Wireless LAN (network) security

© 2004, Cisco Systems, Inc. All rights reserved. 1

 Wireless security

• - Is the process of preventing unauthorized access or damage to

computers (damage data or damage application) using wireless network .
• - WLAN vulnerabilities:
• 1- Weak device – only authentication
• - Client device are authenticated , user aren’t authenticated
• 2- Weak data encryption
• 3- No message integrity

• WLAN threats
• 1- Unstructured threats :
• - It happened by hackers who aren’t technical , they use simple tools to
steal the passwords.

© 2004, Cisco Systems, Inc. All rights reserved. 2

WLAN threats

2- Unstructured threats:
- It happened by hackers who are more technical
- - They can know the network vulnerabilities then they can provide a
script or a code or a program to use it in accessing to the network.
- 3- External threats:
- - It may be happened by a person or organized group from the
outside of the network , they aren’t authorized to access to the
network.
• 4- Internal threats :
• - It happened by a person who is has the permission and authorized
to access to the network from the internal employees , he can
damage the network.

© 2004, Cisco Systems, Inc. All rights reserved. 3

 WLAN threats

Spy
-To gather information isn’t allowed to be known

-Access
- Unauthorized person access to the network ( doesn’t have any
account ), he can access by guessing the password or he know that the
password is weak.

-DOS (Denial Of Service)

-- Disable or corrupts wireless network.
-- The more danger and is difficult to prevent.

© 2004, Cisco Systems, Inc. All rights reserved. 4

The development of a good security
-1-Provide a process to audit existing wireless security.
-2- Provide a general frame work for implementing
security.
-3- Define behavior that is allowed and that isn’t allowed .
-4- Help determine which tools are needed for the
organization.
-5- Help communication among a group of key decision
makers and define responsibilities of users and
administrators.
-6- Define a process for handling wireless breaches.
-7- Create a basic for legal action.
© 2004, Cisco Systems, Inc. All rights reserved. 5
First generation wireless security

1- SSID – (Security Set Identifier) :

-Basic form of security.
1- to – 32 character (ASCII code)
-For clients and access points.

-Most of Access Points (APs) have options like:

-1- (SSID broadcast):

- It advertise the SSID , so it is easy to be known by any person
- This option is enabled by default , so for security must set to be
disabled .

-2- (Allow any SSID):

- Allow clients to access the wireless network with blank SSID , or with
any SSID .

© 2004, Cisco Systems, Inc. All rights reserved. 6

First generation wireless security

2 – MAC – based authentication

Each Access Point (AP) have a list of valid MAC – address ,or it being
saved on a centralized server , this can know which devices allowed to
access the network and prevent unauthorized devices by the MAC –
address .

- The problem in this way is that the MAC- addresses unencrypted , so

it is easy to be known.

© 2004, Cisco Systems, Inc. All rights reserved. 7

Authentication Process

• On a wired network, authentication is implicitly provided by the physical

cable from the PC to the switch.
• Authentication is the process to ensure that stations attempting to
associate with the network (AP) are allowed to do so.
• 802.11 specifies two types of authentication:
Open-system
Shared-key (makes use of WEP)
© 2004, Cisco Systems, Inc. All rights reserved. 8
 Authentication Type: Open System Authentication

• The following steps occur when two devices use Open System Authentication:
The station sends an authentication request to the access point.
The access point authenticates the station.
The station associates with the access point and joins the network.
• The process is illustrated below.

© 2004, Cisco Systems, Inc. All rights reserved. 9

Open Authentication and WEP

Associated but data

cannot be sent or
received, since it
cannot be
unencrypted.
There is no
verification of the
user or machine ,
tied to a WEP key
• In some configurations, a client can associate to the access point with an
incorrect WEP key or even no WEP key.
The AP must be configured to allow this (coming).
• A client with the wrong WEP key will be unable to send or receive data, since the
packet payload will be encrypted.
• Keep in mind that the header is not encrypted by WEP.
• Only the payload or data is encrypted.
© 2004, Cisco Systems, Inc. All rights reserved. 10
Two methods 802.11 standard defines for clients
to connect to an access point

2- Shared key authentication:

- Require the client and the access point to have the same WEP
key.
- Access Point (AP) using shared key authenticated send a
challenge text packet to the client .
- If client has the wrong key or no key , it will fail (client fail)

© 2004, Cisco Systems, Inc. All rights reserved. 11

Encryption

- WEP ( Wired Equivalent Privacy )

- IEEE 802.11 standard include WEP ( Wired Equivalent Privacy ) to
protect authorized user of WLAN from attack .
-Is a technology which encrypt the traffic on your network.
- When using WEP , both the wireless client and the access point must
have a matching WEP key.
WEP keys :
First scheme : Set of up to four default key are shared by all station ,
so when the keys are distributed over the stations , it is easy to be
known by unauthorized person .
-Second scheme :
- Each client establish a key mapping relationship with other station.
- This is more secure
© 2004, Cisco Systems, Inc. All rights reserved. 12
 Wi- Fi Protected Access (WPA)
-Wi- Fi Protected Access (WPA) More stronger than (WEP)
- WPA has two modes :
- 1- Personal :
- For small installation ( single password).

-2- Enterprise :
- For large installation ( username , password).

End- to – End Encryption

-Mean that all conversation is encrypted from your PC to the service or
the station you talking to.

-SSL ( Secure Socket Layer) – The most common , it makes private

conversation.
-SSH ( Secure Shell) - end – to – end method of encryption , make
the same job of telnet protocol put the connection is encrypted.
© 2004, Cisco Systems, Inc. All rights reserved. 13
 Wireless security protocols

-1- WPA2
- Version of the final 802.11i standard .
- Support EAP (Extensible Authentication Protocol) authentication
method .

-2- 802.1x
- IEEE standard for access of wireless and wired LANs , Provide
authentication and authorization of LAN nodes .
- Define (EAP) protocol which use central authentication server.

- 3- LEAP ( Light Weight Extensible Authentication Protocol )

- Based on 802.1x , help minimize the original security flaws by using
WEP .
- Also use MAC –address authentication.
© 2004, Cisco Systems, Inc. All rights reserved. 14
 Wireless security protocols

-4- PEAP ( Protected Extensible Authentication Protocol)

- Allow for a secure transport of data , password and encryption key
without the need of a certificate server .

-5- TKIP (Temporal Key Integrity Protocol)

- Provide a message integrity check .
- Part of IEEE 802.11i.

- 6- RADIUS (Remote Authentication Dial User and Service)

- Is AAA protocol ( Authentication , Authorization , and Accounting) .

© 2004, Cisco Systems, Inc. All rights reserved. 15