Free Essay

Wireless Lan Security

In:

Submitted By kuvyoghm00b
Words 4933
Pages 20
SEMINAR REPORT

ON

WIRELESS LAN SECURITY

Contents:

I. Introduction…………………………………………………………………1

II. Wireless LAN Deployment……………………………………………7

III. Wireless LAN Security Overview…………………………………10

IV. Protecting Wireless LANs…………………………………………...13

V. Wireless LAN Security Summary……………………………………18

I. Introduction

a. The 802.11 Wireless LAN Standard
In 1997, the IEEE ratified the 802.11 Wireless LAN standards, establishing a global standard for implementing and deploying Wireless LANS. The throughput for 802.11 is 2Mbps, which was well below the IEEE 802.3 Ethernet counterpart. Late in 1999, the IEEE ratified the 802.11b standard extension, which raised the throughput to 11 Mbps, making this extension more comparable to the wired equivalent. The 802.11b also supports the 2 Mbps data rate and operates on the 2.4GHz band in radio frequency for high-speed data communications

As with any of the other 802 networking standards (Ethernet, Token Ring, etc.), the 802.11 specification affects the lower layers of the OSI reference model, the Physical and Data Link layers.
The Physical Layer defines how data is transmitted over the physical medium. The IEEE assigned 802.11 two transmission methods for radio frequency (RF) and one for Infrared. The two RF methods are frequency hopping spread-spectrum (FHSS) and direct sequence spread-spectrum (DSSS). These transmission methods operate within the ISM (Industrial, Scientific, and Medical) 2.4 GHz band for unlicensed use. Other devices that operate on this band include remote phones, microwave ovens, and baby monitors.
FHSS and DSSS are different techniques to transmit data over radio waves. FHSS uses a simple frequency hopping technique to navigate the 2.4GHz band which is divided into 75 sub-channels 1MHz each. The sender and receiver negotiate a sequence pattern over the sub-channels.
DSSS, however, utilizes the same channel for the duration of the transmission by dividing the 2.4 GHz band into 14 channels at 22MHz each with 11 channels overlapping the adjacent ones and three non-overlapping channels. To compensate for noise and interference, DSSS uses a technique called "chipping", where each data bit is converted into redundant patterns called "chips".
The Data Link layer is made up of two sub-layers, the Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The Data Link layer determines how transmitted data is packaged, addressed and managed within the network. The LLC layer uses the identical 48-bit addressing found in other 802 LAN networks like Ethernet where the MAC layer uses a unique mechanism called carrier sense multiple access, collision avoidance (CSMA/CA). This mechanism is similar to the carrier sense multiple access collision detect (CSMA/CD) used in Ethernet, with a few major differences. Opposed to Ethernet, which sends out a signal until a collision is detected before a resend, CSMA/CA senses the airwaves for activity and sends out a signal when the airwaves are free. If the sender detects conflicting signals, it will wait for a random period before retrying. This technique is called "listening before talking" (LBT) and probably would be effective if applied to verbal communications also.
To minimize the risk of transmission collisions, the 802.11 committee decided a mechanism called Request-To-Send / Clear-To-Send (RTS/CTS). An example of this would be when an AP accepts data transmitted from a wireless station; the AP would send a RTS frame to the wireless station that requests a specific amount of time that the station has to deliver data to it. The wireless station would then send an CTS frame acknowledging that it will wait to send any communications until the AP completes sending data. All the other wireless stations will hear the transmission as well and wait before sending data. Due to the fragile nature of wireless transmission compared to wired transfers, the acknowledgement model (ACK) is employed on both ends to ensure that data does not get lost in the airwaves.
b. 802.11 Extensions
Several extensions to the 802.11 standard have been either ratified or are in progress by their respective task group committees. Below are three current task group activities that affect WLAN users most directly:
802.11a
The 802.11a ("another band") extension operates on a different physical layer specification than the 802.11 standard at 2.4GHz. 802.11a operates at 5GHz and supports date rates up to 54Mbps. The FCC has allocated 300Mz of RF spectrum for unlicensed operation in the 5GHz range. Although 802.11a supports much higher data rates, the effective distance of transmission is much shorter than 802.11b and is not compatible with 802.11b equipment and in its current state is usable only in the US. However, several vendors have embraced the 802.11a standard and some have dual band support AP devices and network cards.
802.11b
The 802.11b ("baseline") is currently the de facto standard for Wireless LANs. As discussed earlier, the 802.11b extension raised the data rate bar from 2Mbps to 11Mbps, even though the actual throughput is much less. The original method employed by the 802.11 committee for chipping data transmissions was the 11-bit chipping encoding technique called the "Barker Sequence". The increased data rate from 2Mbps to 11Mbps was achieved by utilizing an advanced encoding technique called Complementary Code Keying (CCK). The CCK uses Quadrature Phase Shift Keying (QPSK) for modulation to achieve the higher data rates.
802.11g
The 802.11g ("going beyond b") task group, like 802.11a is focusing on raising the data transmission rate up to 54Mbps, but on the 2.4MHz band. The specification was approved by the IEEE in 2001 and is expected to be ratified in the second half of 2002. It is an attractive alternative to the 802.11a extension due to its backward compatibility to 802.11b, which preserves previous infrastructure investments.
The other task groups are making enhancements to specific aspects of the 802.11 standard. These enhancements do not affect the data rates. These extensions are below:
802.11d
This group is focusing on extending the technology to countries that are not covered by the IEEE.
802.11e
This group is focusing on improving multi-media transmission quality of service.
802.11f
This group is focusing on enhancing roaming between APs and interoperability between vendors.
802.11h
This group is addressing concerns on the frequency selection and power control mechanisms on the 5GHz band in some European countries.
802.11i
This group is focusing on enhancing wireless lan security and authentication for 802.11 that include incorporating Remote Access Dialing User Service (RADIUS), Kerberos and the network port authentication (IEEE 802.1X). 802.1X has already been implemented by some AP vendors. c. 802.11 Security Flaws
802.11 wireless LAN security or lack of it remains at the top of most LAN administrators list of worries. The security for 802.11 is provided by the Wired Equivalency Policy (WEP) at the MAC layer for authentication and encryption The original goals of IEEE in defining WEP was to provide the equivalent security of an "unencrypted" wired network. The difference is the wired networks are somewhat protected by physical buildings they are housed in. On the wireless side, the same physical layer is open in the airwaves.
WEP provides authentication to the network and encryption of transmitted data across the network. WEP can be set either to either an open network or utilizing a shared key system. The shared key system used with WEP as well as the WEP encryption algorithm are the most widely discussed vulnerabilities of WEP. Several manufacturers' implementations introduce additional vulnerabilities to the already beleaguered standard.
WEP uses the RC4 algorithm known as a stream cipher for encrypting data. Several manufacturers tout larger 128-bit keys, the actual size available is 104 bits. The problem with the key is not the length, but lies within the actual design of WEP that allows secret identification. A paper written by Jesse Walker, "Unsafe at any key length" provides insight to the specifics of the design vulnerabilities and explains the exploitation of WEP.
The following steps explain the process of how a wireless station associates to an AP using shared key authentication.

