802.1x

I was trying to dig deeper into the Wireless Security Standards - WEP & WPA, when I read about 802.1x and I was blown by its widespread use and the research work put behind the framing of the standard.

WEP had many security flaws such as static preshared keys, which could be easily cracked. So Cisco came out with its interim solution for Wi-Fi security in its devices which used dynamic key exchange, a new encrption key for each packet and authentication using IEEE 802.1x. Extensible Authentication Protocol (EAP) authentication is now used in WPA and WPA2 for 802.11.

IEEE 802.1x standard is simply a standard for passing EAP over a wired or wireless LAN. With 802.1x, you package EAP messages in Ethernet frames and don't use PPP. It's authentication and nothing more. That's desirable in situations in which the rest of PPP isn't needed, where you're using protocols other than TCP/IP, or where the overhead and complexity of using PPP is undesirable.

The three devices involved in the 802.1x authentication are the client, an authentication server and Wireless Access Point (WAP). The user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. One of the key points of 802.1x is that the authenticator can be simple and dumb - all of the brains have to be in the supplicant and the authentication server. This makes 802.1x ideal for wireless access points, which are typically small and have little memory and processing power.

Message Digests (HASH)

Message digests or hashes are commonly 128 bits to 160 bits in length and provide a digital identifier for each digital file or document. Message digest functions also called hash functions, are used to produce digital summaries of information called message digests. Message digest functions are mathematical functions that process information to "produce a different message digest for each unique document". Identical documents have the same message digest; but if even one of the bits for the document changes, the message digest changes.

Figure. Example of the Message Digest Process

Because message digests are much shorter than the data from which the digests are generated and the digests have a finite length, duplicate message digests called collisions can exist for different data sets. However, good message digest functions use one-way functions to ensure that it is mathematically and computationally infeasible to reverse the message digest process and discover the original data.

Message digests are commonly used in conjunction with public key technology to create digital signatures or "digital thumbprints" that are used for authentication, integrity, and nonrepudiation. Message digests also are commonly used with digital signing technology to provide data integrity for electronic files and documents.

SQL Injection

SQL Injection



SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered or user input is not strongly typed.


SQL Injection like this