Wireless Network Security

Ernie Friend

Florida Community College

Objectives

• Define Wireless Network

• Explore a few Wireless Network Security Problems

• The Cisco Networking Academy Solution for Network Training

• Q&A

Wireless Networks

• Wireless networks are connected devices that transmit data over air using either infrared or radio frequencies.– Infrared example – television remote

control– Radio frequency – cordless phone

Wireless Networks

Graphic source: Cisco Systems, Inc.

Wireless Networks Are Growing

Wireless Networks

• To create a wireless network, the minimum components required are wireless NICs (Network Interface Cards).

Ad Hoc Mode Wireless Network

• Play a network-based game against other player(s)

• Transfer files between two computers

Laptop Laptop

Infrastructure Mode Wireless Network

• Most common type• Requires an access

point• The access point

connects the wireless NICs together

• Can connect to a corporate network or home DSL/cable modem.

Laptop Laptop

Laptop Laptop

Access Point

Wireless Technologies

Service Set Identifier (SSID)

• SSID (Service Set Identifier)– Used to distinguish between multiple access points

Vendor Default Settings

Vendor Default SSID

Dlink WLAN

LinkSys linksys

NetGear Wireless

Cisco tsunami

Wired Equivalent Privacy (WEP)

• WEP- relies on a secret key that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (i.e., a base station). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit.

64 bit or 128 bit WEP

Other Security Layers • Virtual Private Network (VPN)

• EAP-MD5- relies on an MD5 hash of a username and password.

• EAP-Cisco Wireless (LEAP)- relies on an MD5 hash of a username and password + dynamic WEP keys.

• Temporal Key Integrity Protocol (TKIP)- encrypting everything before it is run through the WEP machine.

Security Problems

• Wireless networks are not secure?

Why is Wireless Security Important?

•http://www.wirelessanarchy.com

•http://netstumbler.com

•http://www.wardriving.com

•www.warchalking.org

Netstumbler Map

Wardriving

•War Driving »•Posted at 05:12 PM to Technology category.

We did this in two sessions of driving. The first was about fifteen minutes (driving to a restaurant and back), the second was about an hour and a half (we actually drove through apartment and housing complexes the second time instead of just sticking to the main roads).

–54 unique wireless networks–6 ad-hoc networks, the rest were APs34 of those networks had WEP turned off–12 had the default linksys SSID–5 just had an SSID of "default“–4 had an SSID of "wireless“–2 had an SSID of "MSHOME“–1 had the default 3com SSID–1 had an SSID of "cvsretail“–The rest of those 34 had various SSIDs.–Most of the wireless APs we found were near middle income apartment

buildings. We drove only about twenty or thirty miles total.

•Source: www.nslog.com

Wardriving Map

Wireless LAN Security tips for Home Users and Small Office:

• Change default Admin password on your Access Point (this includes the web interface)

• Change your default SSID (network name)

• Disable the SSID broadcast option

• Change the default username/password of your wireless Access Point

Wireless LAN Security tips for Home Users and Small Office:

• Enable MAC address filtering

• Refrain from using the default subnet

• Use the highest level of WEP for encryption of packets

Wireless LAN Security tips for Home Users and Small Office:

Quick Demonstration

Wireless LAN Security tips for Enterprise:

• Put the access point in the right place

• Manage your wireless network ID’s

• WEP is Great- WEP is not Fool Proof

• Ban rogue networks

Source: www.sqmmagazine.com

• Leverage existing RADIUS servers

• Not all WLANs are created equal

• Consider using a VPN

• Use a combination of security mechanisms

Source: www.sqmmagazine.com

Wireless LAN Security tips for Enterprise:

Wireless Networks

How do you learn more about wireless networking?

26© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Fundamentals of Wireless LANs (FWL) Overview

272727© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Course

282828© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Overview

• 70-hour course

• Introduction to Wireless LANs and technology

• Aligned with Cisco Wireless LAN Support Specialist

• Available in English only

• Equipment bundles

292929© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Course Vitals

• 12 Chapters

• 54 Hands-on Labs

• 43 Interactive Activities

• 12 Demonstration Activities

• 6 Product PhotoZooms

• 69 RLOs

• 394 RIOs

• 12 Chapter Quizzes

303030© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Fundamentals of Wireless LANs

• Web-based online curriculum

• E-labs and flash interactive activities

• Online command reference and glossary

• Online module quizzes and final assessment

• Skills-based assessments

• Cisco Press companion materials

• Instructor community and resources

313131© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Course Description

This introductory course to Wireless LANs focuses on the design, planning, implementation, operation and troubleshooting of Wireless LANs. It provides an overview of technologies, security, and best practices with an emphasis on developing hands-on skills in the following areas:

• Wireless LAN setup and troubleshooting

• 802.11a and 802.11b technologies, products, and solutions

• Site surveys

• Resilient WLAN design, installation, and configuration

• WLAN security solutions such as 802.1x, EAP, LEAP, WEP, and SSID

• Vendor interoperability strategies

323232© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Learning Objectives

Upon completion of this course, you will be able to perform the following tasks:

