• No results found

Security Awareness. Wireless Network Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security Awareness. Wireless Network Security"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Security Awareness

Wireless Network Security

(2)

Attacks on Wireless Networks

• Three-step process

– Discovering the wireless network – Connecting to the network

– Launching assaults

Security Awareness, 3rd Edition 2

(3)

Discovering

• Beaconing

– At regular intervals, a wireless router sends a signal to announce its presence

• Scanning

– Wireless device looks for the incoming beacon information

• Wireless location mapping

– Also known as war driving

– Finding a beacon from a wireless network and

recording information about it

(4)

Discovering (cont’d.)

• Tools needed for war driving

– Mobile computing device – Wireless NIC adapter

– Antenna

• Omnidirectional antenna

– Global positioning system (GPS) receiver – Software

Security Awareness, 3rd Edition 4

(5)

Discovering (cont’d.)

Figure 5-8 USB wireless NIC

Course Technology/Cengage Learning

(6)

Connecting

• Service Set Identifier (SSID)

– ‘‘Network name’’ and can be any alphanumeric string from 2 to 32 characters

• Wireless networks are designed to freely distribute their SSID

• Once a wireless device receives a beacon with the SSID, it can then attempt to join the network

– Virtually nothing that an attacker must do in order to connect

Security Awareness, 3rd Edition 6

3rd

(7)

Connecting (cont’d.)

Figure 5-9 Connecting to a wireless network

Course Technology/Cengage Learning

(8)

Connecting (cont’d.)

• Some wireless security sources encourage users to configure APs to prevent the beacon from

including the SSID

– Does not provide protection

Security Awareness, 3rd Edition 8

(9)

Launching Assaults

• Eavesdropping

– Attackers can easily view the contents of transmissions from hundreds of feet away

– Even if they have not connected to the wireless

network

(10)

Launching Assaults (cont’d.)

• Wired Equivalent Privacy (WEP)

– Ensure that only authorized parties can view transmitted wireless information

– Encrypts information into ciphertext – Contains a serious flaw

– Attacker can discover a WEP key in less than one minute

Security Awareness, 3rd Edition 10

(11)

Launching Assaults (cont’d.)

• Stealing data

– Once connected attacker treated as “trusted user”

– Has access to any shared data

• Injecting malware

– “Trusted user” enters from behind the network’s firewall

– Can easily inject malware

• Storing illegal content

– Can set up storage on user’s computer and store

content

(12)

Launching Assaults (cont’d.)

• Launching denial of service (DoS) attacks

– Denial of service (DoS) attack

• Designed to prevent a device from performing its intended function

– Wireless DoS attacks

• Designed to deny wireless devices access to the wireless router itself

– Packet generator

• Create fake packets; flood wireless network with traffic

– Disassociation frames

• Communication from a wireless device that indicates the device wishes to end the wireless connection

Security Awareness, 3rd Edition 12

(13)

Launching Assaults (cont’d.)

Figure 5-13 DoS attack using disassociation frames

Course Technology/Cengage Learning

(14)

Launching Assaults (cont’d.)

• Impersonating a legitimate network

– Attackers will often impersonate legitimate networks in restaurants, coffee shops, airports, etc.

– Does not require wireless router – Ad hoc or peer-to-peer network – Once the connection is made

• Attacker might be able to directly inject malware into the user’s computer or steal data

Security Awareness, 3rd Edition 14

(15)

Wireless Network Defenses

• Secure the home wireless network

• Use an unprotected public wireless network in the

most secure manner possible

(16)

Securing a Home Wireless Network

• Locking down the wireless router

– Create username and password – Do not use default password

– Typical settings on the wireless router login security screen

• Router Password

• Access Server

• Wireless Access Web

• Remote Management

Security Awareness, 3rd Edition 16

(17)

Securing a Home Wireless Network (cont’d.)

Figure 5-15 Wireless router login security screen

Course Technology/Cengage Learning

(18)

Securing a Home Wireless Network (cont’d.)

