SlideShare a Scribd company logo

Ch 04 wireless security

Download as PPTX, PDF
C
ChaushreeeLamichhane

The document provides an overview of network security and wireless networking concepts. It discusses wireless security, Wi-Fi networks, wireless standards such as 802.11, wireless network components, and mobile device security threats and strategies. Key topics covered include wireless communication technologies, wireless network architectures, wireless access points, wireless encryption, and best practices for securing mobile devices in an enterprise network.

Related slideshows

"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
1 of 72
Network Security Er. Hari K.C. Asst. Professor Soch College of IT Tribhuvan University harikc@wrc.edu.np 1 Soch college of IT - Hari K.C.
Ch 04: Wireless Network Security
Wireless Security • Wireless security is protecting computers, smartphones, tablets, laptops and other portable devices along with the networks they are connected to, from threats and vulnerabilities associated with wireless computing. • Wireless communication refers to any type of data exchange between the parties that is performed wirelessly (over the air). • This definition is extremely wide, since it may correspond to many types of wireless technologies, like : -Wi-Fi Network Communication -Bluetooth Communication -Satellite Communication -Mobile Communication • All the technologies mentioned above use different communication architecture, however they all share the same "Wireless Medium" capability.
Wi-Fi • Wireless Fidelity (Wi-Fi) refers to wireless local area network, as we all know them. • It is based on IEEE 802.11 standard. Wi-Fi is a type of wireless network you meet almost everywhere, at your home, workplace, in hotels, restaurants and even in taxis, trains or planes. • These 802.11 communication standards operate on either 2.4 GHz or 5 GHz ISM radio bands. • These devices are easily available in the shops that are compatible with Wi-Fi standard, they have following image visible on the device itself. I bet you have seen it hundreds of times in various shops or other public places!
• Due to the fact, that 802.11 based wireless network are so heavily used in all types of environments • They are also the biggest subject for various security researches across other 802.11 standards. • Wireless clients are considered to be any end-devices with a wireless card or wireless adapter installed. • Now, in this 21st century, those devices can be almost anything : Modern Smartphones − These are one of the most universally used wireless devices you see in the market. They support multiple wireless standards on one box, for example, Bluetooth, Wi-Fi, GSM. Laptops − These are a type of device which we all use every single day! Smartwatch − An example of Sony based smartwatch is shown here. It can synchronize with your smartphone via a Bluetooth. Smart-home Equipment − With the current progress of the technology, smart-home equipment might be for example a freezer that you can control over Wi-Fi or a temperature controller.
• Access Point (AP) is the central node in 802.11 wireless implementations. • It is the interface between wired and wireless network, that all the wireless clients associate to and exchange data with. • For a home environment, most often you have a router, a switch, and an AP embedded in one box, making it really usable for this purpose.
Base Transceiver Station • Base Transceiver Station (BTS) is the equivalent of an Access Point from 802.11 world, but used by mobile operators to provide a signal coverage, example. 3G, GSM etc.
• In corporate wireless implementation, the number of Access Points is often counted in hundreds or thousands of units. • It would not be administratively possible to manage all the AP's and their configuration (channel assignments, optimal output power, roaming configuration, creation of SSID on each and every AP, etc.) separately. • This is the situation, where the concept of wireless controller comes into play. It is the "Mastermind" behind all the wireless network operation.
• SSID directly identifies the wireless WLAN itself. In order to connect to Wireless LAN, the wireless client needs to send the same exact SSID in the association frame as the SSID name, preconfigured on the AP.
• A cell is basically a geographical region covered by the AP's or BTS's antenna (transmitter). In the following image, a cell is marked with a yellow line. • Wireless Networks may be configured to support multiple 802.11 standards. Some of them operate on the 2.4GHz band (example are: 802.11b/g/n) and other ones on the 5GHz band (example: 802.11a/n/ac). • Depending on the band, there is a predefined set of sub-bands defined for each channel.
• Antennas are used to "translate" information flowing as an electrical signal inside the cable and into the electromagnetic field, which is used to transmit the frame over a wireless medium. • Every wireless device (either AP or any type of wireless client device) has an antenna that includes a transmitter and the receiver module. It can be external and visible to everyone around or built-in, as most of the laptops or smartphones nowadays have.
Wireless networks and standards • Wireless network may be classified into different categories based on the range of operation they offer. • The most common classification scheme divides the wireless networks into four categories listed in the table below, together with short examples.
Ch 04 wireless security
• Since the beginning of IEEE 802.11 standard, the wireless networks were evolving at a significant pace. • People saw the potential in this type of data transmission, therefore 802.11 successors were showing up, few years after each other. • The following table summarizes the current 802.11 standards that are used in our times −
Mobile device security • Mobile Device Security refers to the measures designed to protect sensitive information stored on and transmitted by laptops, smartphones, tablets, wearables, and other portable devices. • In the age of mobile computing, the security of mobile devices is essential and increasingly in demand because personal data and business information are now stored and access from smartphones. • Devices like smartphones, tablets, phablets, PDAs, and other such devices come under mobile devices. • Most users and businesses seek to help them communicate, organize, manage their work and private life. • By 2022, there will be more than 6 billion users worldwide who will be using smartphones.
• At the root of mobile device security is the goal of keeping unauthorized users from accessing the enterprise network. It is one aspect of a complete enterprise security plan. • With more than half of business PCs now mobile, portable devices present distinct challenges to network security, which must account for all of the locations and uses that employees require of the company network. • Potential threats to devices include malicious mobile apps, phishing scams, data leakage, spyware, and unsecure Wi-Fi networks. • On top of that, enterprises have to account for the possibility of an employee losing a mobile device or the device being stolen. • To avoid a security breach, companies should take clear, preventative steps to reduce the risk.
Mobile device Threats • As a security specialist, it is essential to know about the types of malware associated with mobile devices. • Mobile spyware: Spyware is malicious software that can creep into apparently compassionate programs and, in secret, monitor your activity, track your geo-location, as well as steal sensitive passwords. • Mobile banking Trojans: These are mobile banking viruses that target and steal your bank details. In the year 2017, mobile banking Trojans hit around 260,000 users across 160+ countries. They acted as if they are legitimate bank applications and then stolen all users' bank and account details. • Rooting malware: These types of malware try to gain root access to any mobile devices for providing its creators or cybercriminals the administrative privileges as well as access to that victim's files. • SMS malware: These are used to manipulate mobile phones in sending premium-rated SMSs, texts without letting the user know about them, and in the month-end, a large bill comes up to that target user.
Benefits of mobile device security Mobile device security, or mobile device management, provides the following: • Regulatory compliance • Security policy enforcement • Support of “bring your own device” (BYOD) • Remote control of device updates • Application control • Automated device registration • Data backup
Types of mobile device security • Enterprise Mobile Management platform: In addition to setting up internal device policies that protect against unauthorized access, it’s equally important to have an Enterprise Mobile Management (EMM) platform that enables IT to gather real-time insights to catch potential threats. • Email security: Email is the most popular way for hackers to spread ransomware and other malware. To combat such attacks, it’s critical for businesses to be armed with advanced email security that can detect, block, and address threats faster; prevent any data loss; and protect important information in transit with end-to-end encryption. • Endpoint protection: This approach protects enterprise networks that are remotely accessed by mobile devices. Endpoint security protects companies by ensuring that portable devices follow security standards and by quickly alerting security teams of detected threats before they can do damage. Endpoint protection also allows IT administrators to monitor operation functions and data backup strategies.
• VPN: A virtual private network, or VPN, extends a private network across a public network. This enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs’ encryption technology allows remote users and branch offices to securely access corporate applications and resources. • Secure web gateway: A secure web gateway protects against online security threats by enforcing company security policies and defending against phishing and malware in real-time. This is especially important for cloud security as this type of protection can identify an attack on one location and immediately stop it at other branches. • Cloud access security broker: A cloud access security broker (CASB) is a tool that sits between cloud service consumers and cloud service providers to enforce security, compliance, and governance policies for cloud applications. CASBs help organizations extend the security controls of their on-premises infrastructure to the cloud.
