WMAN Cou Poveuts: ® Beidge Lek © deuce Het Comecks fue veluos Haat ugh Me Sewwe or a cifferauk dntaliak loyer gprotecsl Lats at eat cued ofa Poiuk 40 go Luk Let los owired oct Mok Coumecit +e she webs ok ond © tecewes a Couplete Fence collvevoue berdges wath 1 more Commer , exeuiver tue Sectnction odd ress of Sey prcket 40 delecunie w) ells BF shodd Forwond Hie POCKEE based on o di teak the uw PCisieu Midge lovild: over kine, creases eff hevey > the badge wiltect © packet of Tt Knout tel the destindhon A: on the Same ante of Ne web Dilplge os the sensing ag Recess Gait _ Berd ge Seat herfnce welds te aad eee eats | coo ciate OMe te Bea RAK a sis (Goredfince amekwork te Moibple user oe Let Possible te ur dbindson. Ly budge evatbles the weietess Comech & Fa cWwster Stee te an accese Poach: bs ethernet to wsvvelece fonrege coumecks diveckly te a suugie Peed, Seve theaagh on etheneh pork and the, Pretides a wiveter comechine to ant Ap Am th geeBel when the deve bos an elhernet for awd wo witelers NIC Ve work group Bridge i to comeck ing, large wivelesr wetw Ae large wired etlieniet nelwocKs, A> offers were best aud lagher aud weuegjenert oud secortty civlitress® Qrectiowel Anteuncie: es they operate over wide Oe, |e et Feceud Wye aahennee have SRereat ye hoviteubed, bem, width, |S scurdsneedival eutoune Lai a Vedat beamed degrees oud! Vontentel bau Hew and P 20 WLP D degree, he longer aie Fonge Whoa ee eh onan sae Shovel artery Feiviyad etfety wv effective Rel We Wha Cher Nas oie 4 2 Ae. Le seunca CcHeval ambewra ePfac Selby vcrenge the Siued Amlib be wghuy Orerdrouel onteuna, Wes cus Crtreuely Honew been wl WH loud felibdin falters dees Panda fuge b> exdersive Peblens: Bie Oke eubeownon, Gre SeuliSivechtual, cud be % Neo tine fo sebjett te domoge From weather: Sly drectional aakeime Ceqpice Sight belweew toni cule of she syshten & Autewo, Polortetbions ce jhe Plysical Ortemkabion f-the bene Mego Verizeuked OF Nerbical ‘p laue, os applies, uk eune, fobs & 48 cowl, br Noxuiae ve Awemcfeege of wee Slivid have ire cot aud author bos borizantal Gea ve Aeusfeqe 6 PONE ceereeteaee occur4 WMAN systewe: @ pat te Powk sydeu: te user hor cahowed Aug faot olla cither sewidecectioual or uly direchowal atbeanag te Gdawd Ge covess mebopolilan oven. Ve Remge > 20 wile for RF + ludlly Sirechouel aukewnce La Piso & vend bo coamect omy a couple sites Mee cee} ~ tun Planending Porat te prt system iS lees Compare) © Polak te wulioack syste - © Perr to Nall peivk sysheut : Ve ubilize 0 coneauzed OMS cechronal ankeunoe thar provide asignal AauteeNer poink for {ying teqgathior ‘woulbiple coweke Sabrous Le The coukvel troascerver ve dhe sqrab- Ls pdmabagec © ir make the piuctron B wow Gunechion e084 G con ve \es ec gausive Compored $0 Boar to Powe ‘oystews when Anere oe vauthfe stec 4° See gah bocerhion. ceWE aud Chrustaily Revel Gahercomede or couredt bea couly @Posio syhew Le ulileze special wireless volor Hiok ferwond dle Gureined withm Packets te the dedeuahvou, Le each user les a patkel NIC that Avensiuit dake tothe heave wiretece Reuter Retvauswuts tie dele te the next Roster, Le We tuctallaten of reebee i sbratane place Hwvagh We city paviles the wees mi Pre stroclre Ls Trerers uonsed for wi'ces for ieccounecting fevers, Ls Whe form ie suciWable - 1 que ‘ovler beroue theperative Perley: Beause Fa bgking strike oF sabdage Adaphive Guling Prolocols aulenabtally © Tohug tables meath ruber so He ~acKefs wal aed traversing the operas lerY% Z C . Zz v \i cn bs J A D0 eee ooo qh"© WANS Techclogtes : & aitize PeoPrictery tecliug We ROL em 3 Oma arg Kcoused bane) Witn Fi \Sswmany ose whan WF Mize deeeekoucl Rehween Fixed faints a ale The ta tectade wieeel ts he SRP LAW He “ ~ sized wolwerk J Sr ot soa ¥ Weitedoue Whe. se larger uuu OF MRIS. Guareuhece) Lauechon le RF luhePerence Sa Qrotleun with SOA when Nerge owen lrecavie ot Keewse- Free operesion @ go2.16: bub He JiPEe, _ mess 8 dhak 6 Wyery SS PP Hale fink to POE bia Covert Se peite wetuott acer to houses, Shall loateee Ye We ott, P Hak vs shock aud, Gah, Provide a feasible bnckhow! for Werseeh foopien brcnaactenstices We foske wis; commechieg WLAN © supp potuk to vwvthiporid © Rouge > 10-65 Gin @ We Rie @ ceqpsees line Mov > vpte 120 Mbps, PSE ome cooks prontle the bert wey lecoktons foc lose ond abaatker = hicws, © Sse chats Guaecks fo awired L Saecr ck bowg auc) Cun f inelecsly Pte $2 water to large avinbe Hievenry swiccy\tber stodyoug ls 2.189 PF HOA — Vina of ae oncet oer lower-Prequeces, Laseppact Be west axclutectue. ORembe MMe License) aud wnliceuse Rebus Prepeuscies Soe ZN GHe esivey OFDM. ete Mac layer SS every bese dabion Sgwemtcolly distbutee Uplnke cud downline brand wid, to sebscri ber Shodion Sing TOAAA « rence From He BO2\1 MAC colt Proude efFechvVe Landandtl, PRL over tra edio Vink! be Thsie the osfRec#WWAN : VS Pesta Owide coverage Pecancmece? scale 3 lous Pree fer subsg Vs Oe aS eudeages © Waited arestobss "SF Frames spectrom Pdcmeuce lov. 1 Washed secucty J© WWAN GeonPowents : @ vree devites: % curett cued SAME sovices So elo ee §S oralable over woh wider oreos anc) tre were sh Coren4 herr doxicer yt hence WSs eed to Register @ Recko. Nac, selvp & podakle pout of scat (fo:) Ok & Cewebe overs b Prone lone \uhes yoded WWAN Relics, aka} \e The pre, > Sele diPPerenk Aypes of warn SE mating sha chedlenge forcsers te Pineda Neboe prone the ialecBreoe wit Hee 4ype of IAN they nowk touse ~— e a DP Telecominwntcosion fou panies sped cumouwts of woes to s Sopetrui ous) Nesta HW over vaef OPED All Wain Grove Gage forthe somite , Se caing a satellite Bowed NWAN > oe NeSiow of satetirte terminals hove o ae ddechowis Cig meebevc lector ante aude soak cng witli a wedivin sized oiefcase, expansive. se slektows? Is towers & ees Perege esabellite: pester tu the hy. | tue seer awe 0 dish auteuna athe satelete Awa) the sobeltbe yecee the signal on Tebustists the signal Lode Cacth stobion, @ outdoor fe PaNWE waxsiavin io NI \aAdvautage & less mPrastrcbor, iio Os aduutage > expensive. 