© 2004 cisco systems, inc. all rights reserved
TRANSCRIPT
Wireless Network Security
Ernie Friend
Florida Community College
Objectives
• Define Wireless Network
• Explore a few Wireless Network Security Problems
• The Cisco Networking Academy Solution for Network Training
• Q&A
Wireless Networks
• Wireless networks are connected devices that transmit data over air using either infrared or radio frequencies.– Infrared example – television remote
control– Radio frequency – cordless phone
Wireless Networks
Graphic source: Cisco Systems, Inc.
Wireless Networks Are Growing
Wireless Networks
• To create a wireless network, the minimum components required are wireless NICs (Network Interface Cards).
Ad Hoc Mode Wireless Network
• Play a network-based game against other player(s)
• Transfer files between two computers
Laptop Laptop
Infrastructure Mode Wireless Network
• Most common type• Requires an access
point• The access point
connects the wireless NICs together
• Can connect to a corporate network or home DSL/cable modem.
Laptop Laptop
Laptop Laptop
Access Point
Wireless Technologies
Service Set Identifier (SSID)
• SSID (Service Set Identifier)– Used to distinguish between multiple access points
Vendor Default Settings
Vendor Default SSID
Dlink WLAN
LinkSys linksys
NetGear Wireless
Cisco tsunami
Wired Equivalent Privacy (WEP)
• WEP- relies on a secret key that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (i.e., a base station). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit.
64 bit or 128 bit WEP
Other Security Layers • Virtual Private Network (VPN)
• EAP-MD5- relies on an MD5 hash of a username and password.
• EAP-Cisco Wireless (LEAP)- relies on an MD5 hash of a username and password + dynamic WEP keys.
• Temporal Key Integrity Protocol (TKIP)- encrypting everything before it is run through the WEP machine.
Security Problems
• Wireless networks are not secure?
Why is Wireless Security Important?
•http://www.wirelessanarchy.com
•http://netstumbler.com
•http://www.wardriving.com
•www.warchalking.org
Netstumbler Map
Wardriving
•War Driving »•Posted at 05:12 PM to Technology category.
We did this in two sessions of driving. The first was about fifteen minutes (driving to a restaurant and back), the second was about an hour and a half (we actually drove through apartment and housing complexes the second time instead of just sticking to the main roads).
–54 unique wireless networks–6 ad-hoc networks, the rest were APs34 of those networks had WEP turned off–12 had the default linksys SSID–5 just had an SSID of "default“–4 had an SSID of "wireless“–2 had an SSID of "MSHOME“–1 had the default 3com SSID–1 had an SSID of "cvsretail“–The rest of those 34 had various SSIDs.–Most of the wireless APs we found were near middle income apartment
buildings. We drove only about twenty or thirty miles total.
•Source: www.nslog.com
Wardriving Map
Wireless LAN Security tips for Home Users and Small Office:
• Change default Admin password on your Access Point (this includes the web interface)
• Change your default SSID (network name)
• Disable the SSID broadcast option
• Change the default username/password of your wireless Access Point
Wireless LAN Security tips for Home Users and Small Office:
• Enable MAC address filtering
• Refrain from using the default subnet
• Use the highest level of WEP for encryption of packets
Wireless LAN Security tips for Home Users and Small Office:
Quick Demonstration
Wireless LAN Security tips for Enterprise:
• Put the access point in the right place
• Manage your wireless network ID’s
• WEP is Great- WEP is not Fool Proof
• Ban rogue networks
Source: www.sqmmagazine.com
• Leverage existing RADIUS servers
• Not all WLANs are created equal
• Consider using a VPN
• Use a combination of security mechanisms
Source: www.sqmmagazine.com
Wireless LAN Security tips for Enterprise:
Wireless Networks
How do you learn more about wireless networking?
26© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Fundamentals of Wireless LANs (FWL) Overview
272727© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Course
282828© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Overview
• 70-hour course
• Introduction to Wireless LANs and technology
• Aligned with Cisco Wireless LAN Support Specialist
• Available in English only
• Equipment bundles
292929© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Course Vitals
• 12 Chapters
• 54 Hands-on Labs
• 43 Interactive Activities
• 12 Demonstration Activities
• 6 Product PhotoZooms
• 69 RLOs
• 394 RIOs
• 12 Chapter Quizzes
303030© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Fundamentals of Wireless LANs
• Web-based online curriculum
• E-labs and flash interactive activities
• Online command reference and glossary
• Online module quizzes and final assessment
• Skills-based assessments
• Cisco Press companion materials
• Instructor community and resources
313131© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Course Description
This introductory course to Wireless LANs focuses on the design, planning, implementation, operation and troubleshooting of Wireless LANs. It provides an overview of technologies, security, and best practices with an emphasis on developing hands-on skills in the following areas:
• Wireless LAN setup and troubleshooting
• 802.11a and 802.11b technologies, products, and solutions
• Site surveys
• Resilient WLAN design, installation, and configuration
• WLAN security solutions such as 802.1x, EAP, LEAP, WEP, and SSID
• Vendor interoperability strategies
323232© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Learning Objectives
Upon completion of this course, you will be able to perform the following tasks:
• Understand wireless radio technologies and topologies
• Understand IEEE 802.11 wireless standards and Wi-Fi certifications
• Configure and install wireless access points, bridges, adapters, and antennae using the Cisco IOS Command Line Interface (CLI) and web-based Graphic User Interface (GUI)
• Understand wireless design, installation, configuration, monitoring, and maintenance
• Identify wireless security threats and vulnerabilities
• Implement wireless security using MAC filtering, WEP, TKIP, PPK, and 802.1x technologies
• Demonstrate proper site survey techniques and safety practices
• Configure monitoring technologies such as Syslog, SNMP, and logging
• Troubleshoot wireless installations and configurations
• Understand vertical and horizontal wireless implementations and uses
333333© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Target Audience and Prerequisites
• Target Audience
Community College, Military, and University students as well as transitional workers enrolled in the Cisco Networking Academy Program
• Recommended Student Prerequisites
Students should have completed CCNA 2
Academies can impose more lenient or stricter guidelines.
343434© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Text and Graphics
• High-quality graphics
• Detailed explanations
• Sample configurations
353535© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Course Media: Interactive Activity
363636© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Course Media: Photozoom
373737© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Labs
• 54 hands-on labs including Cisco IOS and GUI configuration
383838© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Cisco Press Materials
Cisco Press offers optional textbooks that accompany this course:
For more information, text samples, and ordering go to http://ciscopress.com/
FWL Lab Bundles
393939© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit
404040© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Bundles
• There are four bundles:
Standard
AP
Bridge
Antenna• The FWL Standard bundle is recommended for all Academies
that intend to deliver the FWL course.
• The optional AP and Bridge bundles may be necessary to reduce the student-to-equipment AP ratio.
• The optional Antenna bundle will allow for additional hands-on WLAN antenna applications and installations.
414141© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL 802.11g Migration
• The current FWL 1.1 course only includes equipment and labs pertaining to 802.11a and 802.11b.
• The newer 802.11g access points, bridges, and NICs sell for approximately the same cost as the older 802.11b equipment. Any future revisions of the course will be aligned with the new standard. Academies that purchase 802.11b equipment now will be faced with the expense of upgrading to 802.11g later.
• A transition bundle is planned that will allow Academies to purchase equipment for 802.11g.
• Equipment bundles will need to be customized for theaters in countries with import restrictions.
• Supplemental labs written for the new 802.11g equipment will be made available .
424242© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Sample FWL Lab Topologies
FWL Certification Alignment
434343© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit
444444© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Cisco Wireless LAN Support Specialist Certification and Exam Overview
• FWL will align with the following certification:Cisco Wireless LAN Support Specialist
• Overview:Offered by Cisco Systems, Inc.
The Wireless LAN for Field Engineers exam (642-582 WLANFE) is one of several requirements for Field Engineers that supports a Partner Wireless LAN Specialization.
• Prerequisites:Valid CCNA certification
• Recertification:Cisco Wireless LAN Support Specialist certifications are valid for two years. To recertify, individuals must take and pass the current version of the appropriate Cisco Wireless LAN Support Specialist exams or any CCIE written exam.
454545© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Cisco Wireless LAN Support Specialist Exam Topics
• Radio Technology
• Antenna Concepts
• Wireless LAN Topologies
• Wireless Bridges
• Access Point and Bridge Basic Configuration
• Aironet Client Utilities and Drivers
• Security
• Wireless LAN Management
• Access Point and Bridge Basic Configuration for SWAN
• Site Survey
Future FWL Revisions
464646© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit
474747© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
Future Revisions
FWL 2.0, which will be a major update, is currently planned for late summer/early fall 2005. Some enhancements are as follows:
• New IEEE wireless standards and Wi-Fi certifications
• New FCC, ETSI, and Rest of World frequency regulations
• Content and labs covering the latest Cisco product offerings including the 1300 Bridge (802.11g) and 802.11a/b/g NICs
• Latest Cisco IOS image releases
• Latest wireless security architecture, protocols, and configurations
• Structured Wireless Aware Network (SWAN)
• Emerging wireless standards
• E-labs covering wireless Cisco IOS CLI and GUI
• E-labs covering the Wireless LAN Solutions Engine (WLSE)
• Move VxWorks OS coverage to appendices or more info
For More Information
484848© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit
494949© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
FWL Information and Updates for Current Academies
Available on Academy Connection:
Instructor Community > Course Catalog > FWL
1. Scope and Sequence
2. Equipment Bundles
3. Cost Calculator
4. FAQs
5. Instructor Training
6. Academy Marketplace Discounts
7. Course Demo
8. Curriculum Data Sheet
Training Centers 1. CATCs
2. Regional
505050© 2004 Cisco Systems, Inc. All rights reserved.FWL_Toolkit
For More Information – Academy Prospects
• http://www.cisco.com/go/netacad
Course Catalog > Fundamentals of Wireless LANs
515151© 2004, Cisco Systems, Inc. All rights reserved.FWL_Toolkit