Internet Security Principle Wireless LAN/WAN Protection - PowerPoint PPT Presentation

Loading...

PPT – Internet Security Principle Wireless LAN/WAN Protection PowerPoint presentation | free to view - id: d956-NWM0N



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Internet Security Principle Wireless LAN/WAN Protection

Description:

Wireless technology allows the network to go where wire cannot go. ... Verizon Wireless. Sprint PCS. AT&T Wireless. Upgrade requires entire new radio system ... – PowerPoint PPT presentation

Number of Views:532
Avg rating:3.0/5.0
Slides: 55
Provided by: jiaweit
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Internet Security Principle Wireless LAN/WAN Protection


1
Internet Security PrincipleWireless LAN/WAN
Protection
2
Group Member
  • Jia-Wei Tsay
  • Taesun(Andy) Park

3
Contents
  • Introduction
  • Applications
  • Technologies
  • Threats
  • Recent security mechanism
  • Protection solutions
  • Conclusion
  • Reference

4
Introduction
  • Abstract
  • What is the wireless LAN
  • What is the wireless WAN
  • The importance of wireless LAN/WAN protection

5
Abstract
  • Wireless LAN/WAN are becoming a respectable
    alternative in indoor communications. It offers
    flexibility and mobility in networking
    environments, as the user is not bound to a
    certain workplace anymore
  • Wireless technology allows the network to go
    where wire cannot go. Mobile workforce who
    require real time access to data benefit from
    wireless LAN/WAN connectivity since they can
    access it almost any time any place. Wireless
    LAN/WAN are also ideal for providing mobility in
    home and hot spot environments

6
Abstract(cont)
  • Unfortunately, disgruntled employees, hackers,
    viruses, industrial espionage, and other forms of
    destruction are not uncommon in today's Networks
  • This project addresses the vulnerabilities and
    the security to the wireless LAN/WAN

7
What is the wireless LAN
  • A wireless LAN (WLAN) is a flexible data
    communication system implemented as an extension
    to, or as an alternative for, a wired LAN within
    a building or campus. Using electromagnetic
    waves, WLANs transmit and receive data over the
    air, minimizing the need for wired connections.
    Thus, WLANs combine data connectivity with user
    mobility, and, through simplified configuration,
    enable movable LANs

8
What is the wireless LAN(cont)
  • A wireless local area network (WLAN) is a
    flexible data communication system using radio
    frequency (RF) technology to transmit and receive
    data over the air. It can be integrated with
    existing campus network seamlessly and easily so
    that we can enjoy network computing without
    looking for a physical network port
  • wireless LAN is a collection of two or more
    devices connected via an open air medium in order
    to share data

9
What is the wireless WAN
  • Wireless WANs, which can bridge branch offices of
    a company, cover a much more extensive area than
    wireless LANs. Unlike WLANs, which offer limited
    user mobility and instead are generally used to
    enable the mobility of the entire network, WWANs
    facilitate connectivity for mobile users such as
    the traveling businessman. In general, WWANs
    allow users to maintain access to work-related
    applications and information while away from
    their office.

10
What is the wireless WAN (cont)
  • In wireless WANs, communication occurs
    predominantly through the use of radio signals
    over analog, digital cellular, or PCS networks,
    although signal transmission through microwaves
    and other electromagnetic waves is also possible.
    Today, most wireless data communication takes
    place across 2G cellular systems such as TDMA,
    CDMA, PDC, and GSM, or through packet-data
    technology over old analog systems such as CDPD
    overlay on AMPS.

11
What is the wireless WAN (cont)
  • Although traditional analog networks, having been
    designed for voice rather than data transfer,
    have some inherent problems, some 2G (second
    generation) and new 3G (third generation) digital
    cellular networks are fully integrated for
    data/voice transmission. With the advent of 3G
    networks, transfer speeds should also increase
    greatly.

12
The importance of wireless LAN/WAN protection
  • Security is an important aspect in wireless
    LAN/WAN since it is hard to restrict access to
    network resources physically, which can be made
    with wired LAN/WAN by physical access control in
    the premises

13
Application
  • Doctors and nurses in hospitals are more
    productive because hand-held or notebook
    computers with wireless LAN capability deliver
    patient information instantly.
  • Consulting or accounting audit engagement teams
    or small workgroups increase productivity with
    quick network setup.
  • Network managers in dynamic environments minimize
    the overhead of moves, adds, and changes with
    wireless LANs, thereby reducing the cost of LAN
    ownership.

