Wep may be able to stop casual sniffers an

This preview shows page 9 - 11 out of 17 pages.

WEP may be able to stop casual sniffers an experienced hacker can crack WEP keys in 15 minutes due to the serious security flaws in the protocol. WEP vulnerabilities include unauthorized decryption and violation of data integrity, poor key management, no access point authentication and WEP key recovery. “Wi-Fi Protected Access (WPA) is a standards-based interoperable security specification. The specification is designed so that only software or firmware upgrades are necessary for the existing or legacy hardware to meet the requirements. Its purpose is to increase the level of security for existing and future wireless LANs”[ CITATION Sta03 \l 1033 ] According to [ CITATION Sta03 \l 1033 ] WPA has key features that address WEP vulnerabilities such as:Apply stronger network access control through mutual authentication Support better security technologies like 802.1X, EAP, RADIUS and pre-shared keys Adopt dynamic keys in TKIP to establish better key management Enforce data integrity through Michael Message Integrity CheckProvide forward compatibility to ultimate wireless security solution, 802.11i Although WPA is more secure then WEP still comes with a few potential security issues such as encryption weaknesses in TKIP and performance being sacrificed due to the complexity computation intensive authentication and encryption protocols.Pre-shared Keys for EncryptionA pre-shared key (PSK) is a security method used to transfer a shared secret key between two parties in order to authenticate users. The process is initiated when PSK cipher suite(s) are included in the hello message to the client. PSK does not require an authentication
10Incident Responseserver and is used with limited computer processing power. It is also used as an alternative to avoid process-demanding tasks such as public-key operations.[ CITATION UMU17 \l 1033 ]The Federal Information Processing Standards (FIPS) Publication 140-2, issued by the National Institute of Standards and Technology (NIST), specifies the cryptographic security requirements to be used when protecting sensitive but unclassified information. The standard includes four increasing qualitative levels of security: Level 1-4. Each level covers a range of potential applications and environments in which cryptologic modules may be employed. These areas include cryptographic module specification, cryptographic module ports, and interfaces; roles, services, and authentication; finite state model; physical security; operationalenvironment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.Wireless ProtocolsAccording to [ CITATION Chr17 \l 1033 ], Transmission Control Protocol (TCP) is basically how internet talks. It takes chunks of data and turn them into packets of data and sends them to another TCP layer. IP defines exactly where data needs to be sent and making sure the packets are sent and received to the same place. The TCP/IP model consists of four layers:

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture