ch06 wireless network security
DESCRIPTION
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark CiampaKnowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs). CNIT 120: Network Securityhttp://samsclass.info/120/120_S09.shtml#lecturePolicy: http://samsclass.info/policy_use.htmMany thanks to Sam Bowne for allowing to publish these presentations.TRANSCRIPT
![Page 1: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/1.jpg)
Security+ Guide to Security+ Guide to Network Security Network Security
Fundamentals, Third Fundamentals, Third EditionEditionChapter 6Chapter 6
Wireless Network SecurityWireless Network Security
![Page 2: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/2.jpg)
TJX Data BreachTJX Data Breach
TJX used WEP TJX used WEP security security
They lost 45 They lost 45 million million customer customer recordsrecords
They settled the They settled the lawsuits for lawsuits for $40.9 million$40.9 million• Link Ch 6aLink Ch 6a
![Page 3: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/3.jpg)
ObjectivesObjectives
Describe the basic IEEE 802.11 Describe the basic IEEE 802.11 wireless security protectionswireless security protections
Define the vulnerabilities of open Define the vulnerabilities of open system authentication, WEP, and system authentication, WEP, and device authenticationdevice authentication
Describe the WPA and WPA2 personal Describe the WPA and WPA2 personal security modelssecurity models
Explain how enterprises can Explain how enterprises can implement wireless securityimplement wireless security
![Page 4: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/4.jpg)
IEEE 802.11 Wireless IEEE 802.11 Wireless Security ProtectionsSecurity Protections
![Page 5: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/5.jpg)
Institute of Electrical and Institute of Electrical and Electronics Engineers (IEEE)Electronics Engineers (IEEE)
In the early 1980s, the IEEE began In the early 1980s, the IEEE began work on developing computer work on developing computer network architecture standardsnetwork architecture standards• This work was called Project 802This work was called Project 802
In 1990, the IEEE formed a committee In 1990, the IEEE formed a committee to develop a standard for WLANs to develop a standard for WLANs (Wireless Local Area Networks)(Wireless Local Area Networks)• At that time WLANs operated at a speed At that time WLANs operated at a speed
of 1 to 2 million bits per second (Mbps)of 1 to 2 million bits per second (Mbps)
![Page 6: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/6.jpg)
IEEE 802.11 WLAN StandardIEEE 802.11 WLAN Standard
In 1997, the IEEE approved the IEEE In 1997, the IEEE approved the IEEE 802.11 WLAN standard802.11 WLAN standard
RevisionsRevisions• IEEE 802.11aIEEE 802.11a• IEEE 802.11bIEEE 802.11b• IEEE 802.11gIEEE 802.11g• IEEE 802.11nIEEE 802.11n
![Page 7: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/7.jpg)
Controlling Access to a WLANControlling Access to a WLAN
Access is controlled by limiting a Access is controlled by limiting a device’s access to the access point device’s access to the access point (AP)(AP)
Only devices that are authorized can Only devices that are authorized can connect to the APconnect to the AP• One way: Media Access Control (MAC) One way: Media Access Control (MAC)
address filteringaddress filtering• CCSF uses this technique (unfortunately)CCSF uses this technique (unfortunately)• See www.ccsf.edu/wifiSee www.ccsf.edu/wifi
![Page 8: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/8.jpg)
Controlling AccessControlling Access
![Page 9: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/9.jpg)
MAC Address FilteringMAC Address Filtering
![Page 10: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/10.jpg)
MAC Address FilteringMAC Address Filtering
Usually Usually implemented by implemented by permitting permitting instead of instead of preventingpreventing
CCSF does thisCCSF does thiswww.ccsf.edu/wifiwww.ccsf.edu/wifi
![Page 11: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/11.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
Designed to ensure that only Designed to ensure that only authorized parties can view authorized parties can view transmitted wireless informationtransmitted wireless information
Uses encryption to protect trafficUses encryption to protect traffic WEP was designed to be:WEP was designed to be:
• Efficient and reasonably strongEfficient and reasonably strong
11
![Page 12: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/12.jpg)
WEP KeysWEP Keys
WEP secret keys can be 64 or 128 WEP secret keys can be 64 or 128 bits longbits long
The AP and devices can hold up to The AP and devices can hold up to four shared secret keysfour shared secret keys• One of which must be designated as the One of which must be designated as the
default keydefault key
![Page 13: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/13.jpg)
![Page 14: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/14.jpg)
WEP Encryption ProcessWEP Encryption Process
![Page 15: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/15.jpg)
Transmitting with WEPTransmitting with WEP
![Page 16: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/16.jpg)
Device AuthenticationDevice Authentication
Before a computer can connect to a Before a computer can connect to a WLAN, it must be WLAN, it must be authenticatedauthenticated
Types of authentication in 802.11Types of authentication in 802.11• Open system authenticationOpen system authentication
Lets everyone inLets everyone in
• Shared key authenticationShared key authentication Only lets computers in if they know the Only lets computers in if they know the
shared keyshared key
![Page 17: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/17.jpg)
![Page 18: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/18.jpg)
![Page 19: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/19.jpg)
Vulnerabilities of IEEE Vulnerabilities of IEEE 802.11 Security802.11 Security
Open system authenticationOpen system authentication
MAC address filteringMAC address filtering
WEPWEP
![Page 20: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/20.jpg)
Open System AuthenticationOpen System Authentication
To connect, a computer To connect, a computer needs the SSID (network needs the SSID (network name)name)
Routers normally send Routers normally send out out beacon frames beacon frames announcing the SSIDannouncing the SSID
Passive scanningPassive scanning• A wireless device listens A wireless device listens
for a beacon framefor a beacon frame
![Page 21: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/21.jpg)
Turning Off BeaconingTurning Off Beaconing
For "security" some people turn off For "security" some people turn off beaconsbeacons• This annoys your legitimate users, who This annoys your legitimate users, who
must now type in the SSID to connectmust now type in the SSID to connect• It doesn't stop intruders, because the SSID It doesn't stop intruders, because the SSID
is sent out in management frames anywayis sent out in management frames anyway• It can also affect roamingIt can also affect roaming• Windows XP prefers networks that Windows XP prefers networks that
broadcastbroadcast
![Page 22: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/22.jpg)
![Page 23: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/23.jpg)
MAC Address Filtering MAC Address Filtering WeaknessesWeaknesses
MAC addresses are transmitted in the MAC addresses are transmitted in the clearclear• An attacker can just sniff for MACsAn attacker can just sniff for MACs
Managing a large number of MAC Managing a large number of MAC addresses is difficultaddresses is difficult
MAC address filtering does not provide a MAC address filtering does not provide a means to temporarily allow a guest user means to temporarily allow a guest user to access the network to access the network • Other than manually entering the user’s MAC Other than manually entering the user’s MAC
address into the access pointaddress into the access point
![Page 24: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/24.jpg)
WEPWEP To encrypt packets WEP can use only a To encrypt packets WEP can use only a
64-bit or 128-bit number64-bit or 128-bit number• Which is made up of a 24-bit initialization Which is made up of a 24-bit initialization
vector (IV) and a 40-bit or 104-bit default vector (IV) and a 40-bit or 104-bit default keykey
The 24-bit IV is too short, and repeats The 24-bit IV is too short, and repeats before longbefore long
In addition, packets can be replayed to In addition, packets can be replayed to force the access point to pump out IVsforce the access point to pump out IVs
![Page 25: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/25.jpg)
Cracking WEPCracking WEP With the right equipment, WEP can With the right equipment, WEP can
be cracked in just a few minutesbe cracked in just a few minutes• You need a special wireless cardYou need a special wireless card• We do it in CNIT 123: Ethical Hacking We do it in CNIT 123: Ethical Hacking
and Network Defenseand Network Defense
![Page 26: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/26.jpg)
Personal Wireless Personal Wireless SecuritySecurity
• WPA Personal SecurityWPA Personal Security• WPA2 Personal SecurityWPA2 Personal Security
![Page 27: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/27.jpg)
WPA Personal SecurityWPA Personal Security
Wireless Ethernet Compatibility Alliance Wireless Ethernet Compatibility Alliance (WECA)(WECA)• A consortium of wireless equipment A consortium of wireless equipment
manufacturers and software providersmanufacturers and software providers WECA goals:WECA goals:
• To encourage wireless manufacturers to use the To encourage wireless manufacturers to use the IEEE 802.11 technologiesIEEE 802.11 technologies
• To promote and market these technologiesTo promote and market these technologies• To test and certify that wireless products adhere To test and certify that wireless products adhere
to the IEEE 802.11 standards to ensure product to the IEEE 802.11 standards to ensure product interoperabilityinteroperability
![Page 28: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/28.jpg)
WPA Personal SecurityWPA Personal Security
In 2002, the WECA organization changed its In 2002, the WECA organization changed its name to name to Wi-Fi (Wireless Fidelity) AllianceWi-Fi (Wireless Fidelity) Alliance
In October 2003 the Wi-Fi Alliance introduced In October 2003 the Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA)Wi-Fi Protected Access (WPA)• WPA had the design goal to protect both present WPA had the design goal to protect both present
and future wireless devices, addresses both and future wireless devices, addresses both wireless authentication and encryptionwireless authentication and encryption
PSK addresses authentication and TKIP PSK addresses authentication and TKIP addresses encryptionaddresses encryption
![Page 29: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/29.jpg)
WPA Personal SecurityWPA Personal Security
Preshared key (PSK)Preshared key (PSK) authentication authentication• Uses a passphrase to generate the encryption Uses a passphrase to generate the encryption
keykey Key must be entered into both the access Key must be entered into both the access
point and all wireless devicespoint and all wireless devices• Prior to the devices communicating with the APPrior to the devices communicating with the AP
The PSK is not used for encryptionThe PSK is not used for encryption• Instead, it serves as the starting point (seed) Instead, it serves as the starting point (seed)
for mathematically generating the encryption for mathematically generating the encryption keyskeys
![Page 30: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/30.jpg)
Temporal Key Integrity Protocol Temporal Key Integrity Protocol (TKIP)(TKIP)
WPA replaces WEP with TKIPWPA replaces WEP with TKIP TKIP advantages:TKIP advantages:
• TKIP uses a longer 128-bit keyTKIP uses a longer 128-bit key• TKIP uses a new key for each packetTKIP uses a new key for each packet
![Page 31: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/31.jpg)
Message Integrity Check (MIC)Message Integrity Check (MIC) WPA also replaces the (CRC) function WPA also replaces the (CRC) function
in WEP with the in WEP with the Message Integrity Message Integrity Check (MIC)Check (MIC)• Designed to prevent an attacker from Designed to prevent an attacker from
capturing, altering, and resending data capturing, altering, and resending data packetspackets
• See link Ch 6bSee link Ch 6b
![Page 32: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/32.jpg)
WPA2 Personal SecurityWPA2 Personal Security
Wi-Fi Protected Access 2 (WPA2)Wi-Fi Protected Access 2 (WPA2)• Introduced by the Wi-Fi Alliance in Introduced by the Wi-Fi Alliance in
September 2004September 2004• The second generation of WPA securityThe second generation of WPA security• Still uses PSK (Pre-Shared Key) Still uses PSK (Pre-Shared Key)
authenticationauthentication• But instead of TKIP encryption it uses a But instead of TKIP encryption it uses a
stronger data encryption method called stronger data encryption method called AES-CCMPAES-CCMP
![Page 33: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/33.jpg)
WPA2 Personal SecurityWPA2 Personal Security
PSK AuthenticationPSK Authentication• Intended for personal and small office Intended for personal and small office
home office users who do not have home office users who do not have advanced server capabilitiesadvanced server capabilities
• PSK keys are automatically changed and PSK keys are automatically changed and authenticated between devices after a authenticated between devices after a specified period of time known as the specified period of time known as the rekey intervalrekey interval
![Page 34: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/34.jpg)
PSK Key Management PSK Key Management WeaknessesWeaknesses
People may send the key by e-mail or People may send the key by e-mail or another insecure methodanother insecure method
Changing the PSK key is difficultChanging the PSK key is difficult• Must type new key on every wireless Must type new key on every wireless
device and on all access pointsdevice and on all access points• In order to allow a guest user to have In order to allow a guest user to have
access to a PSK WLAN, the key must be access to a PSK WLAN, the key must be given to that guestgiven to that guest
![Page 35: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/35.jpg)
Pre-Shared Key WeaknessPre-Shared Key Weakness
A PSK is a 64-bit hexadecimal A PSK is a 64-bit hexadecimal numbernumber• Usually generated from a passphraseUsually generated from a passphrase
Consisting of letters, digits, punctuation, etc. Consisting of letters, digits, punctuation, etc. that is between 8 and 63 characters in that is between 8 and 63 characters in lengthlength
If the passphrase is a common word, If the passphrase is a common word, it can be found with a it can be found with a dictionary dictionary attackattack
![Page 36: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/36.jpg)
Cracking WPACracking WPA
![Page 37: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/37.jpg)
WPA2 Personal Security WPA2 Personal Security (continued)(continued)
AES-CCMP EncryptionAES-CCMP Encryption• Encryption under the WPA2 personal Encryption under the WPA2 personal
security model is accomplished by security model is accomplished by AES-AES-CCMPCCMP
• This encryption is so complex that it This encryption is so complex that it requires special hardware to be added requires special hardware to be added to the access points to perform itto the access points to perform it
![Page 38: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/38.jpg)
WPA and WPA2 ComparedWPA and WPA2 Compared
![Page 39: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/39.jpg)
Enterprise Wireless Enterprise Wireless SecuritySecurity
Two models:Two models:
IEEE 802.11i IEEE 802.11i
WPA and WPA2 modelsWPA and WPA2 models
![Page 40: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/40.jpg)
IEEE 802.11iIEEE 802.11i
Improves Improves encryptionencryption and and authenticationauthentication
EncryptionEncryption• Replaces WEP’s original PRNG RC4 Replaces WEP’s original PRNG RC4
algorithmalgorithm• With a stronger cipher that performs With a stronger cipher that performs
three steps on every block (128 bits) of three steps on every block (128 bits) of plaintextplaintext
![Page 41: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/41.jpg)
IEEE 802.11iIEEE 802.11i
IEEE 802.11i authentication and key IEEE 802.11i authentication and key management is accomplished by the management is accomplished by the IEEE 802.1x IEEE 802.1x standardstandard
![Page 42: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/42.jpg)
802.1x Authentication802.1x Authentication
![Page 43: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/43.jpg)
IEEE 802.11i (continued)IEEE 802.11i (continued) Key-cachingKey-caching
• Remembers a client, so if a user roams Remembers a client, so if a user roams away from a wireless access point and away from a wireless access point and later returns, she does not need to re-later returns, she does not need to re-enter her credentialsenter her credentials
Pre-authenticationPre-authentication• Allows a device to become authenticated Allows a device to become authenticated
to an AP before moving into range of the to an AP before moving into range of the APAP
• Authentication packet is sent aheadAuthentication packet is sent ahead
![Page 44: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/44.jpg)
WPA Enterprise SecurityWPA Enterprise Security
Designed for medium to large-size Designed for medium to large-size organizationsorganizations
Improved authentication and Improved authentication and encryptionencryption
The authentication used is IEEE The authentication used is IEEE 802.1x and the encryption is TKIP802.1x and the encryption is TKIP
![Page 45: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/45.jpg)
WPA Enterprise Security WPA Enterprise Security (continued)(continued)
IEEE 802.1x AuthenticationIEEE 802.1x Authentication• Provides an authentication framework Provides an authentication framework
for all IEEE 802-based LANsfor all IEEE 802-based LANs• Does not perform any encryptionDoes not perform any encryption
TKIP EncryptionTKIP Encryption• An improvement on WEP encryptionAn improvement on WEP encryption• Designed to fit into the existing WEP Designed to fit into the existing WEP
procedureprocedure
![Page 46: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/46.jpg)
WPA2 Enterprise SecurityWPA2 Enterprise Security
The most secure methodThe most secure method Authentication uses IEEE 802.1xAuthentication uses IEEE 802.1x Encryption is AES-CCMPEncryption is AES-CCMP
![Page 47: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/47.jpg)
Enterprise and Personal Enterprise and Personal Wireless Security ModelsWireless Security Models
![Page 48: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/48.jpg)
Enterprise Wireless Security Enterprise Wireless Security DevicesDevices
Thin Access PointThin Access Point• An access point without the An access point without the
authentication and encryption functionsauthentication and encryption functions These features reside on the These features reside on the wireless switchwireless switch
AdvantagesAdvantages• The APs can be managed from one The APs can be managed from one
central locationcentral location• All authentication is performed in the All authentication is performed in the
wireless switchwireless switch
![Page 49: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/49.jpg)
Enterprise Wireless Security Enterprise Wireless Security Devices (continued)Devices (continued)
![Page 50: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/50.jpg)
Enterprise Wireless Security Enterprise Wireless Security Devices (continued)Devices (continued)
Wireless VLANsWireless VLANs• Can segment traffic and increase Can segment traffic and increase
securitysecurity• The flexibility of a wireless VLAN The flexibility of a wireless VLAN
depends on which device separates the depends on which device separates the packets and directs them to different packets and directs them to different networksnetworks
![Page 51: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/51.jpg)
![Page 52: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/52.jpg)
![Page 53: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/53.jpg)
Enterprise Wireless Security Enterprise Wireless Security Devices (continued)Devices (continued)
For enhanced security, set up two For enhanced security, set up two wireless VLANswireless VLANs• One for employee accessOne for employee access• One for guest accessOne for guest access
![Page 54: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/54.jpg)
Rogue Access Point Discovery Rogue Access Point Discovery ToolsTools
Wireless protocol analyzerWireless protocol analyzer• Auditors carry it around sniffing for rogue Auditors carry it around sniffing for rogue
access pointsaccess points For more security, set up For more security, set up wireless wireless
probes probes to monitor the RF frequencyto monitor the RF frequency
![Page 55: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/55.jpg)
Types of Wireless ProbesTypes of Wireless Probes
Wireless device probeWireless device probe Desktop probeDesktop probe Access point probeAccess point probe Dedicated probeDedicated probe
![Page 56: Ch06 Wireless Network Security](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c902d84a795961428b45a9/html5/thumbnails/56.jpg)