Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Wi-Fi Security : Managing Keys in an Open System

Managing Keys in an Open System

Apr 29,2010 by alperen

small font medium font large font
image


It is very difficult to manage encryption keys that never change. Whenever
you leave the same key on your wireless station or access point for
any extended period of time, it becomes highly vulnerable to being
hacked. It is important to use a unique method of managing your keys
or at least storing them in databases that are not necessarily connected
to your network.

Authentication Concerns

In the 802.11b environment, it is important to note that there is no perpacket
authentication mechanism. This means that you cannot analyze
the packet level to determine if any given packet of data transmitted
across your WLAN is being corrupted by someone trying to destroy the
validity of your data or cause interference on your network.

You are still vulnerable to disassociation attacks with 802.11 associate/
disassociate messages that are unencrypted and unauthenticated.
This could allow forged disassociation messages to be used against
clients. Your best defense under these circumstances is to add a keyed
message integrity check (MIC).

In an open system authentication there are no levels to protect your network.
This means that someone could easily log into your network without
a user identification or authentication. Furthermore, there is no central
point of authentication, authorization, or support for accounting types.
Even though you might believe that having an encryption cipher in
RC4 will protect you, it is important to know that it will not offer you
protection against plain text types of hacker attacks.
We have discussed WEP keys, but many systems are vulnerable to
having their keys reverse engineered just because user passwords are
known. This can effectively negate any type of WEP protection you have
on your network and leave you quite vulnerable to an attack in which a
hacker eavesdrops on your network connection and determines ways to
decipher the mission-critical data on your WLAN as well as on your
wired LAN.
Another problem is that there is no support for any method of extended
authentication that includes:

 Public/private-key certificates
 Smart cards
 One-time passwords
 Biometric authentication devices
 Token cards

There is no method of managing dynamic unicast session key (as
opposed to a multicast global authentication key) for each wireless
workstation. Such issues involving key management and the rekey of
global keys are a known weakness in many WLAN implementations.

134 times read

Related news
» 802.11 Security Issues
by alperen posted on May 17,2010
» Managing Keys
by alperen posted on Apr 08,2010
» Authenticating Data
by alperen posted on Mar 30,2010
» Windows XP Wireless Connectivity
by alperen posted on May 17,2010
» Extensible Authentication Protocol
by alperen posted on Apr 29,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.