2 © Aukewoe E a bce tower lave ak Cover the be stkalitte er hace d sh cute bike transeiver located atthe Poca font, Tmswats cud eceleg the RF siqued, ba We stqualt leave she dil me tie souy Mection kecatce of is Puuraloole slug wireless nologiesGoM (glebak. systeus MBS eben) : dt Coes toh HBA VEY etecuerls Ot Sap est | asa 5 Bath Sys Sth aeetie mE eyonicy 5 eh aot A antined > Sw Neha | we yhoo es CRD Ac ay em 1 Gu Ste Tyo Gate Divine Ont ARE aa Z rae “peeves yw cxcte| Team Sees ele i s ich Gime FES eat oon LVEF YE WI CADRE ese08 Die Spo 5 2 YB FIV EEPIYOAUD NV EB Gy Po efiadyd sh SES 3ut € | roms pe é frome POD) Poa ay, aus oily de seh]en Soak & eeswe te 5 | Wn ear a MSs Sewes Ape Poleal easy z Sep Gz fel iba GB O00 green poke CLO ERION ESTE Lo 1M Shel + chuwluk < WHE eo - 935 sazeis BEN e rah a0 H.385 @ + wel 5 MR AS 880 Ge OE Ae, TRAE ees, oy Semis) Mesias cei AB es 50 OX te edie @ WE 0 Le ehad Sh BWioe & : SOMA flee chiens © + Fomea sl thud 5 GM dfaasy “AE CON ase 2 23 MLN 2.6), y 4h osttl oe A) Oe sslinsd urd dm Sens 2552 SM ea ONO ETOH 2 Sh lees e MASSE ale wy OE 54 ja (a ONG ed Si vrei ease suet 3 seas a esate 07 vee ee B thoy Med (6 Bind UA TE ase Hong Joke 9908 Ge Sw ahd ye Feb Guid a use ae WEN ION AG SpE wo scaeg! ea rah BN VA Be, cay boy Die Fae SEo e SNahanw dow @ + SEEN el he Gene B dds ooh ae, 2) Mi BSS, usd, euch Bes G2 io, & : ‘ 24s Olbse z AEN OM diy Se ol) aay 9B Sloal Base soho iia Gy YEG + GM PWeusy . ca ORS , Gedsibe Elbe, Shy Sy ors Sie MiG jdode shalion © wey eed aw Att 2 Rose Sishbu asta 9 4 53 j sath @ Huns > gu @ + Mobs Re ON aM ad © | . Howe lee Va AAG! doe © 3 SIA Bolt dow @ Dlal=sp jae © SDH ae @ Sele dNDAO asec yt, NS se ak Ba ee ae Mid Beall BSG io ae - ola det wel gs | a Wa ae op nso Be ok oy Vx 23 =A, Pls cay ety Seen nea aah s ‘ + BXech WA Abo t CUP Ae eB iae 1184 ot cesae ay weed Bee @ Goleh) tol obey ays ATi, DL ahem lly GN ee ES : : st CEU Ala, & + PPA AD aceppiusd Tite Bis és Nye Hilal + Gems TDA, COMA eo - Goo MHE * GPRS: Wut Hops, lugh seed data cle Re GSM . * EDGE. 284 Kbps. * Weng : Vea Mbps. eHSOpA AH Mops, * LTE; woo Mbps «HWWAN systeus ¢ S— Beeatlvlar_ Resed wwan by coustets & Oat toner 3 Weone sigualr from wer devices ws Wausuits HR teeK to cer, Popeater ts es ae ee Se ass) Nowe swith ox gphewoy , @ rote switen D> comerk Are wecrdeviie 4 anolher Riess on wired exer Herough teleplove isbribultoy, systeus . ie bb space Cstamary plowes call belween Uns, @ Data Gakeway > wake the system a WWAN alle to iulekice with dala protecsle sina Trak woes it Prsible fe woe to wok the Makerwels (a Text MEET > Gepvlor App of he syleut. @ic, Ly chewocherist me © cred culy anelor Stguals- ce 1S souk Cok TA S> cheuges he Fepancy F wurlser oF cliawels ek use FEK to Sed norte ace cies Se eaten were ey ice ernie pe. @ wot aulGicieut for seydin ee dale > wee must iberface PC be cellular ence PES o Modem tuck coniert digilal be aucleg, WOK tomsunission Hirovgh swell Ae Se Kel, © \ock pacity 40 sufpeet on cullieubication and cuca weclowisnn « Tee defital Fx coubrol chemal o¥ly los HELOL Capcity te support Heleflion calls vot MURMUR CONGR sewers, Lschaascherrelves + © agtol Reoumiug, 2 wok yek onatlalole, whe Weqptert the xe 15 Wily Cheose 154 a ae Phone Gud ao Se —@ apace Coeds WWAN: @ srkeilives La The ese oF satellites fer bovead eastuy TW axe) offen Commuureedions bos been oxcund fer severe] decades, & Leto LS Mbps . dec link, By ince Seang ochve che fepeakers aud Earth org Stebillttee 5 Gesible be Previcle Koreedkact cud Qernt fo Fut Coumintcahion ever & laege cuteos Ly sateltites ore lected at ‘Mors Points the geosdatiovs Crit depending onthe syslen tuission fequitewrent, (NEE! % otha gloinal COG a. Wiliam of 3 weet StMlere power custeank > less seusibive to Ree smce abteuvation. bead os a siagle epeater Le temmsponlers the chunce that bonlke tebreodcaat te Si§ual back fo coh a dhe dxuulh. b sotette beagaudors fa cwadegus fe ceparter (wo ferret ot Covwwnwwienbious Linky it wave recone amplify aud Scheuswutt sigalg from eth termed, §5 Capebiee ach OF wore AE is, Ls tow ablifate epoch PORN Is gecceteroey orbit Ss catellte i anchibxthas 24 tee au! Coins orca Fixed lecahion on the equator . bone Sitellite appeocr wekiules to can chsemver ou Cathy, oe @ikeleor Bur commund coktous ¢ te foe Weun sotellite sgteu « Ve ce RF sigeale of ulcleor deat. Veeuale « teng-baul baelens dole transmtsa Lue willed the expense of Newt aud widarwng a sctellte. Se oimet a Ho p50 Mitz vadie wene cb the iculan! Te cuwio Siquel ten ceflects offtle gos aud & diecled K ko earth, \e Te owntlaladily extewely low: 1S lowcost. | below pecBrmauce, | Ss ee ees ae es * sus Apo: : a lake ated wesagivy SYteur capable of ceudhog @ Gople hwadec dhoveckess aka Hue Ls wireless Bu of faket- wessagng - ' APP of ENS Roc wwe wah WAN: F Deoulenk iWon: evable dhe efficvert dehyeny of oPletes user © Alerts : opens offfor o Noxthy of aleds Gini wail worhig ) | |e Allow yuo 40 cee ales When seuetlning ok ov dive OS Portomt axcury. @ Wreockion: belevigion show culow Haderehivihy cumoug Wiewes Gnd works Whecugh SUS. Sap Megcahion Raside for develepec to whegtake SUS fake WAU @CPowtke Ago.iE Sr Ve ae’ "g 2.020 ner a ue a A4 Wunn Teluclegies sFocus on moduadion Mico v6; des theeute S> eat: year ncwisles hor Beal osig a MRveut code. Le Admutone S wer denies cam counect to wwaltiple bese ations bene oF sepuicte cocks. erences Perfirmauace aud Yeltabilihy @sDua: Ls cccdivamedabes Mullile ect key focusing 0 baw forech e506 Cowon in Suttle sysheun, a Le AlophiveS Rue beune Files weveweng Phe aser +Ssecodly t's BaRortak loecevse the Kommeutabens Siquale axe Pauly ovarlable asthe Propagate through ase SSH OD Woe Moulor S" eter loan experinced becker or cosuah ences Cau wevsioe eapctecks oweleer doles Rrekete ceing tools CA Maguek, Azo Rbee), wlu'c, Ray ductose tke coutents of wiivelas dibs Packets. Lesolubitia 3 ab vaintmous cuapley cuccyphion bekween ue wiles Cheek device and the kase suion. | fi Allore dato. bits 2549) a secvel Key, @Dmahronred tkces! “ ‘3 baste occecs & RetPoale. WN frou outsile a Keclity iP te takfew Re por ‘ows ovew Vs May companies Sep Weir WN ei Holton @ufiguadivs , wag Mri tech Varo cerveat b> Wd 9p > eacy to reece with wal, without perwoueel Reewnll peteckion ; couecue Can badaze Anrough gove Vad dove, eee eg the dwt , arsccuced base it Pasite fe auyove to toBice Si cetlonaed AP onthe wetanck . vee be exglotted beccuse Ht Prdaably yimit vow oy : MCIPion ackReted , which Provide an oper doce Ly Soneove te enccly acces he