Working of Mobile device security • Mobile device security protects an enterprise from unknown or malicious outsiders being able to access sensitive company data. • Securing mobile devices requires a multi-layered approach and investment in enterprise solutions. • While there are key elements to mobile device security, each organization needs to find what best fits its network. • Here are some mobile security best practices:
1. Establish, share, and enforce clear policies and processes • Mobile device rules are only as effective as a company’s ability to properly communicate those policies to employees. Mobile device security should include clear rules about: • What devices can be used • Allowed OS levels • What the company can and cannot access on a personal phone • Whether IT can remote wipe a device • Password requirements and frequency for updating passwords
2. Password protection • One of the most basic ways to prevent unauthorized access to a mobile device is to create a strong password, and yet weak passwords are still a persistent problem that contribute to the majority of data hacks. • Another common security problem is workers using the same password for their mobile device, email, and every work-related account. • It is critical that employees create strong, unique passwords (of at least eight characters) and create different passwords for different accounts.
3. Leverage biometrics • Instead of relying on traditional methods of mobile access security, such as passwords, some companies are looking to biometrics as a safer alternative. • Biometric authentication is when a computer uses measurable biological characteristics, such as face, fingerprint, voice, or iris recognition for identification and access. • Multiple biometric authentication methods are now available on smartphones and are easy for workers to set up and use.
4. Avoid public Wi-Fi • A mobile device is only as secure as the network through which it transmits data. • Companies need to educate employees about the dangers of using public Wi-Fi networks, which are vulnerable to attacks from hackers who can easily breach a device, access the network, and steal data. • The best defense is to encourage smart user behavior and prohibit the use of open Wi-Fi networks, no matter the convenience.
5. Beware of apps • Malicious apps are some of the fastest growing threats to mobile devices. • When an employee unknowingly downloads one, either for work or personal reasons, it provides unauthorized access to the company’s network and data. • To combat this rising threat, companies have two options: instruct employees about the dangers of downloading unapproved apps, or ban employees from downloading certain apps on their phones altogether.
6. Mobile device encryption: • Most mobile devices are bundled with a built-in encryption feature. Users need to locate this feature on their device and enter a password to encrypt their device. • With this method, data is converted into a code that can only be accessed by authorized users. • This is important in case of theft, and it prevents unauthorized access
IEEE 802.11 Wireless LAN Overview 1. The Wi-Fi Alliance 2. IEEE 802 Protocol Architecture 3. IEEE 802.11 Network Components and Architectural Model 4. IEEE 802.11 Service
The Wi-Fi Alliance • Wi-Fi Alliance drives global Wi-Fi adoption and evolution through thought leadership, spectrum advocacy, and industry-wide collaboration. • IEEE - Institute of Electrical and Electronics Engineers • IEEE 802 - Committee - LAN • IEEE 802.11 - Committee - WLAN • Develop a protocols and transmission specifications for WLANs • WECA - Wireless Ethernet Compatibility Alliance industry consortium formed in 1999 -> to assist interoperability of products - > to concern with large range of WLAN markets including enterprize, home and hot spots.
Ch 04 wireless security
2. IEEE 802 Protocol Architecture
Physical layer
Medium access control layer and Logical link control layer
MPDU frame format • Media acces control layer convert data from MDSU to MPDU • MSDU== Mac service data unit • MPDU== Mac protocol data unit
Ch 04 wireless security
IEEE 802.11 Network Components and Architectural Model
• BSS - Basic Service Set • DS - Distribution System • AP - Access Point • IBSS - Independent BSS • ESS - Extended Service Set
• Basic service set (BSS) • The smallest building block of a wireless LAN, which consists of wireless stations executing the same MAC protocol and competing for access to the same shared wireless medium. • A BSS may be isolated, or it may connect to a backbone Distribution system (DS) through an access point (AP). • The AP functions as a bridge and a relay point. • When all the stations in the BSS are mobile stations that communicate directly with one another (not using an AP), the BSS is called an independent BSS (IBSS). An IBSS is typically an ad hoc network.
