Certified Wireless Security Professional (CWSP)
Course 01 - WLAN Security Overview
Slide 1
Course 01WLAN Security Overview
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 2
Course Overview
• Where We Came From
• Standards Organizations
• ISO and the OSI
• ISOC Hierarchy
• Wi-Fi Alliance Standards
• 802.11 Networking Basics
• Connection Types
• 802.11 Security Basics
• Data Privacy
• AAA
• Segmentation
• Monitoring
• Policy
• 802.11i and WPA
• RSN
• Future of 802.11 Security
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 3
Where We Came From
• 802.11 - 2007 defined a WLAN• We’ve always had security requirements for wired
networks• The past security mechanisms have left a bad taste for
WLANs• Now much more secure
• Very easy to implement
• Some of the mechanisms we’ll see• Encryption• Authentication• Authorization• Use of VLANs
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 4
Standards Organizations
• ISO: International Standards Organization• Created the OSI Model
• IEEE: Institute of Electrical and Electronics Engineers• Creates the standards for compatibility and coexistence
between networking equipment, not just wired but also wireless
• IETF: Internet Engineering Task Force• Creates the internet standards as they integrate into
wireless and wired networks
• Wi-Fi Alliance• Performs certifications testing
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 5
ISO and the OSI
• Layer 7 – Application
• Layer 6 – Presentation
• Layer 5 – Session
• Layer 4 – Transport
• Layer 3 – Network
• Layer 2 – Data-link
• Layer 1 – Physical
• 802.11 – 2007 defines what happens at layers 1 & 2
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 6
ISOC Hierarchy
ISOC Internet Society
IAB Internet Architecture Board
ICANN Internet Corporation for Assigned Names and
Numbers
IESG Internet Engineering Steering Group
IRTF Internet Research Task Force
IETF
Applications
Internet
Real-Time Apps
Security
General
Ops and MGMT
Routing
Transport
RFCs
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 7
Wi-Fi Alliance Standards
• 802.11 a, b, g, n, ac
• 802.11 WPA (WPA2)
• 802.11 Protected Access
• 802.11 Multimedia (WMM)
• 802.11 Power Save (WMM-PS)
• CWG-RF-Multimedia (Converged Wireless Group-RF Profile)
• Voice Personal - Application
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 8
802.11 Networking Basics
• 802.11 standards are based on the OSI layer 1 & 2• You should know how wireless works
• At the basics
• At both layers
• Understand the Layers• Core
• Distribution
• Access
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 9
Connection Types
• Point-to-Point
• Point-to-Multipoint• This is how most Wi-Fi connections are setup
• WLAN Controllers
• Authentication Points
• Anonymous Access
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 10
802.11 Security Basics
• There are 5 major components for security 802.11• Data Privacy• AAA• Segmentation• Monitoring• Policy
• There are other security devices that can be used such as• WIDS• Rogue Detection
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 11
Data Privacy
• Data communications is done over RF• Anyone close enough with a radio can intercept
• Encryption should be designed so only the sender and receiver can interpret what was transmitted
• 802.11 uses open, unlicensed frequencies
• Encryption involves• An algorithm
• A key
• Maybe authentication via certificates
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 12
Data Privacy (Cont.)
