Security Awareness
Wireless Network Security
Attacks on Wireless Networks
• Three-step process
– Discovering the wireless network – Connecting to the network
– Launching assaults
Security Awareness, 3rd Edition 2
Discovering
• Beaconing
– At regular intervals, a wireless router sends a signal to announce its presence
• Scanning
– Wireless device looks for the incoming beacon information
• Wireless location mapping
– Also known as war driving
– Finding a beacon from a wireless network and
recording information about it
Discovering (cont’d.)
• Tools needed for war driving
– Mobile computing device – Wireless NIC adapter
– Antenna
• Omnidirectional antenna
– Global positioning system (GPS) receiver – Software
Security Awareness, 3rd Edition 4
Discovering (cont’d.)
Figure 5-8 USB wireless NIC
Course Technology/Cengage Learning
Connecting
• Service Set Identifier (SSID)
– ‘‘Network name’’ and can be any alphanumeric string from 2 to 32 characters
• Wireless networks are designed to freely distribute their SSID
• Once a wireless device receives a beacon with the SSID, it can then attempt to join the network
– Virtually nothing that an attacker must do in order to connect
Security Awareness, 3rd Edition 6
3rd
Connecting (cont’d.)
Figure 5-9 Connecting to a wireless network
Course Technology/Cengage Learning
Connecting (cont’d.)
• Some wireless security sources encourage users to configure APs to prevent the beacon from
including the SSID
– Does not provide protection
Security Awareness, 3rd Edition 8
Launching Assaults
• Eavesdropping
– Attackers can easily view the contents of transmissions from hundreds of feet away
– Even if they have not connected to the wireless
network
Launching Assaults (cont’d.)
• Wired Equivalent Privacy (WEP)
– Ensure that only authorized parties can view transmitted wireless information
– Encrypts information into ciphertext – Contains a serious flaw
– Attacker can discover a WEP key in less than one minute
Security Awareness, 3rd Edition 10
Launching Assaults (cont’d.)
• Stealing data
– Once connected attacker treated as “trusted user”
– Has access to any shared data
• Injecting malware
– “Trusted user” enters from behind the network’s firewall
– Can easily inject malware
• Storing illegal content
– Can set up storage on user’s computer and store
content
Launching Assaults (cont’d.)
• Launching denial of service (DoS) attacks
– Denial of service (DoS) attack
• Designed to prevent a device from performing its intended function
– Wireless DoS attacks
• Designed to deny wireless devices access to the wireless router itself
– Packet generator
• Create fake packets; flood wireless network with traffic
– Disassociation frames
• Communication from a wireless device that indicates the device wishes to end the wireless connection
Security Awareness, 3rd Edition 12
Launching Assaults (cont’d.)
Figure 5-13 DoS attack using disassociation frames
Course Technology/Cengage Learning
Launching Assaults (cont’d.)
• Impersonating a legitimate network
– Attackers will often impersonate legitimate networks in restaurants, coffee shops, airports, etc.
– Does not require wireless router – Ad hoc or peer-to-peer network – Once the connection is made
• Attacker might be able to directly inject malware into the user’s computer or steal data
Security Awareness, 3rd Edition 14
Wireless Network Defenses
• Secure the home wireless network
• Use an unprotected public wireless network in the
most secure manner possible
Securing a Home Wireless Network
• Locking down the wireless router
– Create username and password – Do not use default password
– Typical settings on the wireless router login security screen
• Router Password
• Access Server
• Wireless Access Web
• Remote Management
Security Awareness, 3rd Edition 16
Securing a Home Wireless Network (cont’d.)
Figure 5-15 Wireless router login security screen
Course Technology/Cengage Learning
Securing a Home Wireless Network (cont’d.)
• Limiting users
– Restrict who can access network by MAC address
• MAC address filter
– Dynamic Host Configuration Protocol (DHCP)
• Wireless routers distribute IP addresses to network devices
• Properly configuring settings
• DHCP lease
Security Awareness, 3rd Edition 18
3rd
Securing a Home Wireless Network (cont’d.)
Figure 5-16 MAC address filter
Course Technology/Cengage Learning
Securing a Home Wireless Network (cont’d.)
• Turning on Wi-Fi protected access 2 (WPA2)
– Personal security model
– Designed for single users or small office settings – Parts
• Wi-Fi Protected Access (WPA)
• Wi-Fi Protected Access 2 (WPA2)
– To turn on WPA2
• Choose security mode
• Select WPA Algorithm
• Enter shared key
Security Awareness, 3rd Edition 20
Securing a Home Wireless Network (cont’d.)
Figure 5-18 Security Mode options
Course Technology/Cengage Learning
Securing a Home Wireless Network (cont’d.)
Figure 5-19 WPA Algorithms setting
Security Awareness, 3rd Edition 22
Course Technology/Cengage Learning
Securing a Home Wireless Network (cont’d.)
• Configuring network settings
– Network Address Translation (NAT)
• Hides the IP addresses of network devices from attackers
• Private addresses
• NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address
– Port address translation (PAT)
• Each packet is sent to a different port number
Securing a Home Wireless Network (cont’d.)
– Virtual local area networks (VLANs)
• Segment users or network equipment in logical groupings
• Creates a separate virtual network for each user of the wireless network
– Demilitarized Zone (DMZ)
• Separate network that sits outside the secure network perimeter
• Limits outside access to the DMZ network only
Security Awareness, 3rd Edition 24
Securing a Home Wireless Network (cont’d.)
Figure 5-21 Demilitarized zone (DMZ)
Course Technology/Cengage Learning
Securing a Home Wireless Network (cont’d.)
– Port forwarding
• More secure than DMZ
• Opens only the ports that need to be available
Security Awareness, 3rd Edition 26
Using a Public Wireless Network Securely
• Turning on a personal firewall
– Runs as a program on the user’s local computer – Operates according to a rule base
– Rule options
• Allow
• Block
• Prompt
– Stateless packet filtering – Stateful packet filtering
• Provides more protection
Using a Public Wireless Network Securely (cont’d.)
• Virtual Private Networks (VPNs)
– Uses an unsecured public network as if it were a secure private network
– Encrypts all data that is transmitted between the remote device and the network
– Advantages
• Full protection
• Transparency
• Authentication
• Industry standards
Security Awareness, 3rd Edition 28
Figure 5-22 Virtual private network (VPN)
Course Technology/Cengage Learning