1) The wireless station begins the process by sending an authentication frame to the AP it is trying to associate with.

2) The receiving AP sends a reply to the wireless station with its own authentication frame containing 128 octets of challenge text.

3) The wireless station then encrypts the challenge text with the shared key and sends the result back to the AP.

4) The AP then decrypts the encrypted challenge using the same shared key and compares it to the original challenge text. If the there is a match, an ACK is sent back to the wireless station, otherwise a notification is sent back rejecting the authentication.
It is important to note that this authentication process simply acknowledges that the wireless station knows the shared key and does not authenticate against resources behind the AP. Upon authenticating with the AP, the wireless station gains access to any resources the AP is connected to.
This is what keeps LAN and security managers up at night. If WEP is the only and last layer of defense used in a Wireless LAN, intruders that have compromised WEP, have access to the corporate network. Most APs are deployed behind the corporate firewall and in most cases unknowingly are connected to critical down-line systems that were locked down before APs were invented. There are a number of papers and technical articles on the vulnerabilities of WEP that are listed in the Reference section.

II. Wireless LAN Deployment
The biggest difference in deployment of Wireless LANs over their wired counterpart are due to the physical layer operates in the airwaves and is affected by transmission and reception factors such as attenuation, radio frequency (RF) noise and interference, and building and structural interference.
a. Antenna Primer
Antenna technology plays a significant role in the deployment, resulting performance of a Wireless LAN, and enhancing security. Properly planned placement can reduce stray RF signal making eavesdropping more difficult.
Common terms that are used in describing performance of antenna technology are as follows:
Isotropic Radiator - An antenna that radiates equally in all directions in a three dimensional sphere is considered an "isotropic radiator".
Decibel (dB) - Describes loss or gain between two communicating devices that is expressed in watts as a unit of measure. dBi value - Describes the ratio of an antenna's gain when compared to that of an Isotropic Radiator antenna. The higher the value, the greater the gain.
Attenuation - Describes the reduction of signal strength over distance. Several factors can affect attenuation including absorption (obstructions such as trees that absorb radio waves), diffraction (signal bending around obstructions with reflective qualities), reflection (signal bounces off a reflective surface such as water), and refraction (signal bends due to atmospheric conditions such as marine fog).
Gain - Describes RF concentration over that of an Isotropic Radiator antenna and is measured in dB.
Azimuth - Describes the axis for which RF is radiated.
Antennas come in all shapes and sizes including the home-made versions using common kitchen cupboard cans to deliver specific performance variations. Following are some commonly deployed antenna types.

Dipole Antenna:
This is the most commonly used antenna that is designed into most Access Points. The antenna itself is usually removable and radiating element is in the one inch length range. This type of antenna functions similar to a television "rabbit ears" antenna. As the frequency gets to the 2.4GHz range, the antenna required gets smaller than that of a 100Mz television. The Dipole antenna radiates equally in all directions around its Azimuth but does not cover the length of the diagonal giving a donut-like radiation pattern. Since the Dipole radiates in this pattern, a fraction of radiation is vertical and bleeds across floors in a multi-story building and have typical ranges up to 100 feet at 11Mbps.

