“In the name of ALLAH, most Beneficent and Merciful”

BZUpages.comBZUpages.com

““In the name In the name of ALLAH, of ALLAH,

most most Beneficent Beneficent

and Merciful”and Merciful”

TechnologyTechnology

Group MembersGroup Members

Taha KhanTaha KhanDanish HussainDanish HussainSaleem QadeerSaleem QadeerFarrukh AliFarrukh Ali Imran KhanImran KhanShah MehmoodShah Mehmood

ContentsContents• IntroductionIntroduction• Wi-Fi TechnologiesWi-Fi Technologies• Wi-Fi Architecture & TypesWi-Fi Architecture & Types• Wi-Fi Network ElementsWi-Fi Network Elements• How a Wi-Fi Network WorksHow a Wi-Fi Network Works• Wi-Fi Network TopologiesWi-Fi Network Topologies• Wi-Fi ConfigurationsWi-Fi Configurations• Applications of Wi-FiApplications of Wi-Fi• Wi-Fi SecurityWi-Fi Security• Advantages/ Disadvantages of Wi-FiAdvantages/ Disadvantages of Wi-Fi

IntroductionIntroduction• Wireless Technology is an alternative to Wired Wireless Technology is an alternative to Wired

Technology, which is commonly used, for Technology, which is commonly used, for connecting devices in wireless mode.connecting devices in wireless mode.

• Wi-Fi (Wireless Fidelity) is a generic term that Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications refers to the IEEE 802.11 communications standard for Wireless Local Area Networks standard for Wireless Local Area Networks (WLANs).(WLANs).

• Wi-Fi Network connect computers to each other, Wi-Fi Network connect computers to each other, to the internet and to the wired network.to the internet and to the wired network.

What is Wi-FiWhat is Wi-Fi•Wi-Fi or 802.11b/g is the wireless standard used for local area networks operating at 2.4GHz.• Virtually every new laptop and mobile being sold today comes already equipped with a compatible wireless WiFi adapter. •The WiFi dial-up wireless router is compatible with either 802.11b or 802.11g adapters and allows local network data transfers at speeds of up to 11Mbps (megabits per second).• All Intel Centrino laptops as well as adapters marked 802.11a/g are compatible.

The Wi-Fi TechnologyThe Wi-Fi Technology

Wi-Fi Networks use Radio Technologies to Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed:transmit & receive data at high speed:

• IEEE 802.11bIEEE 802.11b• IEEE 802.11aIEEE 802.11a• IEEE 802.11gIEEE 802.11g

IEEE 802.11bIEEE 802.11b

• Appear in late 1999Appear in late 1999• Operates at 2.4GHz radio spectrumOperates at 2.4GHz radio spectrum• 11 Mbps (theoretical speed) - within 30 m Range11 Mbps (theoretical speed) - within 30 m Range• 4-6 Mbps (actual speed)4-6 Mbps (actual speed)• 100 -150 feet range100 -150 feet range• Most popular, Least ExpensiveMost popular, Least Expensive• Interference from mobile phones and Bluetooth Interference from mobile phones and Bluetooth

devices which can reduce the transmission devices which can reduce the transmission speed.speed.

IEEE 802.11aIEEE 802.11a

• Introduced in 2001Introduced in 2001• Operates at 5 GHz (less popular) Operates at 5 GHz (less popular) • 54 Mbps (theoretical speed)54 Mbps (theoretical speed)• 15-20 Mbps (Actual speed)15-20 Mbps (Actual speed)• 50-75 feet range50-75 feet range• More expensiveMore expensive• Not compatible with 802.11bNot compatible with 802.11b

IEEE 802.11gIEEE 802.11g

• Introduced in 2003Introduced in 2003• Combine the feature of both standards Combine the feature of both standards

(a,b)(a,b)• 100-150 feet range100-150 feet range• 54 Mbps Speed54 Mbps Speed• 2.4 GHz radio frequencies2.4 GHz radio frequencies• Compatible with ‘b’Compatible with ‘b’

Wi-Fi Wi-Fi Architecture Architecture

& & TypesTypes

WLAN ArchitectureWLAN Architecture

We can manage the WLAN (wireless local We can manage the WLAN (wireless local area network) with several types:area network) with several types:

Ad-Hoc ModeAd-Hoc ModeMesh ModeMesh Mode Infrastructure ModeInfrastructure Mode

Ad-Hoc ModeAd-Hoc Mode

Peer-to-peer setup where clients can connect Peer-to-peer setup where clients can connect to each other directly. Generally not used for to each other directly. Generally not used for business networks.business networks.

