Wireless network security Lt. Robert Drmola, University of defence, Communication and information...
-
Upload
jaquelin-tweedy -
Category
Documents
-
view
212 -
download
0
Transcript of Wireless network security Lt. Robert Drmola, University of defence, Communication and information...
Wireless network security
Lt. Robert Drmola, University of defence, Communication and information system department
Content
Home and corporal networks comparison Data protection Protection methods WLAN standards comparison Conclusion
Home versus organizations networks WiFi – phenomenon of Czech republic
(Internet providers policy) Urgency of protection also small office and
home networks It has got advantages for hackers Big organizations usually uses better access
methods
Reasons for wireless security
Computer criminality Activities masking Industrial espionage Unauthorization access Connectivity to internet
Organizations data protection 38% scans company network for unauthorized
access points 22% instruct employees about wireless
network problems 57% set up network policy 33% without protection !!!!!
Company data protection
Unauthorized (black) access point
Company data protection
Ad-Hoc networks
Basic methods
MAC filter activation SSID change Change of defaults parameters
IP Admin password Default cryptography keys
Argue out of 20% of attackers
Advanced methods
WEP activation – Not so strong but better than nothing
WPA, WPA2 activation Radius server activation
Alternative for SOHO networks (WPA-PSK)
Corporal networks
WLAN protection on commercial and organizations level
User authentization:
No authentization of devices but users – guard against
stolen devices or device simulations
Corporal networks
WLAN protection on commercial and organizations level
System interdependence:
protect against unauthorized access points. Not only the client to network but also the network to client authorization.
Corporal networks
WLAN protection on commercial and organizations level
Centralized management:
All information about users, devices, access points are saved centrally. Easy for admins to change information but hard to attackers
Corporal networks
WLAN protection on commercial and organizations level
Dynamical encryption keys:
Different keys for every session and for every device and user.
Security standards comparison
Secu
rity
level
Open network
WEP
WPA-PSKWPA2-PSK
WPA2-802.1xWPA2-802.1x IPSec - VPN
Security standards for WLAN
Authentization/Encryption Corporal networks SOHO networks
Open network ---- / ---- unsuitable unsuitable
WEP Practically none/WEP unsuitable Very bad
WPA-PSK PSK/WEP-TKIP Very badVery good (quality-price
ratio)
WPA2-PSK PSK/AES-CCMP Bad Ideal solution
WPA-802.1x 802.1x/WEP-TKIP Good solutionUnsuitable because of the
price and hard implementation
WPA2-802.1x 802.1x/AES-CCMPIdeal solution for big
networks
Unsuitable because of the price and hard
implementation
Idea and conclusion
WLAN protection:
Nowadays is possible to solve WLAN security can be personalized for every
kind of running Solve encryption only in radio parts (IPSec,
VPN)
Conclusion
Security isn’t something what we can buy in box in our shop. It is unremitting fight between security experts and hackeres, which try to increase security level of our world. It requires persistent comparisons, tests and implementations. Unfortunately it can not be said: “Now - we protected our network and we can not solve this problem in future.”
Thank you for your attention
Lt. Robert Drmola, University of defence, Communication and information systems department