Authentication server also provides key management o Wi-If Alliance calls this enterprise mode Both WAP and 802. Ii use both modes. This is not surprising because WAP was derived from 802. 11 I. 15 16 0 802. 1 X in WAP and 802. Iii protects client-access point communication with an extensible authentication protocol. EPA must be protected. No problem with HTTP. Big problem for wireless.
For wireless, EPA had to be extended 17 18 Business Data Networks Ana I electromechanical, 8 0 802. 1 X standard protects communication with an extensible authentication protocol. Several EPA versions exist with different security protections. Firm implementing 802. 1 X must choose one. Protected EPA (PEA) is popular because Microsoft favors it. 19 20 o Used the same shared key for everyone o It was used for a great deal of traffic o This made the key easy to break ASK Mode 802. Ii o Only uses the shared initial key for initial communication, so can’t be cracked o Only a few people share this key so won’t give it out o Each host then gets a different shared session key o Too little traffic is sent with this key to be cracked 21 Sits outside the premises or in a wireless hot spot o A PC with software to emulate an access point o Entices the wireless client to associate with it Establishes a second connection with a legitimate access point o All traffic between the wireless client and network servers passes through the evil twin. 4 Virtual Private Networks (VPN) This is a classic man-in-the-middle attack Attacks on confidentiality because evil twin reads all traffic o End-to-end encryption with a pre-shared client-server secret o The secret is never transmitted so cannot be intercepted. O Client encrypts traffic. O Evil twin decrypts it and reads it. O Evil twin reentry’s it and sends it on. Evil twin can also send attack packets, which do not pass through the border firewall. 25 26 Access Plants Placement In a Bulging Must be done carefully for good coverage and to minimize interference between access points.
Lay out 30-meter to 50-meter radius circles on blueprints. Adjust for obvious potential problems such as brick walls. O In multistory buildings, must consider interference in three dimensions. Cellular technology 27 Access Points Placement in a Building 28 Remote Access Point Management o Install access points and do site surveys to determine signal quality. Adjust placement and signal strength as needed. O In commercial access points, signal strength and other configuration information can be actively controlled. 29 The manual labor to manage many access points can be very high. They must be managed. 2011 Pearson education. Doling Dustless as Prentice-Hall o Desired functionality: Notify the WALLA administrators of failures immediately. Support remote access point adjustment. Should provide continuous transmission quality monitoring. Allow software updates to be pushed out to all access points or WALLA switches. Work automatically whenever possible. 31 32 For Personal Area Networks (PANS) o Devices on a person’s body and nearby (earphone, mobile phone, notebook computer, etc. ) o Devices around a desk (computer, mouse, keyboard, printer)