网件无线交换机技术培训.ppt

Layer 1 Jamming Attacks Involves sending sufficient RF noise to drown out any 802.11 communication Illegal in most countries – but difficult to enforce because the jammer can be hard to find YDI “DoS-in-a-box” costs $695 Layer 1 Jamming Detection Aruba Air Monitors and APs constantly measure signal-to-noise ratio (SNR) Interference Detection logs can be correlated to detect a jamming attack in progress If SNR drops below a certain threshold on a single channel, ARM will be able to react and move to a new channel If SNR drops below a certain threshold across a wider spectrum, the administrator can be automatically notified that a jamming attack is taking place Interference Detection * 802.11i/Wi-Fi Protected Access 2.0 Amendment to the original 802.11 standard Specifies security mechanisms for wireless networks (Wi-Fi) Major 802.11i components include: 802.1X for authentication RSN for keeping track of associations AES-based CCMP encryption Four-way authentication handshake * xSec xSec enjoys all of the same security benefits as 802.11i with the addition of higher levels of encryption and FIP compliancy xSec functionality is same as 802.11i with: Wired and wireless functionality Higher encryption levels Major xSec components are: 802.1X for authentication RSN for keeping track of associations AES-CBC-256 and HMAC-SHA1 Four-way authentication handshake * Configuring 802.1x/802.11i * Wireless Security Best Practices Use WPA or WPA2 wherever possible Migrate to full 802.11i as drivers and equipment allow Leverage firewall policies to protect legacy networks Pure Windows environments: use EAP-PEAP Pure Windows rollouts with existing PKI: TLS is an option for greater security Always validate server certificate to prevent man in the middle attacks * EAP Methods Comparison * WFS709TP RADIUS Compatibility Lab four Create SSID and test client association Guest Access Guest Access Guess access can be created from the Basic or Advanced configuration me