Directional Antennas:
Directional antennas are designed to be used as a bridge antenna between two networks or for point-to-point communications. Yagi and Parabolic antennas are used for these purposes as well as others. Directional antennas can reduce unwanted spill-over as they concentrate radiation in one direction.
With the popularity of "war driving" (driving around in a car and discovering unprotected WLANs) there is continuing research done on enhancing distances and reducing spill-over by commercial and underground groups. Advanced antennas like the "Slotted Waveguide" by Trevor Marshal, utilizes multiple dipoles, one above the other, to cause the signal radiation to be in phase so that the concentration is along the axis of the dipoles.

b. Deployment Best Practices
Planning a Wireless LAN requires consideration for factors that affect attenuation discussed earlier. Indoor and multi-story deployments have different challenges than outdoor deployments. Attenuation affects antenna cabling from the radio device to the actual antenna also. The radio wave actually begins at the radio device and induces voltage as it travels down the antenna cable and loses strength.

Multi-path distortion occurs in outdoor deployments where a signal traveling to the receiver arrives from more than one path. This can occur when the radio wave traverses over water or any other smooth surface that causes the signal to reflect off the surface and arrive at a different time than the intended signal does.
Structural issues must also be considered that can affect the transmission performance through path fading or propagation loss. The greater the density of the structural obstruction, the slower the radio wave is propagated through it. When a radio wave is sent from a transmitter and is obstructed by a structural object, the signal can penetrate through the object, reflect off it, or be absorbed by it.
A critical step in deploying the WLAN is performing a wireless site survey prior to the deployment. The survey will help determine the number of APs to deploy and their optimum placement for performance with regards to obstacles that affect radio waves as well as business and security related issues.
Complete understanding of the infrastructure and environment with respect to network media, operating systems, protocols, hubs, switches, routers and bridges as well as power supply is necessary to maximize performance and reduce network problems.

III. Wireless LAN Security Overview
As new deployments of Wireless LANs proliferate, security flaws are being identified and new techniques to exploit them are freely available over the Internet.
Sophisticated hackers use long-range antennas that are either commercially available or built easily with cans or cylinders found in a kitchen cupboard and can pick up 802.11b signals from up to 2,000 feet away. The intruders can be in the parking lot or completely out of site. Simply monitoring the adjacent parking lots for suspicious activity is far from solving the security issues around WLANs.
Many manufacturers ship APs with WEP disabled by default and are never changed before deployment. In an article by Kevin Poulsen titled "War driving by the Bay", he and Peter Shipley drove through San Francisco rush hour traffic and with an external antenna attached to their car and some custom sniffing software, and within an hour discovered close to eighty (80) wide open networks. Some of the APs even beacon the company name into the airwaves as the SSID.

a. Authentication and Encryption
Since the security provided by WEP alone including the new 802.1x Port Based IEEE standard is extremely vulnerable, stronger authentication and encryption methods should be deployed such as Wireless VPNs using Remote Authentication Dial-In User Service (RADIUS) servers.
The VPN layer employs strong authentication and encryption mechanisms between the wireless access points and the network, but do impact performance, a VPN (IPSec) client over a wireless connection could degrade performance up to 25%. RADIUS systems are used to manage authentication, accounting and access to network resources.
While VPNs are being represented as a secure solution for wireless LANs, one-way authentication VPNs are still vulnerable to exploitation. In large organizations that deploy dial-up VPNs by distributing client software to the masses, incorrect configurations can make VPNs more vulnerable to "session hi-jacking". There are a number of known attacks to one-way authentication VPNs and RADIUS systems behind them that can be exploited by attackers. Mutual authentication wireless VPNs offer strong authentication and overcome weaknesses in WEP.

b. Attacking Wireless LANs
With the popularity of Wireless LANs growing, so is the popularity of hacking them. It is important to realize that new attacks are being developed based on old wired network methods. Strategies that worked on securing wired resources before deploying APs need to be reviewed to address new vulnerabilities.
These attacks provide the ability to:
• Monitor and manipulate traffic between two wired hosts behind a firewall
• Monitor and manipulate traffic between a wired host and a wireless host
• Compromise roaming wireless clients attached to different Access Points
• Monitor and manipulate traffic between two wireless clients
Below are some known attacks to wireless LANs that can be applied to VPNs and RADIUS systems:
Session Hijacking
Session hijacking can be accomplished by monitoring a valid wireless station successfully complete authenticating to the network with a protocol analyzer. Then the attacker will send a spoofed disassociate message from the AP causing the wireless station to disconnect. When WEP is not used the attacker has use of the connection until the next time out Session hijacking can occur due to vulnerabilities in 802.11 and 802.1x state machines. The wireless station and AP are not synchronized allowing the attacker to disassociate the wireless station while the AP is unaware that the original wireless station is not connected.

