key caching and pre-authentication

    8. AES Encryption Encryption standard defined by NIST (National Institute of Standards and Technology) to replace DES The Gold standard Hardware encryption vs. software encryption Replaces RC4 encryption in IEEE 802.11i 128 bit symmetric cipher, 48 bit Initialization Vector CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) Requires hardware acceleration, or the overall performance of an 11Mb radio will be unacceptable Facilitates government FIPS 140-2 compliance Note: 802.1X is not FIPS compliant

    9. WPA and WPA2 Comparison

    10. Cisco TKIP, WPA, WPA2 Comparison

    11. WPA2 & Extended EAP types Initial WPA2 testing was on EAP-TLS Other EAP methods now available EAP-TTLS/MSCHAPv2 PEAPv0/EAP-MSCHAPv2, (a.k.a., Microsoft PEAP) PEAPv1/EAP-GTC, (a.k.a., Cisco PEAP)

    12. Wireless IDS Traditional wired IDS focus on L3 and higher Nature of RF medium and wireless standards mandate IDS at the physical and data link layer RF medium vulnerabilities: Unlicensed spectrum subject to interference, contention Not contained by physical security boundaries Standards vulnerabilities: Unauthenticated management frames Session hi-jacking, replay type attacks Wide availability of wireless hacking literature & tools

    13. Wireless IDS Address RF related vulnerabilities Detect, locate, mitigate rogue devices Detect and manage RF interference Detect reconnaissance if possible Address standards-based vulnerabilities Detect management frame & hi-jacking style attacks Enforce security configuration policies Complementary functionality: Forensic analysis Compliance reporting

    14. Wireless IDS

More Related