chapter 13 802.11 network security architecture
DESCRIPTION
Certified Wireless Network Administrator (CWNA) PW0-105. Chapter 13 802.11 Network Security Architecture. Chapter 13 Overview. 802.11 Security Basics Legacy 802.11 Security Robust Security Traffic Segmentation Infrastructure Security VPN Wireless Security. 2. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/1.jpg)
Certified Wireless Network Administrator (CWNA)PW0-105
Chapter 13802.11 Network Security Architecture
![Page 2: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/2.jpg)
Chapter 13 Overview
• 802.11 Security Basics• Legacy 802.11 Security• Robust Security• Traffic Segmentation• Infrastructure Security• VPN Wireless Security
2Certified Wireless Network Administrator: CWNA – PW0-105
![Page 3: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/3.jpg)
802.11 Security Basics
• Data privacy• AAA
Segmentation• Monitoring• Policy
3Certified Wireless Network Administrator: CWNA – PW0-105
![Page 4: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/4.jpg)
Data Privacy
• About the protection of data and the prevention of unauthorized access to it
• Uses encryption– RC4– AES
• Exercise 13.1
4Certified Wireless Network Administrator: CWNA – PW0-105
![Page 5: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/5.jpg)
AAA
• Authentication– Who are you?– What are you?
• Authorization– What can you do?
• Accounting– What did you do?
5Certified Wireless Network Administrator: CWNA – PW0-105
![Page 6: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/6.jpg)
Segmentation
• LANs• WANs• VLANs
6Certified Wireless Network Administrator: CWNA – PW0-105
![Page 7: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/7.jpg)
Policy
• Defines how computer systems must be implemented– Specific WiFi policies must be created– Traditional wired policies are not sufficient
7Certified Wireless Network Administrator: CWNA – PW0-105
![Page 8: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/8.jpg)
Legacy 802.11 Security
• Legacy authentication– Open System– Shared Key
• Static WEP encryption• MAC filters• SSID cloaking or hiding
8Certified Wireless Network Administrator: CWNA – PW0-105
![Page 9: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/9.jpg)
WEP Key and IV
9Certified Wireless Network Administrator: CWNA – PW0-105
![Page 10: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/10.jpg)
Robust Security vs. Legacy Security
10Certified Wireless Network Administrator: CWNA – PW0-105
![Page 11: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/11.jpg)
Robust Security Network (RSN)
11Certified Wireless Network Administrator: CWNA – PW0-105
• 802.11-2007, originally 802.11i, define an RSN– STAs must use the 4-way handshake– STAs must use CCMP or TKIP
• Pre-Shared Key (PSK)
• Proprietary PSK– Dynamic PSK and Private PSK are examples
• 802.1X/EAP
![Page 12: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/12.jpg)
802.1X Comparison
12Certified Wireless Network Administrator: CWNA – PW0-105
![Page 13: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/13.jpg)
WLAN Bridging and 802.1X
13Certified Wireless Network Administrator: CWNA – PW0-105
![Page 14: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/14.jpg)
802.1X/EAP Architecture and Process
14Certified Wireless Network Administrator: CWNA – PW0-105
![Page 15: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/15.jpg)
EAP Types
15Certified Wireless Network Administrator: CWNA – PW0-105
![Page 16: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/16.jpg)
Traffic Segmentation
16Certified Wireless Network Administrator: CWNA – PW0-105
• VLANs– Guest– Voice– Data
• RBAC
![Page 17: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/17.jpg)
Wireless VLANs
17Certified Wireless Network Administrator: CWNA – PW0-105
![Page 18: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/18.jpg)
Infrastructure Security
18Certified Wireless Network Administrator: CWNA – PW0-105
![Page 19: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/19.jpg)
VPN Wireless Security (Hotspot)
19Certified Wireless Network Administrator: CWNA – PW0-105
![Page 20: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/20.jpg)
VPN Wireless Security (Site-to-Site)
20Certified Wireless Network Administrator: CWNA – PW0-105
![Page 21: Chapter 13 802.11 Network Security Architecture](https://reader036.vdocuments.net/reader036/viewer/2022082214/56812c5d550346895d90e8d1/html5/thumbnails/21.jpg)
Chapter 13 Summary
• 802.11 Security Basics• Legacy 802.11 Security• Robust Security• Traffic Segmentation• Infrastructure Security• VPN Wireless Security
21Certified Wireless Network Administrator: CWNA – PW0-105