Security+ Guide to Network Security Fundamentals, Third
Download
Report
Transcript Security+ Guide to Network Security Fundamentals, Third
Security+ Guide to Network
Security Fundamentals, Third
Edition
Chapter 6
Wireless Network Security
Objectives
Describe the basic IEEE 802.11 wireless
security protections
Define the vulnerabilities of open system
authentication, WEP, and device
authentication
Describe the WPA and WPA2 personal
security models
Explain how enterprises can implement
wireless security
Security+ Guide to Network Security Fundamentals, Third Edition
2
IEEE 802.11 Wireless Security Protections
Institute of Electrical and Electronics
Engineers (_________)
The most widely known and influential standards
making organization for ____________________
____________________________________
In 1990, the IEEE formed a committee to
develop a standard for _______________
Operating at a speed of ________ million bits per
second (Mbps) within the __________ frequency
In 1997, the IEEE approved the IEEE 802.11 WLAN
standard
Security+ Guide to Network Security Fundamentals, Third Edition
3
IEEE 802.11 Wireless Security
Protections (continued)
Revisions
IEEE 802.11__________- operates at ______________
Mbps within the _____________ frequency
IEEE 802.11____- operates at __________ Mbps within the
__________GHZ frequency
_______ compatible with 802.11b
IEEE 802.11_______- operates at ________ Mbps and is
____________________________ compliant devices
AKA ____________________
“best of both worlds”
IEEE 802.11_____ – said to increase bandwidth to
________ Mbps and is also _________________
Security+ Guide to Network Security Fundamentals, Third Edition
4
Wireless Security Protections
Three categories
1.
2.
3.
_________________
Wired equivalent Privacy (_______) encryption
______________________
More to come on each of these…
Controlling Access
Controlling wireless access of devices to the WLAN
Accomplished by _____________________ to the access
point (AP)
By restricting access to the AP, only those devices
that are _________________ to the AP and become
part of the wireless network
The IEEE 802.11 standard does not specify ______
to implement controlling access
Almost all wireless AP vendors implement access
control through Media Access Control (_______)
__________________________
MAC address filtering is usually implemented by
_______________ (instead of preventing) devices to
access the network
Security+ Guide to Network Security Fundamentals, Third Edition
6
Wired Equivalent Privacy (_________)
Designed to ensure that only ____________
_______________ can view transmitted
wireless information
Uses _______________ to protect traffic
Uses ____________________ between
wireless device and AP
The IEEE 802.11 committee designed WEP to
meet the following criteria:
__________, exportable, optional, selfsynchronizing, and ________________________
Security+ Guide to Network Security Fundamentals, Third Edition
7
WEP (continued)
IEEE 802.11 WEP shared secret keys must be a
minimum of _______________ in length
The options for creating keys are as follows:
64-bit key
128-bit key
Passphrase
The AP and devices can hold up to ________ shared
secret keys
One of which must be designated as the _______________
_________ must be done with ___________ key,
___________ must be done with the __________ key used
for _____________________
Security+ Guide to Network Security Fundamentals, Third Edition
8
WEP (continued)
Checksum based on text
Default key
= length of
text plus the
ICV
Seed- changes each time so
random number can be created
1 XOR 0 = 1
Encrypted text
0 XOR 1 = 1
otherwise 0
value
Security+ Guide to Network Security Fundamentals, Third Edition
9
Device Authentication
Wireless LANs cannot limit access to the wireless
signal by walls or doors
Sometimes called _________________
Wireless authentication requires the _____________
-not user- to be _________________________ to
the network
Types of authentication supported by the 802.11
standard
________________ authentication
See Figure 6-6 – next slide
____________________ authentication
See Figure 6-7 – two slides down
Security+ Guide to Network Security Fundamentals, Third Edition
10
Contains SSID
Security+ Guide to Network Security Fundamentals, Third Edition
AFTER
comparing
the SSID
received
with the
actual
SSID of
the
network
11
Challenge text sent back
If equivalent
?
Security+ Guide to Network Security Fundamentals, Third Edition
12
Vulnerabilities of IEEE 802.11 Security
IEEE 802.11 standard turned out to be very
_________________
The primary vulnerabilities are in the areas of:
Open system authentication
MAC address filtering
WEP
More to come on each of these….
Security+ Guide to Network Security Fundamentals, Third Edition
13
Open System Authentication
Vulnerabilities
Open system authentication is considered
weak because authentication is based on only
_______________:
A _______________________
An attacker can easily discover a valid SSID
by doing nothing
Exploits the ___________________________
Once a wireless device receives a beacon frame, it can
attempt to join the network by sending an association
request frame back to the AP
Security+ Guide to Network Security Fundamentals, Third Edition
14
Open System Authentication
Vulnerabilities (continued)
_______________ scanning
The most common type of scanning
A wireless device _____________________ frame
for a set period of time
AP can be configured to prevent the beacon
frame from including the SSID
Problems arise when the SSID is not beaconed
Provides ___________________________
User must ________________________
Security+ Guide to Network Security Fundamentals, Third Edition
15
Problems That can Arise when the
SSID is not beaconed…
1.
