Scribd Logo
Upload

Welcome to Scribd!

  • Slide Deck Wi Fi Security v5

    Uploaded by

    Yacine Mejouj
    23 views29 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views29 pages

    Slide Deck Wi Fi Security v5

    Uploaded by

    Yacine Mejouj

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    Speaker Intros

    Matt Starling Mac Deryng


    Director, Ekahau University & Director, Ekahau University &
    Product Marketing Product Marketing

    2 Copyright © 2021 Ekahau


    Webinar
    Topics Covered

    • Using Ekahau to track down & remove


    potential security vulnerabilities
    • The impact these devices have on your Wi-Fi
    network performance
    • Wi-Fi Security theory
    • Alternative options to captive portals for your
    guest Wi-Fi networks

    3 Copyright © 2021 Ekahau


    Some Recent Stats About Security Breaches
    Cyber Security
    • Accessing corporate network through an IoT device
    • Cyber security crime is on the rise
    • From January to June this year, some 1.51 billion breaches
    of Internet of Things (IoT) devices took place, Kaspersky
    reported, an increase from 639 million in 2020

    4 Copyright © 2021 Ekahau


    Rogue Devices
    Potential Security Vulnerabilities
    • Default password
    • Outdated firmware
    • Some devices re-enable Wi-Fi radios after firmware update
    • Device monitoring
    • Impacts performance of Wi-Fi (CCI / ACI / Pri/Sec OBSS)

    5 Copyright © 2021 Ekahau


    6 Copyright © 2021 Ekahau
    Real World Examples
    With Ekahau Pro

    7 Copyright © 2021 Ekahau


    8 Copyright © 2021 Ekahau
    9 Copyright © 2021 Ekahau
    10 Copyright © 2021 Ekahau
    11 Copyright © 2021 Ekahau
    12 Copyright © 2021 Ekahau
    13 Copyright © 2021 Ekahau
    Custom Template Reporting
    Automatically report on these devices

    14 Copyright © 2021 Ekahau


    Custom Template Reporting
    The code you need…

    15 Copyright © 2021 Ekahau


    16 Copyright © 2021 Ekahau
    STEP 1 STEP 2 STEP 3

    Maintain Great Wi-Fi with Easy


    Performance Health Checks

    Don’t let a good network go


    Your wireless network needs monthly or quarterly bad. Visualize changes with
    Ekahau Connect and make an
    health checks to account for changes over time: optimization plan.

    • Troubleshoot proactively and spot interference issues


    before they become major outages
    • Identify and address network-impacting changes
    • Adding new employees or devices to the network
    • Onboarding more bandwidth-hungry applications
    • Making physical changes to office architecture,
    furnishings or even fluctuating inventory levels
    • Ekahau tools are so powerful and sophisticated that anyone
    can use them to collect data
    17 Copyright © 2021 Ekahau
    Webinar Poll

    How relevant is wireless cyber security in


    your role?
    A. Not relevant at all
    B. It is sometimes relevant
    C. It is of utmost importance in my role

    18 Copyright © 2021 Ekahau


    Webinar Poll

    When doing site surveys, do you actively


    look for security risks?
    A. Yes
    B. No

    19 Copyright © 2021 Ekahau


    Webinar Poll

    If yes, what are you looking for the most?

    A. Open wireless access points


    B. Rogue access points
    C. Unauthorized devices
    D. Anomalies in spectrum
    E. Something else

    20 Copyright © 2021 Ekahau


    Wi-Fi Security
    Theory

    21 Copyright © 2021 Ekahau


    Wi-Fi Security
    Encryption

    • Open – clear text


    • Wired Equivalent Protection (WEP) - crackable in seconds
    • Wi-Fi Protected Access (WPA1 / TKIP) – crackable in seconds, limited (54Mbps, 1SS)
    • Wi-Fi Protected Access 2 (WPA2 / AES) – still OK, PSK attackable offline
    • Wi-Fi Protected Access 3 (WPA3 / SAE) – best, PSK not attackable offline, MFP required, transition
    mode available
    • Enhanced Open – 4 ways handshake transparent to user, same experience as open but now traffic is
    encrypted; using Opportunistic Wireless Encryption (OWE) protocol

    22 Copyright © 2021 Ekahau


    Wi-Fi Security
    Authentication

    • Open – no authentication
    • Personal – password
    • PSK
    • MPSK
    • Enterprise (802.1X / EAP) – RADIUS
    • EAP-TLS
    • EAP-PEAP

    23 Copyright © 2021 Ekahau


    802.1X & EAP Diagram:
    Available later today on
    the webinar-on-demand
    page, and included in
    the thank you for
    attending E-mail.

    24 Copyright © 2021 Ekahau


    Guest Wi-Fi Networks
    Why Not Captive Portals Alternatives to Captive Portals

    • Support tickets • MPSK / IPSK / PPSK


    • Page not always loading • Open Roaming
    • Software updates can change • Enhanced Open
    behaviour
    • Open
    • No OTA protection for your guests
    • Random MAC address

    25 Copyright © 2021 Ekahau


    “OpenRoaming is a new way to connect your mobile devices to a Wi-
    Fi network – automatically. Say goodbye to finding and typing Wi-Fi
    passwords, and to disruptive pop-up screens you have to click
    through. With OpenRoaming, your mobile device can connect
    quickly, automatically, and securely to a trusted Wi-Fi network.”
    Source: Cisco

    26 Copyright © 2021 Ekahau


    27 Copyright © 2021 Ekahau
    10 Wi-Fi Security Ninjas Tips
    Best Practices
    1. Survey your space periodically
    2. Remove rogues that can compromise your network security - honeypots, unsecure SSIDs, etc.
    3. Remove interferers that affect your Wi-Fi performance – both Wi-Fi and non-WiFi
    4. Ideally, use encryption on all your WLANs
    5. Make devices’ onboarding secure & easy, not just secure
    6. Don’t use WEP/WPA/Open on WLANs carrying sensitive data
    7. Stick to strong encryption mechanisms like WPA2 or, ideally, WPA3 or OWE for networks with no authentication
    requirements
    8. Use authentication mechanisms that are suitable for your use case – EAP-TLS, MPSK or even open
    9. If you are currently using a PSK make sure rotate the PSK regularly (once per month / per quarter)
    10. Don’t write the PSK’s down on pieces of paper to be left laying around the office!
    11. Bonus Tip 1 (subject to clients’ support): use 802.11r on all .1X WLANs and 802.11k on all WLANs!
    12. Bonus Tip 2: Test 802.11v on all your important client devices – some devices do not like being told when to roam or
    may not event support 802.11v!
    28 Copyright © 2021 Ekahau
    Thanks! Questions?
    How to Buy?
    ekahau.com/how-to-buy
    Matt Starling
    Director, Ekahau University & Product
    Marketing Request a Demo
    @mattstarling ekahau.com/demo
    Mac Deryng
    Director, Ekahau University & Product Renew Support
    Marketing ekahau.com/renewal
    @macderyng
    Submit a Feature Request
    Ask us anything, ekahau.uservoice.com
    preferably Wi-Fi related ;)
    Training
    ekahau.com/training

    29 Copyright © 2021 Ekahau

    You might also like