• The Encryption Process (Cryptology)• This shows encryption, decryption goes in the
reverse direction
• Don’t mistake this for steganography (hidden words)
Plain TextAlgorithm (Cipher)
Cipher Text
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 13
AAA
• This acronym stands for• Authentication – proving who you are
• Authorization – your privileges
• Accounting – keeping track of what you do
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 14
Segmentation
• Prior to 802.11i• Wireless networks were considered untrusted
• Wired networks were considered trusted
• Segmentation allows• Control of resource access from the WLAN
• Perhaps the use of VLANs, such as the guest VLAN
• VLANs are the most common, often issued by the WLAN Controller
• VPNs are another option as well
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 15
Monitoring
• WLANs should be actively monitored for• Performance
• Intrusion
• WLAN Controllers can be used for monitoring• They can also send automatic alerts
• Also consider remote logging• SIEMs or Syslog
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 16
Policy
• Many countries have regulations about WLAN security• NIST (National Institute of Standards and Technology)
• Created FIPS (Federal Information Processing Standards)
• FIPS 140-2 which defines security requirements for cryptography modules
• Corporate Policy• Training employees about giving out passwords
• Awareness of security issues
• Incident Response Teams
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 17
Security History
• From 1997 – 2004 many standards of security were being developed• During that time, the standard was using WEP
• 64bit encryption method that had many weaknesses
• This is no longer considered a valid method of security, ever
• More history is discussed later
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 18
802.11i and WPA
• 802.11i - 2004 defined a stronger encryption and authentication methods• Defined the RSN (Robust Security Network)
• Enhanced Data Privacy – defined counter mode with cipher block chaining message authentication code protocol (CCMP)
• Uses AES, often referred to as CCMP/AES
• Also added an optional encryption known as Temporal Key Integrity Protocol (TKIP) • Improvement to the existing WEP which used RC4 for
encryption
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 19
802.11i and WPA (Cont.)
• 802.11i also added enhanced authentication• 802.1X
• EAP
• Pre-shared keys are still used (PSK)
• 802.11i - 2007 standard also created an Enterprise solution• 802.1X/EAP
• Often referred to as WPA2
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 20
802.11i and WPA (Cont.)
802.11 Standard
Wi-Fi Alliance Authentication Encryption Cipher Key Generation
802.11 Legacy
Open System or Shared Key
WEP RC4 Static
WPA-Personal WPA Passphrase or PSK
TKIP RC4 Dynamic
WPA-Enterprise 802.1X/EAP TKIP RC4 Dynamic
802.11-2007 WPA2-Personal Passphrase (PSK) CCMP(Mandatory)
AES (Mandatory) Dynamic
TKIP (Optional) RC4 (Optional)
802.11-2007 WPA2-Enterprise 802.1X/EAP CCMP (Mandatory)
AES (Mandatory) Dynamic
TKIP (Optional) RC4 (Optional)
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 21
RSN (Robust Security Network)
• 802.11 - 2007 defined RSN and RSNAs (Robust Security Network Associations)• 2 stations must establish a procedure to authenticate
and associate with each other
• They will also create dynamic keys• Usually done through a 4-way handshake
• This will be described in more detail later
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 22
Future of 802.11 Security
• IEEE 802.11r - 2008 or fast BSS transition (FT)• An amendment to the IEEE 802.11 standard to permit
continuous connectivity aboard wireless devices in motion, with fast and secure handoffs from one base station to another managed in a seamless manner
• Published on July 15, 2008
• Usually implemented through a WLAN Controller
• Often known as mobility
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 23
Future of 802.11 Security (Cont.)
• 802.11k is an amendment added to 802.11r for a “Fast Roaming” solution• Again uses a central controller, with a list of
“neighbors” to have a fast handoff
• Still problems with a DoS attack against management frames• 802.11w was ratified as the “protected”
management frames
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 24
Course Review
• Where We Came From
• Standards Organizations
• ISO and the OSI
• ISOC Hierarchy
• Wi-Fi Alliance Standards
• 802.11 Networking Basics
• Connection Types
• 802.11 Security Basics
• Data Privacy
• AAA
• Segmentation
• Monitoring
• Policy
• 802.11i and WPA
• RSN
• Future of 802.11 Security
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Review Questions:
1. 802.11–2007 defines what happens at which two layers?
A. 1
B. 2
C. 3
D. 4
E. A and B
F. C and D
G. B and D
H. A and C
I. None of the above
2. What wireless security solutions are defined by Wi-Fi Protected Access?
A. Passphrase authentication
B. LEAP
C. TKIP/RC4
D. Dynamic WEP
E. A and B
F. C and D
G. B and D
H. A and C
I. None of the above
3. Which wireless security standards and certifications call for the use of
CCMP/AES encryption?
A. WPA
B. 802.11–2007
C. 802.1X
D. WPA2
E. A and B
F. C and D
G. B and D
H. A and C
I. None of the above
4. A robust security network (RSN) requires the use of which security mechanisms?
A. 802.11x
B. CCMP/AES
C. CKIP
D. 802.1X
E. All of the above
F. A and B
G. C and D
H. B and D
I. A and C
J. None of the above
5. The Wi-Fi Alliance is responsible for which of the following certification
programs?