Can affect roaming causing an ______________
____________________
2.
Can also ___________________________
Microsoft Windows ______________
3.
Devices are not able to automatically switch from AP to AP
when beaconing is turned off
Devices using XP always connect to an access point that is
broadcasting its SSID
The SSID can be _____________ even when it is
not contained in beacon frames
Still is transmitted in other management frames sent by the
AP
Security+ Guide to Network Security Fundamentals, Third Edition
16
MAC Address Filtering Weaknesses
MAC addresses are initially exchanged in an
__________________ through the WLAN
An attacker can easily see the MAC address of an
approved device and use it to join the network
___________________________________
Managing a large number of MAC addresses
can pose significant challenges
MAC address filtering does _____ provide an
automatic means to __________________
user to access the network
Security+ Guide to Network Security Fundamentals, Third Edition
17
Weaknesses in WEP
1. When encrypting packets with either a 64-bit or 128bit number the initialization vector (_________)
remains at ____________________
The short length of the default key ______________
The shorter the easier to break
2. WEP implementation violates the cardinal rule of
cryptography:
Anything that creates a __________________ must be
____________________________
Patterns provide an attacker with valuable info
______________________ in fewer than seven hours
Security+ Guide to Network Security Fundamentals, Third Edition
18
Weaknesses in WEP (continued)
Possible for an attacker to identify two
packets derived from the same IV (called a
collision)
Attacker could then launch a ________________
A method of determining the keystream by analyzing two
packets that were created from the same IV
Attacker can work backwards
Once the plaintext of one packet has been
discovered, ___________ with that same IV can
also be ______________________
Security+ Guide to Network Security Fundamentals
19
Personal Wireless Security
Designed for SOHO’s or consumer use
The wireless security requirements for
_________________ are most often based
on two models promoted by the Wi-Fi
Alliance:
_________ Personal Security
_________ Personal Security
Security+ Guide to Network Security Fundamentals, Third Edition
20
WPA Personal Security
Wireless Ethernet Compatibility Alliance
(___________)
A consortium of wireless equipment
manufacturers and software providers formed to
promote wireless network technology
In 2002, the WECA organization changed its
name to _____________ (Wireless Fidelity)
_________________
Security+ Guide to Network Security Fundamentals, Third Edition
21
WPA Personal Security (continued)
In October 2003 the Wi-Fi Alliance introduced
Wi-Fi Protected Access (_____)
WPA addresses __________________________
_______________________
_________ addresses ________________
__________ addresses _______________________
Security+ Guide to Network Security Fundamentals, Third Edition
22
WPA Personal Security (continued)
Preshared key (PSK) authentication uses a
____________________
which is used to __________________________
PSK serves as the starting point (seed) for
mathematically generating the encryption keys
PSK used to authenticate user
The __________ is created and must be
entered into __________________ and ___
____________________ prior to the devices
communicating with the AP
Security+ Guide to Network Security Fundamentals, Third Edition
23
WPA Personal Security (continued)
Temporal Key Integrity Protocol (TKIP) is the encryption
technology used by WPA
TKIP has several _____________________:
TKIP uses a longer ________ key- called the _________ key
TKIP keys are known as ________________ which are
_________________ for each packet created
When coupled with other technologies, TKIP provides an even
greater level of security
WPA also replaces the (CRC) function in WEP with the Message
Integrity Check (______________)
Designed to prevent an attacker from _____________________
_________________________________
A MIC key, the sender and receiver’s MAC and the text create
the MIC
______________________ each _________________ the MIC
then the __________________
Security+ Guide to Network Security Fundamentals, Third Edition
24
WPA2 Personal Security
Wi-Fi Protected Access 2 (__________)
Introduced by the Wi-Fi Alliance in September 2004
Still uses _______________ but instead of TKIP encryption
it uses _____________________________________
PSK Authentication
Intended for personal and small office home office users
who ________________________________________
PSK keys are __________________________________
_______________________ after a specified period of
time known as the ____________________
Like PSK in the original WPA, keys must be entered in both
access point and the wireless devices
Security+ Guide to Network Security Fundamentals, Third Edition
25
WPA2 Personal Security (continued)
First PSK _______________________:
The distribution and sharing of PSK keys is performed
____________ without any technology security protections
PSK only uses a _____________ (WEP can use four keys)
PSK key must be changed regularly and requires
_____________________________ on every wireless
_______________ and on all _________________
In order to allow a guest user to have access to a PSK
WLAN, the key must be given to that guest, then changed
on all devices once guest departs
Security+ Guide to Network Security Fundamentals, Third Edition
26
WPA2 Personal Security (continued)
A second area of PSK vulnerability is the use
