Security Awareness. Wireless Network Security

29  Download (0)

Full text

(1)

Security Awareness

Wireless Network Security

(2)

Attacks on Wireless Networks

• Three-step process

– Discovering the wireless network – Connecting to the network

– Launching assaults

Security Awareness, 3rd Edition 2

(3)

Discovering

• Beaconing

– At regular intervals, a wireless router sends a signal to announce its presence

• Scanning

– Wireless device looks for the incoming beacon information

• Wireless location mapping

– Also known as war driving

– Finding a beacon from a wireless network and

recording information about it

(4)

Discovering (cont’d.)

• Tools needed for war driving

– Mobile computing device – Wireless NIC adapter

– Antenna

• Omnidirectional antenna

– Global positioning system (GPS) receiver – Software

Security Awareness, 3rd Edition 4

(5)

Discovering (cont’d.)

Figure 5-8 USB wireless NIC

Course Technology/Cengage Learning

(6)

Connecting

• Service Set Identifier (SSID)

– ‘‘Network name’’ and can be any alphanumeric string from 2 to 32 characters

• Wireless networks are designed to freely distribute their SSID

• Once a wireless device receives a beacon with the SSID, it can then attempt to join the network

– Virtually nothing that an attacker must do in order to connect

Security Awareness, 3rd Edition 6

3rd

(7)

Connecting (cont’d.)

Figure 5-9 Connecting to a wireless network

Course Technology/Cengage Learning

(8)

Connecting (cont’d.)

• Some wireless security sources encourage users to configure APs to prevent the beacon from

including the SSID

– Does not provide protection

Security Awareness, 3rd Edition 8

(9)

Launching Assaults

• Eavesdropping

– Attackers can easily view the contents of transmissions from hundreds of feet away

– Even if they have not connected to the wireless

network

(10)

Launching Assaults (cont’d.)

• Wired Equivalent Privacy (WEP)

– Ensure that only authorized parties can view transmitted wireless information

– Encrypts information into ciphertext – Contains a serious flaw

– Attacker can discover a WEP key in less than one minute

Security Awareness, 3rd Edition 10

(11)

Launching Assaults (cont’d.)

• Stealing data

– Once connected attacker treated as “trusted user”

– Has access to any shared data

• Injecting malware

– “Trusted user” enters from behind the network’s firewall

– Can easily inject malware

• Storing illegal content

– Can set up storage on user’s computer and store

content

(12)

Launching Assaults (cont’d.)

• Launching denial of service (DoS) attacks

– Denial of service (DoS) attack

• Designed to prevent a device from performing its intended function

– Wireless DoS attacks

• Designed to deny wireless devices access to the wireless router itself

– Packet generator

• Create fake packets; flood wireless network with traffic

– Disassociation frames

• Communication from a wireless device that indicates the device wishes to end the wireless connection

Security Awareness, 3rd Edition 12

(13)

Launching Assaults (cont’d.)

Figure 5-13 DoS attack using disassociation frames

Course Technology/Cengage Learning

(14)

Launching Assaults (cont’d.)

• Impersonating a legitimate network

– Attackers will often impersonate legitimate networks in restaurants, coffee shops, airports, etc.

– Does not require wireless router – Ad hoc or peer-to-peer network – Once the connection is made

• Attacker might be able to directly inject malware into the user’s computer or steal data

Security Awareness, 3rd Edition 14

(15)

Wireless Network Defenses

• Secure the home wireless network

• Use an unprotected public wireless network in the

most secure manner possible

(16)

Securing a Home Wireless Network

• Locking down the wireless router

– Create username and password – Do not use default password

– Typical settings on the wireless router login security screen

• Router Password

• Access Server

• Wireless Access Web

• Remote Management

Security Awareness, 3rd Edition 16

(17)

Securing a Home Wireless Network (cont’d.)

Figure 5-15 Wireless router login security screen

Course Technology/Cengage Learning

(18)

Securing a Home Wireless Network (cont’d.)

• Limiting users

– Restrict who can access network by MAC address

• MAC address filter

– Dynamic Host Configuration Protocol (DHCP)

• Wireless routers distribute IP addresses to network devices

• Properly configuring settings

• DHCP lease

Security Awareness, 3rd Edition 18

3rd

(19)

Securing a Home Wireless Network (cont’d.)

Figure 5-16 MAC address filter

Course Technology/Cengage Learning

(20)

Securing a Home Wireless Network (cont’d.)

• Turning on Wi-Fi protected access 2 (WPA2)

– Personal security model

– Designed for single users or small office settings – Parts

• Wi-Fi Protected Access (WPA)

• Wi-Fi Protected Access 2 (WPA2)

– To turn on WPA2

• Choose security mode

• Select WPA Algorithm

• Enter shared key

Security Awareness, 3rd Edition 20

(21)

Securing a Home Wireless Network (cont’d.)

Figure 5-18 Security Mode options

Course Technology/Cengage Learning

(22)

Securing a Home Wireless Network (cont’d.)

Figure 5-19 WPA Algorithms setting

Security Awareness, 3rd Edition 22

Course Technology/Cengage Learning

(23)

Securing a Home Wireless Network (cont’d.)

• Configuring network settings

– Network Address Translation (NAT)

• Hides the IP addresses of network devices from attackers

• Private addresses

• NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address

– Port address translation (PAT)

• Each packet is sent to a different port number

(24)

Securing a Home Wireless Network (cont’d.)

– Virtual local area networks (VLANs)

• Segment users or network equipment in logical groupings

• Creates a separate virtual network for each user of the wireless network

– Demilitarized Zone (DMZ)

• Separate network that sits outside the secure network perimeter

• Limits outside access to the DMZ network only

Security Awareness, 3rd Edition 24

(25)

Securing a Home Wireless Network (cont’d.)

Figure 5-21 Demilitarized zone (DMZ)

Course Technology/Cengage Learning

(26)

Securing a Home Wireless Network (cont’d.)

– Port forwarding

• More secure than DMZ

• Opens only the ports that need to be available

Security Awareness, 3rd Edition 26

(27)

Using a Public Wireless Network Securely

• Turning on a personal firewall

– Runs as a program on the user’s local computer – Operates according to a rule base

– Rule options

• Allow

• Block

• Prompt

– Stateless packet filtering – Stateful packet filtering

• Provides more protection

(28)

Using a Public Wireless Network Securely (cont’d.)

• Virtual Private Networks (VPNs)

– Uses an unsecured public network as if it were a secure private network

– Encrypts all data that is transmitted between the remote device and the network

– Advantages

• Full protection

• Transparency

• Authentication

• Industry standards

Security Awareness, 3rd Edition 28

(29)

Figure 5-22 Virtual private network (VPN)

Course Technology/Cengage Learning

Figure

Updating...

References

Related subjects : wireless network security