Wireless Security.pdf - PDF Archive

More documents

Recommendations

Info

$C:\Documents and Settings\dave\Desktop\Godel, Escher, Bach ...$

556 Chapter 21 ● 802.1X. Provides for a method of port-based authentication to LAN ports in a switched network environment. These two services are used in combination with other security mechanisms, such as those provided by the Extensible Authentication Protocol (EAP), to further enhance the protection of wireless networks. Like MAC filtering, 802.1X is implemented at layer 2 of the Open System Interconnection (OSI) model: it will prevent communication on the network using higher layers of the OSI model if authentication fails at the MAC layer. However, unlike MAC filtering, 802.1X is very secure as it relies on mechanisms that are much harder to compromise than MAC address filters, which can be easily compromised through spoofed MAC addresses. Although a number of vendors implement their own RADIUS servers, security mechanisms, and protocols for securing networks through 802.1X, such as Cisco’s LEAP and Funk Software’s EAP-TTLS, this section will focus on implementing 802.1X on a Microsoft network using Internet Authentication Services (IAS) and Microsoft’s Certificate Services. Keep in mind, however, that wireless security standards are a moving target, and standards other than those discussed here, such as the PEAP, are being developed and might be available now or in the near future. 21.6.1 Microsoft RADIUS Servers Microsoft’s IAS provides a standards-based RADIUS server and can be installed as an optional component on Microsoft Windows 2000 and Net servers. Originally designed to provide a means to centralize the authentication, authorization, and accounting for dial-in users, RADIUS servers are now used to provide these services for other types of network access, including VPNs, port-based authentication on switches, and, importantly, wireless network access. IAS can be deployed within Active Directory to use the Active Directory database to centrally manage the login process for users connecting over a variety of network types. Moreover, multiple RADIUS servers can be installed and configured so that secondary RADIUS servers will automatically be used in case the primary RADIUS server fails, thus providing fault tolerance for the RADIUS infrastructure. Although RADIUS is not required to support the 802.1X standard, it is a preferred method for providing the authentication and authorization of users and devices attempting to connect to devices that use 802.1X for access control. www.newnespress.com
Implementing Advanced <strong>Wireless</strong> <strong>Security</strong> 557 21.6.2 The 802.1X Standard The 802.1X standard was developed to provide a means of restricting port-based Ethernet network access to valid users and devices. When a computer attempts to connect to a port on a network device, such as switch, it must be successfully authenticated before it can communicate on the network using the port. In other words, communication on the network is impossible without an initial successful authentication. 21.6.2.1 802.1X Authentication Ports Two types of ports are defined for 802.1X authentication: authenticator or supplicant. The supplicant is the port requesting network access. The authenticator is the port that allows or denies access for network access. However, the authenticator does not perform the actual authentication of the supplicant requesting access. The authentication of the supplicant is performed by a separate authentication service, located on a separate server or built into the device itself, on behalf of the authenticator. If the authenticating server successfully authenticates the supplicant, it will communicate the fact to the authenticator, which will subsequently allow access. An 