1 / 13

Chapter 3

Chapter 3. Application Level Security in Wireless Network. Application of WLANs. Sharing Internet Access Within small office or home setting Transmitting Voice over WLANs Retail stores, Schools, Hotel, etc. Manufacturing Industry and Inventory Management

kohana
Télécharger la présentation

Chapter 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012

  2. Application of WLANs IWD2243 : Zuraidy Adnan : Sept 2012 • Sharing Internet Access • Within small office or home setting • Transmitting Voice over WLANs • Retail stores, Schools, Hotel, etc. • Manufacturing Industry and Inventory Management • Track and update inventory in real time • Raw materials and finished product statistics up-to-date.

  3. Wireless Threats IWD2243 : Zuraidy Adnan : Sept 2012 • Targeted Attackers • Attacking specific valuable assets in organization • Attackers of Opportunity • Random attack, organization not secured enough • Internal Attackers • Maybe accidental, or can be planned to bypass rule that has been set up by IT Dept.

  4. Some Vulnerabilities and Attack Methods over WLANs (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Human Error • Rogue Access Points • Employee Installed Rogue Access Points • Misconfigured Rouge Access Points • Rouge Access Points From Neighbour WLANs • Ad-hoc Devices • Rogue Access Point that do not adhere to Corporate Policies • Rogue Access Point Operated by Attackers

  5. Some Vulnerabilities and Attack Methods over WLANs (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Warchalking • Modern version of ‘Hobo’ sign language. See figure 3.5 page 65. • MAC address Spoofing • Setting on firewall and ISP • Noisy Neighbours • Wireless signal radius exceed • Man-In-The-Middle Attacks • Intercept, altered, and send back fraudulent info • Blocked. See figure 3.6, page 67 • Simply be read and sent back to receipient.

  6. Security for 1G WiFi Applications (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Security issues • Equipment has security settings disabled by default • Minimal security easily broken • Rogue access points are easy to deploy and difficult to detect • Security features • Service Set Identifier (SSID) • Mac Address filter • Wired Equivalent Privacy (WEP) encryption

  7. Security for 1G WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Security vulnerabilities • SSID broadcasted in clear text • MAC address can be sniff by rogue client • WEP encryption easily cracked • Rogue AP can intercept traffic from other clients • Man-in-the-middle attack can be launch using spoof SSID • DoS attacks using spoof MAC address • Security controls

  8. Security for 1G WiFi Applications (3) IWD2243 : Zuraidy Adnan : Sept 2012 • Security controls • Turning off broadcast SSID • Introducing automated MAC-based access control mechanisms • Enabling WEP encryption • Lowering the power level of access points.

  9. Security for 2G WiFi Applications (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Encryption and Virtual Private Network (VPN) • WEP -WiFi Protected Access (WPA) – Advanced Envryption Standard (AES) • Virtual Private Network (VPN) – Combination of tunneling, encryption, authentication, and access control • Extensible Authentication Protocol (EAP) • EAP-TLS - Microsoft • Lightweight EAP (LEAP) – Cisco • Protected EAP (PEAP) • Tunneled TLS (EAP-TTLS)

  10. Security for 2G WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Wireless Gateways • AP directly connect to Wireless Gateways • Simplifying roaming between AP • Ablility to implement QoS at a single point. • Policies, training, and awareness • Physical location of AP • Logical location of AP • Rogue AP • Peer-to-peer mode • Configuration

  11. Security for 2G WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Interoperability • Site Surveys • Monitoring • Updates and patches • Other

  12. Recent Security Schemes for WiFi Applications (1) IWD2243 : Zuraidy Adnan : Sept 2012 • Software based Generic Authentication Schemes for Mobile Communication • Passwords • Table 3.1, page 74, Generic Password Scheme • Image-based Authentication • Table 3.2, page 74, Dejavu Scheme • Table 3.3, page 75, Image Passpoints Algorithm • Token and Keys • Table 3.4, page 76, Hwang-Li’s scheme for smart card authentication. • Biometrics • Mobile Authentication in PKI infrastructures

  13. Recent Security Schemes for WiFi Applications (2) IWD2243 : Zuraidy Adnan : Sept 2012 • Generating Digital Signature on Mobile Devices • Reputation Systems in WiFiNetworks • Table 3.5, page 79, Reputation System Algorithm. • Location Dependent Data Encryption/Decryption • See figure 3.7, page 79, Location dependent security a scenario • Table 3.6 Location dependent Data Encryption • Personalized Firewalls

More Related