14
Application(cont)
  • Training sites at corporations and students at
    universities use wireless connectivity to
    facilitate access to information, information
    exchanges, and learning.
  • Network managers installing networked computers
    in older buildings find that wireless LANs are a
    cost-effective network infrastructure solution.
  • Retail store owners use wireless networks to
    simply frequent network reconfiguration.

15
Application(cont)
  • Trade show and branch office workers minimize
    setup requirements by installing preconfigured
    wireless LANs needing no local MIS support.
  • Warehouse workers use wireless LANs to exchange
    information with central databases and increase
    their productivity.
  • Network managers implement wireless LANs to
    provide backup for mission-critical applications
    running on wired networks.
  • Senior executives in conference rooms make
    quicker decisions because they have real-time
    information at their fingertips.

16
LAN/WAN Technologies
  • WAP
  • Bluetooth
  • AMPS
  • TDMA
  • CDMA
  • GSM
  • G3 IMT-2000 International Mobile
  • GPRS
  • LMDS
  • 100BaseRadio

17
WAP
  • WAP stands for Wireless Application Protocol
  • WAP is an application communication protocol
  • WAP is used to access services and information
  • WAP is inherited from Internet standards
  • WAP is for handheld devices such as mobile phones
  • WAP is a protocol designed for micro browsers
  • WAP enables the creating of web applications for
    mobile devices.
  • WAP uses the mark-up language WML

18
WAP(cont)
  • The WAP standard is based on Internet standards
    (HTML, XML and TCP/IP). It consists of a WML
    language specification, a WMLScript
    specification, and a Wireless Telephony
    Application Interface (WTAI) specification.
  • WAP is published by the WAP Forum, founded in
    1997 by Ericsson, Motorola, Nokia, and Unwired
    Planet

19
Bluetooth
  • Bluetooth technology is a forthcoming wireless
    personal area networking (WPAN) technology that
    has gained significant industry support and will
    coexist with most wireless LAN solutions. The
    Bluetooth specification is for a 1 Mbps, small
    form-factor, low-cost radio solution that can
    provide links between mobile phones, mobile
    computers and other portable handheld devices and
    connectivity to the internet.

20
Bluetooth(cont)
  • This technology, embedded in a wide range of
    devices to enable simple, spontaneous wireless
    connectivity is a complement to wireless LANs
    which are designed to provide continuous
    connectivity via standard wired LAN features and
    functionality

21
Wireless WAN (Summary)
  • 1G First generation (Analog voice) AMPS
  • - Advanced Mobile Phone Service
  • 2G Second Generation (Digital voice and
    messages)
  • - TDMA - Time Division Multiple Access (D-AMPS,
    NA-TDMA, IS-54, IS-136)
  • - CDMA - Code Division Multiple Access
    (CDMA-One, IS-95a) GSM - Global System for Mobile
    communication
  • 2.5G
  • - EDGE Enhanced Data rate for Global Evolution
  • - GPRS General Packet Radio Service
  • 3G Third Generation (Broadband Data and Voice
    over IP)
  • - IMT-2000 backbone of 3G world
  • - W-CDMA Wideband CDMA
  • - Cdma2000 Broadband CDMA
  • - LMDS / MMDS Local Multipoint / Multipoint
    Microwave Distribution Systems

22
Wireless WAN (Summary)
2004
2003
2002
2001
GSM
GPRS
W-CDMA
EDGE
Cingular VoiceStream
TDMA
ATT Wireless
iDEN
Nextel
CDMA-2000
CDMA
1x
3x
Verizon Wireless Sprint PCS
Easy upgrade
2G
3G
2.5G
Upgrade requires new modulation
Upgrade requires entire new radio system
23
Wireless WAN
Cellular Telephony - bandwidth 9.6-14.4 Kbps
(2G) 28.2-128 Kbps (2.5G) 200-2000 Kbps (3G)
- standards GSM, CDMA, TDMA, GPRS common use
national coverage Paging - bandwidth 9.6 Kbps
standard CDPD common use two-way short text
messages Satellite - bandwidth 400-1500
Kbps (downlink) 256 Kbps (uplink)
24
AMPS - Advanced Mobile Phone Service
-First generation wireless tech - analog
cellular phone system (in USA and South Africa)
- uses FDMA - Frequency Division Multiple
Access - (800-900)MHz frequency Spectrum
Subdivided into 25 KHz Channels(4000 channels)
- one subscriber at a time to each channel (no
sharing) - the system based on fixed cells
(geographic zones) - 3 components cellular
phone, base station, MTSO - Mobile Telephone
Switching Office
25
TDMA - Time Division Multiple Access (2G)
  • operate at 800 MHz (806-902 MHz digital cellular
    system) or 1900 MHz (1850-1990 MHz PCS -
    Personal Communication Service)
  • 1900 MHz system requires more cells than 800 MHz
    system
  • 30-KHz radio channels are divided into 6 time
    slots ( a fraction of the second). Each time slot
    is assigned among 8 subscribers
  • referred to as D-AMPS - Digital AMPS NA-TDMA-
    North America TDMA IS-54 - the first
    implementation of TDMA IS-136 - next generation
    TDMA (transmission up to 43.2 Kbps)
  • http//www.uwcc.org/ TDMA