corporde network from ovksie the, (oat bs scltion > © The WH shoud SHley wetval culreubiation belwoer, Clieak Soe cud te Ap T ‘Aes wckion whuth wher o hacker Ploceso Frckitions dence belween the cect oud Abe wink. LaThe hecer wills the eee QUE Heols Gan <7Ploit ARP and take covteo] 1s Pollen > with ARP ck cakeauce asecealy ok eessitig Fev ARP Seong « © Wocler coum Fool a stakion by send 9 Frome WILE velucdl dulce SRatios ARP cecponee shed (Pe tegikinate vdwork device + \ MAC Acre of she oque date eS, Gare At legtivate sledious cuthe neluode to avteuthtally Updabe flere ARP-Aebles With de Ruse wage v5, _ © Sobions wal ea seve Raloce packels 4o the pres her then oe legah AP! ee ee Y euable VacMer fo Wainpslake vier Sessiars. lpatelion 2 ose sap SARI Prowde secure toanel hehwees ancl diet ard the Wwrieless AQ or cooler, uluth ignores aM ARP spruce tel ossociled awitsite ciel ou the or tue chher end of Me tumol» Ly use of sage eqpivecitte astalledion oP speacied Sw em exch! client CRETE) WaT Proceed fr pubic. hokspee@tes by & en assautt that an dsalole a WA bs swaventy F O05 Atack eepauds onthe WaQack dhe way bce secPorubive. > ais, te Bee ola « Ww@ Flood oP packets trek Ses all oP the weluork stecoocces aud Ree the Bebe to shukdoum: L50es au be Bae by AS ostrevg @dio signal. Ly seat cs very petite and she Cos Mack Siqvak Lave accecs tothe wedvin Por as lousy as atu be the ewer oFske WA om Pad Une hacer Yomugh the use? Kouta fools eaukuble velevork awalyzen, bs Des could cone Ga iMbeuhoual + \y art operate reehio spechum Mer devices Gue edhe te Peformance. Ls solution S WPA: Metbemcbical Algedemete authenticate ser lothe ueluork. : Fa user istry to seuss tuo pockets oP pare Sale. win one second WPA will ascume its val Alloa, cwd shubdoom. em Pooleck a WLAN boy Waki the building ac cesishast OS Guesible te vedio signals Guatig to be hep to bel? eeakiee acho signed lentage: © vse 0 webol shde te oval. © tall dhewally deviate! (oper or wekallie Rw tensed) Giadowws, @ xe a welallic windour @ vse wetallte bowed Ruut on unlle, © Run tests to deleaude eww ur the sigeds actually Neaks extside the buildyy, . @ Pin creche 96 cuteunae boven’ she dnade of the berteheg \, flau® ss pe be bach Prrcessi PaRrkeased methods¥ CreeyPhrous ae LeAiterthe bie Peach deter Pocket bo quan! calesdropfecs From decedhy dake. Le plated: dota before eueryption + Ve ciphertext: date ofler excryplion. ula someone cam decode ouly Urcouyr 02 Fo Peper secvel Loy. Se ercryphion walled SS wep Coys mori) the some Fey that Gots the. euccohinn és ass the ud thck Qoferm the decrgolion » Lefer symmekere rey VOW EE the eeu The 5 YPhinte ke effedive the Ruclion must 82 oF encryption Kees lay chreanaing theta mwelnt cu plian wectiantiuns want hale Hecke Key diskibohon mellate. wR Pr bhickay enyglegraftiy > powate eey , pobleckey, Ibe cent. a e Kao tt. cvable wee Cfecive encryption aud authecdteation Methanisnes beacause of it kph epee a Nahe seu dedion cau anceych dabervaiig the privale ¥e4 ond the cecewer use He kay foe decryphen. be wots Pcliely for everypling date S> the pubhe Key Guslee mode Freely available fe eujove wrung to Send cuccyghed dale. Jo 0 sottohhapter 8. Wireless Network Security: Protecting Information Resources Page 7 of 18 Eneryption Decryption a Ciphertext COCOOOOOOOOOO ‘Access User Point lic key cryptography works effectively for encrypting data because the public Key can be made ly available to anyone wanting to send encrypted data to a particular station. A station that ‘erates 2 new private key can distribute the corresponding public key over the network to zyone without worry of compromise. The public key can be posted on a website or sent jenerypted across the network. EP TEP is 802.11's optional encryption and authentication standard implemented in the MAC Layer hat most radio NIC and access point vendors support. When deploying a wireless network, you need 5 fully understand the ability of WEP to improve security. P Operation 9 a user activates WEP, the NIC encrypts the payload (frame body and cyclic redundancy check ICRC) of each 802.11 frame before transmission using an RC4 stream cipher provided by RSA. securitThe receiving station, such as an access point or another radio NIC, performs decryption :pon arrival of the frame. As a result, 802.11 WEP only encrypts ions. Once the frame enters the wired side of the network, such as between access points, WEP no longer plies As prt of the encryption process, WER prepares sey schedule (seed) by linking the shared seeret ey supplied by the user of the'sending station with a randomly generated 24-bit initialization vector. FI). The IV lengthens the life of the secret key because the station can change the TV for each frame smamission. WEP inputs the resulting seed into a pseudo-random number generator that produces a ey stream equal to the length of the frame's payload plus a 32-bit integrity check value (ICV). e ICV is a checksum that the receiving station recalculates and compares to the one sent by the ding station. It determines whether the transmitted data underwent any form of tampering while transit. fie receiving station calculates an ICY thet doesn't match the one found in the frame, the ceiving station can reject the frame or flag the user. WEP specifies a shared secret key to encrypt and decrypt the data. With WEP, the receiving station se the same Key for decryption. Each radio NIC and access point, therefore, must be manually ore-t jon takes place, WEP combines the key stream with the payload/ICV through a races, roduces ciphertext (encrypted data). WEP includes the IV in the clear erypted) within The irs few bytes ofthe frame body. The receiving station uses this IV along “th the shared secret key supplied by the receiving station user to decrypt the payload portion of the file://C:\Documents and Settings\A ABU Local Settings\Temp\~hhF8E htm 12/11/2013spter 8. Wireless Network Security: Protecting Information Resources Page 8 of 18 me body. most cases, the sending station will use a different IV for each frame (this is not required by the 11 standard). When transmitting messages having a common beginning, such as the sender's ‘ess in an e-mail, the beginning of each encrypted payload will be equivalent when using the key. After