Implementing Network Security Wireless Security Segway - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Implementing Network Security Wireless Security Segway

Description:

– PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 19
Provided by: downloadM
Category:

less

Transcript and Presenter's Notes

Title: Implementing Network Security Wireless Security Segway


1
Implementing Network Security Wireless Security
Segway!
  • Steve Lamb
  • Technical Security Advisor
  • http//blogs.msdn.com/steve_lamb
  • stephlam_at_microsoft.com

2
So whats the problem?
  • WEP is a euphemism
  • Wired
  • Equivalent
  • Privacy
  • Actually, its a lie
  • It isnt equivalent to wired privacy at all!
  • How can you secure the air?
  • Thus WEPs v.poor
  • http//www.isaac.cs.berkeley.edu/isaac/wep-faq.htm
    l

3
WLAN Security ChallengesUnsecured WLAN
Company Servers
WLAN Access Point
Mobile Employee
mailtoboss_at_company.tld
mailtoboss_at_company.tld
Evil Hacker
N
  • Most wireless LANs are unsecured

4
WLAN Security Challenges Weak Security in 802.11
Static WEP
X7!gk0j3754bf(jv8gF
X7!gk0j 3754bf(jv 8gB)F..
5
Other 802.11 Challenges
  • Access Points are dim!
  • Key Management (!!!!)
  • Manual update never changed!
  • Access Control with MAC address filtering
  • NO SECURITY!
  • Neither is scalable

Authentication
Authorization
Data Protection
Audit
6
WLAN Security Challenges Weak Security in 802.11
Static WEP
  • Static WEP key easily obtained for encryption /
    authentication

X7!gk0j3754bf(jv8gF
X7!gk0j 3754bf(jv 8gB)F..
X7!gk0j 3754bf(jv 8gB)F..
N
7
WLAN Security ChallengesWeak Security in 802.11
Static WEP
  • Man in the middle attacks are difficult to detect
    prevent

X7!gk0j37
X7!gk0j37
N
Rogue Network
8
Alternatives to WEP
9
VPNs
  • Pros
  • Familiarity
  • Hardware Independent
  • Proven Security
  • Cons
  • Lacks user transparency
  • Only user logon (not computer)
  • Roaming profiles, logon scripts, GPOs broken,
    shares, management agents, Remote desktop
  • No reconnect on resume from standby
  • Complex network structure

10
VPNs
  • More Cons
  • No protection for WLAN
  • Bottleneck at VPN devices
  • Higher management hardware cost
  • Prone to disconnection
  • Yet more cons! (non-MS VPNs)
  • 3rd party licensing costs
  • Client compatibility
  • Many VPN auth schemes (IPsec Xauth) are as bad as
    WEP!

11
PEAP encapsulation
1. Server authenticates to client
2. Establishes protected tunnel (TLS)
3. Client authenticates inside tunnel to
server
  • No cryptographic binding between PEAP tunnel and
    tunneled authN method
  • Fix constrain client (in GPO) to trust only a
    specific corporate root CA
  • Foils potential MitM attacks

12
EAP architecture
MS-CHAPv2
TLS
SecurID
TLS
GSS_API Kerberos
PEAP
IKE
MD5
method layer
EAP
EAP layer
PPP
802.3
802.5
802.11
Anything
media layer
13
802.1X over 802.11
AuthenticationServer
Supplicant
Authenticator
Access blocked
Gotta get on!
Calculating my key (Wow I just dont understand
this new maths!)
Calculating this guys key
14
Session Summary
  • Windows XP has great wireless security features
  • Theres extensive prescriptive guidance available
    from our website
  • Dont be scared of wireless!

15
Next Steps
  • Find additional security training events
  • http//www.microsoft.com/seminar/events/security.
    mspx
  • Sign up for security communications
  • http//www.microsoft.com/technet/security/signup/
    default.mspx
  • Check out Security360
  • http//www.microsoft.com/seminar/events/series/mi
    kenash.mspx
  • Get additional security tools and content
  • http//www.microsoft.com/security/guidance

16
Resources
  • Microsoft Wi-Fi Page http//www.microsoft.com/wif
    i
  • The Unofficial 802.11 Security Web Page
    http//www.drizzle.com/aboba/IEEE/
  • Intercepting Mobile Communications The
    Insecurity of 802.11 http//www.drizzle.com/aboba
    /IEEE/wep-draft.zip
  • Fluhrer, Mantin, Shamir WEP Paper
    http//www.crypto.com/papers/others/rc4_ksaproc.pd
    f
  • WiFi Planet http//www.wi-fiplanet.com/
  • Microsoft Solution for Securing Wireless LANs
    with PEAP and Passwords (lt 1 week)
    http//www.microsoft.com/technet/security/guidance
    /peap_0.mspx
  • Microsoft Solution for Securing Wireless LANs
    with Certificates
  • http//www.microsoft.com/technet/security/prodtech
    /win2003/pkiwire/swlan.mspx
  • Wifi for SOHO Environments http//www.microsoft.co
    m/technet/prodtechnol/winxppro/maintain/wifisoho.m
    spx

17
Credits
  • Thanks to Ian Hellen(MCS) Steve Riley(Corp) as
    I borrowed several of their slides!

18
Questions and Answers
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Implementing Network Security Wireless Security Segway" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!