Ad Hoc StructureAd Hoc Structure

Mobile stations communicate to each Mobile stations communicate to each other directly.other directly.

It’s set up for a special purpose and for a It’s set up for a special purpose and for a short period of time. short period of time.

For example, the participants of a meeting For example, the participants of a meeting in a conference room may create an ad in a conference room may create an ad hoc network at the beginning of the hoc network at the beginning of the meeting and dissolve it when the meeting meeting and dissolve it when the meeting ends.ends.

Mesh ModeMesh Mode

Every client in the Every client in the network also acts as network also acts as an access or relay an access or relay point, creating a “self-point, creating a “self-healing” and (in healing” and (in theory) infinitely theory) infinitely extensible network. extensible network. Not yet in widespread Not yet in widespread

use, unlikely to be in use, unlikely to be in homes.homes.

WLAN WLAN Architecture-Infrastructure ModeArchitecture-Infrastructure ModeThere is an Access Point (AP),There is an Access Point (AP), which becomes the hub of a “star topology.”which becomes the hub of a “star topology.”

Infrastructure networkInfrastructure network

There is an Access Point (AP), which becomes the There is an Access Point (AP), which becomes the hub of a “star topology.”hub of a “star topology.”

Any communication has to go through AP. If a Any communication has to go through AP. If a Mobile Station (MS), like a computer, a PDA, or a Mobile Station (MS), like a computer, a PDA, or a phone, wants to communicate with another MS, it phone, wants to communicate with another MS, it needs to send the information to AP first, then AP needs to send the information to AP first, then AP sends it to the destination MSsends it to the destination MS

Multiple APs can be connected together and handle Multiple APs can be connected together and handle a large number of clients. a large number of clients.

Used by the majority of WLANs in homes and Used by the majority of WLANs in homes and businesses.businesses.

Elements of a WI-FI NetworkElements of a WI-FI Network• Access Point (AP) - Access Point (AP) - The AP is a wireless LAN “base The AP is a wireless LAN “base

station” that can connect one or many wireless devices station” that can connect one or many wireless devices simultaneously to the Internet. simultaneously to the Internet.

• Wi-Fi cards - Wi-Fi cards - They accept the wireless signal and relay They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC)for Laptop and PCI Card for Desktop PC)

• Safeguards - Safeguards - Firewalls and anti-virus software protect Firewalls and anti-virus software protect networks from uninvited users and keep information secure.networks from uninvited users and keep information secure.

Antennas,Antennas,

Antennas come in all Antennas come in all

shapes and styles:shapes and styles:Omni-directional:Omni-directional:

Vertical WhipVertical WhipCeiling mountCeiling mount

Directional:Directional:Yagi (“Pringles can”) Yagi (“Pringles can”) Wall mounted panelWall mounted panelParabolic dishParabolic dish

Types of HardwareTypes of Hardware

How a Wi-Fi Network WorksHow a Wi-Fi Network Works• Basic concept is same as Walkie talkies.Basic concept is same as Walkie talkies.• A Wi-Fi network is created by installing an access A Wi-Fi network is created by installing an access

point to an internet connection.point to an internet connection.• An access point acts as a base station. An access point acts as a base station.

•A single access point can support up to 30 users A single access point can support up to 30 users and can function within a range of 100 – 150 feet and can function within a range of 100 – 150 feet indoors and up to 300 feet outdoors.indoors and up to 300 feet outdoors.

• Many access points can be connected to each Many access points can be connected to each other via Ethernet cables to create a single large other via Ethernet cables to create a single large network.network.

