Page 228 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 228
Wireless Networks
Notes Objectives
After studying this unit, you will be able to:
z z Discuss the concept of User Authentication
z z Describe the 802.11 Authentication Vulnerabilities
z z Explain the Medium Access Control (MAC) Filters
z z Define concept of Public-key Cryptography
z z Discuss the 802.1X
z z Explain the Security Policies
Introduction
Identification and authentication are used to establish a user's identity. it appears that a user-
authentication system for consumer communities on the Web is growing beyond the traditional
database-driven and/or directory-driven component of a Web application, for organizations
that have higher data-confidentiality requirements. Implementation approaches for strong
authentication span a full spectrum that ranges from highly integrated and interconnected/
dependent to simple extensions of existing stand-alone architectures. The escalating trend of
moving data and services into the cloud also necessitates methodical planning to ensure secure
access to authorized users over the Internet. While existing simple-password–based authentication
might continue to work for many consumer-oriented Web sites, its inherent vulnerabilities have
been identified as security risks for institutions that have higher data-privacy requirements. To
mitigate the risk of online identity fraud, organizations look to strong user authentication as the
solution for improving their Web-based authentication systems.
14.1 Concept of User Authentication
User authentication is a means of identifying the user and verifying that the user is allowed to
access some restricted service. Identity theft remains one of the more prevalent issues on the
Internet today. Still digital identity fraud is still on the rise, with an increase in sophistication
(that is, "phishing," "man-in-the-middle," DNS poisoning, malware, social engineering, and so
forth) and an expansion of attack vectors (that is, unregulated financial systems, lottery and
sweepstakes contests, healthcare data, synthetic identities, and so on). With the upward trend
of moving data and services into the Web and cloud-based platforms, the management and
control of access to confidential and sensitive data is becoming more than verifying simple user
credentials at the onset of user sessions for one application, and with higher interconnectivity
and interdependencies among multiple applications, services, and organizations.
One of the more exploited methods today is the gaining of account access by stealing reusable
credentials for Web sites that have not yet implemented "strong" user authentication. This is
so, because most common forms of credentials today are knowledge-based (that is, user ID
and password) and are requested only once during sign-on, which provides a higher level
of convenience to users, but also requires less effort for attackers to exploit. Many attacks
are manifested as "phishing" messages that masquerade as ones that are sent by legitimate
organizations and contain URLs that point to fraudulent Web sites that have the same appearances
as genuine ones. Often, they act as "man-in-the-middle" and eventually do forward visitors to the
actual Web sites; but, in the process, they have captured valid credentials that can be used to gain
access to actual accounts.
The ease with which online identities can be stolen and used effectively has prompted many
organizations and governing bodies to raise alarms. In the U.S., the October 2005 Federal Financial
Institutions Examination Council (FFIEC) "Authentication in an Internet Banking Environment"
222 LOVELY PROFESSIONAL UNIVERSITY