encrypting the data, the beginnings of these frames would be the same, offering a that can aid hackers in cracking the encryption algorithm. Since the IV is different for most es, WEP guards against this type of attack. The frequent changing of IVs also improves the ‘of WEP to safeguard against someone compromising the data, Issues is vulnGrable because of relatively short IVs and keys that remain static. The issues with WEP really have much to do with the encryption algorithm. With only 24 bits, WEP eventually “the same IV for different data packets. For a large, busy network, this reoccurrence of IVs can sn within an hour or so. results in the transmission of frames having key streams that are too similar. Ifa hacker collects frames based on the same IV, the individual can determine the shared values among thems — or the shared secret key. This, of course, leads to the hacker decrypting any of ic nature of the shared secret keys emphasizes this problem. 802.11 doesn provide any ns that support the exchange of keys among stations. As a result, system administrators and ‘generally use the same keys for weeks, months, and even years. This gives mischievous is plenty of time to monitor and hack into WEP-enabled networks. ‘to Use WEP te its flaws, you should enable WEP as a minimum level of security. Many people have fered wireless networks that use protocol analyzers, such as AiroPeek and AirMagnet. Most of ‘people are capable of detecting wireless networks where WEP is not in use and then use a to gain access to resources located on the associated network. sivating WEP, however, you significantly minimize this from happening, especially if you have ‘or small business network. WEP does a good job of keeping most people out, Beware: These: fe hackers around whe can exploit the weaknesses of WEP and access WEP-enabled networks, ally those with high utilization. 3 1 Key Integrity Protocol 111 standard includes improvements to wireless LAN security. One of the upgrades is the oral Key Integrity Protocol (TKIP), initially referred to as WEP2. TKIP is an interim solution ixes WEP's key reuse problem. In fact, many wireless LAN products already have TKIP as a process begins with a 128-bit temporal key shared among clients and access points. TKIP ines the temporal key with the client's MAC address and then adds a relatively large 16-octst ‘produce the key that will encrypt the data, This procedure ensures that each stati Key streams to encrypt the data. however, i that TKIP changes temporal keys every 10,000 pack wn method that significantly enhances the security of the network.Page 9 of 18 hhapter 8. Wireless Network Security: Protecting Information Resources IP is that companies having existing WEP-based access points and radio ipgtade to TKIP through relatively simple firmware patches. In addition, WEP-only pment will still interoperate with TKIP-enabled devices using WEP. TKIP is a temporary lution, and most experts believe that stronger encryption ts still needed. laddition to the TKIP solution, the 802.11: standard includes the Advanced Encryption Standard SS) protocol. AES offers much songs encryption, AES uses Rine Dale ensrption orithm, Which is a tremendously strong encryption that replaces RC4, Most cryptographers feel gCAES is uncrackable. In addition, the 802.11i standard will include AES.as-an-option over TKIP. fact, the U.S. Commerce Department's National Institutes of Standards and Technology (NIST) sanization chose AES to replace the aging Data Encryption Standard (DES). AES is now a Federal jrmation Processing Standard, which defines a cryptographic algorithm for use by U.S. ent organizations to protect sensitive but unclassified information. The Secretary of .eree approved the adoption of AES as an official government standard in May 2002. e problem with AES i nS segues mor gosssng power han wham ces pnts on he skct today can Support, As a result, the implementat ES will require companies to upgrade_ ‘existing wireless LAN hardware to support the performance demands of AES. An issue, ever, is th: Tequires a coprocessor (additional hardware) to operate. This means that panies need to replace existing access points and client NICs to implement AES. Fi Protected Access Wi-Fi Protocol Access (WPA) standard provided by the Wi-Fi Alliance provides an upgrade to P that offers dynamic key eneryption and mutual authentication. Most wireless vendors now Sport WPA. WPA clients utilize different encryption keys that change periodically. This makes it difficult to crack the encryption. PA 1.0 is actually a snapshot of the current version of 802.11i, which includes TKIP and 802.1x. Schanisms. The combination of these two mechanisms provides dynamic Key encryption and ication, something needed in wireless LANs. WPA 2.0 offers full compliance with the B.11i standard. tual Private Networks {reless users will be roaming into public areas, such as airports and hotels, strongly consider al private network (VPN) solutions. Even though VPNs are not foolproof, they provide an fective means of end-to-end encryption. VPNs are also effective when clients roam across different ves of wireless networks because they operate above the dissimilar network connection levels. < Day Day Up> neta) «Day Day Up > ere) he use of mutual authentication is important in a wireless network. This will guard against many bcurity issues, such as man-in-the-middle attacks, With mutual authentication, the wi ient 3d the wireless network must prove their identity to each other. a eS mn Erver, such as Remote Authentication Dial-In User Service (RADIUS), to.perform the tication. Figure 8-6 illustrates the process of authentication. Figure 8-6. Authentication Verifies the Identity of Users and Client Devices Through Credentials, Such as Passwords and Digital Certificates éle://C:\Documents and Settings\AABU'\Local Settings\Temp\~hhF8E.htm_ 12/11/2013Page 10 of 18 jpter 8. Wireless Network Security: Protecting Information Resources Credentials Authentication Server 11 Authentication Vulnerabi od for authenticating radio NICs to access points, not the other way Fd Aca result, ahacker can reroute data through an altemate unauthorized path that avoids easunty mechanisms. Instead of one-way