市场营销全球无线区域网路市场销售值英文版.ppt

Attacks-Keystream Reuse Attacks- Message Authentication Attacks-Message Modification Attacks- Message Modification WEP lessons What could one do to improve WEP: Use long IV’s that are used only once in the lifetime of a shared key k Use a strong message authentication code (instead of a CRC code), that does depend on the key and the IV. What you should do: Don’t trust WEP. Don’t trust it more than sending plain messages over an Ethernet. However, WEP is usually seen as a good first deterrent against so-called “war drivers.” Put the wireless network outside your firewall There are new proprietary security solutions such as LEAP. Dynamic WEP using 802.1x Per-packet Initialization Vector (IV) Use other security mechanisms such as VPN, IPSec, ssh RADIUS Authentication Internet VPN Virtual Private Network W2KDC ROUTER Active Directory資料傳輸安全性 W2KDC ROUTER Internal Network SiteTP Internal Network SiteKH VPN Security Cracker Security - Threats Threats: Packet sniffing to intercept “clear-text” traffic Compromised static WEP Keys Packet sniffing/Cryptanalysis Laptop loss/theft Packet integrity compromise Rogue access-points Wireless LANs raise security implications not found with traditional wired LANs… Cracking Tools: Network Associates Inc. - Wireless Sniffer Pro 4.6 WildPackets Inc. – AiroPeek 1.1 NetStumbler AirSnort Security - LEAP Client Other client OSs: Cisco network logon application Installed with client adapter Front-ends standard network logon Uses Light EAP (LEAP) in client adapter firmware to interact with RADIUS server and user network logon info Windows Whistler release: Operating system (OS) incorporates EAP Ethernet supplicant: to work on MS-XP, Win2K, CE 4.0 natively; no legacy support Security - Centralized User-Based Authentication Authenticator (e.g. Access Point, Catalyst Switch) Supplicant Semi-Public Network / Enterprise Edge AuthenticationServer such as ACS2000 v2.6 RADIUS EAP Over Wireless/LAN (EAPOW/EAPOL) EAP