802.1X-compliant device has two logical ports associated with the physical port: an uncontrolled port and a controlled port. Because the supplicant must initially communicate with the authenticator to make an authentication request, an 802.1X-compliant device will make use of a logical uncontrolled port over which this request can be made. Using the uncontrolled port, the authenticator will forward the authentication request to the authentication service. If the request is successful, the authenticator will allow communication on the LAN via the logical controlled port. 21.6.2.2 The Extensible Authentication Protocol EAP is used to pass authentication requests between the supplicant and a RADIUS server via the authenticator. EAP provides a way to use different authentication types in addition to the standard authentication mechanisms provided by the Point-to-Point Protocol (PPP). Using EAR stronger authentication types can be implemented within PPP, such as those that use public keys in conjunction with smart cards. In Windows, there is support for two EAP types: ● EAP MD-5 CHAP. Allows for authentication based on a username/password combination. There are a number of disadvantages associated with using EAP MD-5 CHAP. First, even though it uses one-way hashes in combination www.newnespress.com
Page 2 and 3:
Newnes is an imprint of Elsevier 30
Page 4 and 5:
vi Contents 4.8 Diversity Technique
Page 6 and 7:
viii Contents Chapter 13: Managing
Page 8 and 9:
x Contents 20.8 Summary ...........
Page 10 and 11:
About the Authors Steven Arms (Chap
Page 12 and 13:
About the Authors xv Timothy Stapko
Page 14 and 15:
Part 1 Wireless Technology
Page 16:
4 Chapter 1 Probably the most promi
Page 21:
Wireless Fundamentals 9 standards a
Page 24 and 25:
12 Chapter 1 classroom, provided th
Page 26 and 27:
14 Chapter 1 for multimedia applica
Page 28 and 29:
16 Chapter 1 is installed on their
Page 30 and 31:
18 Chapter 1 ● Switching off the
Page 32 and 33:
20 Chapter 1 Power Consumption The
Page 34:
22 Chapter 2 Table 2.1 : The seven
Page 37 and 38:
Wireless Network Logical Architectu
Page 39 and 40:
Page 41 and 42:
Page 44 and 45:
32 Chapter 2 Layer 2 Data link laye
Page 47 and 48:
Page 49:
Page 52 and 53:
40 Chapter 2 guidelines for impleme
Page 56 and 57:
44 Chapter 2 while asynchronous tra
Page 58:
46 Chapter 2 networks running other
Page 68 and 69:
56 Chapter 3 3.3.2 Access Points Th
Page 71 and 72:
Wireless Network Physical Architect
Page 75 and 76:
Page 81 and 82:
Page 83 and 84:
Page 85:
Table 3.9 : Wireless MAN devices an
Page 88 and 89:
CHAPTER 4 Radio Communication Basic
Page 90 and 91:
Radio Communication Basics 79 In th
Page 92:
Radio Communication Basics 81 Also
Page 95 and 96:
84 Chapter 4 sight, diffraction gai
Page 97 and 98:
86 Chapter 4 40 Path gain vs. Dista
Page 99 and 100:
88 Chapter 4 environment, we distin
Page 101 and 102:
90 Chapter 4 100 10 Percent error 1
Page 103 and 104:
92 Chapter 4 It isn’t necessary t
Page 105 and 106:
94 Chapter 4 Thus, a minimum of cir
Page 107 and 108:
Urban 96 Chapter 4 Noise and its so
Page 110 and 111:
Radio Communication Basics 99 1 0 1
Page 112 and 113:
Radio Communication Basics 101 Tabl
Page 114 and 115:
Radio Communication Basics 103 As l
Page 116 and 117:
Radio Communication Basics 105 ●
Page 118 and 119:
Radio Communication Basics 107 Thes
Page 120 and 121:
Radio Communication Basics 109 cons
Page 122 and 123:
Radio Communication Basics 111 Prea
Page 124 and 125:
Radio Communication Basics 113 thes
Page 126 and 127:
Radio Communication Basics 115 maxi
Page 128 and 129:
Radio Communication Basics 117 Phas
Page 130 and 131:
Radio Communication Basics 119 Sign
Page 132 and 133:
Radio Communication Basics 121 freq
Page 134 and 135:
Radio Communication Basics 123 Mixe
Page 136 and 137:
