Wireless and Instant Messaging

51
Wireless and Instant Messaging Chapter 8

description

Wireless and Instant Messaging. Chapter 8. Learning Objectives. Understand security issues related to wireless data transfer Understand the 802.11x standards Understand Wireless Application Protocol (WAP) and how it works - PowerPoint PPT Presentation

Transcript of Wireless and Instant Messaging

Page 1: Wireless and Instant Messaging

Wireless and Instant Messaging

Chapter 8

Page 2: Wireless and Instant Messaging

Learning Objectives

Understand security issues related to wireless data transfer

Understand the 802.11x standards Understand Wireless Application Protocol

(WAP) and how it works Understand Wireless Transport Layer

Security (WTLS) protocol and how it works

continued…

Page 3: Wireless and Instant Messaging

Learning Objectives

Understand Wired Equivalent Privacy (WEP) and how it works

Conduct a wireless site survey Understand instant messaging

Page 4: Wireless and Instant Messaging

802.11

IEEE group responsible for defining interface between wireless clients and their network access points in wireless LANs

First standard finalized in 1997 defined three types of transmission at Physical layer

Diffused infrared - based on infrared transmissions Direct sequence spread spectrum (DSSS) - radio-

based Frequency hopping spread spectrum (FHSS) - radio-

based

continued…

Page 5: Wireless and Instant Messaging

802.11

Established WEP as optional security protocol

Specified use of 2.4 GHz industrial, scientific, and medical (ISM) radio band

Mandated 1 Mbps data transfer rate and optional 2 Mbps data transfer rate

Most prominent working groups: 802.11b, 802.11a, 802.11i, and 802.11g

Page 6: Wireless and Instant Messaging

802.11a

“High-Speed Physical Layer in the 5 GHz Band”

Sets specifications for wireless data transmission of up to 54 Mbps in the 5 GHz band

Uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS

Approved in 1999

Page 7: Wireless and Instant Messaging

802.11b

“Higher-Speed Layer Extension in the 2.4 GHz Band”

Establishes specifications for data transmission that provides 11 Mbps transmission (with fallback to 5.5, 2, and 1 Mbps) at 2.4 GHz band

Sometimes referred to as “Wi-Fi” when associated with WECA certified devices

Uses only DSSS Approved in 1999

Page 8: Wireless and Instant Messaging

802.11c

Worked to establish MAC bridging functionality for 802.11 to operate in other countries

Folded into 802.1D standard for MAC bridging

Page 9: Wireless and Instant Messaging

802.11d

Responsible for determining requirements necessary for 802.11 to operate in other countries

Continuing

Page 10: Wireless and Instant Messaging

802.11e

Responsible for creating a standard that will add multimedia and quality of service (QoS) capabilities to wireless MAC layer and therefore guarantee specified data transmission rates and error percentages

Proposal in draft form

Page 11: Wireless and Instant Messaging

802.11f

Responsible for creating a standard that will allow for better roaming between multivendor access points and distribution systems

Ongoing

Page 12: Wireless and Instant Messaging

802.11g

Responsible for providing raw data throughput over wireless networks at a throughput rate of 22 Mbps or more

Draft created in January 2002; final approval expected in late 2002 or early 2003

Page 13: Wireless and Instant Messaging

802.11h

Responsible for providing a way to allow for European implementation requests regarding the 5 GHz band

Requirements Limits PC card from emitting more radio signal than

needed Allows devices to listen to radio wave activity before

picking a channel on which to broadcast Ongoing; not yet approved

Page 14: Wireless and Instant Messaging

802.11i

Responsible for fixing security flaws in WEP and 802.1x

Hopes to eliminate WEP altogether and replace it with Temporal Key Integrity Protocol (TKIP), which would require replacement of keys within a certain amount of time

Ongoing; not yet approved

Page 15: Wireless and Instant Messaging

802.11j

Worked to create a global standard in the 5 GHz band by making high-performance LAN (HiperLAN) and 802.11a interoperable

Disbanded after efforts in this area were mostly successful

Page 16: Wireless and Instant Messaging
Page 17: Wireless and Instant Messaging

Wireless Application Protocol (WAP)

Open, global specification created by the WAP Forum

Designed to deliver information and services to users of handheld digital devices

Compatible with most wireless networks Can be built on any operating system

Page 18: Wireless and Instant Messaging

WAP-Enabled Devices

Page 19: Wireless and Instant Messaging

WAP-Enabled Devices

Page 20: Wireless and Instant Messaging

How WAP 1x Works

WAP 1.x Stack Set of protocols created by the WAP Forum

that alters the OSI model Five layers lie within the top four (of seven)

layers of the OSI model Leaner than the OSI model

Each WAP protocol makes data transactions as compressed as possible and allows for more dropped packets than OSI model

Page 21: Wireless and Instant Messaging

WAP 1.x Stack Compared to OSI/Web Stack

Page 22: Wireless and Instant Messaging

Differences Between Wireless and Wired Data Transfer

WAP 1.x stack protocols require that data communications between clients (wireless devices) and servers pass through a WAP gateway

Network architectural structures

Page 23: Wireless and Instant Messaging

WAP versus Wired Network

Page 24: Wireless and Instant Messaging

The WAP 2.0 Stack

Eliminates use of WTLS; relies on a lighter version of TLS – the same protocol used on the common Internet stack – which allows end-to-end security and avoids any WAP gaps

Replaces all other layers of WAP 1.x by standard Internet layers

Still supports the WAP 1.x stack in order to facilitate legacy devices and systems

Page 25: Wireless and Instant Messaging
Page 26: Wireless and Instant Messaging

Additional WAP 2.0 Features

WAP Push User agent profile Wireless Telephony Application Extended Functionality Interface (EFI) Multimedia Messaging Service (MMS)

Page 27: Wireless and Instant Messaging

Quick Quiz

What is the frequency used by 802.11b? Which 802.11 subgroup uses the 5 GHz

band? Which wireless application protocol

standard maps more closely to the OSI model?