IEEE 802.11 Service
• The Services that needs to be provided by the wireless LAN to achieve the functionality equivalent to that which is inherent to wired LAN. • Categorization of Service: Service Based on Provider • DS - Distribution System • SS - Service Station Based on the Nature of Service • LAN Access • MSDU Delivery
Ch 04 wireless security
Ch 04 wireless security
Ch 04 wireless security
Ch 04 wireless security
802.11 i Wireless LAN security
Ch 04 wireless security
802.11 i RSN services and Protocols
802.11 i phases of operation
Ch 04 wireless security
Ch 04 wireless security
802.11 i Discovery and Authentication phases
Ch 04 wireless security
802.1 X access control approach
Ch 04 wireless security
802.11 i Key Hierarchy
Ch 04 wireless security
802.11 i key management phase
Ch 04 wireless security
Ch 04 wireless security
Ch 04 wireless security
802.11 i protected data transfer phase
Wireless Application Protocol (WAP)
Ch 04 wireless security
WAP protocol layer
WAE – WIRELESS APPLICATION ENVIRONMENT • The Wireless Application Environment (WAE) defines the following functions: • Wireless Markup Language (WML). • WML is an XML-based markup language for the visual display of WAP-based contents. Once HTML and WML will converge into XML, many compatibility problems, during conversion from HTML to WML, will cease to exist. • WML Script. • A script language, very similar to JavaScript. • • Wireless Telephony Application (WTA, WTAI). • Telephony services and Programming interfaces. • • Content formats. • These are specifications for data formats, including images, telephone directories, calendar information, and so on. • The WAE corresponds to the application layer in the OSI model.
WSP – WIRELESS SESSION PROTOCOL • The Wireless Session Protocol (WSP) implements an interface for connection-oriented and connectionless session services. The connection-oriented session service operates using the protocol of the transaction layer. However, the connectionless session service uses a secure or non-secure datagram service. • WSP offers the following basic functions: - Functions and semantics of HTTP/1.1, using a compact coding scheme - Pausing and resuming sessions - A general facility for reliable and unreliable data push - Negotiation of protocol functions
WTP – WIRELESS TRANSACTION PROTOCOL • The Wireless Transaction Protocol (WTP) is a transaction-oriented protocol, executed using a datagram service. WTP offers the following functions: • Three classes of transaction services (a) Unreliable one-way requests (b) Reliable one-way requests (c) Reliable two-way request/response transactions • Optional user-to-user reliability feature. • The WTP user triggers confirmation for each received message. • Optional out-of-band data for confirmations. • Protocol Data Unit (PDU) chaining and delayed confirmation. • In order to reduce the number of sent messages
WTLS – WIRELESS TRANSACTION LAYER SECURITY • The WTLS layer implements a security protocol based on the TLS (Transport Layer Security) industry standard. WTLS is intended for use with the WAP transport protocols and has the following features: • Data integrity – WTLS ensures that the data sent between the terminal and an application server is in no way altered or damaged. • Confidentiality – WTLS ensures that the data sent between the terminal and an application server remains confidential and cannot be understood by any other participant who may have intercepted the data stream. • Authentication – WTLS ensures the authenticity of the terminal and of the application server. • Denial-of-service protection – Wireless Transaction Layer Security (WTLS) contains features that will recognize and reject data that has been repeated or not verified successfully. WTLS hinders many typical denial-of-service attacks and protects the upper protocol layers. Though, this is not a perfect solution.
WDP – WIRELESS DATAGRAM PROTOCOL • The WDP layer operates on various bearers that depend on the used network type. • WDP offers a consistent interface for the upper layers, so that • communications occurs transparently using one of the available bearer services. • Therefore, the transport layer is adapted to the specific functions of the underlying bearer.
BEARER • The bearers that are used by the WAP protocol stack form the lower interface of the datagram service and allow the WAP to be used for various network types with specific bearer functions. Thus, WDP is defined for a variety of bearers. For an IP bearer, the transport protocol (WDP) is implemented by User Datagram Protocol (UDP). WCMP – WIRELESS CONTROL MESSAGE PROTOCOL • The Wireless Control Message Protocol defines the error reporting mechanism for WDP datagrams as well as the protocol elements that can be used for diagnosis and informational purposes (for example, WCMP echo request and response). WCMP is determined depending on the bearer used. In IP-based networks, WCMP functions are implemented using the Internet Control Message Protocol (ICMP).
