Scribd
Upload
146 views52 pages

Key WLAN Security Features Explained

The document provides an overview of wireless security, covering WiFi basics, standards, components, and security features. It discusses various security protocols such as WEP, WPA, WPA2, and WPA3, highlighting their strengths and weaknesses. Additionally, it offers practical security tips and best practices for securing wireless networks against potential attacks.

Uploaded by

Murli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
146 views52 pages

Key WLAN Security Features Explained

The document provides an overview of wireless security, covering WiFi basics, standards, components, and security features. It discusses various security protocols such as WEP, WPA, WPA2, and WPA3, highlighting their strengths and weaknesses. Additionally, it offers practical security tips and best practices for securing wireless networks against potential attacks.

Uploaded by

Murli
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

WIRELESS SECURITY

1
Topics to be covered
• Wifi Basics
• WiFi Standards
• Component of wireless network
• Basic WLAN security features
• Security issue in wireless security
• Security Checkboxes
• Do’s and Don’t
Wifi Basics
• WiFi (Wireless Fidelity)->Wireless networks (commonly
referred as WLAN
• Developed on IEEE 802.11 standards
• Wireless networks include: Bluetooth, Infrared communication,
Radio Signal etc.
• Components used:
o Wireless Client Receiver
o Access Point
o Antennas
Wireless LAN Components
User Devices
PCs, Laptops and PDAs, however, are commonly equipped with wireless LAN connectivity because of their
portable nature. User devices might consist of specialized hardware as well.
NICs
A major part of a wireless LAN includes a radio NIC that operates within the computer device and provides
wireless connectivity. A wireless LAN radio NIC.
Access Points
An access point contains a radio card that communicates with individual user devices on the wireless LAN, as
well as a wired NIC that interfaces to a distribution system, such as Ethernet. System software within the
access point bridges together the wireless LAN and distribution sides of the access point
Extension to a wired network

(EXTENSION POINT)

(BROADBAND ROUTER)

(ACCESS POINT)
Multiple Access points

(ACCESS POINT-2)

(BROADBAND ROUTER)

(ACCESS POINT-1)
LAN -2-LAN

LAN-1 LAN-2
WiFi Standards:-

IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and
specifies the set of media access control (MAC) and physical layer (PHY) protocols for
implementing wireless local area network (WLAN) computer communication.

The standard and amendments provide the basis for wireless network products using the Wi-
Fi brand and are the world's most widely used wireless computer networking standards.

IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones,
and other devices to communicate with each other and access the Internet without connecting
wires

The standards are created and maintained by the Institute of Electrical and Electronics
Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802). The base version of the
standard was released in 1997 and has had subsequent amendments.
WiFi Standards:-
Basic WLAN security features
Early WLAN hardware used a number of basic security methods,
including:
•Service Set Identifiers (SSIDs) - these prevent connection to access
points unless a device uses a given identifier correctly.
•Media Access Control (MAC) - this involves using addresses
attached to each device to limit connection to access points
•Wired Equivalent Privacy (WEP) - WEP uses encryption keys so that
only devices with the correct key can communicate with access points

[Link]
How to check wlan adapter of laptop/computer
WEP(Wired Equivalence Privacy)

• The first encryption scheme made available for Wi-Fi.

• Uses 24 bit initialization vector for cipher stream RC4


for confidentiality

• CRC-32 bit checksum for integrity.

• Typically used by home users.

• Uses 64,128 bit


WEP Working
KEY RC4
STORE WEP Key IV CIPHER KEYSTREAM

XOR
CRC 32 DATA ICV ALGO.
CHECKSUM

IV PAD KID CIPHERTEXT

WEP ENCRYPTED
PACKET(MAC FRAME)
WPA (Wi-Fi Protected Access)
• WPA is based on the RC4 cipher(Rivest Cipher 4) like its
predecessor WEP, only it uses TKIP (temporal key
integrity protocol) to boost wireless security.
• This includes, Using 256-bit keys to reduce keys being
reused
• Generating a unique key for a packet by key mixing per
packet.
• Automatically broadcasting updated keys and usage
• Integrity checks of the system
WPA Working
Temporary KEY WEP RC4
Encryption CIPHER KEYSTREAM
MIXING SEED
key

CIPHER TEXT

( PACKET TO BE TRANSMITTED )

MSDU
MICHAELS
MPDU ICV
ALGORITHM MSDU + MIC KEY
MIC
WPA2 (Wi-Fi Protected Access2)

