Wi-Fi LAN Operation & Security

Part 1: Introduction to IEEE 802.11 and Wi-Fi

 

• Wired vs wireless communications
  • Comparison of security challenges
• Introduction to security attacks and countermeasures
  • Layered security attack methods
  • Shared key and public key cryptography
• Overview of IEEE 802.11 and Wi-Fi
  • General architecture
  • Wi-Fi Alliance
  • IEEE 802.11 task groups

 

Part 2: Wi-Fi Physical (PHY) Layer

 

• Range calculations and PHY vulnerabilities
  • Calculating maximum range
  • Eavesdropping range of vulnerability
  • Jamming range of susceptibility
  • Countermeasures
• Basic modulation methods
  • Modulated signal structure
  • Amplitude, frequency, and phase shift keying
• Direct sequence spread spectrum (802.11b)
  • DSSS methods
  • Processing gain
  • Complementary code keying (CCK)
• Advanced modulation methods (802.11g/n)
  • Quadrature Amplitude Modulation (QAM)
  • Orthogonal Frequency Division Multiplexing (OFDM)
  • Performance
• Advanced antennas and multiple-input multiple-output (MIMO)
  • 802.11n MIMO
  • 802.11n operating modes and performance
• Error Control
  • Error detection and correction
  • Automatic repeat request

 

Part 3: Wi-Fi Medium Access Control (MAC)

 

• Carrier-sense multiple access
  • Basic concept and operation
  • Avoiding network instability
  • CSMA and denial-of-service (DoS) attacks
• Distributed Coordination Function (DCF)
  • Channel access and backoff
  • Performance
  • DCF and man-in-the-middle (MITM) attacks
• Point Coordination Function (PCF)
  • Channel access and scheduling
  • Performance
• Quality-of-Service
  • The QoS challenge
  • Overview of 802.11e QoS enhancements
• Throughput capabilities
  • Frame transmission times
  • Throughput analysis
• Management operations
  • Connection process
  • Addressing and traffic flow

 

Part 4: IEEE 802.11i Access Control and Key Management

 

• Introduction to Robust Security Network (RSN)
  • RSN security layers
  • Methods of authentication
  • 802.11i operational phases
• 802.1X Port-Based Network Access Control
  • 802.1X authentication and key distribution
  • Digital certificate
  • Challenge-response using a RADIUS server
• Extensible Authentication Protocol (EAP)
  • EAP request/response
  • EAP over LAN (EAPOL)
  • Key derivation and exchange
• Transport Layer Security (TLS)
  • TLS handshake exchange
  • TLS and 802.11i
  • TLS over EAP
• Security while roaming
  • Preauthentication

 

Part 5: IEEE 802.11i Encryption

 

• Wired Equivalent Privacy (WEP) weaknesses
  • Desired security criteria
  • WEP operation
  • Weaknesses: Authentication, data confidentiality, data integrity
• Temporal Key Integrity Protocol (TKIP)
  • TKIP implementation
  • Encapsulation and decapsulation processes
  • TKIP message integrity
  • TKIP attack countermeasures
• Advanced Encryption Standard (AES)
  • Requirements for WEP replacement
  • AES operation
  • AES modes and algorithms
  • 802.11i counter/cipher block chaining with message authentication code (CCM) protocol

 

Part 6: Wi-Fi Protected Access (WPA)

 

• IEEE 802.11i and Wi-Fi Protected Access (WPA)
  • Comparison of 802.11i and WPA
• Versions of WPA
  • WPA Personal vs WPA Enterprise
  • WPA vs WPA2
• WPA and RSN key hierarchy
  • Pairwise and group keys
  • Key hierarchy
  • Key derivation
• WPA implementation requirements
  • Access points
  • Network adaptors
  • Client software
• WPA certification

 

Part 7: Wi-Fi Network Attack and Defense Methods

 

• Specific attack methods
  • Planning and executing an attack
  • Summary of specific attack methods
• General methods for enhancing Wi-Fi security
  • AP placement
  • AP setup
  • Security outside of WPA/802.11i
• Network analysis tools
  • Spectrum analyzer
  • Protocol analyzer
  • Other analyzers
• Wireless Intrusion Detection Systems (WIDS)
  • Intrusion detection
  • Intrusion prevention
  • Implementation
  • Survey of available WIDS products
• Wrap-up
  • Course Recap and Q/A
  • Evaluations