Man-in-the-middle
The man-in-the-middle attack works because 802.1x uses only one-way authentication. In this case, the attacker acts as an AP to the user and as a user to the AP. There are proprietary extensions that enhance 802.1x to defeat this vulnerability from some vendors.
RADIUS Attacks
The XForce at Internet Security Systems published vulnerability findings in multiple vendors RADIUS offerings. Multiple buffer overflow vulnerabilities exist in the authentication routines of various RADIUS implementations. These routines require user-supplied information. Adequate bounds checking measures are not taken when parsing user-supplied strings. Generally, the "radiusd" daemon (the RADIUS listener) runs with super user privilege. Attackers may use knowledge of these vulnerabilities to launch a Denial of Service (DoS) attack against the RADIUS server or execute arbitrary code on the RADIUS server. If an attacker can gain control of the RADIUS server, he may have the ability to control access to all networked devices served by RADIUS, as well as gather login and password information for these devices.
An Analysis of the RADIUS Authentication Protocol is listed below:
• Response Authenticator Based Shared Secret Attack User- Password Attribute Cipher Design Comments
• User-Password Attribute Based Shared Secret Attack
• User-Password Based Password Attack
• Request Authenticator Based Attacks
• Passive User-Password Compromise Through Repeated Request Authenticators
• Active User-Password Compromise through Repeated Request Authenticators
• Replay of Server Responses through Repeated Request Authenticators
• DOS Arising from the Prediction of the Request Authenticator

IV. Protecting Wireless LANS

As discussed above, there are numerous methods available to exploit the security of wired networks via wireless LANs. Layered security and well thought out strategy are necessary steps to locking down the network. Applying best practices for wireless LAN security does not alert the security manager or network administrator when the security has been compromised.
Intrusion Detection Systems (IDS) are deployed on wired networks even with the security provided with VPNs and firewalls. However, wire-based IDS can only analyze network traffic once it is on the wire. Unfortunately, wireless LANs are attacked before entering the wired network and by the time attackers exploit the security deployed, they are entering the network as valid users.
For IDS to be effective against wireless LAN attacks, it first MUST be able to monitor the airwaves to recognize and prevent attacks before the hacker authenticates to the AP.

a. Principles of Intrusion Detection
Intrusion Detection is the art of detecting inappropriate, incorrect, or anomalous activity and responding to external attacks as well as internal misuse of computer systems. Generally speaking, Intrusion Detection Systems (IDS) are comprised of three functional areas:
• A stream source that provides chronological event information
• An analysis mechanism to determine potential or actual intrusions
• A response mechanism that takes action on the output of the analysis mechanism.
In the wireless LAN space, the stream source would be a remote sensor that promiscuously monitors the airwaves and generates a stream of 802.11 frame data to the analysis mechanism. Since attacks in wireless occur before data is on the wired network, it is important for the source of the event stream to have access to the airwaves before the AP receives the data.
The analysis mechanism can consist of one or more components based on any of several intrusion detection models. False positives, where the IDS generated an alarm when the threat did not actually exist, severely hamper the credibility of the IDS. In the same light, false negatives, where the IDS did not generate an alarm and a threat did exist, degrade the reliability of the IDS.
Signature-based techniques produce accurate results but can be limited to historical attack patterns. Relying solely on manual signature-based techniques would only be as good as the latest known attack signature until the next signature update. Anomaly techniques can detect unknown attacks by analyzing normal traffic patterns of the network but are less accurate than the signature-based techniques. A multi-dimensional intrusion detection approach integrates intrusion detection models that combine anomaly and signature-based techniques with policy deviation and state analysis.

b. Vulnerability Assessment
Vulnerability assessment is the process of identifying known vulnerabilities in the network. Wireless scanning tools give a snapshot of activity and identify devices on each of the 802.11b channels and perform trend analysis to identify vulnerabilities. A wireless IDS should be able to provide scanning functionality for persistent monitoring of activity to identify weaknesses in the network.
The first step in identifying weakness in a Wireless LAN deployment is to discover all Access Points in the network. Obtaining or determining each one's MAC address, Extended Service Set name, manufacturer, supported transmission rates, authentication modes, and whether or not it is configured to run WEP and wireless administrative management. In addition, identify every workstation equipped with a wireless network interface card, recording the MAC address of each device.
The information collected will be the baseline for the IDS to protect. The IDS should be able to determine rogue AP's and identify wireless stations by vendor fingerprints that will alert to devices that have been overlooked in the deployment process or not meant to be deployed at all.
Radio Frequency (RF) bleed can give hackers unnecessary opportunities to associate to an AP. RF bleed should be minimized where possible through the use of directional antennas discussed above or by placing Access Points closer to the middle of buildings as opposed to the outside perimeter.

c. Defining Wireless LAN Security Policies
Security policies must be defined to set thresholds for acceptable network operations and performance. For example, a security policy could be defined to ensure that Access Points do not broadcast its Service Set Identifier (SSID). If an Access Point is deployed or reconfigured and broadcasts the SSID, the IDS should generate an alarm. Defining security policies gives the security or network administrator a map of the network security model for effectively managing network security.
With the introduction of Access Points into the network, security policies need to be set for Access Point and Wireless Station configuration thresholds. Policies should be defined for authorized Access Points and their respective configuration parameters such as Vendor ID, authentication modes, and allowed WEP modes. Allowable channels of operation and normal activity hours of operation should be defined for each AP. Performance thresholds should be defined for minimum signal strength from a wireless station associating with an AP to identify potential attacks from outside the building.
The defined security policies form the baseline for how the wireless network should operate. The thresholds and configuration parameters should be adjusted over time to tighten or loosen the security baseline to meet real-world requirements. For example, normal activity hours for a particular AP could be scaled back due to working hour changes. The security policy should also be changed to reflect the new hours of operation.
No one security policy fits all environments or situations. There are always trade offs between security, usability and implementing new technologies.

