2. How do we make a buck with
802.11
Setup secured hot spots for client access.
Sales force that is constantly mobile.
Wireless internet service Provider.
Working with communities to offer free
WiFi.
Combining Office networks to share one
connection.
Implementation of sound security for
users. Consult and configure network
security.
2
3. 802.11 Offers
Roaming freedom
◦ No longer constrained to the office
◦ Smaller devices now have same function as
laptops and tablets
◦ Never have to worry about access to external
and internal network resources.
◦ Real Time Data Updates – Workers in the field
can receive information in real-time.
◦ High Speed Data Transmission – Very close to
LAN speeds and faster then Dial up.
3
5. Authentication and privacy
Goal: to prevent unauthorized access & eavesdropping
Realized by authentication service prior access
Open system authentication
◦ station wanting to authenticate sends authentication
management frame - receiving station sends back frame
for successful authentication
Shared key authentication (included in WEP*)
◦ Secret, shared key received by all stations by a separate,
802.11 independent channel
◦ Stations authenticate by a shared knowledge of the key
properties
WEP’s privacy (blocking out eavesdropping) is based on
ciphering:
5
*WEP: Wired Equivalent Privacy
6. 802.11 Wired Encryption Protocol
Part of 802.11 specification
Shared key – 40/104 bits
Initialization vector (IV) = 24 bits
Uses RC4 for encryption
WEP2 added, increases key length to 128 bits
http://i.msdn.microsoft.com/Aa503279.Native_802_11_wep(en-us,MSDN.10).gif
http://www.cs.wustl.edu/~jain/cse574-06/ftp/wireless_security/fig14.gif
6
7. 802.1x Access Control
• Designed as a general purpose network access control
mechanism
• Not Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch
port (for Ethernet)
• Authentication is done with the RADIUS server, which ”tells”
the access point whether access to controlled ports should be
allowed or not
• AP forces the user into an unauthorized state
• user send an EAP start message
• AP return an EAP message requesting the user’s identity
• Identity send by user is then forwared to the authentication server
by AP
• Authentication server authenticate user and return an accept or
reject message back to the AP
• If accept message is return, the AP changes the client’s state to
authorized and normal traffic flows
7
9. Wireless Protected Access
(WPA)
• WPA is a specification of standard based, interoperable
security enhancements that strongly increase the level of data
protection and access control for existing and future wireless
LAN system.
• User Authentication
• 802.1x
• EAP
• TKIP (Temporal Key Integrity Protocol) encryption
• RC4, dynamic encryption keys (session based)
• 48 bit IV
• per packet key mixing function
• Fixes all issues found from WEP
• Uses Message Integrity Code (MIC) Michael
• Ensures data integrity
9