Professional Documents
Culture Documents
Unit - IV Wireless Security: Mention Advantages of Wireless Network. - 5
Unit - IV Wireless Security: Mention Advantages of Wireless Network. - 5
Wireless Security
Wireless Session Protocol (WSP): provides a consistent interface between two session
services (Client and Server). It provides the cooperating client/server application to:
Establish a reliable session from client to server and close it in orderly manner.
Agree on a common level of protocol functionality using capability negotiation.
Exchange content between client and server using compact encoding.
Suspend and resume the session.
Wireless Transaction Protocol (WTP): runs on top of a datagram service and provides a
lightweight transaction -oriented protocol that is suitable for implementation in "thin" clients.
WTP allows for
o interactive browsing (request/response) applications.
WTP supports three transaction classes:
o unreliable with no result message,
Wireless Transport Layer Security (WTLS) is a security protocol based upon the transport
layer security (TLS) protocol.
WTLS provides
o data integrity,
o privacy,
o authentication and
o denial-of-service protection.
Wireless Datagram Protocol (WDP): The WDP layer operates above the data capable
bearer services supported by the various network type general transport service. It is a
Transport layer protocol in the WAP architecture.
WDP offers a consistent service to the upper layer protocols of WAP and
communicates transparently over one of the available bearer services.
WDP uses IP as the routing protocol.
It does not use TCP; instead, it uses UDP (User Datagram Protocol).
=== * ===
Authentication:
◦ Authentication means, communicating parties are authorized persons.
◦ Authentication is optional in the WTLS protocol.
◦ Authentication can be performed using digital certificates, tokens or simple
passwords.
◦ Authentication in WTLS is done with digital certificates; three type of certificates
supported by WTLS include the native WTS type, X509, and X9.68.
◦ The server and client will provide their certificates to each other.
◦ Once the certificates are processed, authentication is complete.
Integrity:
Ad hoc network
o An ad hoc network is a peer to peer network formed by a set of stations within the
range of each other that dynamically configure themselves to set up a temporary
network.
o In an ad hoc two stations communicate directly with each other without an access
point.
o Every mobile station node in a network must be able to act as a router that will pass
messages onwards and the nodes must be collectively responsible for network traffic.
Infrastructure Network
o In an infrastructure network, WLAN clients connect to the network through a
wireless access point, and then operate as a wired client would.
o Most corporate wireless LANs operate in infrastructure mode and access the wired
network for connections to printers and file servers.
High speed Backbone Wired LAN
Nomadic Station
Point-to-Multipoint Bridge
o When connecting three or more LANs that may be located on different floors in a
building or across buildings, the point-to-multipoint wireless bridge is utilized.
o The multipoint wireless bridge configuration is similar to a point-to-point bridge in
many ways.
Wireless networks become more and more common throughout the organization.
Because, they are inexpensive and easy to set up and work. But, it opens up some fairly
serious security issues for organizations like eaves dropping and authentication.
Wireless networking is the transmission of packetized data by means of a physical
topology not using direct physical links. That is networks that use radio-waves to carry the
signals, over either public or private bands. Two most commonly used protocols for wireless
technology (point-to-multipoint) are Wireless Application Protocol (WAP) and IEEE 802.11.
The WAP is a system developed to send data to small handheld devices such as cellular
phones, wireless e-mail handhelds, and PDAs. The 802.11 protocol has been standardized by
the IEEE for wireless local area networks.
===*===
WAP Gateway: WAP gateway acts as a middleware which performs coding and encoding
between cellular device and the web server. The WAP gateway can be located either in a
telecom network or within a computer data network (an Internet Service Provider).
Once user requests a page using URL, the gateway establishes a connection to the
target WAP site. It collects the document from the site. Then the WAP page is "compiled"
===*===
Security Issues with WTLS:
The WTLS has to be able to cope with small amounts of memory and limited
processor capacity, as well as long round-trip times.
As the protocol is designed around more capable servers than devices, the
specification can allow connections with little to no security.
Clients with low memory or CPU capabilities cannot support encryption and
choosing null or weak encryption greatly reduces confidentiality.
Authentication is also optional in the protocol and omitting authentication reduces
security by leaving the connection vulnerable to a man-in-the middle-type attack.
WTLS must address several known security vulnerabilities, like chosen plaintext
attack and alert message truncation attack.
WTLS has number of inherent security problems, such as weak encryption required
by the low-computing power of the devices and the network transition that must
occur at the cellular provider’s network.
===*===
Wireless LAN:
A Wireless Local Area Network (WLAN) is a grouping of network components
connected through electromagnetic waves.
WLANs transmit and receive data over the air, minimizing the need for wired
connections.
WLAN provide roaming by allowing users real-time access to information from
anywhere in their organization, without having to find a place to connect to the
network with a cable or wire, thereby increasing productivity.
WLANs also have inherent ease of implementation and affordability as they do not
require expensive and time-consuming cable installations, especially in environments
that require frequent moves and changes and are difficult to wire.
WLANs are highly reliable, because it LAN with fewer wires and connectors imply
fewer problems for the users and the network managers.
WLANs are adaptable to the changing environment, because, WLAN systems can
easily be configured and rearranged to accommodate a variety of office settings and a
number of users, from small to extensive.
WLANs can be seen as a combination of fixed wireless and mobile wireless services.
WLANs have two primary components: the wireless network interface card (NIC) in
The WEP protocol specification includes an integrity check on each packet. The
integrity check that is used is a cyclic redundancy check (CRC) of 32 bits. The CRC is
calculated for each packet before the packet is encrypted and then the data plus the CRC is
encrypted and sent to destination. Though CRC is not strong, encryption provides sufficient
protection. This might be a sufficiently strong system if the encryption were strong.
Access Point Security
Ideally, the AP will allow you set a WEP key. Make sure this key cannot be easily
guessed. If possible, use MAC addresses of the workstation to establish connection. This will
introduce more management overhead into the entire project, but it can also help to limit
some AP detection.
Workstation Security
If an intruder were to get on the WLAN, sniffers will allow him to identify other
workstations. Even if he cannot attack internal systems or eavesdrop on information flowing
on the network, he may still be able to attack other workstations. Appropriate antivirus
software should be used in workstations. If the risk is high, personal firewalls should also be
deployed on the workstations.
Safeguarding Wireless LANs
The level of security that is implemented in WLAN must match the security
requirements of the wired LAN and the data that passes over it. The two primary security
safeguards for wireless LANs are the degree of control that is required in identifying the
remote user and the degree to which the network traffic must be safeguard.
===*===
Wireless access point (WAP): A device connected to the wired local area network that
receives signals and transmits signals back to wireless NICs, and that acts as both the base
station and bridge for a wireless network.
===*===