d.State-Analysis
Maintaining state between the wireless stations and their interactions with Access Points is required for Intrusion Detection to be effective. The three basic states for the 802.11 model are idle, authentication, and association. In the idle state, the wireless station has either not attempted authentication or has disconnected or disassociated. In the authentication state, the wireless station attempts to authenticate to the AP or in mutual authentication models such as the Cisco LEAP implementation, the wireless station also authenticates the AP. The final state is the association state, where the wireless station makes the connection to the network via the AP.
Following is an example of the process of maintaining state for a wireless station:
1. A sensor in promiscuous mode detects a wireless station trying to authenticate with an AP
2. A state-machine logs the wireless stations MAC address, wireless card vendor and AP the wireless station is trying to associate to by reading 802.11b frames, stripping headers and populating a data structure usually stored in a database
3. A state-machine logs the wireless station's successful association to the AP State Analysis looks at the behavioral patterns of the wireless station and determines whether the activity deviates from the normal state behavior. For example, if the wireless station was broadcasting disassociate messages, that behavior would violate the 802.11 state model and should generate an alarm.

e. Multi-Dimensional Intrusion Detection
The very natures of Wireless LANs intrinsically have more vulnerabilities than their wired counterparts. Standard wire-line intrusion detection techniques are not sufficient to protect the

network. The 802.11b protocol itself is vulnerable to attack. A multi-dimensional approach is required because no single technique can detect all intrusions that can occur on a wireless LAN. A successful multi-dimensional intrusion detection approach integrates multiple intrusion detection models that combine quantitative and statistical measurements specific to the OSI Layer 1 and 2 as well as policy deviation and performance thresholds.

Quantitative techniques include signature recognition and policy deviation. Signature recognition interrogates packets to find pattern matches in a signature database similar to anti-virus software. Policies are set to define acceptable thresholds of network operation and performance. For example, policy deviation analysis would generate an alarm due to an improper setting in a deployed Access Point. Attacks that exploit WLAN protocols require protocol analysis to ensure the protocols used in WLANS have not been compromised. And finally, statistical anomaly analysis can detect patterns of behavior that deviate from the norm.

Signature Detection
A signature detection or recognition engine analyzes traffic to find pattern matches manually against signatures stored in a database or automatically by learning based on traffic pattern analysis. Manual signature detection works on the same model as most virus protection systems where the signature database is updated automatically as new signatures are discovered. Automatic signature learning systems require extensive logging of complex network activity and historic data mining and can impact performance.
For wireless LANs, pattern signatures must include 802.11 protocol specific attacks. To be effective against these attacks, the signature detection engine must be able to process frames in the airwaves before they are on the wire.
Policy Deviation
Security policies define acceptable network activity and performance thresholds. A policy deviation engine generates alarms when these pre-set policy or performance thresholds are violated and aids in wireless LAN management. For example, a constant problem for security and network administrators are rogue Access Points. With the ability for employees to purchase and deploy wireless LAN hardware, it is difficult to know when and where they have been deployed unless you manually survey the site with a wireless sniffer or scanner.
Policy deviation engines should be able to alarm as soon as a rogue access point has been deployed. To be effective for a wireless LAN, a policy deviation engine requires access to wireless frame data from the airwaves.

Protocol Analysis
Protocol analysis monitors the 802.11 MAC protocols for deviations from the standards. Real-time monitoring and historical trending provide intrusion detection and network troubleshooting.
Session hijacking and DoS attacks are examples of a protocol attack. Maintaining state is crucial to detecting attacks that break the protocol spec.
V .Wireless LAN Security Summary

Wireless LANs provide new challenges to security and network administrators that are outside of the wired network. The inherent nature of wireless transmission and the availability of published attack tools downloaded from the Internet, security threats must be taken seriously. Best practices dictate a well thought out layered approach to WLAN security. Access point configuration, firewalls, and VPNs should be considered. Security policies should be defined for acceptable network thresholds and performance. Wireless LAN intrusion detection systems complement a layered approach and provide vulnerability assessment, network security management, and ensure that what you think you are securing is actually secured. Reference: www.ieee.org www.cse.org computer networks by Andrew S Tanenbaum
www.irda.com

Similar Documents

Free Essay

Wireless Lan Security

...3/20/2014 www.informationweek.com/whitepaper/download/showPDF?articleID=901061&site_id=&profileCreated= The Cable Guy - May 2005 Wi-Fi Protected Access 2 (WPA2) Overview By The Cable Guy The original IEEE 802.11 standard provided the following set of security features to secure wireless LAN communication: Two different authentication methods: Open system and shared key The Wired Equivalent Privacy (WEP) encryption algorithm An Integrity Check Value (ICV), encrypted with WEP, which provided data integrity Over time, these security features proved to be insufficient to protect wireless LAN communication in common scenarios. To address the security issues of the original IEEE 802.11 standard, the following additional technologies are used: The IEEE 802.1X Port-Based Network Access Control standard is an optional method for authenticating 802.11 wireless clients. IEEE 802.1X provides per-user identification and authentication, extended authentication methods, and, depending on the authentication method, encryption key management dynamic, per-station or per-session key management and rekeying. Wi-Fi Protected Access (WPA) is an interim standard adopted by the Wi-Fi Alliance to provide more secure encryption and data integrity while the IEEE 802.11i standard was being ratified. WPA supports authentication through 802.1X (known as WPA Enterprise) or with a preshared key http://www.informationweek.com/whitepaper/download/showPDF?articleID=901061&site_id=&profileCreated= 1/6 ...