26
CDMA - Code Division Multiple Access (2G)
  • operate at 800 MHz (digital cellular system) and
    1900 MHz (PCS) frequency bands
  • 10-20 times the capacity of analog AMPS 4- 6
    times the capacity of TDMA up to 384 Kbps
  • referred to as IS-95 CDMA (or CDMA One) standard
    by TIA
  • CDMA assigns digital codes to activate subscribes
    CDMA divides the radio spectrum into channels
    that are 1.25 MHz wide
  • Lack of international roaming capabilities
  • there are 2 competing standards cdma2000
  • - American implementation, backward compatible
    with GSM and other second-generation wireless
    systems
  • - W-(for Wideband)-CDMA developed by European
    Telecommunications Standards Institute
    Incompatible with existing CDMA or GSM
    infrastructure
  • http//www.3gpp.org/ CDMA

27
GSM - Global System for Mobile communication (2G)
  • European version of TDMA, very popular in Europe
  • support for "Short message service" (short test
    messages)
  • operates at 900 MHz and 1800 MHz (Europe) 1900
    MHz in USA as PCS
  • very popular in Europe, Asia, India, Africa
    combination of FDMA and TDMA FDMA divides the 25
    MHz bandwidth into 124 carrier frequencies of 200
    KHz each each 200 Kbps channel in divided into 8
    time slots using TDMA
  • up to 384 Kbps based on 60 orbiting
    satellites
  • international roaming capabilities in more than
    170 countries
  • Vendors Alcatel, Ericsson, Lucent, Nokia, Nortel

28
G3 IMT-2000 International Mobile
Telecommunication - Year 2000
  • project started in 1992
  • wireless access through satellite and terrestrial
    systems packet services 144 Kbps, 384 Kbps, 2
    Mbps
  • circuit-switched services 144 Kbps, 284 Kbps,
    2Mbps
  • 3 modes of operation
  • - based on CDMA ONE
  • - IS 95B based on CDMA 2000
  • - IXMC, IXTREME, HDR, 3XMC based on TDMA/GSM
  • - EDGE Global roaming
  • http//www.itu.int/imt2000/

29
GPRS, LMDS, 100 BaseRadio
GPRS General Packet Radio Service (2.5 G) -
packet switched intermediate step to transport
high-speed data efficiently over GSM- and
TDMA-based networks - GPRS uses 8 time slots in
the 200 KHz channel and can support IP-based
packet data speeds between 14.4 Kbps and 115
Kbps LMDS - Local Multi-point Distribution
Service - not popular yet, terrestrial
broadband wireless tech. - - versions 24, 28,
31,38,40 GHz - 1 Mbps - 45 Mbps - operates at
very high frequences 100BaseRadio - operates
at 5.2 GHz, 5.3 GHz and 5.775 GHz - the
standard complies with IEEE802.3, 802.1d, VLANs
30
Wireless WAN (Summary)
  • 1G First generation (Analog voice) AMPS
  • - Advanced Mobile Phone Service
  • 2G Second Generation (Digital voice and
    messages)
  • - TDMA - Time Division Multiple Access (D-AMPS,
    NA-TDMA, IS-54, IS-136)
  • - CDMA - Code Division Multiple Access
    (CDMA-One, IS-95a) GSM - Global System for Mobile
    communication
  • 2.5G
  • - EDGE Enhanced Data rate for Global Evolution
  • - GPRS General Packet Radio Service
  • 3G Third Generation (Broadband Data and Voice
    over IP)
  • - IMT-2000 backbone of 3G world
  • - W-CDMA Wideband CDMA
  • - Cdma2000 Broadband CDMA
  • - LMDS / MMDS Local Multipoint / Multipoint
    Microwave Distribution Systems