WAP infrastructure
End of chapter 04

More Related Content

Ch 04 wireless security

  • 1. Network Security Er. Hari K.C. Asst. Professor Soch College of IT Tribhuvan University harikc@wrc.edu.np 1 Soch college of IT - Hari K.C.
  • 2. Ch 04: Wireless Network Security
  • 3. Wireless Security • Wireless security is protecting computers, smartphones, tablets, laptops and other portable devices along with the networks they are connected to, from threats and vulnerabilities associated with wireless computing. • Wireless communication refers to any type of data exchange between the parties that is performed wirelessly (over the air). • This definition is extremely wide, since it may correspond to many types of wireless technologies, like : -Wi-Fi Network Communication -Bluetooth Communication -Satellite Communication -Mobile Communication • All the technologies mentioned above use different communication architecture, however they all share the same "Wireless Medium" capability.
  • 4. Wi-Fi • Wireless Fidelity (Wi-Fi) refers to wireless local area network, as we all know them. • It is based on IEEE 802.11 standard. Wi-Fi is a type of wireless network you meet almost everywhere, at your home, workplace, in hotels, restaurants and even in taxis, trains or planes. • These 802.11 communication standards operate on either 2.4 GHz or 5 GHz ISM radio bands. • These devices are easily available in the shops that are compatible with Wi-Fi standard, they have following image visible on the device itself. I bet you have seen it hundreds of times in various shops or other public places!
  • 5. • Due to the fact, that 802.11 based wireless network are so heavily used in all types of environments • They are also the biggest subject for various security researches across other 802.11 standards. • Wireless clients are considered to be any end-devices with a wireless card or wireless adapter installed. • Now, in this 21st century, those devices can be almost anything : Modern Smartphones − These are one of the most universally used wireless devices you see in the market. They support multiple wireless standards on one box, for example, Bluetooth, Wi-Fi, GSM. Laptops − These are a type of device which we all use every single day! Smartwatch − An example of Sony based smartwatch is shown here. It can synchronize with your smartphone via a Bluetooth. Smart-home Equipment − With the current progress of the technology, smart-home equipment might be for example a freezer that you can control over Wi-Fi or a temperature controller.
  • 6. • Access Point (AP) is the central node in 802.11 wireless implementations. • It is the interface between wired and wireless network, that all the wireless clients associate to and exchange data with. • For a home environment, most often you have a router, a switch, and an AP embedded in one box, making it really usable for this purpose.
  • 7. Base Transceiver Station • Base Transceiver Station (BTS) is the equivalent of an Access Point from 802.11 world, but used by mobile operators to provide a signal coverage, example. 3G, GSM etc.
  • 8. • In corporate wireless implementation, the number of Access Points is often counted in hundreds or thousands of units. • It would not be administratively possible to manage all the AP's and their configuration (channel assignments, optimal output power, roaming configuration, creation of SSID on each and every AP, etc.) separately. • This is the situation, where the concept of wireless controller comes into play. It is the "Mastermind" behind all the wireless network operation.
  • 9. • SSID directly identifies the wireless WLAN itself. In order to connect to Wireless LAN, the wireless client needs to send the same exact SSID in the association frame as the SSID name, preconfigured on the AP.
  • 10. • A cell is basically a geographical region covered by the AP's or BTS's antenna (transmitter). In the following image, a cell is marked with a yellow line. • Wireless Networks may be configured to support multiple 802.11 standards. Some of them operate on the 2.4GHz band (example are: 802.11b/g/n) and other ones on the 5GHz band (example: 802.11a/n/ac). • Depending on the band, there is a predefined set of sub-bands defined for each channel.
  • 11. • Antennas are used to "translate" information flowing as an electrical signal inside the cable and into the electromagnetic field, which is used to transmit the frame over a wireless medium. • Every wireless device (either AP or any type of wireless client device) has an antenna that includes a transmitter and the receiver module. It can be external and visible to everyone around or built-in, as most of the laptops or smartphones nowadays have.
