wireless network security presented by: prabhakaran theertharaman
TRANSCRIPT
Wireless Network SecurityWireless Network Security
Presented by:Presented by:
Prabhakaran TheertharamanPrabhakaran Theertharaman
Presentation PlanPresentation Plan
An overview of wireless technology.An overview of wireless technology.
Benefits, Security risk, Mitigation forBenefits, Security risk, Mitigation for
• 802.11 WLAN technology802.11 WLAN technology• Bluetooth ad hoc network technologyBluetooth ad hoc network technology• Handheld wireless devicesHandheld wireless devices
Wireless TechnologyWireless Technology Enables one or more devices to communicate Enables one or more devices to communicate
without physical connectionswithout physical connections
Does not require network or peripheral cablingDoes not require network or peripheral cabling
Receive and transmit information using electromagnetic (EM) waves.
Ranges from Radio Frequency [RF] to Infrared Ranges from Radio Frequency [RF] to Infrared frequency [IR] for transmitting data frequency [IR] for transmitting data
Extends from 9 kilohertz (kHz) to thousands of gigahertz (GHz)
Wireless NetworksWireless Networks Wireless Wide Area Networks (Wireless Wide Area Networks (WWANWWAN))
• Wider CoverageWider Coverage• Example:Example:
2G Cellular2G Cellular Cellular Digital Packet Data (CDPD)Cellular Digital Packet Data (CDPD) Global System for Mobile Communications (GSM)Global System for Mobile Communications (GSM) MobitexMobitex
Wireless Local Area Networks (Wireless Local Area Networks (WLANWLAN))• Smaller NetworksSmaller Networks• Example:Example:
802.11802.11 HiperLANHiperLAN
Wireless Personal Area Network (Wireless Personal Area Network (WPANWPAN))• Ad hoc Networks*Ad hoc Networks*• Example:Example:
BluetoothBluetooth Infrared (IR)Infrared (IR)
Threats and vulnerabilities of Threats and vulnerabilities of wireless systems wireless systems
Vulnerabilities that exist in a wired network apply to wireless technologies Vulnerabilities that exist in a wired network apply to wireless technologies too.too.
Malicious entities mayMalicious entities may
• gain unauthorized accessgain unauthorized access
• intercept and discloseintercept and disclose
• Denial of service (DoS)Denial of service (DoS)
• MasqueradeMasquerade
• deploy unauthorized equipmentdeploy unauthorized equipment
• use un-trusted wireless network servicesuse un-trusted wireless network services
Sensitive data may be corrupted during improper synchronization. Sensitive data may be corrupted during improper synchronization.
Handheld devices are easily stolen and can reveal sensitive information Handheld devices are easily stolen and can reveal sensitive information
Wireless attacksWireless attacks
AttacksAttacks
Passive Active
Eavesdropping Traffic Analysis Masquerade Replay Message Modification Denial of Service
General Wireless Security General Wireless Security RequirementsRequirements
Authenticity - Authenticity - A third party must be able to verify that the A third party must be able to verify that the content of a message has not been changed in transit.content of a message has not been changed in transit.
Non-Repudiation - Non-Repudiation - The origin or the receipt of a specific The origin or the receipt of a specific message must be verifiable by a third party.message must be verifiable by a third party.
Accountability - Accountability - The actions of an entity must be The actions of an entity must be traceable uniquely to that entity.traceable uniquely to that entity.
Wireless Local Area Wireless Local Area NetworkNetwork
a.k.a.,a.k.a.,
WiFi, 802.11 WLANWiFi, 802.11 WLAN
Wireless LAN - BenefitsWireless LAN - Benefits
User MobilityUser Mobility Rapid InstallationRapid Installation Flexibility Flexibility ScalabilityScalability
Security features of WiFiSecurity features of WiFi
Authentication Authentication • Only authorized persons allowed to gain access to my
network.
ConfidentialityConfidentiality• Intended to prevent information compromise from
casual eavesdropping (passive attack)
IntegrityIntegrity• Ensures that messages are not modified in transit
between the wireless clients and the access point in an active attack.