31
Wireless WAN (Summary)
2004
2003
2002
2001
GSM
GPRS
W-CDMA
EDGE
Cingular VoiceStream
TDMA
ATT Wireless
iDEN
Nextel
CDMA-2000
CDMA
1x
3x
Verizon Wireless Sprint PCS
Easy upgrade
2G
3G
2.5G
Upgrade requires new modulation
Upgrade requires entire new radio system
32
Threats
  • Inherent flaws
  • Hackers
  • Distribution file and quality of password
  • Interception
  • Masquerading
  • denial-of-service attack
  • transitive trust attack

33
Inherent flaws
  • Attacks from within the networks user community
  • Unauthorized access to network resources via the
    wireless hardware typically high capability
    receiver
  • Eavesdropping on the wireless signaling from
    outside the company or work group
  • In a wireless LAN cannot be physically
    restricted. Any registered user of the network
    can access data that he has no business
    accessing. Disgruntled current and ex-employees
    have been known to read, distribute, and even
    alter, valuable company data files.

34
Hackers
  • Remote access products allows people to dial in
    for their email, remote offices connected via
    dial-up lines, on-site Web sites, and "Extranets"
    that connect vendors and customers to own network
    which can make network vulnerable to hackers

35
Distribution file and quality of password
  • On the other hand, the user needs to have the
    file distributed when he wants to access the
    Intranet. Typically, this distribution file would
    reside on the hard disk of the user's personal
    laptop. The quality of the password that opens
    access to the keys in the file, is essential to
    the whole security of the system if a malicious
    user finds out the password and gains access to
    the distribution file, she can log on to the
    server and thus create a tunnel to the intranet

36
Interception
  • A kind of identity interception, in which the
    identity of a communicating party is observed for
    a later misuse, or data interception in which an
    unauthorized user is observing the user data
    during a communication

37
Masquerading
  • Masquerading takes place when an attacker
    pretends to be an authorized user in order to
    gain access to information or to a system

38
DOS attack
  • A denial-of-service attack could be launched
    against a wireless LAN by deliberately causing
    interference in the same frequency band the
    wireless LAN operates
  • Due the nature of the radio transmission the
    wireless LANs are very vulnerable against denial
    of service attacks
  • If attacker has powerful enough transceiver, he
    can easily generate such radio interference that
    our wireless LAN is unable to communicate using
    radio path

39
Transitive trust attack
  • If the attacker can fool wireless LAN to trust
    the mobile he controls, then there is one hostile
    network node inside all firewalls of enterprise
    network and it is very difficult to prevent any
    hostile actions after that
  • fooling the mobile to trust the base controlled
    by attacker as our base

40
Recent security mechanism
  • Service Set ID (SSID)
  • Wired Equivalent Privacy (WEP)
  • Wireless Transport Layer Security (WTLS)

41
SSID
  • Service Set ID (SSID) is a network name. This
    name is sometimes considered secret
  • An access point can be configured either to allow
    any client to connect to it or to require that a
    client specifically must request the access point
    by name. Even though this was not meant primarily
    as a security feature, setting the access point
    to require the SSID can let the ID act as a
    password.

42
WEP
  • Wireless LANs using the IEEE 802.11b standard
    have been growing rapidly over the past two years
  • WEP is the optional security mechanism defined
    within the 802.11 standard designed to make the
    link integrity of the wireless medium equal to
    that of a cable
  • A WEP is based on protecting the transmitted data
    over the RF medium using a 64-bit or 128-bit seed
    key and the RC4 encryption algorithm

43
WTLS
  • WAP uses WTLS as the security mechanism
  • WAP uses WTLS which is a wireless relative of the
    more common SSL mechanism used by all major web
    browsers. WTLS resembles SSL in that both rely on
    certificates on the client and server to verify
    the identity of the participants involved.
  • While SSL implementations generally rely on RSA
    encryption, WTLS supports RSA, Diffie-Hellman,
    and Elliptic Curve encryption. WTLS doesn't
    provide for end-to-end security due to WAP's
    current architecture and limitations of
    server-side Transport Layer Security (SSL)

44
Problems
  • The SSID can typically be found by "sniffing" the
    network. Therefore this lends very little to
    securing a network
  • WEP, when enabled, only protects the data packet
    information and does not protect the physical
    layer header so that other stations on the
    network can listen to the control data needed to
    manage the network
  • WEP can be cracked by simply modifying several
    device driver settings on your wireless
    LAN-equipped mobile device