Wi-Fi Network TopologiesWi-Fi Network Topologies

• AP-based topology (Infrastructure Mode)AP-based topology (Infrastructure Mode)

• Peer-to-peer topology (Ad-hoc Mode)Peer-to-peer topology (Ad-hoc Mode)

• Point-to-multipoint bridge topologyPoint-to-multipoint bridge topology

AP-based topologyAP-based topology• The client communicate through Access Point. The client communicate through Access Point. • BSA-RF coverage provided by an AP.BSA-RF coverage provided by an AP.• ESA-It consists of 2 or more BSA.ESA-It consists of 2 or more BSA.• ESA cell includes 10-15% overlap to allow ESA cell includes 10-15% overlap to allow

roaming.roaming.

Peer-to-peer topologyPeer-to-peer topology• AP is not required.AP is not required.• Client devices within Client devices within

a cell can a cell can communicate directly communicate directly with each other.with each other.

• It is useful for setting It is useful for setting up of a wireless up of a wireless network quickly and network quickly and easily.easily.

Point-to-multipoint bridge topologyPoint-to-multipoint bridge topologyThis is used to connect a LAN in one building to a LANs This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well on the type of wireless bridge and antenna used as well as the environmental conditions.as the environmental conditions.

Wi-Fi ConfigurationsWi-Fi Configurations

Wi-Fi ApplicationsWi-Fi Applications

• HomeHome• Small Businesses Small Businesses • Large Corporations & CampusesLarge Corporations & Campuses• Health CareHealth Care• Wireless ISP (WISP)Wireless ISP (WISP)• TravellersTravellers

Wireless SecurityWireless Security

Wi-Fi Security ThreatsWi-Fi Security Threats

• Wireless technology doesn’t remove any Wireless technology doesn’t remove any old security issues, but introduces new old security issues, but introduces new onesones• EavesdroppingEavesdropping• Man-in-the-middle attacksMan-in-the-middle attacks• Denial of ServiceDenial of Service

EavesdroppingEavesdropping

• Easy to perform, almost impossible to detectEasy to perform, almost impossible to detect• By default, everything is transmitted in clear textBy default, everything is transmitted in clear text

• Usernames, passwords, content ...Usernames, passwords, content ...• No security offered by the transmission mediumNo security offered by the transmission medium

• Different tools available on the internetDifferent tools available on the internet• Network sniffers, protocol analysers . . .Network sniffers, protocol analysers . . .• Password collectorsPassword collectors

• With the right equipment, it’s possible to With the right equipment, it’s possible to eavesdrop traffic from few kilometers awayeavesdrop traffic from few kilometers away

Man-in-the-middle attacksMan-in-the-middle attacks

1.1. Attacker spoofes a Attacker spoofes a disassociate message disassociate message from the victimfrom the victim

2.2. The victim starts to The victim starts to look for a new access look for a new access point, and the attacker point, and the attacker advertises his own AP advertises his own AP on a different channel, on a different channel, using the real AP’s using the real AP’s MAC addressMAC address

3.3. The attacker connects The attacker connects to the real AP using to the real AP using victim’s MAC addressvictim’s MAC address

Denial of ServiceDenial of Service

• Attack on transmission frequecy usedAttack on transmission frequecy used• Frequency jammingFrequency jamming• Not very technical, but worksNot very technical, but works

• Attack on MAC layerAttack on MAC layer• Spoofed deauthentication / disassociation messagesSpoofed deauthentication / disassociation messages• can target one specific usercan target one specific user

• Attacks on higher layer protocol (TCP/IP protocol)Attacks on higher layer protocol (TCP/IP protocol)• SYN FloodingSYN Flooding

Wi-Fi Security Wi-Fi Security

The requirements for Wi-Fi network The requirements for Wi-Fi network security can be broken down into two security can be broken down into two primary components:primary components:

• AuthenticationAuthentication User AuthenticationUser Authentication Server AuthenticationServer Authentication

• PrivacyPrivacy

AuthenticationAuthentication

• Keeping unauthorized users off the networkKeeping unauthorized users off the network• User AuthenticationUser Authentication

• Authentication Server is usedAuthentication Server is used• Username and password Username and password • Risk: Risk:

• Data (username & password) send before secure channel Data (username & password) send before secure channel establishedestablished