  • 12. Wireless networks and standards • Wireless network may be classified into different categories based on the range of operation they offer. • The most common classification scheme divides the wireless networks into four categories listed in the table below, together with short examples.
  • 14. • Since the beginning of IEEE 802.11 standard, the wireless networks were evolving at a significant pace. • People saw the potential in this type of data transmission, therefore 802.11 successors were showing up, few years after each other. • The following table summarizes the current 802.11 standards that are used in our times −
  • 15. Mobile device security • Mobile Device Security refers to the measures designed to protect sensitive information stored on and transmitted by laptops, smartphones, tablets, wearables, and other portable devices. • In the age of mobile computing, the security of mobile devices is essential and increasingly in demand because personal data and business information are now stored and access from smartphones. • Devices like smartphones, tablets, phablets, PDAs, and other such devices come under mobile devices. • Most users and businesses seek to help them communicate, organize, manage their work and private life. • By 2022, there will be more than 6 billion users worldwide who will be using smartphones.
  • 16. • At the root of mobile device security is the goal of keeping unauthorized users from accessing the enterprise network. It is one aspect of a complete enterprise security plan. • With more than half of business PCs now mobile, portable devices present distinct challenges to network security, which must account for all of the locations and uses that employees require of the company network. • Potential threats to devices include malicious mobile apps, phishing scams, data leakage, spyware, and unsecure Wi-Fi networks. • On top of that, enterprises have to account for the possibility of an employee losing a mobile device or the device being stolen. • To avoid a security breach, companies should take clear, preventative steps to reduce the risk.
  • 17. Mobile device Threats • As a security specialist, it is essential to know about the types of malware associated with mobile devices. • Mobile spyware: Spyware is malicious software that can creep into apparently compassionate programs and, in secret, monitor your activity, track your geo-location, as well as steal sensitive passwords. • Mobile banking Trojans: These are mobile banking viruses that target and steal your bank details. In the year 2017, mobile banking Trojans hit around 260,000 users across 160+ countries. They acted as if they are legitimate bank applications and then stolen all users' bank and account details. • Rooting malware: These types of malware try to gain root access to any mobile devices for providing its creators or cybercriminals the administrative privileges as well as access to that victim's files. • SMS malware: These are used to manipulate mobile phones in sending premium-rated SMSs, texts without letting the user know about them, and in the month-end, a large bill comes up to that target user.
  • 18. Benefits of mobile device security Mobile device security, or mobile device management, provides the following: • Regulatory compliance • Security policy enforcement • Support of “bring your own device” (BYOD) • Remote control of device updates • Application control • Automated device registration • Data backup
  • 19. Types of mobile device security • Enterprise Mobile Management platform: In addition to setting up internal device policies that protect against unauthorized access, it’s equally important to have an Enterprise Mobile Management (EMM) platform that enables IT to gather real-time insights to catch potential threats. • Email security: Email is the most popular way for hackers to spread ransomware and other malware. To combat such attacks, it’s critical for businesses to be armed with advanced email security that can detect, block, and address threats faster; prevent any data loss; and protect important information in transit with end-to-end encryption. • Endpoint protection: This approach protects enterprise networks that are remotely accessed by mobile devices. Endpoint security protects companies by ensuring that portable devices follow security standards and by quickly alerting security teams of detected threats before they can do damage. Endpoint protection also allows IT administrators to monitor operation functions and data backup strategies.
  • 20. • VPN: A virtual private network, or VPN, extends a private network across a public network. This enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs’ encryption technology allows remote users and branch offices to securely access corporate applications and resources. • Secure web gateway: A secure web gateway protects against online security threats by enforcing company security policies and defending against phishing and malware in real-time. This is especially important for cloud security as this type of protection can identify an attack on one location and immediately stop it at other branches. • Cloud access security broker: A cloud access security broker (CASB) is a tool that sits between cloud service consumers and cloud service providers to enforce security, compliance, and governance policies for cloud applications. CASBs help organizations extend the security controls of their on-premises infrastructure to the cloud.