45
Problems(cont)
  • Weaknesses in the Key Scheduling Algorithm of RC4
    which would allow an intruder to pose as a
    legitimate user of the network in WEP
  • Wireless network Wi-fi used by American Airlines,
    Starbucks and several hotel chains having no
    encryption at all, so almost everything sent from
    a customer's laptop can be picked up by a nearby
    hacker

46
Protection solutions
  • Use higher-level security mechanisms such as
    IPsec and SSH for security, instead of relying on
    WEP.
  • Treat all systems that are connected via 802.11
    as external. Place all access points outside the
    firewall
  • users should augment the protocol with extra
    layers of security, such as a VPN (virtual
    private network) or a firewall

47
Protection solutions(cont)
  • Cisco is going to release in the up coming year
    x.509 certificate authentication. So each person
    will be required to unlock their x.509
    certificate with a password and then present
    their certificate over an encrypted channel
    before they are allowed access to the network.
    Early indications from Cisco are that there will
    be some sort of session key based on this
    certificate. So even if you have the keys for the
    128 bit encryption you will still not be able to
    understand or "sniff" the traffic without a
    session key produced when the individual is
    authenticated

48
Protection solutions(cont)
  • do not use the default key change the key
    immediately and change it regularly don't tell
    anyone the key, ever and conduct WLAN audits
    regularly to ensure there are no rogue WLAN
    connections
  • The WAP Forum has addressed this issue in WAP
    2.0, offering end-to-end security
  • You should now have an operating RADIUS server
    and access points that deny access to
    unauthorized users. Spoofing IP addresses won't
    work -- MAC addresses that don't successfully
    authenticate are not allowed to pass through the
    access point. Your wireless network is now
    secured against hackers

49
Conclusion
  • The only applications that should be developed
    for a wireless environment are those that are not
    mission-critical or that are protected with
    firewalls, token devices for authentication,
    encryption, and Intrusion Detection Systems
  • Despite proponents' claims to the contrary,
    wireless data technologies still possess a level
    of insecurity, particularly if custom security
    measures (such as encryption) are not put in
    place by the enterprise or application developer

50
Conclusion(cont)
  • These are among the security enhancements that
    are being proposed by Cisco, Microsoft, Intel and
    others to the 802.11 standards committee for
    stronger security capabilities in the standard
  • Only when these products and technologies are
    proven to be secure from end to end will mobile
    commerce begin to take off.

51
Reference
  • http//www.fortresstech.com/
  • http//techupdate.zdnet.com/techupdate/stories
    http//www.nwfusion.com/newsletters/wireless/2001/
    00765538.html
  • http//www.informit.com/content
  • http//www.hktechnology.com/hktnet/Solutions20for
    20wlan/what_is_wlan/overview.htm
  • http//www.cityu.edu.hk/csc/deptweb/publications/t
    ech-report.htm
  • http//www.pcworld.com/news/article/0,aid,55146,00
    .asp
  • http//www.google.com/search?qcache35upR5YLz3Mw
    ww.wirelessethernet.org/pdf/Wi-FiWEPSecurity.pdft
    hreatofwirelessLanhlzh-TW

52
Reference(cont)
  • http//www.networkcomputing.com/1004/1004buyerside
    1.html
  • http//www.sans.org/infosecFAQ/wireless/wireless_L
    AN.htm
  • http//www.futurelooks.com/features/Articles/80211
    b/page3_frame.htm
  • http//www.itworld.com/Sec/2306/NWW010426isslan/
  • http//www.practicallynetworked.com/support/wirele
    ss_secure.htm

53
Reference(cont)
  • http//www.uwcc.org
  • http//www.3gpp.org
  • http//www.itu.int/imt2000
  • http//www.cdpd.org
  • http//www.wirelesswans.com
  • http//www.x.net.au/Wireless_WAN_Howto.htm
  • http//www.pinnaclecomm.com/wireless/
  • http//www.w-wan.com/about/case_studies/story9.htm
    l
  • http//www.pdamd.com/vertical/features/wireless_4.
    xml

54
Reference(cont)
  • http//www.shopforacomputer.com/wireless_081601/wi
    reless_wan.htm
  • http//archive.ncsa.uiuc.edu/edu/nie/overview/netw
    ork/educate.html
  • http//www.wireless-nets.com/articles.htm
  • http//www.securityfocus.com/cgi-bin/library.pl?ca
    t176
  • http//www.its.state.ut.us/contents/services/wan/w
    anhardware.shtml
About PowerShow.com