Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

More documents

Recommendations

Info

Solution today: 802.1x Port-based access control mechanism defined by IEEE Works on anything, wired and wireless Access point must support 802.1x No special WIC requirements Allows choice of authentication methods using EAP Chosen by peers at authentication time Access point doesn’t care about EAP methods Manages keys automagically No need to preprogram WICs
Is 802.1x enough? No It does solve: Key discovery by changing keys often and using different keys for each client Rogue APs and man-in-the-middle attacks by performing mutual device authentication Unauthorized access by authenticating users and computers It does not solve: Packet and disassociation spoofing because 802.1x doesn’t use a keyed MIC
Page 1 and 2: Wireless LAN Security with 802.1x,
Page 3 and 4: Wired equivalent privacy
Page 5 and 6: Common attacks Bit-flipping (encryp
Page 7 and 8: More IV problems Say an AP constant
Page 9 and 10: Classes of attacks Authentication f
Page 11 and 12: WEP suckage Same key reused over an
Page 13: 802.1x
Page 17 and 18: 802.1x over 802.11 Supplicant Authe
Page 19 and 20: Before authentication Supplicant th
Page 21 and 22: 802.11/802.1x state machine Class 1
Page 23 and 24: Extensible authentication protocol
Page 25 and 26: Authentication methods EAP allows c
Page 27 and 28: Protected EAP (PEAP) Extension to E
Page 29 and 30: Note Do not configure IAS and XP fo
Page 31 and 32: Security requirements, again Mutual
Page 33 and 34: Windows PEAP authentication First p
Page 35 and 36: Our requirements so far Mutual devi
Page 37 and 38: Windows PEAP authentication First p
Page 39 and 40: Windows PEAP authentication Second
Page 41 and 42: Why use machine accounts? Domain lo
Page 43 and 44: Remaining vulnerabilities
Page 45 and 46: Bit-flipping attacks WEP doesn’t
Page 47 and 48: Solution: keyed IC Change behavior
Page 49 and 50: System requirements Client: Windows
Page 51 and 52: Access policy Policy condition NAS-
Page 53 and 54: Interoperability PEAP standards aut
Page 55 and 56: The future—long term IEEE is work
Page 57: © 2003 Microsoft Corporation. All

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP - Black Hat

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?