chapter 13 802.11 network security architecture
DESCRIPTION
Certified Wireless Network Administrator (CWNA) PW0-105. Chapter 13 802.11 Network Security Architecture. Chapter 13 Overview. 802.11 Security Basics Legacy 802.11 Security Robust Security Traffic Segmentation Infrastructure Security VPN Wireless Security. 2. - PowerPoint PPT PresentationTRANSCRIPT
Certified Wireless Network Administrator (CWNA)PW0-105
Chapter 13802.11 Network Security Architecture
Chapter 13 Overview
• 802.11 Security Basics• Legacy 802.11 Security• Robust Security• Traffic Segmentation• Infrastructure Security• VPN Wireless Security
2Certified Wireless Network Administrator: CWNA – PW0-105
802.11 Security Basics
• Data privacy• AAA
Segmentation• Monitoring• Policy
3Certified Wireless Network Administrator: CWNA – PW0-105
Data Privacy
• About the protection of data and the prevention of unauthorized access to it
• Uses encryption– RC4– AES
• Exercise 13.1
4Certified Wireless Network Administrator: CWNA – PW0-105
AAA
• Authentication– Who are you?– What are you?
• Authorization– What can you do?
• Accounting– What did you do?
5Certified Wireless Network Administrator: CWNA – PW0-105
Segmentation
• LANs• WANs• VLANs
6Certified Wireless Network Administrator: CWNA – PW0-105
Policy
• Defines how computer systems must be implemented– Specific WiFi policies must be created– Traditional wired policies are not sufficient
7Certified Wireless Network Administrator: CWNA – PW0-105
Legacy 802.11 Security
• Legacy authentication– Open System– Shared Key
• Static WEP encryption• MAC filters• SSID cloaking or hiding
8Certified Wireless Network Administrator: CWNA – PW0-105
WEP Key and IV
9Certified Wireless Network Administrator: CWNA – PW0-105
Robust Security vs. Legacy Security
10Certified Wireless Network Administrator: CWNA – PW0-105
Robust Security Network (RSN)
11Certified Wireless Network Administrator: CWNA – PW0-105
• 802.11-2007, originally 802.11i, define an RSN– STAs must use the 4-way handshake– STAs must use CCMP or TKIP
• Pre-Shared Key (PSK)
• Proprietary PSK– Dynamic PSK and Private PSK are examples
• 802.1X/EAP
802.1X Comparison
12Certified Wireless Network Administrator: CWNA – PW0-105
WLAN Bridging and 802.1X
13Certified Wireless Network Administrator: CWNA – PW0-105
802.1X/EAP Architecture and Process
14Certified Wireless Network Administrator: CWNA – PW0-105
EAP Types
15Certified Wireless Network Administrator: CWNA – PW0-105
Traffic Segmentation
16Certified Wireless Network Administrator: CWNA – PW0-105
• VLANs– Guest– Voice– Data
• RBAC
Wireless VLANs
17Certified Wireless Network Administrator: CWNA – PW0-105
Infrastructure Security
18Certified Wireless Network Administrator: CWNA – PW0-105
VPN Wireless Security (Hotspot)
19Certified Wireless Network Administrator: CWNA – PW0-105
VPN Wireless Security (Site-to-Site)
20Certified Wireless Network Administrator: CWNA – PW0-105
Chapter 13 Summary
• 802.11 Security Basics• Legacy 802.11 Security• Robust Security• Traffic Segmentation• Infrastructure Security• VPN Wireless Security
21Certified Wireless Network Administrator: CWNA – PW0-105