authentication, wireless networks need to implement fal auttrentication to avoid this problem. wireless client becomes active, it searches the medium for beacons broadcast by access By default, the access point broadcasts beacons containing the service set identifier (SSID) of access point, as arameters, The access point only enables association if the client sD matches the access point SSID. Thi fers a basic, but weak, form of authentication. wu ty is the fact that the SSID is 1 which makes it visible to packet sniffers. Because of this, a hacker can easily identify the SSID witht th the wireless network. Even if the access point is set not to broadcast the 1¢ and authenticate wil Dan optional feature available in only a few access points—sniffers can still obtain the SSID p association request frames sent from client devices to the access point, > only provides a meth 11 offers, by default, a form of authentication called open systems.authentication In this mode, oval for any request for authentication. The client simply sends an iescticaton request frame, and the access point responds with an authentication approval. This ows anyone having the correct SSID to associate with the access point. .¢ 802.11 standard also includes shared key authentication, an optional, more advanced form of athentication. This is a four-step process: ‘The client sends an authentication request frame. ‘The access point responds with a frame containing a string of characters called challenge text. ‘The client then encrypts the challenge text using the common WEP encryption key. The client sends the encrypted challenge text back to the access point, which decrypts the text using the common key and compares the result with the text originally sent. 4. Ifthe decrypted text matches, the access point authenticates the client pris seems adequate for euthentication, but a problem is that shared key authentication only proves the client has the correct WEP key. AC Filters Some wireless base stations offer medium access control (MAC) filtering. When implementing AC filtering, the access point examines the source MAC address of each incoming frame, The te://C-\Documents and Settings\A ABU\Local Settings\Temp\~hhF8E.htm 12/11/2013ee Sn ree meres Weer eee nee eee ee hapter 8. Wireless Network Security: Protecting Information Resources Page 11 of 18 access point will deny frames dress s a specific list programmed by the administrator. As result, MAC filtering provides a primitive form of authentication. ae isc didress radio NICs to match a valid MAC address. This enables the hacker to masquerade as a real aser and fool the access point when the legitimate user is not present on the network. addition, MAC filtering can be tedious to manage when there are several users. An administrator Beta boch users MAC aadrcoela tabla al Conn aaks topics coanaee wien en acre come about. For example, an employee from another company location might need access to the eles LAN during a visit. The administrator must determine the MAC address and program it in .¢ system before the visitor can access the network. MAC address filtering might be adequate for ler home and office applications, but the hands-on nature of this approach is not desirable by inistrators of enterprise wireless networks. uthentication Using Public Key Cryptography addition to protecting information from hackers, stations can use public key eryptography to suthenticate themselves to other stations or access points. This might be necessary before an access int or controller allows a particular station to interface with a protected side of the network. Likewise, the client can authenticate the access point in a similar manner. [A station Aithenticates itself by encrypting a string of text within a packet sing its private ki ‘receiving station decrypts the text with the sending station's public key. If the decrypted text matches ‘some predetermined text, such as the station's name, the receiving station knows that the sending, station is valid. The encryption of a particular string of text in this case acts as a digital signature, Figure 8-7 illustrates the concept of using public key eneryption for authentication. Figure 8-7. Public Key Encryption Enables Authentication Decryption Ee) Digital Signature COOCOCOOOOOO Access User Point 802.1x The use of IEEE 802.1x offers an effective framews wutomatically authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.Lx ties a protocol called Extensible Authentication Protocol (BAP) to both the wired and wireless network wee and supports multiple authenticatign methods, such as tokeit cards, Kerberos, one-time passwords, certificates, and public key authentication. file://C:\Documents and Settings\A ABU\Local Settings\Temp\~hhF8E.htm 12/11/2013apter 8. Wireless Network Security: Protecting Information Resources Page 12 of 18 1x Operation tial $02.1x communication begins with an unauthenticated supplicant (wireless client device), = jpting to connect with an authenticator (wireless base station). The base station responds by EA from the client fo a a sbling a port for passing only EAP pi n the client to an authentication server located on. all other traffic, 54 HTTP, DHCP, and until he pase tation can verify the client's identity using an authentication server, thas RADIUS. Onoé authenticated, the base station opens the client's port for other types of traffic :d on access rights held by the authentication server. get a better idea of how the 802.1x process takes place, the following specific interactions occur .ong the various 802. 1x elements: 1. The client sends an EAP start message. This begins a series of message exchanges to authenticate the client; think of this as a group of visitors entering the front gate of a theme park and the group's leader (client) asking the gatekeeper (base station) whether they can enter. 2. The base station replies with an BAP request identity message. In the case of the theme park, the petekzeper will ask he leader for her name CRASS 3. The client sends an EAP response packet containing the identity to the authentication server. ‘The leader in this example will provide her name and driver's license, and the gatekeeper forwards this information to the group tour manager (authentication server), who determines whether the group has entry rights. 