northridge consulting group-assignment

8/10/2019 Northridge Consulting Group-Assignment

http://slidepdf.com/reader/full/northridge-consulting-group-assignment 1/13

W I R E L E S S L A N C O N F I G U R A T I O N

A D V A N T A G E S A N D D I S A D V A N T A G E S O F

D I F F E R E N T S E C U R I T Y M O D E L S

Northridge Consulting Group

WLAN Workshop



Types of Security Model

Transitional Security Model

Personal Security Model

Enterprise Security Model



Transitional Security Model

Provides the basic level of security.

Can be easily bypassed by a skilled person.

Includes basic level of authentication and encryption to

achieve minimal security. Authentication is achieved by implementing steps like

MAC filtering, SSID Cloaking and shared keys.

Encryption is achieved by using WEP. Although it’s a

vulnerable encryption but still provide a level of securitythan open Wi-Fi.



How WEP Works

IV

RC4key

IV encrypted packet

original unencrypted packet checksum



Personal Security Model

Uses a more reliable hardware to achieve security.

The model is divided into two sections: Wi-Fi Protected Alliance and Wi-Fi Protected AllianceII.

WPA uses firmware upgrade to use existing WEPhardware.

WPA2 uses hardware upgrade.



Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access was the successor andreplacement to the increasingly weak WEP standard.

WPA used firmware upgrade to which used a new PSKkey for authentication and TKIP for encryption.

WPA included integrity check and TKIP. TKIP is asecure encryption standard which encrypts everypacket with a unique key.

WPA uses TKIP, which was designed to uses theexisting WEP but this caused WPA to be exploited toodue to elements from WEP.



Wi-Fi Protected Alliance II (WPA2)

WPA2 was released in 2006 officially, which superseded WPA. It used PSK key for authentication and AES-CCMPfor encryption.

Most significant change was the introduction of CCMPprotocol as a replacement of TKIP.

Counter Cipher Mode with Block Chaining Message Authentication Code Protocol is a block mode cipherusing 128 bit keys.

WPA2’s encryption algorithm is quite secure, but afeature for users called WPS, if enabled can be used toexploit WPA2.

U.S Government uses it secure it top-secret files.



Enterprise Security Model

Designed for Enterprises and Medium sizedorganizations.

It is also dived in two section: WPA and WPA2.

All the features of personal security model plus added benefit of uses a RADIUS server for authentication.

Users are authenticated via a server upon association.

Extremely high defence rate but high investment.



WPA Enterprise

Uses IEEE 802.1x for authentication and TKIP forencryption.

IEEE 802.1x uses a authentication server to grant or

deny access. The AP forwards the authenticationrequest to the RADIUS server for verification againsta list.

TKIP is used to provide encryption for the data

packets. Uses WEP features so may be susceptible toattack in future.



WPA2 Enterprise

Uses IEEE 802.1x for authentication and AES-CCMP for encryption.

IEEE 802.1x is the best authentication protocol

available. Uses AES-CCMP protocol as used in WPA2 Personal

model.



Vulnerability Graph

0 20 40 60 80 100 120

Traditional Model

Current Standing

WEP

WPA Personal

WPA2 Personal

WPA2 (WPS Disbaled)

WPA/WPA2 Enterprise

% of Attack

% of Attack



WEP

• Relies onshared keys.UsesIntegrityCheck toensurepacket not

modifed intransit.

WPA

• Uses samehardwareusingfirmwareupgrade.

• Uses TKIPand RC4

streamcipher.

WPA2

• Requireshardwareupgrade.

• Uses AES(CCMP).

• Compatible with WPA.



Secure your Wi-Fi Now!!

Easy steps to counter attack on your Wi-Fi network.

Secure Your Wireless Network Today!!

northridge consulting group-assignment

Documents