Scribd
Upload
69 views9 pages

Understanding Wlan Security: Wireless Lans

This document discusses wireless LAN security. It outlines the threats to wireless networks, methods to mitigate threats like authentication, encryption, and intrusion prevention. The document then summarizes the evolution of wireless security standards from WEP to the current WPA2/802.11i standard. It describes how wireless clients associate with access points and how 802.1X authentication works. The document concludes by explaining the differences between WPA enterprise and personal modes of operation.

Uploaded by

tuancoi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
69 views9 pages

Understanding Wlan Security: Wireless Lans

This document discusses wireless LAN security. It outlines the threats to wireless networks, methods to mitigate threats like authentication, encryption, and intrusion prevention. The document then summarizes the evolution of wireless security standards from WEP to the current WPA2/802.11i standard. It describes how wireless clients associate with access points and how 802.1X authentication works. The document concludes by explaining the differences between WPA enterprise and personal modes of operation.

Uploaded by

tuancoi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Understanding

WLAN Security

Wireless LANs

[Link]

ICND1 v1.01-1

Wireless LAN Security Threats

[Link]

ICND1 v1.01-2

Mitigating the Threats

Control and Integrity

Privacy and
Confidentiality

Protection and
Availability

Authentication

Encryption

Intrusion Prevention
System (IPS)

Ensure that legitimate


clients associate with
trusted access points.

Protect data as it is
transmitted and
received.

Track and mitigate


unauthorized access
and network attacks.

[Link]

ICND1 v1.01-3

Evolution of Wireless LAN Security


1997

2001

2003

2004 to Present

WEP

802.1x EAP

WPA

802.11i / WPA2

Basic
encryption
No strong
authentication
Static,
breakable keys
Not scalable
MAC filters and
SSID-cloaking
also used to
complement
WEP
[Link]

Dynamic keys

Standardized

Improved
encryption

Improved
encryption

User
authentication

Strong, user
authentication
(such as,
LEAP, PEAP,
EAP-FAST)

802.1X EAP
(LEAP, PEAP)

AES strong
encryption
Authentication
Dynamic key
management

RADIUS

ICND1 v1.01-4

Wireless Client Association


Access points send out beacons
announcing SSID, data rates, and
other information.
Client scans all channels.
Client listens for beacons and
responses from access points.
Client associates to access point with
strongest signal.
Client will repeat scan if signal
becomes low to reassociate to another
access point (roaming).
During association, SSID, MAC
address, and security settings are sent
from the client to the access point and
checked by the access point.
[Link]

ICND1 v1.01-5

How 802.1X Works on the WLAN

[Link]

ICND1 v1.01-6

WPA and WPA2 Modes

WPA
Enterprise mode
(Business, education,
Government)

Personal mode
(SOHO, home and
personal)

[Link]

WPA2

Authentication:
IEEE 802.1X/EAP

Authentication:
IEEE 802.1X/EAP

Encryption:
TKIP/MIC

Encryption:
AES-CCMP

Authentication:
PSK

Authentication:
PSK

Encryption:
TKIP/MIC

Encryption:
AES-CCMP

ICND1 v1.01-7

Summary
It is inevitable that hackers will attack unsecured WLANs.
The fundamental solution for wireless security is authentication
and encryption to protect wireless data transmission.
WLAN standards evolved to provide more security.
WEP
802.1x EAP
WPA
802.11i/WPA2
Access points send out beacons announcing SSIDs, data rates,
and other information.

[Link]

ICND1 v1.01-8

Summary (Cont.)
With 802.1X, the access point, acting as the authenticator at the
enterprise edge, allows the client to associate using open
authentication.
WPA provides authentication support via IEEE 802.1X and PSK.
Enterprise mode is a term given to products that are tested to
be interoperable in both PSK and IEEE 802.1x/EAP modes of
operation for authentication.
Personal mode is a term given to products tested to be
interoperable in the PSK-only mode of operation for
authentication.

[Link]

ICND1 v1.01-9

You might also like