Wireless network security: design considerations for an enterprise network

Oh, Khoon Wee

12 1900

Approved for public release, distribution is unlimited / Since its introduction in 1999, the Institute of Electrical and Electronics Engineers (IEEE) 802.11 Wireless Local Area Network (WLAN) has become the de-facto standard for wireless networking, providing convenient and low cost connectivity. Increasingly, enterprises are extending their networks with 802.11-based WLANs to provide mobility and information-on-the-move for its employees. However, the introduction of WLANs into enterprise networks has raised major concerns about security. A poorly implemented WLAN introduces weaknesses in the enterprise network which can be exploited by attackers, resulting in severe consequences for the enterprise. This thesis was sponsored by the DoD to study the problem of designing a secure wireless architecture for an enterprise network. The specific requirements for the enterprise network were based extensively on DoD and the intelligence community's security guidelines and policies. This thesis provides an indepth analysis into the 802.11 standard and measures how far the standard goes in meeting the specific requirements of the enterprise network. This thesis presents a layered-defense architecture to provide a scalable design for secure wireless networks. A prototype system utilizing XML to control the flow of classified information in wireless networks is also presented. . / Civilian, Defense Science and Technology Agency, Singapore

IEEE 80211 (Standard)

Wireless LANs

Standards

Wireless communication systems

Computer networks

Security measures

802.11

WLAN

802.11i

WEP

WPA

Wireless

Aplikace pro Android na bezpečnostní monitorování komunikace / Android App for Security Monitoring of Communication

Klepáčková, Karolína

January 2019

This diploma thesis is focused on implementation of application for security monitoring of network communication of other applications in mobile device with Android platform. Provides users information about security risks that may harm his/her privacy or device. It uses a local VPN to tunnel all data sent to the wireless network. These can be linked to an application that has sent them because the Android kernel is derived from the Linux kernel and can be used to retrieve information about established network connections and the application identifier associated with the connection. This mapping allows to get more information about an app that is potentially dangerous for your mobile device.

Meaning-making and the wilderness experience: an examination using a constructive-developmental lens

Pollock, Curtis J.

29 April 2019

Wilderness Experience Programs (WEPs) take youth into wilderness settings in order to teach wilderness travel and leadership, expand personal capacity, and equip youth with coping skills in order to manage life’s difficulties. Though considerable research has been conducted on WEPs, no one has sought to understand the student experience these programs provide through a constructive-developmental lens (Kegan, 1982, 1994). The purpose of this case study was to explore, describe, assess, and understand–using the framework of Robert Kegan’s (1982, 1994) constructive-developmental theory–the impact a 21-day wilderness backpacking experience had on five participating youth. The researcher believed that understanding how participants in a wilderness backpacking course make sense of their experience through the lens of their constructive-developmental perspective might help inform the theories of change that underpin WEPs, the means by which desired change is facilitated, and the reasons why some youth thrive and others struggle. This exploratory study utilized a case study approach. The researcher embedded as a participant-observer for the duration on a 21-day backpacking course with Outward Bound Canada in the Ghost River Wilderness, Alberta, Canada. Nine youth participated in the expedition, with five male students volunteering as research participants. Pre-trip and post-trip administrations of the Subject-Object Interview and post-expedition semi-structured interviews were conducted with each research participant. Additionally, the researcher made field observations and wrote field notes. The subsequent analysis produced in-depth profiles of each research participant’s experience of the course, pre and post expedition scores from the Subject-Object Interviews, and a description of how each research participant’s experience might be understood through the lens of their constructive-developmental perspective. Although no significant changes to constructive-developmental perspective were realized, implications of these analyses were discussed, conclusions were drawn, and recommendations were made. / Graduate

Constructive-Developmental Theory

Meaning-Making

Subject-Object Relations

Wilderness Experience Program

WEP

Subject-Object Interview

SOI

Adolescent Development

Human Development

Immunity to Change

ITC

Wilderness Experience

Bezpečnost bezdrátových počítačových sítí / Security of wireless computer networks

