Compaq Evo n800c Wireless Security - Page 24

Access Points

Get Compaq Evo n800c - Notebook PC PDF manuals and user guides View all Compaq Evo n800c manuals
Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

Wireless Security White Paper 24 Infowave further notes that the engineering effort required to perform the above attack is prohibitive. It is not sufficient to just capture data and analyze it. The attacker would need to build working versions of both the IStack transport layer (Infowave proprietary) and the WBE authentication and session protocols (also Infowave proprietary) in order to carry out this attack. One of these servers would be required for each client impersonated, since the WBE server only supports one connection for each IP address. This attack would also require re-configuring the client to communicate with the attacking server, or alternatively impersonating this IP address on the Internet. Access Points The third key juncture in the pipe, after mobile access devices and wireless connectivity technologies, consists of access points. The term "access point" is used to describe the point in the pipe where the data leaves the connectivity medium (WLAN and WWAN) and reaches the point at which data travels to the wired lines or Internet. In the case of WLANs, for example, the Access Point is a piece of hardware, a hub, which transfers data to the local area network via an Ethernet connection in an office building. In the case of WWANs, the Access Point is the telecommunications company which routes the data to the phone line which enters the corporate data network and/or the Internet. WLAN Access Points Certain weaknesses of Wired Equivalent Privacy (WEP)6 will be remedied in IEEE extensions to the WEP specification that include 802.11i and 802.1x. 802.1x can be included in any access point and will permit authentication to any authentication database (EAP RADIUS server). The 802.11i Security Subgroup is working to specify stronger encryption algorithms for future use in 802.11 networks. Compaq is an active participant in this effort. In the current draft specification, a strengthened version of the RC-4/per-frame IV encryption algorithm, and a 128-bit AES encryption algorithm are proposed. Per-user authentication eliminates the WEP key-distribution problem (mentioned further below). The 801.11i standard ratified in 2001 will be the future encryption standard. A fully secure solution will involve the use of 802.11i with its AES-based encryption algorithm along with 802.1x as the key distribution and network access mechanism. 802.1x is not limited to wireless networks. It can be used to authenticate user access to any closed network. For example, a company may have a private network, which should be accessible only to employees, with more public segments that can also be made available to customers. Without 802.1x it would be necessary to isolate these two networks, which could lead to significant duplication of effort and equipment. 6 Wired Equivalent Privacy (WEP) is an optional IEEE 802.11b feature used to provide data security equivalent to that of a wired LAN without privacy-enhancing encryption techniques. According to the 802.11b standard, WEP data encryption is used to prevent access to the network by intruders using similar WLAN equipment and to prevent capture of WLAN traffic through eavesdropping.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
Wireless Security White Paper
24
Infowave further notes that the engineering effort required to perform the above attack is
prohibitive. It is not sufficient to just capture data and analyze it. The attacker would need to
build working versions of both the IStack transport layer (Infowave proprietary) and the WBE
authentication and session protocols (also Infowave proprietary) in order to carry out this attack.
One of these servers would be required for each client impersonated, since the WBE server only
supports one connection for each IP address. This attack would also require re-configuring the
client to communicate with the attacking server, or alternatively impersonating this IP address on
the Internet.
Access Points
The third key juncture in the pipe, after mobile access devices and wireless connectivity
technologies, consists of access points.
The term “access point” is used to describe the point in the pipe where the data leaves the
connectivity medium (WLAN and WWAN) and reaches the point at which data travels to the
wired lines or Internet. In the case of WLANs, for example, the Access Point is a piece of
hardware, a hub, which transfers data to the local area network via an Ethernet connection in an
office building. In the case of WWANs, the Access Point is the telecommunications company
which routes the data to the phone line which enters the corporate data network and/or the
Internet.
WLAN Access Points
Certain weaknesses of Wired Equivalent Privacy (WEP)
6
will be remedied in IEEE extensions to
the WEP specification that include 802.11i and 802.1x. 802.1x can be included in any access
point and will permit authentication to any authentication database (EAP RADIUS server). The
802.11i Security Subgroup is working to specify stronger encryption algorithms for future use in
802.11 networks. Compaq is an active participant in this effort. In the current draft specification,
a strengthened version of the RC-4/per-frame IV encryption algorithm, and a 128-bit AES
encryption algorithm are proposed. Per-user authentication eliminates the WEP key-distribution
problem (mentioned further below). The 801.11i standard ratified in 2001 will be the future
encryption standard. A fully secure solution will involve the use of 802.11i with its AES-based
encryption algorithm along with 802.1x as the key distribution and network access mechanism.
802.1x is not limited to wireless networks. It can be used to authenticate user access to any closed
network. For example, a company may have a private network, which should be accessible only
to employees, with more public segments that can also be made available to customers. Without
802.1x it would be necessary to isolate these two networks, which could lead to significant
duplication of effort and equipment.
6
Wired Equivalent Privacy (WEP) is an optional IEEE 802.11b feature used to provide data security equivalent to that of a wired
LAN without privacy-enhancing encryption techniques. According to the 802.11b standard, WEP data encryption is used to prevent
access to the network by intruders using similar WLAN equipment and to prevent capture of WLAN traffic through eavesdropping.