Home

Learn Wireless LAN Security - Hanoi University of Science and Technology - 1

HANOI UNIVERSITY OF SCIENCE AND TECHNOLOGY

FACULTY OF ELECTRONICS AND TELECOMMUNICATIONS

----------o0o----------



Maybe you are interested!


WIRELESS LAN SECURITY

WIRELESS LAN SECURITY


Instructor: NGUYEN TRUNG DUNG

Student: NGUYEN HUY BAC

Class: Topic 2B – K44


HANOI - 2004


Nguyen Huy Bac _ Electronics and Telecommunications_University of Science and Technology_Hanoi


INTRODUCTION 7

PART I 9

INTRODUCTION TO WIRELESS LAN 9

I. OVERVIEW OF WLAN 9

1. Overview 9

2. Technology used: 9

3. Target audience: 10

4. Installation location: 11

5. Application potential in Vietnam 11

II/ TECHNICAL SOLUTIONS 11

1. Overview 11

2. Features of WLAN 802.11 14

3. Channel access, CSMA/CA 18 multiple access mechanism

4. Modulation techniques 22

5. Access techniques: 26

6. Radio Engineering 27

7. Security issues 32

III/ TRANSMISSION SOLUTION TO HOTSPOT POINT USING XDSL-WAN 33

1. Transmission plan 33

IV/ CONNECTION MODEL FOR HOTSPOT 34

1. Techniques in Wireless hotspot model 34

2. Deployment model of Subscriber Gateway 35

3. Connection model of hotspots: 36

PART II 38

WIRELESS LAN SECURITY 38

I/ WEP, WIRED EQUIVALENT PRIVACY 38

1. Why Wep is chosen 40

2. Wep 40 key

3. SERVER manages centralized encryption keys 42

4. How to use Wep 43

II/ FILTER 45

1. Filter SSID 45

2. MAC address filtering 46

3. Circumventing MAC Filters 47

4. Protocol Filtering 48

III/ ATTACKS ON WLAN 49

1. Passive Attack 49

2. Active Attack 50

3. Squeeze attack 52

4. Attack by attracting 53

IV/ RECOMMENDED SECURITY SOLUTIONS 55

1. WEP 56 key management

2. Wireless VPNs 56

3. Jump key technique 58

4. Temporal Key Integrity Protocol (TKIP) 58

5. AES 58 based solutions

6. Wireless Gateways 59

7. 802.1x and open authentication protocol 59

V/ PRIVACY POLICY 61

1. Secure sensitive information 61

2. Physical security 62

3. WLAN equipment inventory and security audit 63

4. Use advanced security solutions 63

5. Public Wireless Network 63

6. Controlled and limited access 63

VI/ SECURITY RECOMMENDATIONS 64

1. Wep 64

2. Cell size 64

3. User authentication 65

4. Necessary security 66

5. Use additional security tools 66

6. Tracking unauthorized hardware 66

7. Switches or Hubs 66

8. Wireless DMZ 66

9. Update firmware and software 67

APPENDIX 68

TERMS USED 68

Locating a WLAN 70

Beacons: 70

Synchronization 70

Set of parameters of FH and DS: 70

SSID Information: 70

Endorsements and Links: 70

Open System Certification Process 71

Shared Key Authentication 72

Basic WLAN Devices 73

Access Point 73

Fixed and detachable antennas 75

75 Output Power Converter

Wireless Bridge 75

Wireless Bridge Group 77

WLAN Client Devices 78

PCMCIA & Compact Flash Cards 78

Wireless Ethernet & serial converter 78

USB Adapter 78

PCI & ISA Adapters 79

Wireless Residential Gateways 79

Enterprise Wireless Gateway 80

Basic Network Topologies in WLAN 81

Independent Basic Service Set (IBSS) 81

Basic Service Set (BSS) 81

Extended Service Set (ESS) 81

802.11 Frame Format [34 - 2344 bytes] 82

802.11 Frame Control Field [16 bits] 82

Reference book list 83


List of drawings

Figure 1: Role and position of Orchid 9

Figure 2: Network structure 10

Figure 3: Network scalability 12

Figure 4: Network access without wiring 12

Figure 5: Convenience in building networks in mountainous areas 13

Figure 6: At the place with basin terrain 13

Figure 7: Accessibility on the go 13

Figure 8: Access from home 14

Figure 9: Access from universities 14

Figure 10: Location of WLAN on the 7-layer model 15

Figure 11: Relationship between speed and coverage radius 17

Figure 12: Speed ​​and AP 17

Figure 13: A transmission process from A to B: 19

Figure 14: Hidden terminal 19

Figure 15: Terminal shows 20

Figure 16: Solving the hidden terminal problem 20

Figure 17: Solving the hidden terminal problem 21

Figure 18: Phase states of PSK 22

Figure 19: Modulated signal types 23

Figure 20: BPSK 23 modulation diagram

Figure 21: BPSK modulated signal 24

Figure 22: QPSK 24 modulator

Figure 23: Narrowband signal 27

Figure 24: Frequency hopping 28

Figure 25: Channels in FHSS 28

Figure 26: Spectrum spreading and compression process in DSSS 30