The brief time in which WAP 1.x data is not encrypted at all is called the _______

Page 28: Wireless and Instant Messaging

Wireless Transport Layer Security (WTLS) Protocol

Provides authentication, data encryption, and privacy for WAP 1.x users

Three classes of authentication Class 1

Anonymous; does not allow either the client or the gateway to authenticate each other

Class 2 Only allows the client to authenticate the gateway

Class 3 Allows both the client and the gateway to authenticate each

other

Page 29: Wireless and Instant Messaging

WTLS Protocol: Steps of Class 2 Authentication

1. WAP device sends request for authentication

2. Gateway responds, then sends a copy of its certificate – which contains gateway’s public key – to the WAP device

3. WAP device receives the certificate and public key and generates a unique random value

4. WAP gateway receives encrypted value and uses its own private key to decrypt it

Page 30: Wireless and Instant Messaging

WTLS Security Concerns

Security threats posed by WAP gap

Page 31: Wireless and Instant Messaging

Wired Equivalent Privacy (WEP)

Optional security protocol for wireless local area networks defined in the 802.11b standard

Designed to provide same level of security as a wired LAN

Not considered adequate security without also implementing a separate authentication process and providing for external key management

Page 32: Wireless and Instant Messaging

Wireless LAN (WLAN)

Connects clients to network resources using radio signals to pass data through the ether

Employs wireless access points (AP) Connected to the wired LAN Act as radio broadcast stations that transmit

data to clients equipped with wireless network interface cards (NICs)

Page 33: Wireless and Instant Messaging

How a WLAN Works

Page 34: Wireless and Instant Messaging

APs

Page 35: Wireless and Instant Messaging

NICs

Page 36: Wireless and Instant Messaging

How WEP Works

Uses a symmetric key (shared key) to authenticate wireless devices (not wireless device users) and to guarantee integrity of data by encrypting transmissions

Each of the APs and clients need to share the same key

Client sends a request to the AP asking for permission to access the wired network

continued…

Page 37: Wireless and Instant Messaging

How WEP Works

If WEP has not been enabled (default), the AP allows the request to pass

If WEP has been enabled, client begins a challenge-and-response authentication process

Page 38: Wireless and Instant Messaging

WEP’s Weaknesses

Problems related to the initialization vector (IV) that it uses to encrypt data and ensure its integrity Can be picked up by hackers Is reused on a regular basis

Problems with how it handles keys

Page 39: Wireless and Instant Messaging

Other WLAN Security Loopholes

War driving Unauthorized users can attach themselves to

WLANs and use their resources, set up their own access points and jam the network

WEP authenticates clients, not users Wireless network administrators and users must

be educated about inherent insecurity of wireless systems and the need for care

Page 40: Wireless and Instant Messaging

Conducting a Wireless Site Survey

1. Conduct a needs assessment of network users

2. Obtain a copy of the site’s blueprint

3. Do a walk-through of the site

4. Identify possible access point locations

5. Verify access point locations

6. Document findings

Page 41: Wireless and Instant Messaging

Instant Messaging (IM)

AOL Instant Messenger (AIM) MSN Messenger Yahoo! Messenger ICQ Internet Relay Chat (IRC)

Page 42: Wireless and Instant Messaging

Definition of IM

Uses a real-time communication model Allows users to keep track of online status

and availability of other users who are also using IM applications

Can be used on both wired and wireless devices

Easy and fast

continued…

Page 43: Wireless and Instant Messaging

Definition of IM

Operates in two models: Peer-to-peer model

May cause client to expose sensitive information Peer-to-network model

Risk of network outage and DoS attacks making IM communication unavailable

Page 44: Wireless and Instant Messaging

Problems Facing IM

Lack of default encryption enables packet sniffing

Social engineering overcomes even encryption

Page 45: Wireless and Instant Messaging

Technical Issues Surrounding IM

Files transfers Application sharing

Page 46: Wireless and Instant Messaging

Legal Issues Surrounding IM

Possible threat of litigation or criminal indictment should the wrong message be sent or overheard by the wrong person

Currently immune to most corporate efforts to control it

Must be monitored in real time

Page 47: Wireless and Instant Messaging

Blocking IM

Install a firewall to block ports that IM products use; IM will be unavailable to all employees

Limited blocking not currently possible

Page 48: Wireless and Instant Messaging

Cellular Phone Simple Messaging Service (SMS)

Messages are typed and sent immediately Problems

Tracking inappropriate messages Risk of having messages sniffed

Page 49: Wireless and Instant Messaging

Chapter Summary

Efforts of IEEE, specifically 802.11x standards, to standardize wireless security

Security issues related to dominant wireless protocols WAP

Connects mobile telephones, PDAs, pocket computers, and other mobile devices to the Internet

WEP Used in WLANs

continued…

Page 50: Wireless and Instant Messaging

Chapter Summary

WTLS protocol Conducting a site survey in advance of

building a WLAN Security threats related to using (IM)

Page 51: Wireless and Instant Messaging

Quick Quiz

True or False: When using WTLS, the gateway initiates the authentication process.

True or False: The IV is a source of security concern in WEP.

The act of using a laptop and an antenna to locate wireless networks around town is called _____.

True or False: By default IM programs and APs have encryption turned on.

Should a company ban instant messaging from their network users? Why or why not?