WEPWEP
WLANs security services are provided by WLANs security services are provided by Wired Equivalent PrivacyWired Equivalent Privacy (WEP) (WEP) protocol.protocol.
WEP protects link-level data during WEP protects link-level data during wireless transmission between clients and wireless transmission between clients and access points.access points.
WEP does not provide end-to-end security WEP does not provide end-to-end security (just the wireless portion of the network)(just the wireless portion of the network)
Risk MitigationRisk Mitigation
Management CountermeasuresManagement Countermeasures Operational CountermeasuresOperational Countermeasures
• Physical securityPhysical security Technical CountermeasuresTechnical Countermeasures
• Software Solutions• Hardware Solutions
Technical CountermeasuresTechnical Countermeasures Software SolutionsSoftware Solutions
1.1. Access Point ConfigurationAccess Point Configuration
• Updating default passwords• Establishing proper encryption settings• Controlling the reset function• Using MAC ACL functionality• Changing the SSID• Maximize the Beacon Interval• Disable broadcast SSID feature• Changing default cryptographic keys• Using SNMP• Changing default channel• Using DHCP – Dynamic Host Control Protocol
Software SolutionsSoftware Solutions
1. Access Point Configuration
2.2. Software Patches and UpgradesSoftware Patches and Upgrades
3.3. AuthenticationAuthentication
4.4. Personal FirewallsPersonal Firewalls
5.5. Intrusion Detection System (IDS)Intrusion Detection System (IDS)
6.6. EncryptionEncryption
7.7. Security AssessmentsSecurity Assessments
Hardware SolutionsHardware Solutions
• Smart CardsSmart Cards• Virtual Private NetworksVirtual Private Networks• Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)• BiometricsBiometrics
Wireless PAN – BluetoothWireless PAN – BluetoothTechnologyTechnology
Bluetooth TechnologyBluetooth Technology
Bluetooth is a standard that willBluetooth is a standard that will
• Eliminate wires and cables between both Eliminate wires and cables between both stationary and mobile devicesstationary and mobile devices
• Facilitate both data and voice communicationsFacilitate both data and voice communications
• Offer the possibility of ad hoc networks and Offer the possibility of ad hoc networks and deliver synchronicity between personal devicesdeliver synchronicity between personal devices
BenefitsBenefits
Cable replacementCable replacement Ease of file sharingEase of file sharing Wireless synchronizationWireless synchronization Automated wireless applicationsAutomated wireless applications Internet connectivityInternet connectivity
Bluetooth Security modesBluetooth Security modes
Security Modes
Security Mode 1
No security
Security Mode 2
Service Level Security
Flexible / Policy based
Security Mode 3
Link Level Security
Fixed
Authentication Confidentiality Authorization Authentication Confidentiality
Security Requirements for RisksSecurity Requirements for Risks
Loss of ConfidentialityLoss of Confidentiality
Loss of IntegrityLoss of Integrity
Loss of AvailabilityLoss of Availability
Risk MitigationRisk Mitigation
Software SolutionsSoftware Solutions - Bluetooth PIN- Bluetooth PIN
Hardware SolutionsHardware Solutions - Device Address- Device Address
- Frequency-Hopping Schemes- Frequency-Hopping Schemes
- Trusted Third Party (TTP) Authentication- Trusted Third Party (TTP) Authentication
Wireless Hand Held Wireless Hand Held DevicesDevices
Personal Digital Assistants Personal Digital Assistants (PDA) & Smart Phones(PDA) & Smart Phones
Security RequirementsSecurity Requirements
Loss of ConfidentialityLoss of Confidentiality
Loss of IntegrityLoss of Integrity
Loss of AvailabilityLoss of Availability
Risk MitigationRisk Mitigation
AuthenticationAuthentication EncryptionEncryption Antivirus SoftwareAntivirus Software PKIPKI VPN and FirewallsVPN and Firewalls Enterprise SolutionsEnterprise Solutions
QuestionsQuestions
??
Thank YouThank You