140 likes | 242 Vues
Chapter 3. Application Level Security in Wireless Network. Application of WLANs. Sharing Internet Access Within small office or home setting Transmitting Voice over WLANs Retail stores, Schools, Hotel, etc. Manufacturing Industry and Inventory Management
E N D
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012
Application of WLANs IWD2243 : Zuraidy Adnan : Sept 2012 • Sharing Internet Access • Within small office or home setting • Transmitting Voice over WLANs • Retail stores, Schools, Hotel, etc. • Manufacturing Industry and Inventory Management • Track and update inventory in real time • Raw materials and finished product statistics up-to-date.
Wireless Threats IWD2243 : Zuraidy Adnan : Sept 2012 • Targeted Attackers • Attacking specific valuable assets in organization • Attackers of Opportunity • Random attack, organization not secured enough • Internal Attackers • Maybe accidental, or can be planned to bypass rule that has been set up by IT Dept.
Some Vulnerabilities and Attack Methods over WLANs (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Human Error • Rogue Access Points • Employee Installed Rogue Access Points • Misconfigured Rouge Access Points • Rouge Access Points From Neighbour WLANs • Ad-hoc Devices • Rogue Access Point that do not adhere to Corporate Policies • Rogue Access Point Operated by Attackers
Some Vulnerabilities and Attack Methods over WLANs (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Warchalking • Modern version of ‘Hobo’ sign language. See figure 3.5 page 65. • MAC address Spoofing • Setting on firewall and ISP • Noisy Neighbours • Wireless signal radius exceed • Man-In-The-Middle Attacks • Intercept, altered, and send back fraudulent info • Blocked. See figure 3.6, page 67 • Simply be read and sent back to receipient.
Security for 1G WiFi Applications (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Security issues • Equipment has security settings disabled by default • Minimal security easily broken • Rogue access points are easy to deploy and difficult to detect • Security features • Service Set Identifier (SSID) • Mac Address filter • Wired Equivalent Privacy (WEP) encryption
Security for 1G WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Security vulnerabilities • SSID broadcasted in clear text • MAC address can be sniff by rogue client • WEP encryption easily cracked • Rogue AP can intercept traffic from other clients • Man-in-the-middle attack can be launch using spoof SSID • DoS attacks using spoof MAC address • Security controls
Security for 1G WiFi Applications (3) IWD2243 : Zuraidy Adnan : Sept 2012 • Security controls • Turning off broadcast SSID • Introducing automated MAC-based access control mechanisms • Enabling WEP encryption • Lowering the power level of access points.
Security for 2G WiFi Applications (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Encryption and Virtual Private Network (VPN) • WEP -WiFi Protected Access (WPA) – Advanced Envryption Standard (AES) • Virtual Private Network (VPN) – Combination of tunneling, encryption, authentication, and access control • Extensible Authentication Protocol (EAP) • EAP-TLS - Microsoft • Lightweight EAP (LEAP) – Cisco • Protected EAP (PEAP) • Tunneled TLS (EAP-TTLS)
Security for 2G WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Wireless Gateways • AP directly connect to Wireless Gateways • Simplifying roaming between AP • Ablility to implement QoS at a single point. • Policies, training, and awareness • Physical location of AP • Logical location of AP • Rogue AP • Peer-to-peer mode • Configuration
Security for 2G WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Interoperability • Site Surveys • Monitoring • Updates and patches • Other
Recent Security Schemes for WiFi Applications (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Software based Generic Authentication Schemes for Mobile Communication • Passwords • Table 3.1, page 74, Generic Password Scheme • Image-based Authentication • Table 3.2, page 74, Dejavu Scheme • Table 3.3, page 75, Image Passpoints Algorithm • Token and Keys • Table 3.4, page 76, Hwang-Li’s scheme for smart card authentication. • Biometrics • Mobile Authentication in PKI infrastructures
Recent Security Schemes for WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Generating Digital Signature on Mobile Devices • Reputation Systems in WiFiNetworks • Table 3.5, page 79, Reputation System Algorithm. • Location Dependent Data Encryption/Decryption • See figure 3.7, page 79, Location dependent security a scenario • Table 3.6 Location dependent Data Encryption • Personalized Firewalls