Upload
aavish-krishali
View
215
Download
0
Embed Size (px)
Citation preview
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 1/13
W I R E L E S S L A N C O N F I G U R A T I O N
A D V A N T A G E S A N D D I S A D V A N T A G E S O F
D I F F E R E N T S E C U R I T Y M O D E L S
Northridge Consulting Group
WLAN Workshop
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 2/13
Types of Security Model
Transitional Security Model
Personal Security Model
Enterprise Security Model
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 3/13
Transitional Security Model
Provides the basic level of security.
Can be easily bypassed by a skilled person.
Includes basic level of authentication and encryption to
achieve minimal security. Authentication is achieved by implementing steps like
MAC filtering, SSID Cloaking and shared keys.
Encryption is achieved by using WEP. Although it’s a
vulnerable encryption but still provide a level of securitythan open Wi-Fi.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 4/13
How WEP Works
IV
RC4key
IV encrypted packet
original unencrypted packet checksum
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 5/13
Personal Security Model
Uses a more reliable hardware to achieve security.
The model is divided into two sections: Wi-Fi Protected Alliance and Wi-Fi Protected AllianceII.
WPA uses firmware upgrade to use existing WEPhardware.
WPA2 uses hardware upgrade.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 6/13
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access was the successor andreplacement to the increasingly weak WEP standard.
WPA used firmware upgrade to which used a new PSKkey for authentication and TKIP for encryption.
WPA included integrity check and TKIP. TKIP is asecure encryption standard which encrypts everypacket with a unique key.
WPA uses TKIP, which was designed to uses theexisting WEP but this caused WPA to be exploited toodue to elements from WEP.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 7/13
Wi-Fi Protected Alliance II (WPA2)
WPA2 was released in 2006 officially, which superseded WPA. It used PSK key for authentication and AES-CCMPfor encryption.
Most significant change was the introduction of CCMPprotocol as a replacement of TKIP.
Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is a block mode cipherusing 128 bit keys.
WPA2’s encryption algorithm is quite secure, but afeature for users called WPS, if enabled can be used toexploit WPA2.
U.S Government uses it secure it top-secret files.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 8/13
Enterprise Security Model
Designed for Enterprises and Medium sizedorganizations.
It is also dived in two section: WPA and WPA2.
All the features of personal security model plus added benefit of uses a RADIUS server for authentication.
Users are authenticated via a server upon association.
Extremely high defence rate but high investment.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 9/13
WPA Enterprise
Uses IEEE 802.1x for authentication and TKIP forencryption.
IEEE 802.1x uses a authentication server to grant or
deny access. The AP forwards the authenticationrequest to the RADIUS server for verification againsta list.
TKIP is used to provide encryption for the data
packets. Uses WEP features so may be susceptible toattack in future.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 10/13
WPA2 Enterprise
Uses IEEE 802.1x for authentication and AES-CCMP for encryption.
IEEE 802.1x is the best authentication protocol
available. Uses AES-CCMP protocol as used in WPA2 Personal
model.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 11/13
Vulnerability Graph
0 20 40 60 80 100 120
Traditional Model
Current Standing
WEP
WPA Personal
WPA2 Personal
WPA2 (WPS Disbaled)
WPA/WPA2 Enterprise
% of Attack
% of Attack
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 12/13
WEP
• Relies onshared keys.UsesIntegrityCheck toensurepacket not
modifed intransit.
WPA
• Uses samehardwareusingfirmwareupgrade.
• Uses TKIPand RC4
streamcipher.
WPA2
• Requireshardwareupgrade.
• Uses AES(CCMP).
• Compatible with WPA.
8/10/2019 Northridge Consulting Group-Assignment
http://slidepdf.com/reader/full/northridge-consulting-group-assignment 13/13
Secure your Wi-Fi Now!!
Easy steps to counter attack on your Wi-Fi network.
Secure Your Wireless Network Today!!