Words: 1834 - Pages: 8

Free Essay

Wireless

...TERM PAPER Wireless LAN Security Enabling and Protecting the Enterprise INSIDE INSIDE ∆ Wireless LAN Technology ∆ ∆ ∆ Benefits of Wireless LANs Security Risks and Technical Challenges Recommendations WIRELESS LAN SECURITY Contents Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Wireless LAN Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Benefits of Wireless LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Simplified Implementation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Extended Reach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Increased Worker Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Reduced Total Cost of Ownership and Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Security Risks and Technical Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 “Leaky” Buildings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Unapproved Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Exposure of Wireless Devices . . . . . . . . . . . . . . . ....

Words: 2559 - Pages: 11

Premium Essay

Wireless Security Policy

...Wireless security policy for a medium-sized banking organization using the following structure: Wireless Security Policy - A wireless policy for a medium-sized banking organization will needed to deploy a wireless LAN to the network and there will not need an onsite IT. The remote can be manage by a standalone intelligent access point which will integrated the wireless LAN by streamline the configuration and management the system. The Network infrastructure wills us a Cisco system for Layer 2 and 3 switching, routing platforms, and voice over IP (VoIP) along with a security management. The Cisco Integrated Services Router will give all data a robust excellence quality for service, VPN, firewall, network security, and encryption for all medium sized origination with an intrusion detection that will address the business needed. To extend the value of the wireless LAN you can use a Cisco Wireless LAN Controller Module for the environments of a medium size origination. The mobility services that are enables by the robust which will include a guest network voice by the WLAN and location tracking. The Cisco 2800 or 3800 Series Integrated Services Router will give the medium size business faster upgrades with a streamline management and a greater reliability. It’s also have a backbone for infrastructure and deploy is cost effectively along with a secure WLANs management. This will give the medium size origination the greatest wireless system secure for the enterprise. Centralized...

Words: 467 - Pages: 2

Free Essay

Hjdfjjsfj

...I. Introduction: Wireless Local Area Network (WLAN) is the linking of two or more computers without using wires. WLAN makes use of the spread spectrum technology based on radio waves to enable communication between two devices in a limited area. Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today's fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure. They are reported to reduce setting up costs by 15%. But, with these benefits come the security concerns. WLANs have very little security. An attacker can listen to you, take control of your laptops/desktops and forge him to be you. He can cancel your orders, make changes into your databases, or empty your credit cards. a. The 802.11 Wireless LAN Standard: In 1997, the IEEE ratified the 802.11 Wireless LAN standards, establishing a global standard for implementing and deploying Wireless LANS. The throughput for 802.11 is 2Mbps, which was well below the IEEE 802.3 Ethernet counterpart Late in 1999, the IEEE ratified the 802.11b standard extension, which raised the throughput to 11 Mbps, making this extension more comparable to the wired equivalent. The 802.11b also supports...

Words: 2926 - Pages: 12

Free Essay

Networking

...Solution | Healthcare Network Allied Telesis Healthcare Network Construction Guidebook Contents Healthcare Network Solution | Introduction Outline of a Healthcare Network Importance of the network Main requirements in designing a healthcare network Non-stop Network Network bandwidth and QoS (Quality of Service) Data capacity Network bandwidth and cost of LAN devices QoS (Quality of Service) Redundancy and proactive measures to overcome network failures Core switch redundancy Comparison of redundancy of communication Loop protection Secure and Reliable Network Security Importance of security: both physical and human factors Threats to network security Network authentication External network (Internet) connection Inter-regional cooperative healthcare network Effective use of Wireless LAN Security in Wireless LAN Install and operation of Wireless LAN Ease of Operation Critical issues for network operation SNMP (Simple Network Management Protocol) Measures against system failures; device failures, incorrect wiring Use of SNMP IPv6 Network Configuration Example Network configuration for hospitals with fewer than 100 beds Network configuration for hospitals with more than 100 and fewer than 200 beds Network configuration for hospitals with more than 200 beds (i) Network configuration for hospitals with more than 200 beds (ii) 3 4 4 5 7 7 7 8 9 10 10 11 12 13 13 13 14 15 19 20 21 21 22 23 23 24 24 25 26 27 28 30 32 34 2 | Healthcare Network Solution Healthcare Network...

Words: 8999 - Pages: 36

Premium Essay

Test

...Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the past thirteen years, and still new articles appear saying similar warnings, with only the solutions evolving with the technology. Suggested solutions will include security literacy regarding APs and their devices and their compliance; security audits to re-evaluate configurations of current...