• Limiting users

– Restrict who can access network by MAC address

• MAC address filter

– Dynamic Host Configuration Protocol (DHCP)

• Wireless routers distribute IP addresses to network devices

• Properly configuring settings

• DHCP lease

Security Awareness, 3rd Edition 18

3rd

(19)

Securing a Home Wireless Network (cont’d.)

Figure 5-16 MAC address filter

Course Technology/Cengage Learning

(20)

Securing a Home Wireless Network (cont’d.)

• Turning on Wi-Fi protected access 2 (WPA2)

– Personal security model

– Designed for single users or small office settings – Parts

• Wi-Fi Protected Access (WPA)

• Wi-Fi Protected Access 2 (WPA2)

– To turn on WPA2

• Choose security mode

• Select WPA Algorithm

• Enter shared key

Security Awareness, 3rd Edition 20

(21)

Securing a Home Wireless Network (cont’d.)

Figure 5-18 Security Mode options

Course Technology/Cengage Learning

(22)

Securing a Home Wireless Network (cont’d.)

Figure 5-19 WPA Algorithms setting

Security Awareness, 3rd Edition 22

Course Technology/Cengage Learning

(23)

Securing a Home Wireless Network (cont’d.)

• Configuring network settings

– Network Address Translation (NAT)

• Hides the IP addresses of network devices from attackers

• Private addresses

• NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address

– Port address translation (PAT)

• Each packet is sent to a different port number

(24)

Securing a Home Wireless Network (cont’d.)

– Virtual local area networks (VLANs)

• Segment users or network equipment in logical groupings

• Creates a separate virtual network for each user of the wireless network

– Demilitarized Zone (DMZ)

• Separate network that sits outside the secure network perimeter

• Limits outside access to the DMZ network only

Security Awareness, 3rd Edition 24

(25)

Securing a Home Wireless Network (cont’d.)

Figure 5-21 Demilitarized zone (DMZ)

Course Technology/Cengage Learning

(26)

Securing a Home Wireless Network (cont’d.)

– Port forwarding

• More secure than DMZ

• Opens only the ports that need to be available

Security Awareness, 3rd Edition 26

(27)

Using a Public Wireless Network Securely

• Turning on a personal firewall

– Runs as a program on the user’s local computer – Operates according to a rule base

– Rule options

• Allow

• Block

• Prompt

– Stateless packet filtering – Stateful packet filtering

• Provides more protection

(28)

Using a Public Wireless Network Securely (cont’d.)

• Virtual Private Networks (VPNs)

– Uses an unsecured public network as if it were a secure private network

– Encrypts all data that is transmitted between the remote device and the network

– Advantages

• Full protection

• Transparency

• Authentication

• Industry standards

Security Awareness, 3rd Edition 28

(29)

Figure 5-22 Virtual private network (VPN)

Course Technology/Cengage Learning

References

Download now ( PDF - 29 Page - 360.13 KB )

Related documents

Maximum Spanning Tree Model on Personalized Web Based Collaborative Learning in Web 3.0

In Personalized collaborative environment webDAV assists the intelligent agent tutor to interact with the web servers to collect and produce cognizant knowledge to to the

Wireless Network Standard

To provide additional security, all University wireless networks will require authentication of end users to the network upon connection of any wireless end user device using an

USER GUIDE Cisco Small Business Pro

Connecting Your Phone to the Computer Network 27 Connecting Your Phone to the Wired Network 27 Connecting Your Phone to the Wireless Network 27 Determining Your Wireless Router

Vo802.11: Range Is a Matter of Engineering

Finally, an ad hoc peer-to-peer network, consisting of subscriber devices, intelligent access points, and wireless routers can extend the network even further with little

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks

In this paper we discuss about the improvement of security and privacy issues in wireless Ad-hoc network,wireless mesh network and wireless sensor network with the help of

Risk-based profit and loss attribution

• A level shift in continuously compounded interest rates, relative to the expected position of the yield curve rolling forward.. • A level percentage change in

Ho 229 İLE BÜYÜK DAİRE SEYRİ ÇÖZÜMLERİ

[r]

A Business Case for the Upgrade of the Kangaroo Island Airport at Kingscote

Currently, there is a high degree of international tourists visiting the Island via air travel, or a combination and air and ferry travel. Without access via air at competitive rates,