Security Awareness Chapter 5 Wireless Network Security

Security Awareness

Chapter 5Wireless Network Security

Security Awareness, 3rd Edition 2

Objectives

After completing this chapter you should be able to do the following:

•Explain what a network is and the different types of networks

•List the different attacks that can be launched against a wireless network

•Give the steps necessary to secure a wireless network

How Networks Work

• Understand the basics of how a network works– What is a network?– How does it transmit data?– Different types of networks– Devices typically found on a home wireless network


What Is a Computer Network?

• Purpose of a computer network is to share– Information– Devices such as printers

• Home network– Single Internet connection– Shared printer– Easier to perform backups


What Is a Computer Network? (cont’d.)

Figure 5-2 Computer network


Course Technology/Cengage Learning

Transmitting Across a Network

• Sending and receiving devices must follow same set of standards (protocols)

• Transmission Control Protocol/Internet Protocol (TCP/IP)– Most common set of protocols used today

• IP address – Series of four sets of digits separated by periods– Static or dynamic


Transmitting Across a Network (cont’d.)

• Media Access Control (MAC) address– Physical address– 12 characters separated by either dashes or colons

• Packets– Small units of data sent through network


Transmitting Across a Network (cont’d.)

Figure 5-3 Sending data by packets



Types of Networks

• Two types of classifications– Distance-based

• Local area network (LAN)

• Wide area network (WAN)

• Personal area network (PAN)

– Type of connection• Wired

• Wireless local area network (WLAN)

• Wi-Fi (Wireless Fidelity)


Network Devices

• Network interface card (NIC) adapter– Hardware device that connects a computer to a

wired network

• Router – Hardware device– Responsible for sending packets through the

network toward their destination

• Firewall– Can repel attacks through filtering the data packets

as they arrive at the perimeter of the network


Network Devices (cont’d.)

Figure 5-5 Internal wireless NIC




Figure 5-6 Hardware firewall




• Network Attached Storage (NAS) device– Dedicated hard disk-based file storage device – Provides centralized and consolidated disk storage

available to network user

• Access point (AP)– Acts as the ‘‘base station’’ for the wireless network– Acts as a ‘‘bridge’’ between the wireless and wired

networks

• Wireless gateway– Combine the features of an AP, firewall, and router in

a single hardware deviceSecurity Awareness, 3rd Edition 13

Attacks on Wireless Networks

• Three-step process– Discovering the wireless network– Connecting to the network– Launching assaults


Discovering

• Beaconing– At regular intervals, a wireless router sends a signal

to announce its presence

• Scanning– Wireless device looks for the incoming beacon

information

• Wireless location mapping– Also known as war driving– Finding a beacon from a wireless network and

recording information about it


Discovering (cont’d.)

• Tools needed for war driving– Mobile computing device– Wireless NIC adapter– Antenna

• Omnidirectional antenna

– Global positioning system (GPS) receiver– Software


Discovering (cont’d.)

Figure 5-8 USB wireless NIC



Connecting

• Service Set Identifier (SSID)– ‘‘Network name’’ and can be any alphanumeric string

from 2 to 32 characters

• Wireless networks are designed to freely distribute their SSID

• Once a wireless device receives a beacon with the SSID, it can then attempt to join the network– Virtually nothing that an attacker must do in order to

connect


3rd

Connecting (cont’d.)

Figure 5-9 Connecting to a wireless network



Connecting (cont’d.)

• Some wireless security sources encourage users to configure APs to prevent the beacon from including the SSID– Does not provide protection


Launching Assaults

• Eavesdropping– Attackers can easily view the contents of

transmissions from hundreds of feet away– Even if they have not connected to the wireless

network


Launching Assaults (cont’d.)

• Wired Equivalent Privacy (WEP) – Ensure that only authorized parties can view

transmitted wireless information– Encrypts information into ciphertext– Contains a serious flaw– Attacker can discover a WEP key in less than one

minute



• Stealing data– Once connected attacker treated as “trusted user”– Has access to any shared data

• Injecting malware– “Trusted user” enters from behind the network’s

firewall– Can easily inject malware

• Storing illegal content– Can set up storage on user’s computer and store

content



• Launching denial of service (DoS) attacks– Denial of service (DoS) attack

• Designed to prevent a device from performing its intended function

– Wireless DoS attacks • Designed to deny wireless devices access to the

wireless router itself

– Packet generator• Create fake packets; flood wireless network with traffic

– Disassociation frames• Communication from a wireless device that indicates the

device wishes to end the wireless connectionSecurity Awareness, 3rd Edition 24


Figure 5-13 DoS attack using disassociation frames




• Impersonating a legitimate network– Attackers will often impersonate legitimate networks

in restaurants, coffee shops, airports, etc.– Does not require wireless router– Ad hoc or peer-to-peer network– Once the connection is made

• Attacker might be able to directly inject malware into the user’s computer or steal data


Wireless Network Defenses

• Secure the home wireless network

• Use an unprotected public wireless network in the most secure manner possible


Securing a Home Wireless Network

• Locking down the wireless router– Create username and password– Do not use default password– Typical settings on the wireless router login security

screen• Router Password

• Access Server

• Wireless Access Web

• Remote Management


Securing a Home Wireless Network (cont’d.)

Figure 5-15 Wireless router login security screen




• Limiting users– Restrict who can access network by MAC address

• MAC address filter

– Dynamic Host Configuration Protocol (DHCP)• Wireless routers distribute IP addresses to network

devices

• Properly configuring settings

• DHCP lease


3rd


Figure 5-16 MAC address filter




• Turning on Wi-Fi protected access 2 (WPA2)– Personal security model– Designed for single users or small office settings– Parts

• Wi-Fi Protected Access (WPA)

• Wi-Fi Protected Access 2 (WPA2)

– To turn on WPA2• Choose security mode

• Select WPA Algorithm

• Enter shared key



Figure 5-18 Security Mode options




Figure 5-19 WPA Algorithms setting




• Configuring network settings– Network Address Translation (NAT)

• Hides the IP addresses of network devices from attackers

• Private addresses

• NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address

– Port address translation (PAT)• Each packet is sent to a different port number



– Virtual local area networks (VLANs) • Segment users or network equipment in logical

groupings

• Creates a separate virtual network for each user of the wireless network

– Demilitarized Zone (DMZ)• Separate network that sits outside the secure network

perimeter

• Limits outside access to the DMZ network only



Figure 5-21 Demilitarized zone (DMZ)




– Port forwarding• More secure than DMZ

• Opens only the ports that need to be available


Using a Public Wireless Network Securely

• Turning on a personal firewall– Runs as a program on the user’s local computer– Operates according to a rule base– Rule options

• Allow

• Block

• Prompt

– Stateless packet filtering– Stateful packet filtering

• Provides more protection


Using a Public Wireless Network Securely (cont’d.)

• Virtual Private Networks (VPNs)– Uses an unsecured public network as if it were a

secure private network– Encrypts all data that is transmitted between the

remote device and the network– Advantages

• Full protection

• Transparency

• Authentication

• Industry standards


Figure 5-22 Virtual private network (VPN)



Summary

• Most home users install wireless networks

• Attacking a wireless network involves three main steps– Discovery– Connection– Attack

• Secure home wireless network

• Use good security when using public wireless networks


Documents

Security Awareness Chapter 5 Wireless Network Security