A. WPA2
B. WEP
C. 802.11–2007
D. WMM
E. All of the above
F. A and B
G. C and D
H. B and D
I. A and D
J. A and C
6. Which sub-layer of the OSI model’s Data-link layer is used for communication
between 802.11 radios?
A. LLC
B. WPA
C. MAC
D. FSK
7. What encryption methods are defined by the IEEE 802.11-2007 standard?
A. 3DES
B. TKIP
C. CCMP
D. WEP
E. All of the above
F. A, B, and C
G. C and D
H. B, C, and D
I. A, C, and D
J. None of the above
8. Which organization is responsible for the creation of documents known as
Requests for Comments?
A. IEEE
B. ISO
C. IETF
D. Wi-Fi Alliance
9. Which of the following is not a standard or amendment created by the IEEE?
A. 802.11X
B. 802.1x
C. 802.3af
D. 802.11N
E. All of the above
F. A, B, and C
G. B and D
H. A and C
I. A, B, and D
10. Which of the following is simply a way of representing information in a different
way?
A. Cryptography
B. Steganography
C. Encryption
D. Code
Answer Key:
1. E
802.11–2007 defines what happens at layers 1 and 2.
2. H
The Wi-Fi Protected Access (WPA) certification was a snapshot of the not-
yet-released 802.11i amendment, supporting only the TKIP/RC4 dynamic
encryption-key generation. 802.1X/EAP authentication was required in the
enterprise, and passphrase authentication was required in a SOHO or home
environment. LEAP is Cisco-proprietary and is not specifically defined by
WPA. Neither dynamic WEP nor CCMP/AES were defined for encryption.
CCMP/AES dynamic encryption is mandatory under the WPA2 certification.
3. G
The 802.11-2007 standard defines CCMP/AES encryption as the default
encryption method, while TKIP/RC4 is the optional encryption method. This
was originally defined by the 802.11i amendment, which is now part of the
802.11–2007 standard. The Wi-Fi Alliance created the WPA2 security
certification, which mirrors the robust security defined by the IEEE. WPA2
supports both CCMP/AES and TKIP/RC4 dynamic encryption-key
management.
4. H
The required encryption method defined by an RSN wireless network is
Counter Mode with Cipher Block Chaining Message Authentication Code
Protocol (CCMP), which uses the Advanced Encryption Standard (AES)
algorithm. An optional choice of encryption is the Temporal Key Integrity
Protocol (TKIP). The 802.11-2007 standard also requires the use of an
802.1X/EAP authentication solution or the use of pre-shared keys for robust
security.
5. I
802.11-2007 is the IEEE standard, and WEP (Wired Equivalent Privacy) is
defined as part of the IEEE 802.11-2007 standard. PSK is not a standard; it
is an encoding technique. Wi-Fi Multimedia (WMM) is a Wi-Fi Alliance
certification program that enables Wi-Fi networks to prioritize traffic generated
by different applications. WPA2 is a certification program that defines Wi-Fi
security mechanisms.
6. C
The IEEE 802.11-2007 standard defines communication mechanisms at only
the Physical layer and MAC sub-layer of the Data-link layer of the OSI model.
The Logical Link Control (LLC) sub-layer of the Data-link layer is not defined
by the 802.11-2007 standard. WPA is a security certification. FSK is a
modulation method.
7. H
The IEEE 802.11-2007 standard defines the use of both CCMP and TKIP
dynamic encryption methods. Also defined by the IEEE is the use of static
WEP encryption.
8. C
Requests for Comments are known as RFCs and are created by the Internet
Engineering Task Force (IETF), which is guided and directed by the Internet
Engineering Steering Group (IESG).
9. I
There is no 802.11X amendment. 802.1x should be capitalized (802.1X), and
802.11N should not be capitalized (802.11n). These are not trivial errors.
Standards and amendments should be written and used with the proper
capitalization.
10. D
A code is simply a way of representing information in a different way, such as
ASCII or Morse code.