Words: 18577 - Pages: 75

Free Essay

Ankara

...An ISS Technical White Paper Wireless LAN Security 802.11b and Corporate Networks 6303 Barfield Road · Atlanta, GA 30328 Tel: 404.236.2600 · Fax: 404.236.2626 WWireWireless Lan Security 802.11b Wireless LAN Security Introduction Although a variety of wireless network technologies have or will soon reach the general business market, wireless LANs based on the 802.11 standard are the most likely candidate to become widely prevalent in corporate environments. Current 802.11b products operate at 2.4GHz, and deliver up to 11Mbps of bandwidth – comparable to a standard Ethernet wired LAN in performance. An upcoming version called 802.11a moves to a higher frequency range, and promises significantly faster speeds. It is expected to have security concerns similar to 802.11b. This low cost, combined with strong performance and ease of deployment, mean that many departments and individuals already use 802.11b, at home or at work – even if IT staff and security management administrators do not yet recognize wireless LANs as an approved technology. This paper addresses the security concerns raised by both current and upcoming 802.11 network technologies. Wireless LAN Business Drivers Without doubt, wireless LANs have a high gee-whiz factor. They provide always-on network connectivity, but don’t require a network cable. Office workers can roam from meeting to meeting throughout a building, constantly connected to the same network resources enjoyed by wired...

Words: 3757 - Pages: 16

Free Essay

Wlan Security

...with a LAN. The multitude of packets floating around going from one or more access points to a variety of electronic devices can be a tempting arena for those wanting to gain illicit access. There are several ways to increase the security level of a WLAN. The most basic of these would be a router with an integrated firewall. This is almost exclusively found in residential settings. Keeping to the same architecture, firewalls can be quite complex in their modus operandi. Where basic firewalls work on the first three or four layers of the OSI model, the more complex firewalls operate on all seven levels of the OSI model. Often times accompanying these higher end firewalls, there is what is known as a bastion. A bastion is located on the public side of the firewall and acts as bait for would be attackers. The thought behind a bastion is to get the would-be attackers to go there, thinking they have accessed the protected network. Bastions are completely unguarded to make this process easier. Another method of making a WLAN secure is to encrypt data that is on the network. If this is done, the users will authenticated, which will yet again further strengthen the WLAN. For this it is recommended to utilize either WPA or WPA 2 wireless encryption. In conjunction to the encryption, use VLAN or MAC address control lists, to further increase the level of difficulty for the hackers. If the security needs of an organization are such that they require these measures in their security plan,...

Words: 504 - Pages: 3

Free Essay

Final

...Associate Program Material Appendix J Wireless Network Plan Use the following outline to create your wireless network plan. Fill in each section of the plan as required. Deployment Scenario Infrastructure Deployment Scenario Rationale An infrastructure wireless network provides a more reliable network connection for wireless clients. If we strategically placed the stationary base we can maximum reception. Infrastructure mode networks offer the advantage of scalability, centralized security management and improved reach. Hardware Components • Component Name: Access point o Rationale for using component: Receive and transmit signal that can be picked up by any node that has the ability to receive wireless signals through a wireless network interface card. o Rough cost estimate: $100 • Component Name: Switches o Rationale for using component: Give the ability to expansion of a WLAN o Rough cost estimate: $250 • Component Name: Cables o Rationale for using component: The access point is connect to wired network with cables to give wireless access o Rough cost estimate:$10 IEEE Wireless Network Type Apex Designs has identified that an 802.11n LAN will be implemented. Access Point Management Apex Designs has decided that thin access points will be used to simplify the management of the wireless LAN. These access points allow the wireless network to be managed from one central location rather than to...

Words: 503 - Pages: 3

Free Essay

Wifi

...that allows an electronic device to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards".[1] However, since most modern WLANs are based on these standards, the term "Wi-Fi" is used in general English as a synonym for "WLAN". A device that can use Wi-Fi (such as a personal computer, video game console, smartphone, tablet, or digital audio player) can connect to a network resource such as the Internet via a wireless network access point. Such an access point (or hotspot) has a range of about 20 meters (65 feet) indoors and a greater range outdoors. Hotspot coverage can comprise an area as small as a single room with walls that block radio waves or as large as many square miles — this is achieved by using multiple overlapping access points. "Wi-Fi" is a trademark of the Wi-Fi Alliance and the brand name for products using the IEEE 802.11 family of standards. Only Wi-Fi products that complete Wi-Fi Alliance interoperability certification testing successfully may use the "Wi-Fi CERTIFIED" designation and trademark. Wi-Fi has had a checkered security history. Its earliest encryption system, WEP, proved easy to break. Much higher quality protocols, WPA and WPA2, were added later. However, an optional feature added in 2007, called Wi-Fi Protected...

Words: 2476 - Pages: 10

Free Essay

Network and Protocols

...advantages of wireless networking.      1. User mobility in the workplace.      2. A cost-effective networking media for use in areas that is difficult or too costly to wire. 2. What are the three areas defined for the IEEE 802.11 standard?      1. Physical Layer (PHY)           The method of transmitting the data, which may be either RF or infrared (although infrared is rarely used.)     2. Medium Access Control (MAC)           I. The reliability of the data service.           II. Access control to the shared wireless medium.           III. Protecting the privacy of the transmitted data.     3. MAC management protocols and services           I. Authentication, association, data delivery, and privacy. 3. What is an ad hoc network?      1. In this network, the wireless clients (stations) communicate directly with each other. This means the clients have recognized the other stations in the WLAN and have established a wireless data link.      2. The fundamental topology of the WLAN is the Basic Service Set (BSS). This is also called the independent Basic Service Set, or ad hoc network. 4. What is the purpose of an Extended Service Set?      1. By adding multiple access points to the network, the range of mobility of a wireless client in the LAN is extended.      2. Definition - The use of multiple access points to extend user mobility Hand-off. 5. What are the four physical layer technologies being used in 802.11 wireless networking...

