Notes - MIECT
Segurança Em Redes De Comunicações
Notes - MIECT
Segurança Em Redes De Comunicações
  • Segurança Em Redes De Comunicações
  • Corporate Networks Topics
    • Objectives of Network Design
    • Equipments
    • Hierarchical Network Model
    • Modular Network Design
    • Designing the Access Layer
    • Designing the Core Layer
    • Virtual LANs
      • VLANs on Access Points
    • Spanning Tree Protocol
    • IP Routing Overview
  • Introduction to Network Security
    • Type of Attacks
    • Attacks Phases
      • Infiltration Phase
      • Propagation Phase
      • Aggregation and Exfiltration Phase
    • Defenses
    • Security Metrics
  • Network Access Control
    • AAA Architecture
      • TACACS+
      • RADIUS
      • DIAMETER
    • IEEE 802.11 services
    • Joining a BSS
      • WLAN Frames
      • Joining BSS with AP
    • WPA and 802.11i (WPA2)
  • Network Flow Control
    • Network Security Systems
    • Firewalls
    • High-Availability
    • Load Balancing Firewall Load
    • Best Practices and Recommendations
    • IP Spoofing
    • Half-Open TCP Connection Problem
    • DDoS Mitigation at Source
    • Cisco’s Access Control Lists (ACL)
    • Linux IPTables
    • Control By Analysis of Higher Layers
  • Secure Communications
    • Public Key Infrastructure (PKI)
    • X.509 Certificate Contents
    • Traffic Tunnel Concept
      • Next Hop Resolution Protocol (NHRP)
      • Hub-Spoke vs. Spoke-Spoke
    • IPSec
    • Establishing SA and Cryptographic Keys
    • Virtual Private Networks (VPN)
    • Management of Asymmetric Keys
  • Remote Access
    • Remote Access
    • IPsec NAT Transversal
    • Integration with Flow Control
  • Intrusion Detection and Prevention
    • Intrusion Detection and Prevention
    • Host-Based vs. Network-Based
    • Signature vs. Anomaly Based
    • Network Deployment
  • Network Monitoring SIEM
    • Core and End-to-End Monitoring
    • Node Monitoring
    • End-User/Host/App Monitoring
    • Server/Service/Cloud Monitoring
    • Per-Service Detailed Monitoring
    • Data Sources
      • SNMP
      • NetFlow
    • Network Passive Probing Packet Capturing
    • Remote CLI Access
    • Log Files Access
      • Log Management Systems (LMS)
      • Security Information and Events Management (SIEM)
Powered by GitBook
On this page
  • WPA
  • Authentication
  • Temporal Key Integrity Protocol (TKIP)
  • 802.11i (WPA2)
  • WPA* Key Exchange (EAP phase 2)
  1. Network Access Control

WPA and 802.11i (WPA2)

haveIEEE 802.11i - IEEE 802.11 task group “MAC enhancement for wireless security”.

Wi-Fi Protected Access (WiFi Alliance), WPA, is a subset internal in 802.11i.

Compatible with work developed in 802.11i.

Only supports BSS.

Defined to work in actual equipment.

  • Firmware update only.

Pass-phrase constant and shared, but keys are generated per session.

Used in the AP and station.

WPA has two distinct components.

  • Authentication, based on 802.1X.

  • Ciphering based on TKIP (Temporal Key Integrity Protocol).

WPA

Authentication

802.1X (≠ 802.11x) – defined for wired and wireless sessions, as a transport protocol.

  • EAP (Extensible Authentication Protocol) – like a wrapper for the specific authentication traffic.

  • Impact of EAP.

    • Authentication does not traverse the AP (STA - server).

    • It is possible to use different authentication methods without changing APs.

Defines also have a Pre-Shared Key (PSK).

  • For local networks

Temporal Key Integrity Protocol (TKIP)

Internal solution with better protection, for actual equipment.

  • Greater privacy.

    • Uses the same cipher, but is now associated with the MAC and a larger IV.

    • “Key rollover” with temporal validity.

  • Greater integrity.

    • Integrity separated key.

802.11i (WPA2)

Better than WPA.

  • Also includes TKIP.

  • Authentication IBSS (ad-hoc mode)?

  • RSN (Robust Security Network) protocol.

    • Authentication and ciphering between APs and stations.

    • Supports new ciphering protocols, resorting to 802.1x and EAP.

    • Supports AES (Advanced Encryption Standard) ciphering.

Problems.

  • It does not cipher control and management frames.

    • (Disassociate, output power, etc).

  • Requires new hardware.

WPA* Key Exchange (EAP phase 2)

Done during the Association process.

  • After Association Request/response frames.

  • Uses (QoS) Data Frames.

PreviousJoining BSS with APNextNetwork Security Systems

Last updated 2 years ago