• Understand wireless radio technologies and topologies

• Understand IEEE 802.11 wireless standards and Wi-Fi certifications

• Configure and install wireless access points, bridges, adapters, and antennae using the Cisco IOS Command Line Interface (CLI) and web-based Graphic User Interface (GUI)

• Understand wireless design, installation, configuration, monitoring, and maintenance

• Identify wireless security threats and vulnerabilities

• Implement wireless security using MAC filtering, WEP, TKIP, PPK, and 802.1x technologies

• Demonstrate proper site survey techniques and safety practices

• Configure monitoring technologies such as Syslog, SNMP, and logging

• Troubleshoot wireless installations and configurations

• Understand vertical and horizontal wireless implementations and uses

333333© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Target Audience and Prerequisites

• Target Audience

Community College, Military, and University students as well as transitional workers enrolled in the Cisco Networking Academy Program

• Recommended Student Prerequisites

Students should have completed CCNA 2

Academies can impose more lenient or stricter guidelines.

343434© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Text and Graphics

• High-quality graphics

• Detailed explanations

• Sample configurations

353535© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Course Media: Interactive Activity

363636© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Course Media: Photozoom

373737© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Labs

• 54 hands-on labs including Cisco IOS and GUI configuration

383838© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Cisco Press Materials

Cisco Press offers optional textbooks that accompany this course:

For more information, text samples, and ordering go to http://ciscopress.com/

FWL Lab Bundles

393939© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit

404040© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Bundles

• There are four bundles:

Standard

AP

Bridge

Antenna• The FWL Standard bundle is recommended for all Academies

that intend to deliver the FWL course.

• The optional AP and Bridge bundles may be necessary to reduce the student-to-equipment AP ratio.

• The optional Antenna bundle will allow for additional hands-on WLAN antenna applications and installations.

414141© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL 802.11g Migration

• The current FWL 1.1 course only includes equipment and labs pertaining to 802.11a and 802.11b.

• The newer 802.11g access points, bridges, and NICs sell for approximately the same cost as the older 802.11b equipment. Any future revisions of the course will be aligned with the new standard. Academies that purchase 802.11b equipment now will be faced with the expense of upgrading to 802.11g later.

• A transition bundle is planned that will allow Academies to purchase equipment for 802.11g.

• Equipment bundles will need to be customized for theaters in countries with import restrictions.

• Supplemental labs written for the new 802.11g equipment will be made available .

424242© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Sample FWL Lab Topologies

FWL Certification Alignment

434343© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit

444444© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Cisco Wireless LAN Support Specialist Certification and Exam Overview

• FWL will align with the following certification:Cisco Wireless LAN Support Specialist

• Overview:Offered by Cisco Systems, Inc.

The Wireless LAN for Field Engineers exam (642-582 WLANFE) is one of several requirements for Field Engineers that supports a Partner Wireless LAN Specialization.

• Prerequisites:Valid CCNA certification

• Recertification:Cisco Wireless LAN Support Specialist certifications are valid for two years. To recertify, individuals must take and pass the current version of the appropriate Cisco Wireless LAN Support Specialist exams or any CCIE written exam.

454545© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Cisco Wireless LAN Support Specialist Exam Topics

• Radio Technology

• Antenna Concepts

• Wireless LAN Topologies

• Wireless Bridges

• Access Point and Bridge Basic Configuration

• Aironet Client Utilities and Drivers

• Security

• Wireless LAN Management

• Access Point and Bridge Basic Configuration for SWAN

• Site Survey

Future FWL Revisions

464646© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit

474747© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

Future Revisions

FWL 2.0, which will be a major update, is currently planned for late summer/early fall 2005. Some enhancements are as follows:

• New IEEE wireless standards and Wi-Fi certifications

• New FCC, ETSI, and Rest of World frequency regulations

• Content and labs covering the latest Cisco product offerings including the 1300 Bridge (802.11g) and 802.11a/b/g NICs

• Latest Cisco IOS image releases

• Latest wireless security architecture, protocols, and configurations

• Structured Wireless Aware Network (SWAN)

• Emerging wireless standards

• E-labs covering wireless Cisco IOS CLI and GUI

• E-labs covering the Wireless LAN Solutions Engine (WLSE)

• Move VxWorks OS coverage to appendices or more info

For More Information

484848© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit

494949© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

FWL Information and Updates for Current Academies

Available on Academy Connection:

Instructor Community > Course Catalog > FWL

1. Scope and Sequence

2. Equipment Bundles

3. Cost Calculator

4. FAQs

5. Instructor Training

6. Academy Marketplace Discounts

7. Course Demo

8. Curriculum Data Sheet

Training Centers 1. CATCs

2. Regional

505050© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit

For More Information – Academy Prospects

• http://www.cisco.com/go/netacad

Course Catalog > Fundamentals of Wireless LANs

515151© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit