march 2003 slide 1 802.11 security (again, sorry) darrin miller [email protected]
TRANSCRIPT
March 2003
Slide 2
Agenda
• Today• Tomorrow• Public WLANs• Private WLANs• Future
March 2003
Slide 3
Today
• Proprietary Implementations – Variety of implementations that thwart the large threats
to 802.11 Wireless LANs (WLANs)
• WiFi Protected Access (WPA)– Imminent, and again mitigates the large threats to
802.11 WLANs
• Tunneling overlays (SSL, SSH, IPsec)
March 2003
Slide 4
Tomorrow - 802.11 – Task Group i (TGi)
• Pros– Stronger Encryption (AES)– More complete features and mitigation of threats
• authenticated management frames• Secure ad-hoc networking• Secure roaming
• Challenges– Must evaluate the entire system for security – Relies on other entities for security (IETF) – How soon will TGi be finished and how soon will vendors
produce interoperable products– EAP acronym soup (EAP-TLS, PEAP, EAP-TTLS)
March 2003
Slide 5
Public WLANs
• Today– Authentication Mandatory– Typically No Confidentiality– Limited Roaming– Dedicated Access Points
• Tomorrow– Legacy Device Support– Roaming Mandatory– Fraud Protection– Confidentiality Desired– Shared Use Access Points
March 2003
Slide 6
Private WLANs
• Today– Authentication Mandatory
– Confidentiality Mandatory
– Legacy Device Support
• Tomorrow– QOS Support Mandatory (VoIP)
– Secure Roaming Mandatory
– Legacy Device Support
– Easier Deployment
– Easier Management
March 2003
Slide 7
Future - Devices in Motion
• Handoff of service between WLAN and Wireless WAN– Authentication assurance– Confidentiality assurance– Consistency across standards bodies (?)
• Public Services Based Network– Corporate Application Access
• User Based Public Service– Personal Use
• User Based Private to Public Service– How do we consistently authenticate the user to the both services– Corporate Security Policy compliance. Is it OK to be connected to
two networks at once. Will the end user or corporation even know?
March 2003
Slide 8
Feedback?