Jelínek, Martin

January 2010

The master's thesis deals with the issue of Wireless Local Area Network (WLAN) from the viewpoint of the security and functional principle of security mechanisms. The transition to the issue concerning the security is accompanied by the methods of wireless data transmission operating on the level of physical layer (FHSS, DSSS, OFDM, MIMO), which is followed by the summary of individual 802.11 standards. The next part deals with the issue of shared transmission medium (CSMA/CA), influence of interference and correcting mechanisms (RTS/CTS). Within the security, the principles of the authentication along with the commonly used methods of security (WEP, WPA, WPA2) are described in detail. The first part concerning security deals with the security in the form of the WEP protocol, which is considered insufficient nowadays and points out the imperfect implementation and the consequent risks. The following part describes the security in the form of WPA which eliminates the implementation weaknesses of the previous WEP security protocol. The description of commonly used mechanisms of authentication (PSK, 802.1x), required temporary key management (PTK, GTK), data integrity (MIC) and encryption which uses TKIP protocol are also included. The last part, possible WLAN security, is aimed at the full support of 802.11i standard, which is called WPA2 (sometimes RSN). That part describes the basic encryption security element CCMP, which is based on the AES block cipher modes. The practical part of the thesis deals with the security verification of current wireless networks. In the process of verification the accessible HW means and programming tools of Open Source Software (OSS) are used. By means of verification it has been pointed out that there are possible security risks resulting from the security method which has been used. Also several recommendations how to reduce the security risks of the used method to minimum are mentioned.

Analýza zabezpečení a autentizace bezdrátových sítí / Analysis of security and authentication of wireless networks

Kulíř, Tomáš

January 2011

This master's thesis deals with wireless networks, mainly about the WiFi. It deals with summary of individual security mechanism both theoretically and using them in real hardware. Mainly it is interested in the security of the individual mechanisms and their weaknesses, which cause rupture of security. At each chapter the ideas and methods, that the attackers are trying for infiltration of wireless networks and decrypt encryption WEP, WPA or WPA2, are outlined. The principle of the authentication of the WiFi by the authentication server and its options, which is connected with directory service LDAP, is also explained in this thesis. The penultimate chapter deals with the summary of security mechanisms and references that should be adhered by design of the WiFi for the provision of the high security. The ending of the master's thesis is devoted to social engineering and its most famous representatives.

Implementation of the IEEE 802.11a MAC layer in C language / Implementering av IEEE 802.11a MAC lagret i programspråket C

Portales, Maria

January 2004

<p>There are several standards for wireless communication. People that are involved in computers and networking recognize names like Bluetooth, HiperLAN and IEEE 802.11. The last one was standardized in 1997 [2,6]and has begun to reach acceptance as a solid ground for wireless networking. A fundamental part of an IEEE 802.11 node is the Medium Access Controller, or MAC. It establishes and controls communication with other nodes, using a physical layer unit. </p><p>The work has been carried out as final project at Linkopings Universitet, it has been about the improvement of the functions of MAC layer. I have developed some of the required functions that PUM uses to interact with the MAC layer. Because of that, I have implemented the Reception functions of MAC layer, having the possibility of using short control frames RTS/CTS to minimize collision.</p>

Electronics

ACK

AP

CSMA/CA

CTS

CW

DCF

DIFS

EIFS

IEEE

LAN

LLC

MAC

MACA

MMPDU

MPDU

MSDU

NAV

PDU

PHY

PIFS

PUM

RTS

SIFS

STA

WEP

WLAN,

Elektronik

Electronics

Elektronik

Implementation of the IEEE 802.11a MAC layer in C language / Implementering av IEEE 802.11a MAC lagret i programspråket C

Portales, Maria

January 2004

There are several standards for wireless communication. People that are involved in computers and networking recognize names like Bluetooth, HiperLAN and IEEE 802.11. The last one was standardized in 1997 [2,6]and has begun to reach acceptance as a solid ground for wireless networking. A fundamental part of an IEEE 802.11 node is the Medium Access Controller, or MAC. It establishes and controls communication with other nodes, using a physical layer unit. The work has been carried out as final project at Linkopings Universitet, it has been about the improvement of the functions of MAC layer. I have developed some of the required functions that PUM uses to interact with the MAC layer. Because of that, I have implemented the Reception functions of MAC layer, having the possibility of using short control frames RTS/CTS to minimize collision.

Electronics

ACK

AP

CSMA/CA

CTS

CW

DCF

DIFS

EIFS

IEEE

LAN

LLC

MAC

MACA

MMPDU

MPDU

MSDU

NAV

PDU

PHY

PIFS

PUM

RTS

SIFS

STA

WEP

WLAN,

Elektronik

Electronics

Elektronik

Μελέτη, σχεδιασμός και υλοποίηση πληροφοριακής πύλης για το WEP μοντέλο αναφοράς και τους πόρους της επιστήμης τεχνολογίας παγκόσμιου ιστού