• The replacement for WPA, the IEEE released WPA2 in


2004.
• Replacing TKIP and the RC4 cipher with stronger
authentication and encryption mechanism CCMP (Cipher
Block Chaining Message Authentication Code Protocol)
and AES (Advanced Encryption Standard).
• CCMP prevents everyone except for authorized users to
receive data by using cipher block chaining. This helps to
ensure the integrity of the message.
• (If your device cannot support CCMP, the security algorithm is still compatible with TKIP. This helps to ensure that
WPA2 is compatible with all devices and wireless networks.)
WPA2
• Long Term Solution (802.11)
• Stronger Data protection & Network access control
• Used CCMP
– Based on AES
• Hardware changes required

Types
1. Personal Pre Shared Key
2. Enterprise 802.1x + RADIUS
Security breaching sequence

Find the network

Study its traffic

Study Security
mechanisms

ATTACK!!!!!!!!
(i.e. Decrypt the
packets)
Breaking WPA/WPA2
• Dictionary Attacks(Not so successful, but yeah some time…)
• Brute Force(tools like: Kismac, Aireplay etc)
DOS

BEFORE ATTACK
Access point is busy handling attackers request

AFTER ATTACK
WiFi JAMMING….
WiFi JAMMING….
Fake Access Points

SSID: XYZ Bank


Fake Access Points

SSID: XYZ Bank


Defense against WPA / WPA2 attacks

• Extremely Complicated keys can help


• Passphrase should not one from dictionary, so use uncommon-senseless
words.
• Key should be more than 20 chars with combination of special chars,
numbers, alphabets. Change them at regular intervals.
#eY,t#!$c@/\/_B-gUd0n3?@$sW0rD
WPA3
WPA3
The first new feature of WPA3 is a new handshake that
is designed to prevent dictionary attacks on pre-shared
key security modes.

WPA3 uses the Dragonfly Key Exchange system so it is


resistant to dictionary attacks.
WPA3

The second feature is designed to provide a simple


way for public and guest WLANs to be encrypted and
secure without the need for a personal VPN.

A “new” encryption, Opportunistic Wireless Encryption (OWE), is based


on RFC8110. Without a pre-configured password, client devices and access points
will be able to create a one-time use Pairwise Master Key (PMK), replacing the
most common current use of “Open” wireless security.
WPA3

The third feature is optional and designed to secure


IoT devices, most of which have limited or no display
interface. The new Device Provisioning Protocol will
provide a simple and secure way to add these devices
to a Wi-Fi network.
WPA3
The fourth feature is an optional 192-bit security suite. This
is a cryptographic strength enhancement.

The feature is aligned with the Commercial National Security


Algorithm (CNSA) Suite and designed to maintain data
integrity on networks requiring the highest security, even in a
post-quantum computer era
Security Checkboxes
1. WPA instead of WEP
2. WPA2,WPA3 implementation
3. Place AP at secured location.
4. Specify allowable mac addresses.
5. Centralized authentication & Update Drivers regularly.
6. Changing default SSID after Configuring WLAN
7. Firewall policies & Router access Password
8. Use a long password for network authentication.
9. Static IP addressing
DO’S AND DON’T:-

1. Change the name of your default home network.(SSID)


2. Make sure you set a strong and unique password to secure your wireless network
3. Increase your Wi-Fi security by activating network encryption (AES)
4. Turn off the wireless home network when you’re not at home
5. Place the wireless router as close as possible to the middle of your house
6. Use a strong network administrator password to increase Wi-Fi security
7. Change your default IP address on the Wireless router
8. Turn off the DHCP functionality on the router.
9. Always keep your router’s software up-to-date
10. A firewall can help secure your Wi-fi network
11. Use a wireless intrusion prevention system(IPS)
12. Reduce the Tx power if use within a small room/area
DO’S AND DON’T:-

1. Don't access personal bank accounts, or sensitive personal data, on unsecured public networks.
2. Don't leave your laptop, tablet, or smartphone unattended in a public place.
3. Don't shop online when using public Wi-Fi.
4. Avoid checking ‘Keep me logged in’ or ‘Remember me’ options on websites, especially on public computers.
5. Never use your official email address for social media sites.
6. Never respond to pop-up ads that may come up on your screen. Close such pop-ups from the task manager;
press Alt+Ctrl+Delete.
7. Don’t allow your device to auto-connect to a WiFi network.
8. Turn off file sharing functions
9. Use browser incognito mode.
10. DON'T Forget to Log Out
Thank You

You might also like