05-06-2012, 03:11 PM
Wireless LAN Security
wlan pdf.pdf (Size: 1.35 MB / Downloads: 113)
Introduction
Network components
Access Point : Bridges wireless client to the wired Ethernet network
STP (spanning tree, IEEE 802.1d) dynamic topology
Broadcast traffic like a hub
Clients or Stations
Two modes
Ad-hoc : direct connection between two WLAN interfaces of stations
Infrastructure : connection between AP and stations
Technology characteristics
Permanently send beacons (control frames) 10 times per second
Identify networks with a SSID (Service Set Identifier)
Encryption with WEP (Wired Equivalent Privacy)
Advantages and benefits of wireless LAN
Installation speed and simplicity
No need to ask anyone
No need to pull cable through walls or add hubs
Reduced Cost of Ownership
Initial hardware and set-up investment similar to wired LAN
Scalability and flexibility
Easy to grow and go everywhere
Mobility and roaming
Crossing obstacles
Temporary networks
Threats with wireless LANs
Unwanted or automatic connection to the wrong network
Theft of user authentication
Man-in-the-middle attack with a fake AP
Airjack
Theft of information by illegal tapping of the network
NetStumbler
Intrusion via the Wireless LANs
Scrambling of the WLAN
Airjack
Consumption of device batteries
WLAN security standards
IEEE 802.11g standard: 54 Mbits/s on 2.4 Ghz
Approved by the working group in February 2003
IEEE 802.11i standard: security in 802.11* networks
Use IEEE 802.1X port access control (April 2001)
CCMP (Counter-Mode/CBC-MAC Protocol)
TKIP (Temporal Key Integrity Protocol)
Dynamic key generation for WEP (Wired Equivalent Privacy)
WRAP (Wireless Robust Authenticated Protocol)
Key management specific to IEEE and replacement of RC4 by AES
Rely on IETF EAP and Radius standards
Synchronisation and coherence need time
Security issues of 802.11b (Wi-Fi) are solved with this new
generation
Security remains a voluntary choice : it must be configured
Segmentation of Wireless LANs
Segment wireless network with a firewall from corporate network
Enforce access control to the wireless network
Authentication of hosts to access the wireless LAN is done by the
network