• Prone to passive eavesdropping by attackerProne to passive eavesdropping by attacker

• SolutionSolution• Establishing a encrypted channel before sending username Establishing a encrypted channel before sending username

and passwordand password

• Server AuthenticationServer Authentication• Digital Certificate is usedDigital Certificate is used• Validation of digital certificate occurs Validation of digital certificate occurs

automatically within client softwareautomatically within client software

Security TechniquesSecurity Techniques

Wi-Fi Security TechniquesWi-Fi Security Techniques

• Service Set Identifier (SSID)Service Set Identifier (SSID)

• Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)

• 802.1X Access Control802.1X Access Control

• Wireless Protected Access (WPA)Wireless Protected Access (WPA)

• IEEE 802.11iIEEE 802.11i

Service Set Identifier (SSID)Service Set Identifier (SSID)

• SSID is used to identify an 802.11 networkSSID is used to identify an 802.11 network• It can be pre-configured or advertised in It can be pre-configured or advertised in

beacon broadcastbeacon broadcast• It is transmitted in clear textIt is transmitted in clear text

• Provide very little securityProvide very little security

Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)

• Provide same level of security as by wired networkProvide same level of security as by wired network• Original security solution offered by the IEEE 802.11 Original security solution offered by the IEEE 802.11

standardstandard• Uses RC4 encryption with pre-shared keys and 24 bit Uses RC4 encryption with pre-shared keys and 24 bit

initialization vectors (IV)initialization vectors (IV)• key schedule is generated by concatenating the shared key schedule is generated by concatenating the shared

secret key with a random generated 24-bit IVsecret key with a random generated 24-bit IV• 32 bit ICV (Integrity check value)32 bit ICV (Integrity check value)• No. of bits in keyschedule is equal to sum of length of No. of bits in keyschedule is equal to sum of length of

the plaintext and ICVthe plaintext and ICV

Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP)

• 64 bit preshared key-WEP64 bit preshared key-WEP• 128 bit preshared key-WEP2128 bit preshared key-WEP2• Encrypt data only between 802.11 stations.once it enters Encrypt data only between 802.11 stations.once it enters

the wired side of the network (between access point) the wired side of the network (between access point) WEP is no longer validWEP is no longer valid

• Security Issue with WEPSecurity Issue with WEP• Short IVShort IV• Static keyStatic key

• Offers very little security at allOffers very little security at all

802.1x Access Control802.1x Access Control• Designed as a general purpose network access control mechanismDesigned as a general purpose network access control mechanism

• Not Wi-Fi specificNot Wi-Fi specific• Authenticate each client connected to AP (for WLAN) or switch port Authenticate each client connected to AP (for WLAN) or switch port

(for Ethernet) (for Ethernet) • Authentication is done with the RADIUS server, which ”tells” the Authentication is done with the RADIUS server, which ”tells” the

access point whether access to controlled ports should be allowed access point whether access to controlled ports should be allowed or notor not

• AP forces the user into an unauthorized state AP forces the user into an unauthorized state • user send an EAP start messageuser send an EAP start message• AP return an EAP message requesting the user’s identityAP return an EAP message requesting the user’s identity• Identity send by user is then forwared to the authentication server by APIdentity send by user is then forwared to the authentication server by AP• Authentication server authenticate user and return an accept or reject Authentication server authenticate user and return an accept or reject

message back to the APmessage back to the AP• If accept message is return, the AP changes the client’s state to If accept message is return, the AP changes the client’s state to

authorized and normal traffic flowsauthorized and normal traffic flows

802.1x Access Control802.1x Access Control

Wireless Protected Access (WPA)Wireless Protected Access (WPA)

• WPA WPA is a specification of standard based, interoperable security is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system.access control for existing and future wireless LAN system.