of _______________________
Consisting of letters, digits, punctuation, etc. that
is between 8 and 63 characters in length
PSK passphrases of fewer than __ characters can
be subject to a specific type of _______________
WPA2 encryption - AES-CCMP
Different parts of the algorithm provide ________
______________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
27
_____________ Wireless Security
The enterprise wireless security options can
be divided into those that follow:
IEEE 802.11i standard or
WPA and WPA2 models
More to come on both…
Security+ Guide to Network Security Fundamentals, Third Edition
28
IEEE 802.11i
The IEEE 802.11i wireless security standard addresses the two
main weaknesses of wireless networks: ___________ and
__________________
Encryption is accomplished by replacing WEP’s original
PRNG RC4 algorithm with a ____________
Much more difficult for attackers to break
IEEE 802.11i _____________ and ______________ is
accomplished by the IEEE ___________________
Greater degree of security by using ___________________
All traffic blocked on port-by-port base until client is authenticated
Authentication verified using credentials stored on an
__________________________________
Provides a _______ way to _______________ used for encryption
Software, known as ________________, is a required installation on
all __________________ using the 802.1x protocol
Security+ Guide to Network Security Fundamentals, Third Edition
29
IEEE 802.11i Authentication Procedure
AP which sends info to
of client &
sends info back to AP
WLAN
and begin transferring data
Security+ Guide to Network Security Fundamentals, Third Edition
30
IEEE 802.11i (continued)
802.11i includes _________________
Stores information from a device on the network
so if a user roams away from a wireless access
point and later returns, he ________________
________________ all of the credentials
802.11i includes ____________________
Allows a device to become ______________ to
an AP _________________________ of that AP
Allows for faster roaming between AP’s
Security+ Guide to Network Security Fundamentals, Third Edition
31
WPA Enterprise Security
The WPA Enterprise Security model is
designed for ______________________
organizations
Provides _____________________________
over the personal model on a wireless LAN
______________ used is ______________ (same
authentication used in the IEEE 802.11i standard)
_______________ is _______________ (used in WPA
Personal Security model as well)
Security+ Guide to Network Security Fundamentals, Third Edition
32
WPA Enterprise Security (continued)
IEEE 802.1x Authentication
Gaining in popularity
Provides an authentication framework for all _____
_______________ IEEE 802-based LANs
Described earlier…
TKIP Encryption
An improvement on WEP encryption
Uses existing WEP engine
Described earlier…
Security+ Guide to Network Security Fundamentals, Third Edition
33
WPA2 Enterprise Security
Provides the ________________________
_________________ on a wireless LAN
________________ used is _______________
______________ is _____________________
Both Described Earlier…
Security+ Guide to Network Security Fundamentals, Third Edition
34
Enterprise Wireless Security
Devices/Tools
Additional wireless security devices and
tools are used by organizations to defend
against attackers.
Three examples are:
1.
2.
3.
Enterprise Wireless Security Devices/Tools
_______ Access Point
An access point _________________________
________________________
Advantages
These features reside on the __________________
All APs can be _____________________________
simplifying wireless network management
All ______________ is performed in the wireless ________
allowing configuration to be done in one central location
Downside- AP’s and wireless switches are
________________ so they must both come from the
____________________
Security+ Guide to Network Security Fundamentals, Third Edition
36
Wireless Switch and Thin AP Figure
Security+ Guide to Network Security Fundamentals, Third Edition
37
Enterprise Wireless Security Devices/Tools
(continued)
Wireless VLANs
Can be used to ___________________________
The flexibility of a wireless VLAN depends on
which device separates the packets and directs
them to different networks
See Figures 6-14 and 6-15
For enhanced security many organizations
set up _________ wireless VLANs
One for ___________ access
One for ____________ access
Security+ Guide to Network Security Fundamentals, Third Edition
38
Security+ Guide to Network Security Fundamentals, Third Edition
39
Security+ Guide to Network Security Fundamentals, Third Edition
40
Enterprise Wireless Security Devices/Tools
(continued)
Two Rogue Access Point Discovery Tools
1. ___________________________________
Allows manual auditing the airwaves for rogue access
points
2. Continuously monitoring the RF frequency using a
special sensor called a _______________
Four types of wireless probes:
________________ probe
________________ probe
_____________________ probe
_________________________ probe
Security+ Guide to Network Security Fundamentals, Third Edition
41
Summary
The initial IEEE 802.11 standard contained security
controls for protecting wireless transmissions from
attackers
The Wi-Fi Alliance has introduced two levels of
personal security
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2
(WPA2)
Enterprise wireless security requires different security
models from personal wireless security
Additional wireless security devices can be used to
defend against attackers
Security+ Guide to Network Security Fundamentals, Third Edition
42