4, ‘The authentication server uses a specific authentication algorithm to verify the client's identity. This could be through the use of digital certificates or another EAP authentication type. In this example, this process simply involves verifying the validity of the leader's driver's license and ensuring that the picture on the license matches the leader. Assume the leader is authorized. 5. The authentication server will their send an accept or reject message to the base station. In this case, an accept means the group tour manager at the theme park tells the gatekeeper to let the ‘group enter. ‘The base station sends an EAP suecess packet to the client. The gatekeeper informs the leader ~ that the group can enter the park. The gatekeeper, of course, would not let the group in if the group tour manager had rejected the group's admittance. 7. Ifthe authentication server accepts the client, the base station will transition the client's port to _an authorized state and forward additional traffic. This is similar to the gatekeeper automatically opening the gate to let in only people belonging to the group cleared for entry. 1e basic 802.1x protocol provides effective authentication regardless of whether you implement 2.11 WEP keys or no encryption at all. Most major wireless network vendors, however, arc fering proprietary versions of dynamic key management using 802.1x as a delivery mechanism. If mnfigured to implement dynamic key exchange, the 802.1x authentication server can return session eys to the base station along with the accept message. 1¢ base station uses the session keys to build, sign, and encrypt an EAP key message that is sent to 1¢ client immediately after sending the success message. The client can then use contents of the key jessage to define applicable encryption keys. In typical 802.1x implementations, the client can itomatically change encryption keys frequently to minimize the risk of eavesdroppers having jough time to crack the key in current use. ile://C:\Documents and Settings\AABU\Local Settings\Temp\~hhF8E.htm 12/11/2013sapter 8. Wireless Network Security: Protecting Information Resources Page 13 of 18 yentication Types ‘important to note that 802.1x doesn't provide the actual authentication mechanisms. When izing 802.1x, you need to choose an EAP type (such as EAP Transport Layer Security (EAP- S], EAP Tunneled Transport Layer Security [EAP-TTLS], or Cisco's Lightweight EAP [LEAP]), “ich defines how the authentication takes place. The software supporting the specific EAP type Jes on the authentication server and within the operating system or application software on the «Day Day Up> ¢ of the first steps in providing wireless network security is to formulate effective policies and sponding enforcement processes. Carefully analyze security requirements and invoke an jequate level of protection. For example, encryption should be part of all wireless network ;plementations. WEP might be fine for home and small office deployments, but utilize better ethods— such as WPA—for corporate applications. An effective mutual authentication method, +h as LEAP or EAP-TLS, is also important for corporate applications. Assessment Steps fer deploying a wireless network, you need to implement a security assessment that ensures that 1 WLAN complies with security policies. For most situations, this is necessary whether the setwork implements effective security mechanisms. Don't put too much trust in the design of a tem. It's best to run tests to be certain that the network is hardened enough to guard against uthorized persons attacking company resources. fact, companies should conduct regular, periodie security reviews to ensure that changes to the ireless LAN don't make the system vulnerable to hackers. An annual review might suffice for low- sk networks; but a review each quarter or more often might be necessary if the network supports Jigh-risk information, such as financial data, postal mail routing, and manufacturing control inctions. ew Existing Security Pol fore getting too far with the security assessment, become familiar with company policies regarding wireless network secirity. This provides a benchmark for determining whether a company is complying with its own policies. In addition, you'll be able to assess and make corresponding, ‘recommendations for policy modifications. Determine whether the policy leaves any room for a disgruntled employee to access company resources. For example, the policy should describe adequate encryption and authentication mechanisms, keeping in mind that 802.11 WEP is broken. Also, the policy should mandate that all employees coordinate with the company's IT department before purchasing or installing base stations. It's important that all base stations have configuration settings that comply with the policies and provide the proper level of security. In addition, you need to ensure that security policies are disseminated to employees in an effective manner ‘Review the Existing Syatem Meet with IT personnel and read through related documentation to gain an understanding of the system's architecture and base stations configurations. You'll need to determine whether there are any design flaws that provide weaknesses that could allow a hacker inside the system. file://C:\Documents and Settings\A ABU \Local Settings\Temp\~hhF8E. htm 12/11/2013spler 8. Wireless Network Security: Protecting Information Resources Page 14 of 18 1m as much as possible about existing support tools and procedures to spot potential issues. Most smpanies, for example, configure the base stations over the wired Ethernet backbone. With this jocess, the passwords sent to open a connection with a particular base stations are sent unenerypted rer the wired network. As a result, hacker with monitoring equipment hooked to the Ethernet fork can likely capture the passwords and reconfigure the base station. terview Users fe sure to talk with a sample of employees to determine whether they are aware of the security Ticies within their control. For example, do the users know that they must coordinate the purchase installation of wireless network components with the appropriate department? Even