Εμμανουήλ, Ευάγγελος

30 July 2007

Η ΒΥΠ διαθέτει αντίτυπο της διατριβής σε έντυπη μορφή στο βιβλιοστάσιο διδακτορικών διατριβών που βρίσκεται στο ισόγειο του κτιρίου της. / Στα πλαίσια της παρούσας Μεταπτυχιακής Διπλωματικής Εργασίας, προτείνουμε (α) μια ταξινόμηση των πιο σημαντικών ερευνητικών αποτελεσμάτων για την επιστημονική περιοχή του Web Engineering και (β) μια μεθοδολογία για την αξιολόγηση εργαλείων για τον ίδιο χώρο τα οποία θα ενσωματωθούν στο WEP (WEB-Engineering Resources Portal). Στην συγκεκριμένη εργασία αναλύονται οι επιστημονικές έννοιες Body of Knowledge(BOK), Software Engineering, Web Engineering, Software Engineering Body of Knowledge (SWEBOK) και γίνεται μια πρώτη προσπάθεια θεμελίωσης ενός Σώματος Γνώσης (Body of Knowledge) για το Web Engineering, που θα εμπεριέχεται στο WEP. Για την ταξινόμηση των ερευνητικών αποτελεσμάτων του WEP βασιστήκαμε στη δομή του SWEBOK (Software Engineering Body of Knowledge), το οποίο αποτελεί μια προσπάθεια της IEEE (Institute of Electrical and Electronics Engineers) για τον καθορισμό και τη μελέτη ενός Σώματος Γνώσης της Επιστήμης Λογισμικού, μια επιστημονική περιοχή που συγγενεύει άμεσα με το Web Engineering. Όσο αφορά την εύρεση και αξιολόγηση εργαλείων για το WEP προτείνουμε έναν αλγόριθμο επιλογής και αξιολόγησης ο οποίος βασίζεται κυρίως στην κατηγοριοποίηση και αξιολόγηση εφαρμογών από τους Ιστότοπους http://www.tucows.com και http://www.download.com, οι οποίοι επιλέχτηκαν βάσει της δημοτικότητά τους και της πληθώρας και καλής οργάνωσης των εργαλείων τους. Τα αποτελέσματα από την εφαρμογή αυτού του αλγορίθμου αξιολόγησης εργαλείων ήταν αρκετά ικανοποιητικά, ενώ υπάρχουν περιθώρια βελτίωσης τόσο με τη χρήση επιπλέον παραμέτρων από τους δύο παραπάνω βασικούς Ιστότοπους όσο και με τη συνεισφορά στοιχείων και από άλλους Ιστότοπους. / In this Master Thesis, we suggest (a) A methodology of classification of the most important research results in Web Engineering (b) A methodology of selection and evaluation web development tools. These tools would be in included in WEP (WEB-Engineering Resources Portal). During this Master Thesis the following definitions are explained: Body of Knowledge (BOK), Software Engineering, Web Engineering, Software Engineering Body of Knowledge (SWEBOK). Moreover, it is suggested a solution of building a “Body of Knowledge” in the field of Web Engineering. This Body of Knowledge would be included in WEP. The basis for the classification of the research results is WEP was the SWEBOK (Software Engineering Body of Knowledge). SWEBOK is an effort of IEEE, in order to establish a baseline for the “Body of Knowledge” for the field of Software Engineering, which is close related with the field of Web Engineering. As far is concerned the selection and evaluation of web development tools, we suggest an algorithm which is based on the classification and evaluation of web development tools by the web sites http://www.tucows.com and http://www.download.com. These web sites have been selected, due to their credibility, popularity and the large number of tools which are presented. Although this algorithm has quite good results, there are some open issues by including more parameters from the 2 main web sites and by investigating other similar web sites, too.

Σώμα γνώσης

Αξιολόγηση εργαλείων

005.12

Body of knowledge

Software engineering

Web engineering

SWEBOK

WEP

Web development tools evaluation

Research results classification

Nový model zabezpečení implementovaný v metropolitní síti / A new security model implemented in the metropolitan network

Dančuk, Michal

January 2008

This diploma thesis deals with wireless computer networks in a point of view security. It contains security principles and standards used in these networks. It shows failings of old security methods in contras of new standards. The result of the thesis is a design of the metropolitan network and its realization. In this network appropriate solutions of security are used. The last part of the thesis deals with a design of web applications created in the PHP programming language and SQL database system.

Zabezpečení bezdrátových sítí / Wireless Network Security

Sedlák, Břetislav

January 2009

Master thesis focuses on wireless network security. The thesis is divided in two parts. First part describes today’s used standards and their components, topology and security methods as stealth SSID, MAC addresses filtration, WEP, WPA and WPA2. The last three methods are described in detail. In second part there are realized attacks on above described methods of security. There are described attacks on WEP as KoreK chopchop attack, fragment attack, attack FMS, KoreK and attack PTW. Then is described the dictionary attack on passphrase by WPA/WPA2 with PreShared Key authentication obtaining, precomputed hash tables for faster passphrase finding and for using more core procesors during dictionary browsing. The last attack describes obtaining of keystream used for encrypting of frames by WPATKIP and then sending custom data to client. It is described how to carry out each attack and how to protect against them.