Scribd
Upload
48 views4 pages

Wireless Web Security Notes

The document covers wireless and web security, detailing threats and protective measures for wireless networks and mobile devices, including encryption and user training. It also discusses IEEE 802.11 standards, web security threats, and the architecture of SSL/TLS protocols for secure communication. Additionally, it highlights the functionalities of Secure Shell (SSH) for server authentication and data integrity.

Uploaded by

Mithuna H.R
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
48 views4 pages

Wireless Web Security Notes

The document covers wireless and web security, detailing threats and protective measures for wireless networks and mobile devices, including encryption and user training. It also discusses IEEE 802.11 standards, web security threats, and the architecture of SSL/TLS protocols for secure communication. Additionally, it highlights the functionalities of Secure Shell (SSH) for server authentication and data integrity.

Uploaded by

Mithuna H.R
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Wireless and Web Security – Notes

Wireless Network Security


Wireless security involves the protection of wireless networks from unauthorized access or
damage. This includes safeguarding Wi-Fi and mobile networks.

Wireless Network Threats


Wireless networks are vulnerable to eavesdropping, spoofing, denial-of-service attacks, and
rogue access points.

Wireless Network Security Measures


Security measures include WPA3 encryption, MAC filtering, disabling SSID broadcast, and
regularly updating firmware.

Mobile Device Security


Includes protecting smartphones and tablets from unauthorized access, data leakage, and
malware.

Security Threats
Threats include loss/theft, malicious apps, phishing, and unsecured Wi-Fi connections.

Mobile Device Security Strategy


Use device encryption, remote wipe, secure app stores, MDM solutions, and user awareness
training.

IEEE 802.11 Wireless LAN Overview


IEEE 802.11 defines standards for wireless LANs. It supports communication via access
points and includes various protocols like 802.11a/b/g/n/ac/ax.

Wi-Fi Alliance
A global non-profit association that certifies Wi-Fi products for interoperability, security,
and reliability.
IEEE 802 Protocol Architecture
Consists of MAC and PHY layers. Ensures standardized communication between wireless
devices.

IEEE 802.11i Security


Enhances 802.11 security by introducing Robust Security Network (RSN), AES encryption,
and key management.

IEEE 802.11i Phases of Operation


1. Discovery Phase
2. Authentication Phase
3. Key Management Phase
4. Protected Data Transfer Phase

IEEE 802.11i Pseudorandom Function


Used in key generation and cryptographic operations to ensure secure communication.

Web Security Considerations


Web security involves securing websites, browsers, and user sessions from threats such as
phishing, malware, and cross-site scripting (XSS).

Web Security Threats


Includes eavesdropping, session hijacking, cross-site request forgery (CSRF), and drive-by
downloads.

Web Traffic Security Approaches


Use of HTTPS, content security policies, web application firewalls (WAF), and secure
cookies.

Secure Sockets Layer (SSL)

SSL Architecture
Provides secure communication using encryption, authentication, and integrity.
SSL Record Protocol
Ensures confidentiality and integrity of application data using symmetric encryption and
MAC.

Change Cipher Spec Protocol


Notifies the peer to activate the negotiated security parameters.

Alert Protocol
Conveys alerts about errors or warnings during SSL sessions.

Handshake Protocol
Used to negotiate security algorithms and authenticate parties before secure
communication.

Cryptographic Computations
Involves symmetric and asymmetric encryption, hashing, and key exchange methods.

Transport Layer Security (TLS)


TLS is the successor to SSL, offering improved security and efficiency.

TLS Components
Includes version number, MACs, pseudorandom functions, alert codes, cipher suites,
certificate types, and cryptographic computations including padding.

HTTPS
HTTPS uses TLS to secure HTTP traffic, ensuring encrypted communication between
browser and server.

HTTPS Connection Initiation and Closure


The TLS handshake is initiated when connecting, and session keys are discarded upon
closure to prevent reuse.
Secure Shell (SSH)

SSH Transport Layer Protocol


Provides server authentication, confidentiality, and integrity with key exchange algorithms.

SSH User Authentication Protocol


Supports multiple methods including passwords, public keys, and host-based
authentication.

SSH Connection Protocol


Allows multiple logical channels (e.g., terminal sessions, file transfers) over a single SSH
connection.

You might also like