  • 21. Working of Mobile device security • Mobile device security protects an enterprise from unknown or malicious outsiders being able to access sensitive company data. • Securing mobile devices requires a multi-layered approach and investment in enterprise solutions. • While there are key elements to mobile device security, each organization needs to find what best fits its network. • Here are some mobile security best practices:
  • 22. 1. Establish, share, and enforce clear policies and processes • Mobile device rules are only as effective as a company’s ability to properly communicate those policies to employees. Mobile device security should include clear rules about: • What devices can be used • Allowed OS levels • What the company can and cannot access on a personal phone • Whether IT can remote wipe a device • Password requirements and frequency for updating passwords
  • 23. 2. Password protection • One of the most basic ways to prevent unauthorized access to a mobile device is to create a strong password, and yet weak passwords are still a persistent problem that contribute to the majority of data hacks. • Another common security problem is workers using the same password for their mobile device, email, and every work-related account. • It is critical that employees create strong, unique passwords (of at least eight characters) and create different passwords for different accounts.
  • 24. 3. Leverage biometrics • Instead of relying on traditional methods of mobile access security, such as passwords, some companies are looking to biometrics as a safer alternative. • Biometric authentication is when a computer uses measurable biological characteristics, such as face, fingerprint, voice, or iris recognition for identification and access. • Multiple biometric authentication methods are now available on smartphones and are easy for workers to set up and use.
  • 25. 4. Avoid public Wi-Fi • A mobile device is only as secure as the network through which it transmits data. • Companies need to educate employees about the dangers of using public Wi-Fi networks, which are vulnerable to attacks from hackers who can easily breach a device, access the network, and steal data. • The best defense is to encourage smart user behavior and prohibit the use of open Wi-Fi networks, no matter the convenience.
  • 26. 5. Beware of apps • Malicious apps are some of the fastest growing threats to mobile devices. • When an employee unknowingly downloads one, either for work or personal reasons, it provides unauthorized access to the company’s network and data. • To combat this rising threat, companies have two options: instruct employees about the dangers of downloading unapproved apps, or ban employees from downloading certain apps on their phones altogether.
  • 27. 6. Mobile device encryption: • Most mobile devices are bundled with a built-in encryption feature. Users need to locate this feature on their device and enter a password to encrypt their device. • With this method, data is converted into a code that can only be accessed by authorized users. • This is important in case of theft, and it prevents unauthorized access
  • 28. IEEE 802.11 Wireless LAN Overview 1. The Wi-Fi Alliance 2. IEEE 802 Protocol Architecture 3. IEEE 802.11 Network Components and Architectural Model 4. IEEE 802.11 Service
  • 29. The Wi-Fi Alliance • Wi-Fi Alliance drives global Wi-Fi adoption and evolution through thought leadership, spectrum advocacy, and industry-wide collaboration. • IEEE - Institute of Electrical and Electronics Engineers • IEEE 802 - Committee - LAN • IEEE 802.11 - Committee - WLAN • Develop a protocols and transmission specifications for WLANs • WECA - Wireless Ethernet Compatibility Alliance industry consortium formed in 1999 -> to assist interoperability of products - > to concern with large range of WLAN markets including enterprize, home and hot spots.
  • 31. 2. IEEE 802 Protocol Architecture
  • 33. Medium access control layer and Logical link control layer
  • 34. MPDU frame format • Media acces control layer convert data from MDSU to MPDU • MSDU== Mac service data unit • MPDU== Mac protocol data unit
  • 36. IEEE 802.11 Network Components and Architectural Model
  • 37. • BSS - Basic Service Set • DS - Distribution System • AP - Access Point • IBSS - Independent BSS • ESS - Extended Service Set
  • 38. • Basic service set (BSS) • The smallest building block of a wireless LAN, which consists of wireless stations executing the same MAC protocol and competing for access to the same shared wireless medium. • A BSS may be isolated, or it may connect to a backbone Distribution system (DS) through an access point (AP). • The AP functions as a bridge and a relay point. • When all the stations in the BSS are mobile stations that communicate directly with one another (not using an AP), the BSS is called an independent BSS (IBSS). An IBSS is typically an ad hoc network.
