security issues of 802.11b

Download Security Issues of 802.11b

Post on 20-Jun-2015




1 download

Embed Size (px)


Seminar Paper on Security Issues of 802.11b based on IEEE Whitepaper by Boland, H. and Mousavi, H., Carleton University, Ottawa, Ont., Canada, IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004


  • 1. Security Issues of IEEE 802.11b Wireless Local Area Networks Issues | Analysis | Suggestions | Solutions | Adaptations Seminar on Security Issues of 802.11b presented on 21-10-2008 by Sreekanth G S, 274, R7, Computer Science, Sree Chitra Thirunal College of Engineering


    • Quick Note :
      • Local Area Networks need not scale only up to a building or a particular location. Present scenarios represent Local Area Networks connecting offices across the continents using methods such as VPN (Virtual Private Network).
  • Local Area Network
    • Definition
    • Scope
    • Expansion
  • Wireless Local Area Network
    • Difference from conventional LAN
    • Current IEEE Standards
    • Primitivism of IEEE802.11b
    • Scalability of WLAN
    • Hotspots Wi-Fi (Wireless Fidelity)


    • Quick Note :
      • 99% of the worlds Wi-Fi network issues are caused by interference and most of them from cordless telephones. This issue is termed as Wi-Fi band exploitation and device makers consortium has repeatedly requested IEEE to issue a new freq. band.
  • Wireless Local Area Network
    • Released October 1999
    • Frequency band 2.4GHz
    • Data rate 4.5 Mbit/s (Typical)
    • Data rate 11 Mbit/s (Maximum)
    • Range - ~38m (Indoor)
    • 802.11b devices suffer interference from other products operating in the 2.4 GHz band. Devices operating in the 2.4 GHz range include: microwave ovens, Bluetooth devices, baby monitors and cordless telephones.


    • Quick Note :
      • OFDM - Orthogonal Frequency-Division Multiplexing
      • DSSS - Direct-Sequence Spread Spectrum
      • Mod. Modulation technique
      • r in.-Range Indoor, r out. Range Outdoor


    • Quick Note :
  • Wi-Fi is not an easy word to wireless deployment of LAN or WLAN. Any solution whichaddresses all or some of the above mentioned seven security problems need not bean ideal solution to the deployment problems faced by most of the companies.
  • Seven Security Problems
    • Easy Access
    • Rogue Access Points
    • Unauthorized Use of Service
    • Service and Performance Constraints
    • MAC Spoofing and Session Hijacking
    • Traffic Analysis and Eavesdropping
    • Higher Level Attacks


    • Quick Note :
  • Our College is an excellent example of Wi-Fi Easy Access.
  • SSID is broadcasted.
  • Key level encryption is used.
  • 1. Easy Acces
    • Wireless LANs are easy to find.
    • All wireless networks need to announce their existence.
    • The information needed to join a network is also the information needed to launch an attack on a network.
    • Your 802.11 network and its parameters are available for anybody with an 802.11 card.
    • Short of moving into heavily-shielded office space that does not allow RF signals to escape, there is no solution for this problem.
    • The best you can do is to mitigate the risk by using strong access control and encryption solutions.


    • Quick Note :
  • Any Wi-Fi Router (Example: Linksys WRT54GL) can act as a Wireless AP.
  • AP login with Credentials can make Client login without credentials.
  • Management staff can go rogue.
  • 2. Rogue Access Points
    • Easy access to wireless LANs is coupled with easy deployment.
    • Any user can run to a nearby computer store, purchase an access point, and connect it to the corporate network without authorization.
    • End users are not security experts, and may not be aware of the risks posed by wireless LANs.
    • Tools like NetStumbler allow network administrators to wander their building looking for unauthorized access points, but it is expensive to devote time to wandering the building looking for new access points.


    • Quick Note :
  • VPN Virtual Private Network
  • WEP Wired Equivalent Privacy
  • n/w Network
  • 3. Unauthorized Use of Service
    • Nearly all of the access points running with default configurations have not activated WEP (Wired Equivalent Privacy) or have a default key used by all the vendor's products out of the box. Without WEP, network access is usually there for the taking.
    • If you have deployed a VPN to protect the network from wireless clients, it probably has strong authentication capabilities already built-in.
    • For corporate users extending wired networks, access to wireless networks must be as tightly controlled. Strong authentication is a must before granting access to the n/w.


    • Quick Note :
  • LAN Local Area Network
  • MAC Media Access Control (Burned In Address)
  • Access Point Wireless Service Providing Machine
  • 4. Service and Performance Constraints
    • Wireless LANs have limited transmission capacity.
    • This capacity is shared between all the users associated with an access point. Due to MAC-layer overhead, the actual effective throughput tops out at roughly half of the nominal bit rate.
    • Attackers could also inject traffic into the radio network without being attached to a wireless access point.
    • Addressing performance problems starts with monitoring and discovering them.
    • No enterprise-class wireless network management system has yet emerged.


    • Quick Note :
  • In cryptography, theman-in-the-middle attackis a form ofactive eavesdropping inwhich the attacker makes independent connections with the victims, relays messagesbetween them, making them believe that they are talkingdirectly to each other overa private connection when in fact the entire conversation is controlled by the attacker.
  • 5. MAC Spoofing and Session Hijacking
    • 802.11 networks do not authenticate frames.
    • Attackers can use spoofed frames to redirect traffic and corrupt ARP tables.
    • Access points are identified by their broadcasts of Beacon frames.
    • You must deploy a cryptographic protocol on top of 802.11 to protect against hijacking.
    • Attackers can, however, easily pretend to be an access point because nothing in 802.11 requires an access point to prove it really is an access point. (Man-in-the-Middle Attack)


    • Quick Note :
  • SSH Secure Shell
  • SSL Secure Socket Layer
  • IPSec IP (Internet Protocol) Security
  • 6. Traffic Analysis and Eavesdropping
    • 802.11 provides no protection against attacks that passively observe traffic.
    • A great deal has been written about the flaws in WEP.
    • Early WEP implementations are vulnerable to cracking by tools such as AirSnort and WEPCrack.
    • Strong cryptographic solutions like SSH, SSL, and IPSec were designed to transmit data securely over public channels.
    • It protects only the initial association with the network and user data frames.


    • Quick Note :
  • Many networks have a hard outer shell composed of perimeter security devices thatare carefully configured and meticulously monitored. Inside the shell, though, is a soft,vulnerable (and tasty?) center.
  • 7. Higher Level Attacks
    • Once an attacker gains access to a wireless network, it can serve as a launch point for attacks on other systems.
    • Wireless LANs can be deployed quickly if they are directly connected to the vulnerable backbone, but that exposes the network to a