though the icy states this, don't count on everyone having knowledge of the policy. Someone might purchase ‘base station from a local office supply store and install it on the corporate network to provide ireless connectivity within the office. It’s also a good idea to verify that people are using personal rewalls. Verify Configurations of Wireless Devices part of the assessment, walk through the facilities with base stations and use tools to capture the fase station configurations. If the company has centralized support software in place, you should be ‘ble to view the configuration settings from a single console attached to the wired side of the ‘ctwork. This is to determine which security mechanisms are actually in use and whether they comply with effective policies For example, the policies might state that base stations must disable the physical console port, but ‘while testing you determine that most base stations have the ports enabled. This would indicate hhoncompliance with the policies, and it would enable a hacker to reset the base station to the factory default settings with no security enabled. In addition, look at the firmware version of each base station to see if it's up-to-date. Older firmware versions might not implement the more recent patches that fix eneryption vulnerabilities. ‘Also, investigate base stations’ physical installations. As you welk through the facilities, investigate the installation of base stations by noting their physical accessibility, antenna type and orientation, ‘and radio wave propagation into portions of the facility that don't have physical security controls ‘The base stations should be mounted in a position that would make it difficult for someone to physically handle the base station and go unnoticed. ‘A base station simply placed on t6p of a bookshelf, for example, would make it easy for a hacker to swap the base station with a rogue one that doesn't have any security enabled. Or, the hacker could attach a laptop to the console port to reset the base station. Ifthe base stations are all mounted above the ceiling tiles and out of plain view, however, someone would need to use a ladder and would probably be noticed by an employee or security guard. Identify Rogue Base Stations 'A problem that’s difficult to enforce and significantly undercuts @ network's security is when an employee installs a personal base station in her office. Most of the time, these installations don't comply with security policies and result in an open, unsecure entry port to the corporate network, In fact, a hacker can utilize sniffing tools to alert him when such an opportunity exists. ‘Asa result, scan for these unauthorized base stations as part of the assessment, Most companies will ‘be surprised to learn how many they find. The most effective method for detecting rogue base stations is to walk through the facilities with sniffing tools. In addition, the company should periodically scan the network for potential rogue base stations from the wired side ofthe network. ‘This is available in many of the centralized wireless network management systems. filex//C:\Documents and Settings\A ABU\Local Settings\Temp\~hhF8E.htm_ 12/11/2013‘Chapter 8, Wireless Network Security: Protecting Information Resources Page 15 of 18 ears Pensa: in addition to hunting for rogue base stations, try going a step further and attempt to access corporate fesources using common tools available to hackers. For example, can you utilize AirSnort to crack ough WEP? Is it possible to associate with a base station from outside the company's controlled erimeter? Of course your job will be easy if WEP is tuned off. If strong encryption and authentication techniques are in use, you'll likely not find a way in. ithe information you gather during the assessment provides a basis for understanding the security posture of a company or organization. After collecting information, spend some time thinking about potential gaps in security. This includes issues with policy, network architecture, operational support, ‘ind other items that weaken security, such as presence of unauthorized base stations and abi penetrate the network. This requires you to think like a hacker and uncover any and all methods that ‘make it easier for someone to penetrate and access (or control) company resources through the wireless network. ‘Recommend Improvements. ‘As you spot weaknesses, research and describe methods that will counter the issues, Start by secommending improvements to the policies, which dictate what the company requires in terms of Security for the wireless networks, This provides a basis for defining technical and procedural solutions that strengthen the system's security to a level that protects the company's interests. ‘Common Security Policies With any wireless network, consider policies that will protect resources from unauthorized people. Here's a look at what you should include. Place Wireless Users Outside a Firewall Consider implementing a wireless demilitarized zone (DMZ) by placing a firewall between the wireless network and the corporate network. (See Figure 8-8.) With this approach, equip > each client Yeviee with a virtual private network (VPN) that the protected network will accept. As a result, a hacker would need to utilize a correctly configured VPN—which is difficult to do— to gain access to company resources. Figure 8-8. Firewalls Offer Additional Security to Wireless Networks Corporate Network: ‘The problem with a VPN solution for all users is that i's difficult to manage and sometimes slows file://C:\Documents and Settings\AABU\Local Settings\Temp\~bhF8E. htm 12/11/2013shapter 8. Wireless Network Security: Protecting Information Resources Page 16 of 18 formance. As a result, mainly consider VPNs if users will roam into public areas. Effective Eneryption ed network using freely available tools. However, WEP ‘business networks from the general public. To crack P, you need to know how to use complicated tools and capture a lot of network packets, vnething that most people wor't bother with unless the network resources are extremely valuable i they have infinite patience. The use of standard 802.11 WEP for networks with low attack risk s ‘minimum for any security policy {your wireless network hardware supports a form of encryption (such as WPA) that changes Keys ya more secure solution than using static methods such as WEP. If sctremely high security is necessary, utilize superior standards, such as AES. ‘Ensure Firmware Is Up-to-Date ‘Vendors often implement patches to firmware in base stations and radio NICs that fix security issues. Start by upgrading the firmware in the base station soon after pulling it out of the box. Make it habit to periodically check that all devices have the most recent firmware releases to cover up all Known security holes. This is way i's a good idea to make certain you can easily upgrade the firmware in the base stations that you purchase. Physically Secure Base Stations ome base stations will revert to factory default settings, which do not provide any security, when Someone pushes a reset. This makes the base station a fragile entry point. As a resull, provide adequate physical security for the base station hardware. For example, don't place a base station within easy reach on a table in the office. Instead, mount don't have reset buttons, but they allow you them out of view above ceiling tiles. Some base stations to reset through an RS-232 cable via a console connection. To prevent this, be sure fo disable the console port. ‘Also, dont leave base stations within reach of a hacker who can replace legitimate safeguarded i scess from any user. In fact, it's a ‘base station with an unsecured, rogue base station that accepts ood idea fo conceal the base station as much as possible to make it more difficult for a hacker fo find, Be sure, however, to note the location of the wireless hardware; otherwise, you'll have a difficult time finding them yourself. Disable base stations during outage periods. If possible, shut down the base stations when users don't weed them, This limits the window of opportunity. You could pall the power plug on each base station, however, consider deploying power-over-Ethernet equipment that provides this feature through centralized operational support tools. Assign Strong Passwords to Base Stations Dont use default passwords for base stations. Default passwords are well Knovin, making i 29) for comeone to change configuration parameters on the base station to her advantage. Instead, use passwords that are difficult to guess. In fat, i's a good idea to use a mix of uppercase and low erease peters. as well as special symbols, Be sure to alter these passwords periodically. Also, ensure that passwords are encrypted before being sent over the network. Don't Broadeast SSIDs file://CADocuments and Settings\AABU\Local Settings\Temp\-hhFSE.him 12/11/2013shapter 8. Wireless Network Security: Protecting Information Resources Page 17 of 18 if this feature is available, you can avoid having user devices automatically sniff the SSID being, sused b: access point. Windows XP and other monitoring tools will automatically ‘sniff the 802.11 beacon frames to obtain the SSID. With SSID broadcasting tumed off, the base station will not include the SSID in the beacon frame, making most sniffing tools useless. In ‘addition, Windows and XP users will not see that the wireless LAN exists. ‘The disabling of SSIDs isn't foolproof, however, because someone can still monitor 802.11 association frames and recover the SSID. Shutting off the broadcast mechanism, however, will limit access. ‘Reduce Propagation of Radio Waves ‘Through the use of directional antennae, i's possible to confine the propagation of radio waves Within an area where hackers are not able to physically access, For example, a wireless network design could specify antenna gain and or duce the spillage of radio waves outside the perimeter of the facility. This not only optimizes rage, it also minimizes the ability for a snooper to eavesdrop on user signal transmissions or interface with the corporate network through an access point. Implement Personal Firewalls Ifa hacker is able to associate with a base station, the hacker can easily access files on other users! devices through the Windows operating system that are associated with an access point connected to the same wireless LAN. As a result, it's crucial that all users disable file sharing for all folders and utilize personal firewalls. This is crucial when users ate operating in public locations. ‘Monitor Base Station Configuration Utilize operational support tools to continually monitor the network and check for base stations that don{i conform to configuration policies. A base station that doesn't match specific security settings has likely been reset or is possibly a rogue base station. base stations are found with improper settings, restore the settings as soon as possible, Be sure to_ encrypt management traffic, however, through the use of secure Simple Network Management Pr SNMP Version 1, for example, sends everything in the clear. You can also deploy intrusion detection sensors, available in some operational support tools, to identify the presence of hackers based on invalid MAC addresses. The main idea is to provide alerts if suspicious behavior is occurring, —— Control Deployments Ensure that all employees and organizations within the company coordinate the installation of wireless networks with the appropriate IT group. For example, forbid thé use of unauthorized access points, Mandate the use of approved vendor products after you've had a chance to verify appropriate security safeguards. Maintain a list of authorized radio NIC and base station MAC addresses that you can use as the basis for identifying rogue base stations during surveys. In addition, deploy management tools that force base stations to comply with corporate security policies. With these recommendations in mind, you have a basis for forming a solid security policy. When deciding on which techniques to implement, however, consider the actual security needs. For example, WEP might be good enough for home and stnall business wireless LANs. If you work for a ‘financial institution or retail store transmitting sensitive data, concentrate on using something, stronger, such as WPA or AES. file://C-\Documents and Settings\A ABU\Local Settings\Temp\~bhF8E.htm 12/11/2013= Die eis 0 ‘oe GQ -) se Q reas 4068 at oy