  • 40. • The Services that needs to be provided by the wireless LAN to achieve the functionality equivalent to that which is inherent to wired LAN. • Categorization of Service: Service Based on Provider • DS - Distribution System • SS - Service Station Based on the Nature of Service • LAN Access • MSDU Delivery
  • 45. 802.11 i Wireless LAN security
  • 47. 802.11 i RSN services and Protocols
  • 48. 802.11 i phases of operation
  • 51. 802.11 i Discovery and Authentication phases
  • 53. 802.1 X access control approach
  • 55. 802.11 i Key Hierarchy
  • 57. 802.11 i key management phase
  • 61. 802.11 i protected data transfer phase
  • 65. WAE – WIRELESS APPLICATION ENVIRONMENT • The Wireless Application Environment (WAE) defines the following functions: • Wireless Markup Language (WML). • WML is an XML-based markup language for the visual display of WAP-based contents. Once HTML and WML will converge into XML, many compatibility problems, during conversion from HTML to WML, will cease to exist. • WML Script. • A script language, very similar to JavaScript. • • Wireless Telephony Application (WTA, WTAI). • Telephony services and Programming interfaces. • • Content formats. • These are specifications for data formats, including images, telephone directories, calendar information, and so on. • The WAE corresponds to the application layer in the OSI model.
  • 66. WSP – WIRELESS SESSION PROTOCOL • The Wireless Session Protocol (WSP) implements an interface for connection-oriented and connectionless session services. The connection-oriented session service operates using the protocol of the transaction layer. However, the connectionless session service uses a secure or non-secure datagram service. • WSP offers the following basic functions: - Functions and semantics of HTTP/1.1, using a compact coding scheme - Pausing and resuming sessions - A general facility for reliable and unreliable data push - Negotiation of protocol functions
  • 67. WTP – WIRELESS TRANSACTION PROTOCOL • The Wireless Transaction Protocol (WTP) is a transaction-oriented protocol, executed using a datagram service. WTP offers the following functions: • Three classes of transaction services (a) Unreliable one-way requests (b) Reliable one-way requests (c) Reliable two-way request/response transactions • Optional user-to-user reliability feature. • The WTP user triggers confirmation for each received message. • Optional out-of-band data for confirmations. • Protocol Data Unit (PDU) chaining and delayed confirmation. • In order to reduce the number of sent messages
  • 68. WTLS – WIRELESS TRANSACTION LAYER SECURITY • The WTLS layer implements a security protocol based on the TLS (Transport Layer Security) industry standard. WTLS is intended for use with the WAP transport protocols and has the following features: • Data integrity – WTLS ensures that the data sent between the terminal and an application server is in no way altered or damaged. • Confidentiality – WTLS ensures that the data sent between the terminal and an application server remains confidential and cannot be understood by any other participant who may have intercepted the data stream. • Authentication – WTLS ensures the authenticity of the terminal and of the application server. • Denial-of-service protection – Wireless Transaction Layer Security (WTLS) contains features that will recognize and reject data that has been repeated or not verified successfully. WTLS hinders many typical denial-of-service attacks and protects the upper protocol layers. Though, this is not a perfect solution.
  • 69. WDP – WIRELESS DATAGRAM PROTOCOL • The WDP layer operates on various bearers that depend on the used network type. • WDP offers a consistent interface for the upper layers, so that • communications occurs transparently using one of the available bearer services. • Therefore, the transport layer is adapted to the specific functions of the underlying bearer.
  • 70. BEARER • The bearers that are used by the WAP protocol stack form the lower interface of the datagram service and allow the WAP to be used for various network types with specific bearer functions. Thus, WDP is defined for a variety of bearers. For an IP bearer, the transport protocol (WDP) is implemented by User Datagram Protocol (UDP). WCMP – WIRELESS CONTROL MESSAGE PROTOCOL • The Wireless Control Message Protocol defines the error reporting mechanism for WDP datagrams as well as the protocol elements that can be used for diagnosis and informational purposes (for example, WCMP echo request and response). WCMP is determined depending on the bearer used. In IP-based networks, WCMP functions are implemented using the Internet Control Message Protocol (ICMP).