Figure 27: Arrangement of the number of channels in a 31 area

Figure 28: Frequency reuse capability of DSSS method 32

Figure 29: Transmission scheme 34

Figure 30: Gateway 36 Deployment Model

Figure 31: Hotspot connection model 36

Figure 32: Diagram of the encryption process using WEP 39

Figure 33: WEP decryption process diagram 39

Figure 34: Wep 41 key entry interface

Figure 35: WEP 42 multi-key support

Figure 36: Centralized encryption key management configuration 43

Figure 37: MAC address filtering 46

Figure 38: Protocol filtering 48

Figure 39: Passive attack 49

Figure 40: WEP 50 key retrieval process

Figure 41: Active attack. 51

Figure 42: Squeezing attack 52

Figure 43: Man-in-the-middle attacks 54

Figure 44: Before the attack 55

Figure 45: And after the attack 55

Figure 46: Wireless VPN 57

Figure 47: 802.1x-EAP authentication process 60

Figure 48: Wireless DeMilitarized Zone 67


INTRODUCTION


Wireless technology is a method of transmitting information from one point to another without using physical transmission lines, but using radio, Cell, infrared and satellite. Today's wireless networks originate from many stages of development. of radio communications, and applications of telegraphy and radio. Although some inventions appeared in the 1800s, the outstanding development was achieved in the era of electronics technology, and was greatly influenced by modern economics, as well as discoveries in the field of physics. Up to now, wireless networks have achieved significant developments. In some countries with developed information technology, wireless networks have really come into life. With just a laptop, PDA or any wireless network access device, you can access the network anywhere, at work, at home, on the street, in a cafe, on a plane, etc., anywhere within the coverage of WLAN. However, the support for public access, the variety of access means, simple, as well as complex, with many sizes, has brought headaches to administrators in the issue of security. How to integrate security measures into access means, while still ensuring conveniences such as compactness, cost, or still ensuring support for public access, etc.


In this little document we will have an overview of WLAN, its history, implementation standards, some technical features, inherent security methods and recommended solutions.


To complete this document, I would like to thank:


Mr. Nguyen Trung Dung , lecturer of Electronics and Telecommunications Department, Hanoi University of Science and Technology


Mr. Nguyen Dang Hung , Deputy Head of System Integration and Development Department, VDC Company


Mr. Le Minh Duc , Technical Manager, Saigonctt Center


has guided and helped me complete this document.


I would also like to thank my family and friends for their support and encouragement during the writing of this document.


This document is divided into two parts.


Part I: Introduction to WLAN Part II: WLAN Security

Part I presents an overview of Wlan, the technology used, standards, technical characteristics, and application capabilities in the Vietnamese market. This part also discusses multiple access, CSMA/CA, modulation techniques, multiple access techniques, FDMA, TDMA, and CDMA. This part also discusses spread spectrum, direct spread spectrum, and frequency hopping spread spectrum, and briefly introduces security methods.


Part II goes into detail about each security method, the methods that have been recognized as standard as well as the methods that are still under consideration. The risks of network security loss and the measures to overcome them. At the end of the part, some recommendations are given to the implementer, to overcome the inherent disadvantages of the security methods.


During the process, due to limited time and qualifications, and this is a fairly new technology in Vietnam, there are few opportunities to come into contact with actual equipment, so some errors are inevitable.


So we hope you will refer and contribute your comments to gradually complete this document.


For any comments or contributions, please contact: Nguyen Huy Bac, 0953.334337 or via email: bacnh@dts.com.vn.


Thank you very much!


Huy Bac, May 2004

Comment


Agree Privacy Policy *