Words: 1687 - Pages: 7

Free Essay

Finance for Christiana

...A wireless local area network (WLAN) is a wireless machine organize that connections two or more gadgets utilizing a wireless dispersion system (regularly spread-range or OFDM radio) inside a constrained region, for example, a home, school, machine research centre, or office building. This gives clients the capacity to move around inside a nearby scope zone & still be joined with the system, & can give an association with the more extensive Internet. Most present day WLAN’s are focused around IEEE 802.11 norms, showcased under the Wi-Fi brand name. Advantages of WLAN:- * Client versatility * Voice & information administrations * Versatile structural engineering * Accessibility of all Hipath Voip system administrations * Access to focal applications * Handover between access focuses * Vigorous model for industry * Temperate access focuses * Fitting and-Play construction modelling * Hearty controller * Security on the level of altered systems * "Little Enterprise" alternative with own controller * "Extension Office" alternative for little extensions where wireless controller is utilized. Issue’s & Solution:- There has been a genuine issue with security issues since the initiation of Wireless LAN, we studied the current wireless local area network confront a portion of the real security issues, & portrays the relating arrangements. As of late, with the ubiquity of an assortment of wireless gadgets &...

Words: 590 - Pages: 3

Free Essay

Information System

...Topic 1 a) Discuss any 3 key skills and characteristic should an information system manager posses. b) Today’s Point of Sales – Electronic Fund Transfer (POS-EFT) system requires several components to function. List and discuss the function for these components. a) An Information System (IS) manager has two principle roles within an organization. He has to be able to manage the change processes that are inevitably initiated by the introduction of technology into his workplace, and he has to manage the operational aspects of business and organizational activities founded on computing and communication technology. Hence an IS manager is a leading figure in both organizational change and performance. From this definition, it is a natural deduction that for IS manager to work effectively, they must have or need to be: * Detailed knowledge of the organization’s mission and vision, its peculiar business strategies and implementation skills. With these understanding, the IS manager will then be able to design an information system which can help the organization to achieve its goal. * Skilled in inter-personal management. This consists of communication skills both written and oral, people oriented and also negotiation skill. Regardless of how an organization structures its information system department, system development is a team effort. So learning how to work and communicate effectively with other team members is important for any information system professionals...

Words: 1563 - Pages: 7

Premium Essay

Classify Data for Access Control Requirements

...Classify Data for Access Control Requirements Lab Assessment Questions & Answers 1. What is the Data Classification Method used in the Military and Government Agencies that line up with the corporate data classification method defined earlier in this lab? Explain. Secret- This is the second-highest classification. Information is classified Secret when its release would cause "serious damage" to national security. Most information that is classified is held at the secret sensitivity. 2. Describe one way to help prevent unauthorized users from logging onto another person’s user account and accessing his/her data? By authorization, a person have to identify his/herself, the access control system verifies the person’s identity, the access control system must determine whether the person is authorized with a username and passwords 3. What permissions are necessary to allow an Active Directory Group called AD_Group to read and write files in a Sensitive directory such as C:\ERPdocuments\HRfiles? Read-Write permissions (Author) 4. How would you apply the permissions (ACLs) stated above (M,RX) to the AD_Group on C:\ERPdocuments\HRfiles from the command prompt using built-in Windows tools? You can use the extended change access control List tool (Xcals.exe) to modify and view NTFS permissions for files or folders 5. When adding permissions to a directory in an Active Directory Domain, would you prefer to add Groups or individual...

Words: 1377 - Pages: 6

Premium Essay

Networking Architecture

...Network technology has come forward as an important component of IT infrastructure. Within the healthcare industry, the value of an efficient and stable network is immeasurable. The challenge in most industries, especially healthcare, is address security concerns and the rights of the patience. Patton-Fuller Community Hospital, located in the City of Kelsey, is a fully function hospital servicing the local area since 1975. Recently, The Chief Executive Officer (CEO) of Patton-Fuller Community Hospital expressed the desire to design an upgrade to the current network architecture. This design will include upgrades to hardware components and software components. This proposal will discuss and summarize the current network structure, propose an upgrade design to meet future challenges while addressing network security and compliance; more specifically, the transfer and confidentiality of patient records information. Patton Fuller Community Hospital – Current Network The current networking architecture of the Patton-Fuller Community Hospital can be broken down into two major sections. Today the two major backbones of the network include a 1000 Base T using CAT6 cable which provides network access to many administrative and operational areas of the facility. Executive management, Human Resources, Operations, Facilities, Finance, as well as the IT data center are all connected directly to this side of the network backbone. The hospital side is connected via 1000 Base F which...

Words: 1760 - Pages: 8