05-04-2012, 11:42 AM
WIRELESS LAN SECURITY
WLAN SECURITY(0801292112).pptx (Size: 632.87 KB / Downloads: 53)
WLAN
A wireless local area network (WLAN) is a flexible data communications system that can use either infrared or radio frequency technology to transmit and receive information over the air.
WLAN has been widely used in many sectors ranging from corporate, education, finance, healthcare, retail, manufacturing and warehousing.
It has increasingly becoming an important technology to satisfy the needs for installation flexibility, mobility, reduced cost-of-ownership, and scalability.
SECURITY THREATS OF WLAN
Despite the productivity, convenience and cost advantage that WLAN offers, the radio waves used in wireless networks create a risk where the network can be hacked.
This section explains three examples of important threats:-
Denial of Service
Spoofing and Session Hacking.
Eavesdropping.
DENIAL OF SERVICE
In this kind of attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources.
By using a powerful enough transceiver, radio interference can easily be generated that would disable WLAN to communicate using radio path.
SPOOFING AND SESSION HIJACKING
This is where the attacker could gain access to privileged data and resources in the network by assuming the identity of valid user. Attackers may therefore spoof MAC addresses and hijack sessions.
WIRED EQUILVALENT PRIVACY
It provide an equivalent level of access control and protection of data on the WLAN as in wired networks.
It maintains three security goals:
Access Control: Ensure that the communication partners they are, who they pretend.
Data integrity: Ensure that packets are not modified in the air transfer.
Confidentiality: Ensure that content of wireless traffic are prevented from a eavesdropper through encryption.
EAP
The Extensible Authentication Protocol (EAP) is a general authentication
protocol defined in IETF (Internet Engineering Task Force) standards. It was
originally developed for use with PPP.
It is an authentication protocol that provides a generalized framework for
several authentication mechanisms. These include Kerberos, public key,
smart cards and one-time passwords.
With a standardized EAP, interoperability and compatibility across
authentication methods become simpler.
TKIP
The temporal key integrity protocol (TKIP) which initially referred to as WEP2, was designed to address all the known attacks and deficiencies in the WEP algorithm.
The TKIP security process begins with a 128-bit temporal-key, which is shared among clients and access points.
TKIP combines the temporal key with the client machine's MAC address and then adds relatively large 16-octet initialization vector to produce the key that will encrypt the data.
TKIP changes temporal keys every 10,000 packets. This difference provides a dynamic distribution method that significantly enhances the security of the network.
TOOLS FOR PROTECTING WLAN
AIR DEFENSE: It is a commercial wireless LAN intrusion protection and management system that discovers network vulnerabilities, detects and protects a WLAN from intruders and attacks, and assists in the management of a WLAN.
Wireless Security Auditor: It is an IBM research prototype of an 802.11 wireless LAN security auditor, running on Linux ,on an PDA (Personal Digital Assistant). WSA helps network administrators to close any vulnerabilities,by automatically auditing a wireless network for proper security configuration.
Isomair Wireless Sentry : This product from Isomair Ltd. automatically monitors the air space of the enterprise continuously using unique and sophisticated analysis technology to identify insecure access points, security threats and wireless network problems.
CONCLUSION
However, there will be no complete fix for the existing
vulnerabilities. All in all, the very best way to
secure WLAN is to have the security
knowledge, proper implementation
and continued maintenance.