1 / 17

Wireless Security Issues

Wireless Security Issues. Implementing a wireless LAN without compromising your network. Marshall Breeding Director for Innovative Technologies and Research Vanderbilt University http://staffweb.library.vanderbilt.edu/breeding http://www.librarytechnology.org. Security concerns.

gazit
Télécharger la présentation

Wireless Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research Vanderbilt University http://staffweb.library.vanderbilt.edu/breeding http://www.librarytechnology.org

  2. Security concerns • Eavesdropping a major concern • Unprotected wireless access points are an easy of entry for mobile hackers • Many rogue Wireless LANS were put up in corporate networks without IT support or adequate security • War Driving / War Chalking • Some war driving / freeloading happens in residential settings

  3. Positioning your wireless network • Libraries should already have a network security architecture that separates public access computing from the business network • Adding a wireless LAN is easy when the library already has a solid security environment in place

  4. Encryption necessary to ensure security • Sensitive data must be encrypted when transmitted across any untrusted network • Most Encryption algorithms uses a secure key to encode the data and decode it after transmission • The longer the key, the more difficult it is to use brute force to decrypt the message • WEP uses 40, 64, or 128 (WEP2) bit keys

  5. Wired Equivalency Privacy • Optional Encryption scheme part of the 802.11b specification • RC4 encryption • Single key encrypts all traffic • No system for key management • Hackers can easily recover the key • WEP often not enabled • WEP can be defeated by sophisticated hackers • Provides a barrier to most potential intruders

  6. Wireless Hacking tools • At least two open source tools are available for recovering 802.11 WEP keys: • WEPCrack http://wepcrack.sourceforge.net/ • AirSnort http://airsnort.shmoo.com/

  7. 802.11i • Security Standard for the 802.11 arena • Includes WPA and RSN (Robust Security Network) • Relies on 802.1x specification for port-based user and device authentication • Ratified June 2004 • Marketed as WPA2

  8. WPA • Wi-Fi Protected Access • Enhanced security over WEP • TKIP • Available now • Backwardly compatible with WEP – requires only a firmware upgrade.

  9. Temporal Key Integrity Protocol (TKIP) • 128 bit encryption keys • Each packet encrypted with a different key based on a 48-bit serial number, incremented with each use. • Avoids replay attacks • Relies on a base key with is generated when a device associates with the base station • Ideally unique base keys transmitted during 802.1x authentication • Pre-shared keys used otherwise

  10. WPA2 • WPA + AES = WPA2 • Advanced Encryption Standard instead of TKIP • Stronger encryption algorithm • Not guaranteed to be backwardly compatible with existing WEP equipment • Personal version uses pre-shared key • Enterprise version uses 802.1X authentication through RADIUS server.

  11. WPA/802.1x Diagram • See: • http://www.infoworld.com/infoworld/img/20FEwifi_in-x.gif

  12. Wi-Fi Security Services • SecureMyWiFi (http://www.witopia.net/) • RADIUS authentication and security key distribution service • Operates with AP’s that support WPA-Enterprise or WPA2-Enterprise • $29 annual fee

  13. Virtual Private Networks (VPN) • A technology that offers strong security • Common approach for remote users that rely on accessing organizational resources through the Internet • Applicable to wireless users on premises • Enhances security / adds inconvenience.

  14. WEP Security

  15. VPN Security

  16. Conclusions • Solutions are available that provide solid security for wireless networks • Trade-off between convenience and security. • Open wireless networks can be operated without jeopardizing the library’s business network

More Related