Radio Communication Basics 125 show
Page 138 and 139:
Radio Communication Basics 127 4.10
Page 140 and 141:
Radio Communication Basics 129 In c
Page 142 and 143:
Radio Communication Basics 131 Freq
Page 144 and 145:
Radio Communication Basics 133 Ther
Page 146 and 147:
Radio Communication Basics 135 4.11
Page 148 and 149:
CHAPTER 5 Infrared Communication Ba
Page 150:
Infrared Communication Basics 139 R
Page 154 and 155:
CHAPTER 6 Wireless LAN Standards St
Page 156:
Wireless LAN Standards 145 Standard
Page 162 and 163:
Wireless LAN Standards 151 In passi
Page 164 and 165:
Wireless LAN Standards 153 6.3 802.
Page 166 and 167:
Wireless LAN Standards 155 Modulati
Page 168 and 169:
Wireless LAN Standards 157 Table 6.
Page 170:
Wireless LAN Standards 159 short da
Page 174 and 175:
Wireless LAN Standards 163 6.4.2 Sp
Page 176 and 177:
Wireless LAN Standards 165 Table 6.
Page 178 and 179:
Wireless LAN Standards 167 6.4.3.2
Page 180:
Wireless LAN Standards 169 Modulati
Page 184 and 185:
Wireless LAN Standards 173 formed i
Page 186 and 187:
CHAPTER 7 Wireless Sensor Networks
Page 188 and 189:
Wireless Sensor Networks 177 wirele
Page 190:
Wireless Sensor Networks 179 Figure
Page 193:
182 Chapter 7 It is expected that o
Page 196 and 197:
Wireless Sensor Networks 185 Additi
Page 198 and 199:
Wireless Sensor Networks 187 a trai
Page 200 and 201:
Wireless Sensor Networks 189 7. Mor
Page 202 and 203:
CHAPTER 8 Attacks and Risks John Ri
Page 204 and 205:
Attacks and Risks 195 In addition t
Page 206 and 207:
Attacks and Risks 197 total complai
Page 208 and 209:
Attacks and Risks 199 attributed to
Page 210 and 211:
Attacks and Risks 201 3. receives,
Page 212 and 213:
Attacks and Risks 203 undetected an
Page 214 and 215:
Attacks and Risks 205 Step 3 : Iden
Page 216 and 217:
Attacks and Risks 207 14. U.S. Depa
Page 218 and 219:
210 Chapter 9 9.1 What Is Security?
Page 220 and 221:
212 Chapter 9 Alice (manager) Bob (
Page 222:
214 Chapter 9 the security policy s
Page 226 and 227:
218 Chapter 9 Figure 9.4 : Enigma M
Page 231 and 232:
Security Defined 223 form of authen
Page 235 and 236:
Security Defined 227 to provide sec
Page 238:
230 Chapter 9 key hidden from the p
Page 241 and 242:
234 Chapter 10 Before we get starte
Page 243 and 244:
236 Chapter 10 cryptography, using
Page 245 and 246:
238 Chapter 10 A lot of cryptograph
Page 247 and 248:
240 Chapter 10 suspicious involveme
Page 249 and 250:
242 Chapter 10 to ensure that the p
Page 251 and 252:
244 Chapter 10 that we may discover
Page 253 and 254:
246 Chapter 10 10.5.1 SSH Sharing m
Page 256 and 257:
Standardizing Security 249 is estab
Page 258 and 259:
252 Chapter 11 was an internal proj
Page 260:
254 Chapter 11 authentication, so j
Page 264:
258 Chapter 11 SSL Session record H
Page 268:
262 Chapter 11 The client uses the
Page 274 and 275:
268 Chapter 11 11.6 SSL in Practice
Page 276 and 277:
270 Chapter 12 at some specific alg
Page 278 and 279:
272 Chapter 12 ● ● ● ● ●
Page 280 and 281:
274 Chapter 12 The reason the mecha
Page 282 and 283:
276 Chapter 12 // Finally, finalize
Page 284 and 285:
278 Chapter 12 technology for at le
Page 286 and 287:
280 Chapter 12 asymmetric) are much
Page 288 and 289:
282 Chapter 12 and time. Once they
Page 290 and 291:
284 Chapter 12 optimizations we wil
Page 292 and 293:
286 Chapter 12 The trick works beca
Page 294:
288 Chapter 12 The other common sym
Page 297 and 298:
Cryptography 291 in RSA is less sim
Page 299 and 300:
CHAPTER 13 Managing Access John Rit
Page 301 and 302:
Managing Access 295 13.1.3.2 Accoun
Page 303 and 304:
Managing Access 297 of the session
Page 305 and 306:
Managing Access 299 process of look
Page 307 and 308:
Managing Access 301 3. Deterrent, t
Page 309 and 310:
Managing Access 303 administration
Page 311 and 312:
Managing Access 305 Example of Elem
Page 313 and 314:
Managing Access 307 the system bein
Page 315 and 316:
Managing Access 309 13.2 Password M
Page 317 and 318:
Managing Access 311 13.2.4 Password
Page 319 and 320:
Managing Access 313 password is “
Page 321 and 322:
Managing Access 315 2. U.S. Departm
Page 323 and 324:
318 Chapter 14 The new legislation
Page 325 and 326:
320 Chapter 14 of law enforcement a
Page 327 and 328:
322 Chapter 14 Title IX, “ Improv
Page 329 and 330:
324 Chapter 14 14.5.2 Obtaining Voi
Page 331 and 332:
326 Chapter 14 [6] one applying to
Page 333 and 334:
328 Chapter 14 computer networks; (
Page 335 and 336:
330 Chapter 14 14.5.10 Deterrence a
Page 337 and 338:
332 Chapter 14 now aggregate “ lo
Page 339 and 340:
334 Chapter 14 computer forensic la
Page 341 and 342:
336 Chapter 14 7. Known as the wire
Page 343 and 344:
338 Chapter 15 and share enumerator
Page 345 and 346:
340 Chapter 15 Because this individ
Page 347 and 348:
342 Chapter 15 so on. Most of the s
Page 349 and 350:
344 Chapter 15 15.4.1.4 AiroPeek NX
Page 351 and 352:
346 Chapter 15 modify its content (
Page 353 and 354:
348 Chapter 15 this data, the hacke
Page 355 and 356:
350 Chapter 15 requesting access wi
Page 357 and 358:
352 Chapter 15 corporate network fr
Page 359 and 360:
354 Chapter 15 computer, especially
Page 361 and 362:
356 Chapter 15 pigtail cables and v
Page 363 and 364:
358 Chapter 15 One might think it w
Page 365 and 366:
360 Chapter 15 Few WLAN discovery t
Page 367 and 368:
CHAPTER 16 Security Policy George L
Page 369 and 370:
Security Policy 365 Define a policy
Page 371 and 372:
Part 3 Wireless Network Security
Page 374 and 375:
Security in Traditional Wireless Ne
Page 377 and 378:
374 Chapter 17 network. On the othe
Page 379 and 380:
376 Chapter 17 Ki (128 bit), RAND (
Page 381 and 382:
378 Chapter 17 protection. The abse
Page 383 and 384:
380 Chapter 17 SRES to these challe
Page 386:
Security in Traditional Wireless Ne
Page 389 and 390:
386 Chapter 17 From a client’s (M
Page 391 and 392:
388 Chapter 17 17.4.3 Authenticatio
Page 393 and 394:
390 Chapter 17 Generate SQN Generat
Page 395 and 396:
392 Chapter 17 Count-c Direction Co
Page 397 and 398:
394 Chapter 17 Count-i Direction Co
Page 399 and 400:
396 Chapter 17 MS SRNC VLR/SGSN 1.
Page 401:
398 Chapter 17 provide confidential
Page 405 and 406:
CHAPTER 18 Wireless LAN Security Pr
Page 407 and 408:
Wireless LAN Security 405 retrospec
Page 410 and 411:
408 Chapter 18 the former case, it
Page 412:
410 Chapter 18 1 2 3 4 Station Acce
Page 415 and 416:
Wireless LAN Security 413 18.4.5 Ps
Page 417 and 418:
Wireless LAN Security 415 RC4 encry
Page 419 and 420:
Wireless LAN Security 417 key-strea
Page 421 and 422:
Wireless LAN Security 419 Frame hea
Page 423 and 424:
Wireless LAN Security 421 with (or
Page 425 and 426:
Wireless LAN Security 423 The Wi-Fi
Page 427 and 428:
Wireless LAN Security 425 WEP WPA (
Page 429 and 430:
Wireless LAN Security 427 TSC/IV hi
Page 434 and 435:
432 Chapter 18 a common theme in mo
Page 436:
434 Chapter 18 Therefore, TKIP uses
Page 439 and 440:
Wireless LAN Security 437 designing
Page 441:
Wireless LAN Security 439 To summar
Page 445 and 446:
Wireless LAN Security 443 more than
Page 447:
CHAPTER 19 Security in Wireless Ad
Page 450 and 451:
448 Chapter 19 ● ● ● ● Conc
Page 454 and 455:
452 Chapter 19 is optional. However
Page 456 and 457:
454 Chapter 19 HigherLayer_KeyEst.
Page 458 and 459:
456 Chapter 19 Device A: Verifier D
Page 460 and 461:
458 Chapter 19 The process of gener
Page 462 and 463:
460 Chapter 19 less than 128 bits.
Page 464 and 465:
462 Chapter 19 identity it is clami
Page 466 and 467:
464 Chapter 19 Device A: Master Dev
Page 468 and 469:
466 Chapter 19 Initialize key strea
Page 470 and 471:
468 Chapter 20 Figure 20.1 : The Li
Page 472 and 473:
470 Chapter 20 Figure 20.3 : The ad
Page 474 and 475:
472 Chapter 20 Figure 20.6 : The WE
Page 479 and 480:
Implementing Basic Wireless Securit
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
Page 491 and 492:
Page 493 and 494:
Page 495 and 496:
Page 497 and 498:
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
Page 505 and 506:
CHAPTER 21 Implementing Advanced Wi
Page 507 and 508: Implementing Advanced Wireless Secu
Page 557: Implementing Advanced Wireless Secu
Page 585 and 586: Part 4 Other Wireless Technology
Page 587 and 588: 586 Chapter 22 22.2 The Basics of W
Page 589 and 590: 588 Chapter 22 coming in a distant
Page 591 and 592: 590 Chapter 22 Figure 22.1 : The Ad
Page 593 and 594: 592 Chapter 22 Figure 22.2 : Config
Page 595 and 596: 594 Chapter 22 security as long as
Page 597 and 598: 596 Chapter 22 you protect these fi
Page 599 and 600: 598 Chapter 22 22.4.3 Use Encryptio
Page 601 and 602: 600 Chapter 22 22.6 Additional Reso
Page 603: 602 Chapter 23 by modern networked
Page 606 and 607: Wireless Embedded System Security 6
Page 608 and 609:
Wireless Embedded System Security 6
Page 610 and 611:
Page 614 and 615:
Page 616 and 617:
CHAPTER 24 RFID Security Frank Thor
Page 618 and 619:
RFID Security 617 encryption in 197
Page 620 and 621:
RFID Security 619 Figure 24.2 : RFI
Page 622 and 623:
RFID Security 621 Figure 24.3 : Two
Page 624:
RFID Security 623 24.5.1 Tag/Label
Page 627 and 628:
626 Chapter 24 The reader retrieves
Page 630 and 631:
RFID Security 629 Table 24.2 : RFID
Page 632 and 633:
RFID Security 631 Figure 24.7 : Fak
Page 634 and 635:
RFID Security 633 ExxonMobil has ex
Page 636 and 637:
RFID Security 635 database was not
Page 638 and 639:
RFID Security 637 can obtain a dram
Page 640 and 641:
RFID Security 639 At any point in t
Page 642 and 643:
RFID Security 641 lost? Will it be
Page 644 and 645:
RFID Security 643 possibility of St
Page 646 and 647:
RFID Security 645 building and to e
Page 648 and 649:
RFID Security 647 If we make three
Page 650 and 651:
APPENDIX A Wireless Policy Essentia
Page 652 and 653:
Wireless Policy Essentials 651 netw
Page 654 and 655:
Wireless Policy Essentials 653 Ins
Page 656 and 657:
Wireless Policy Essentials 655 ●
Page 658 and 659:
Wireless Policy Essentials 657 prop
Page 660 and 661:
Page 662 and 663:
Wireless Policy Essentials 661 wher
Page 664 and 665:
Wireless Policy Essentials 663 appr
Page 666 and 667:
Wireless Policy Essentials 665 Netw
Page 668 and 669:
Wireless Policy Essentials 667 3. C
Page 670 and 671:
Wireless Policy Essentials 669 14.
Page 672 and 673:
Wireless Policy Essentials 671 3. D
Page 674 and 675:
Wireless Policy Essentials 673 3.0
Page 676 and 677:
Wireless Policy Essentials 675 been
Page 678 and 679:
Wireless Policy Essentials 677 and
Page 680 and 681:
Wireless Policy Essentials 679 comp
Page 682 and 683:
Wireless Policy Essentials 681 appr
Page 684 and 685:
Page 686 and 687:
Page 688 and 689:
Page 690 and 691:
Page 692 and 693:
Page 694 and 695:
Page 696 and 697:
Page 698 and 699:
Wireless Policy Essentials 697 The
Page 700 and 701:
Page 702 and 703:
APPENDIX B Glossary Tony Bradley Ac
Page 704 and 705:
Glossary 703 Broadband: Technically
Page 706 and 707:
Glossary 705 Encryption: Encryption
Page 708 and 709:
Glossary 707 to “ chat ” in rea
Page 710 and 711:
Glossary 709 NAT: Network Address T
Page 712 and 713:
Glossary 711 French and one German,
Page 714 and 715:
Glossary 713 Trojan: A Trojan horse
Page 716 and 717:
716 Index Access control (continued
Page 718 and 719:
718 Index Cyberterrorism, deterrenc
Page 720 and 721:
720 Index Linksys WRV54G VPN broadb
Page 722 and 723:
722 Index Secure Sockets Layer (SSS
Page 724 and 725:
724 Index Wireless embedded system
Page 726:
726 Index Wireless security impleme
show all

Wireless Security.pdf - PDF Archive

Create successful ePaper yourself

Delete template?

Save as template?