Professional Documents
Culture Documents
04.05.2012
Wireless Networks
Wireless Networks
04.05.2012
Wireless Networks
04.05.2012
Wireless Networks
04.05.2012
Wireless Networks
A man-in-the-middle attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other.
Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority.
04.05.2012
Wireless Networks
Suppose Alice wishes to communicate with Bob. Meanwhile, Mallory wishes to eavesdrop on the conversation, or possibly deliver a false message to Bob. 1)To get started, Alice must ask Bob for his public key. 2)If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. 3)Mallory sends a forged message to Alice that claims to be from Bob, but includes Mallory's public key. 4)Alice, believing this public key to be Bob's, then encrypts her message with Mallory's key and sends the enciphered message back to Bob. 5)Mallory again intercepts, deciphers the message, keeps a copy, and re enciphers it (after alteration if desired) using the public key Bob originally sent to Alice. 6)When Bob receives the newly enciphered message, he will believe it came from Alice.
04.05.2012 7
Wireless Networks
04.05.2012
Wireless Networks
1) Brute Force Attack 2) Use strong Radio Signals ( not effective as the hacker could be easily identified)
Sometimes it can be unintentional as well WPA is quite vulnerable to a type of DOS attack. Most secure way to prevent DOS is to isolate the system from the network , The ideal way is to exhibit strong security practices such as keep firewall updated, maintain updated virus protection, install up to date security patches etc etc.
04.05.2012 9
Wireless Networks
You can protect a wireless LAN against DoS attacks by making the building as resistant as possible to radio signals coming in. Here are some steps to help reduce radio signal leakage:
If interior walls use metal studs, make sure they are grounded. Install thermally insulated copper or metallic film-based windows. Use metallic window tint instead of blinds or curtains. Use metallic-based paint on the interior or exterior walls. Run tests to determine how far the signal actually leaks outside of the building. Adjust transmitter power accordingly until the leakage is eliminated or reduced to the point that it would be easy to locate a hacker. Aim directive access point antennas toward the inside of the building.
04.05.2012
10
Wireless Networks
Encryption
What is encryption? Example Ceaser Encryption, RSA,DSA,DES,AES, WEP
04.05.2012
11
Wireless Networks
As the name applies, the private key is secret; however, anyone can know the public key. This enables more effective encryption and authentication mechanisms because it simplifies key distribution.
04.05.2012 12
Wireless Networks
04.05.2012
13
Wireless Networks
Wireless Networks
Wireless Networks
04.05.2012
16
Wireless Networks
04.05.2012
17
Wireless Networks
04.05.2012
18
Wireless Networks
04.05.2012
19
Wireless Networks
WPA clients utilize different encryption keys that change periodically. This makes it more difficult to crack the encryption.
WPA 1.0 is actually a snapshot of the current version of 802.11i, which includes TKIP and 802.1x mechanisms. The combination of these two mechanisms provides dynamic key encryption and mutual authentication, something needed in wireless LANs. WPA 2.0 offers full compliance with the 802.11i standard.
04.05.2012 20
Wireless Networks
VPNs are also effective when clients roam across different types of wireless networks because they operate above the dissimilar network connection levels.
[ CBT video will be shown to lay emphasis]
04.05.2012
21
Wireless Networks
04.05.2012
22
Wireless Networks
04.05.2012
23
Wireless Networks
Wireless Networks
Wireless Networks
04.05.2012
26
Wireless Networks
In addition, MAC filtering can be tedious to manage when there are several users. An administrator must enter each user's MAC address in a table, and then make applicable changes when new users come about.
04.05.2012
27
Wireless Networks
04.05.2012
28
Wireless Networks
04.05.2012
29
Wireless Networks
04.05.2012
30
Wireless Networks
2)The base station replies with an EAP request identity message. In the case of the theme park, the gatekeeper will ask the leader for her name and driver's license.
3)The client sends an EAP response packet containing the identity to the authentication server. The leader in this example will provide her name and driver's license, and the gatekeeper forwards this information to the group tour manager (authentication server), who determines whether the group has entry rights.
04.05.2012 31
Wireless Networks
Wireless Networks
04.05.2012
33
Wireless Networks
Wireless Networks
04.05.2012
35
Wireless Networks
Use Effective Encryption Ensure Firmware is up to date Physically Secure Base Stations
04.05.2012 36
Wireless Networks
Control Deployments
04.05.2012
37