• User AuthenticationUser Authentication• 802.1x 802.1x • EAPEAP

• TKIP (Temporal Key Integrity Protocol) encryptionTKIP (Temporal Key Integrity Protocol) encryption• RC4, dynamic encryption keys (session based)RC4, dynamic encryption keys (session based)

• 48 bit IV48 bit IV• per packet key mixing functionper packet key mixing function

• Fixes all issues found from WEPFixes all issues found from WEP

• Uses Message Integrity Code (MIC) MichaelUses Message Integrity Code (MIC) Michael• Ensures data integrityEnsures data integrity

• Old hardware should be upgradeable to WPAOld hardware should be upgradeable to WPA

Wireless Protected Access (WPA)Wireless Protected Access (WPA)

• WPA comes in two flavorsWPA comes in two flavors• WPA-PSK WPA-PSK

• use pre-shared keyuse pre-shared key• For SOHO environmentsFor SOHO environments• Single master key used for all usersSingle master key used for all users

• WPA EnterpriseWPA Enterprise• For large organisationFor large organisation• Most secure methodMost secure method• Unique keys for each userUnique keys for each user• Separate username & password for each userSeparate username & password for each user

WPA and Security ThreatsWPA and Security Threats

• Data is encryptedData is encrypted• Protection against eavesdropping and man-in-the-Protection against eavesdropping and man-in-the-

middle attacksmiddle attacks

• Denial of ServiceDenial of Service• Attack based on fake massages can not be used.Attack based on fake massages can not be used.• As a security precaution, if WPA equipment sees As a security precaution, if WPA equipment sees

two packets with invalid MICs within a second, it two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for disassociates all its clients, and stops all activity for a minutea minute

• Only two packets a minute enough to completely Only two packets a minute enough to completely stop a wireless networkstop a wireless network

802.11i802.11i

• Provides standard for WLAN securityProvides standard for WLAN security• AuthenticationAuthentication

• 802.1x802.1x• Data encryptionData encryption

• AES protocol is usedAES protocol is used• Secure fast handoff-This allow roaming Secure fast handoff-This allow roaming

between APs without requiring client to between APs without requiring client to fully reauthenticate to every AP.fully reauthenticate to every AP.

• Will require new hardwareWill require new hardware

AdvantagesAdvantages

• MobilityMobility• Ease of InstallationEase of Installation• FlexibilityFlexibility• CostCost• ReliabilityReliability• SecuritySecurity• Use unlicensed part of the radio spectrumUse unlicensed part of the radio spectrum• RoamingRoaming• SpeedSpeed

DisadvantagesDisadvantages

• InterferenceInterference• Degradation in performanceDegradation in performance• High power consumptionHigh power consumption• Limited rangeLimited range

AnY AnY Qu3sTioN??Qu3sTioN??

“In the name of ALLAH, most Beneficent and Merciful”

Documents

Transcript of “In the name of ALLAH, most Beneficent and Merciful”

In the Name of Allah, the Most Beneficent, the Most Merciful

In the Name of Allah - The Beneficent, The Merciful

In the name of Allah, the Beneficent the Merciful

In The Name of Allah The Most Beneficent The Most Merciful

In the name of Allah the most beneficent most Merciful.

BZUpages.com “In the name of ALLAH, most Beneficent and Merciful”

In the Name of Allah, the Beneficent, the Merciful...ISLAMIAH COLLEGE (AUTONOMOUS), VANIYAMBADI - CALENDAR 1 In the Name of Allah, the Beneficent, the Merciful Praise be to Allah,

IN THE NAME OF ALLAH BENEFICENT THE MERCIFUL.

In the Name of Allah, the Beneficent, the Merciful Soil ...

In the Name of Allah , The Most Merciful & The Most Beneficent

IN THE NAME OF ALLAH, THE MOST MERCIFUL, THE MOST BENEFICENT

In the name of Allah the most beneficent,the most merciful.

IN THE NAME OF ALLAH, THE MOST MERCIFUL AND BENEFICENT

In the name of Allah, the most Beneficent, the Merciful

In the name of Allah, Most Beneficent, Most Merciful

In the name of Allah, indefinitely beneficent, boundlessly merciful.

In the name of Allah the Beneficent and most Merciful

In the name of Allah, the Beneficent, the Merciful.

IN THE NAME OF ALLAH , THE BENEFICENT, THE MERCIFUL

In the name of Allah, Most Beneficent, Most Merciful … the name of Allah, Most Beneficent, Most Merciful LAST WILL AND ... Most Beneficent, Most Merciful LAST WILL AND ... Powerful