wireless network security - electronics – online distance
Post on 12-Sep-2021
6 Views
Preview:
TRANSCRIPT
Security Awareness
Wireless Network Security
Attacks on Wireless Networks
• Three-step process
– Discovering the wireless network
– Connecting to the network
– Launching assaults
Security Awareness, 3rd Edition 2
Discovering
• Beaconing
– At regular intervals, a wireless router sends a signal
to announce its presence
• Scanning
– Wireless device looks for the incoming beacon
information
• Wireless location mapping
– Also known as war driving
– Finding a beacon from a wireless network and
recording information about it
Security Awareness, 3rd Edition 3
Discovering (cont’d.)
• Tools needed for war driving
– Mobile computing device
– Wireless NIC adapter
– Antenna
• Omnidirectional antenna
– Global positioning system (GPS) receiver
– Software
Security Awareness, 3rd Edition 4
Discovering (cont’d.)
Figure 5-8 USB wireless NIC
Security Awareness, 3rd Edition 5
Course Technology/Cengage Learning
Connecting
• Service Set Identifier (SSID)
– ‘‘Network name’’ and can be any alphanumeric
string from 2 to 32 characters
• Wireless networks are designed to freely distribute
their SSID
• Once a wireless device receives a beacon with the
SSID, it can then attempt to join the network
– Virtually nothing that an attacker must do in order to
connect
Security Awareness, 3rd Edition 6
3rd
Connecting (cont’d.)
Figure 5-9 Connecting to a wireless network
Security Awareness, 3rd Edition 7
Course Technology/Cengage Learning
Connecting (cont’d.)
• Some wireless security sources encourage users
to configure APs to prevent the beacon from
including the SSID
– Does not provide protection
Security Awareness, 3rd Edition 8
Launching Assaults
• Eavesdropping
– Attackers can easily view the contents of
transmissions from hundreds of feet away
– Even if they have not connected to the wireless
network
Security Awareness, 3rd Edition 9
Launching Assaults (cont’d.)
• Wired Equivalent Privacy (WEP)
– Ensure that only authorized parties can view
transmitted wireless information
– Encrypts information into ciphertext
– Contains a serious flaw
– Attacker can discover a WEP key in less than one
minute
Security Awareness, 3rd Edition 10
Launching Assaults (cont’d.)
• Stealing data
– Once connected attacker treated as “trusted user”
– Has access to any shared data
• Injecting malware
– “Trusted user” enters from behind the network’s
firewall
– Can easily inject malware
• Storing illegal content
– Can set up storage on user’s computer and store
content
Security Awareness, 3rd Edition 11
Launching Assaults (cont’d.)
• Launching denial of service (DoS) attacks
– Denial of service (DoS) attack
• Designed to prevent a device from performing its
intended function
– Wireless DoS attacks
• Designed to deny wireless devices access to the
wireless router itself
– Packet generator
• Create fake packets; flood wireless network with traffic
– Disassociation frames
• Communication from a wireless device that indicates
the device wishes to end the wireless connection
Security Awareness, 3rd Edition 12
Launching Assaults (cont’d.)
Figure 5-13 DoS attack using disassociation frames
Security Awareness, 3rd Edition 13
Course Technology/Cengage Learning
Launching Assaults (cont’d.)
• Impersonating a legitimate network
– Attackers will often impersonate legitimate networks
in restaurants, coffee shops, airports, etc.
– Does not require wireless router
– Ad hoc or peer-to-peer network
– Once the connection is made
• Attacker might be able to directly inject malware into
the user’s computer or steal data
Security Awareness, 3rd Edition 14
Wireless Network Defenses
• Secure the home wireless network
• Use an unprotected public wireless network in the
most secure manner possible
Security Awareness, 3rd Edition 15
Securing a Home Wireless Network
• Locking down the wireless router
– Create username and password
– Do not use default password
– Typical settings on the wireless router login security
screen
• Router Password
• Access Server
• Wireless Access Web
• Remote Management
Security Awareness, 3rd Edition 16
Securing a Home Wireless Network
(cont’d.)
Figure 5-15 Wireless router login security screen
Security Awareness, 3rd Edition 17
Course Technology/Cengage Learning
Securing a Home Wireless Network
(cont’d.)
• Limiting users
– Restrict who can access network by MAC address
• MAC address filter
– Dynamic Host Configuration Protocol (DHCP)
• Wireless routers distribute IP addresses to network
devices
• Properly configuring settings
• DHCP lease
Security Awareness, 3rd Edition 18
3rd
Securing a Home Wireless Network
(cont’d.)
Figure 5-16 MAC address filter
Security Awareness, 3rd Edition 19
Course Technology/Cengage Learning
Securing a Home Wireless Network
(cont’d.)
• Turning on Wi-Fi protected access 2 (WPA2)
– Personal security model
– Designed for single users or small office settings
– Parts
• Wi-Fi Protected Access (WPA)
• Wi-Fi Protected Access 2 (WPA2)
– To turn on WPA2
• Choose security mode
• Select WPA Algorithm
• Enter shared key
Security Awareness, 3rd Edition 20
Securing a Home Wireless Network
(cont’d.)
Figure 5-18 Security Mode options
Security Awareness, 3rd Edition 21
Course Technology/Cengage Learning
Securing a Home Wireless Network
(cont’d.)
Figure 5-19 WPA Algorithms setting
Security Awareness, 3rd Edition 22
Course Technology/Cengage Learning
Securing a Home Wireless Network
(cont’d.)
• Configuring network settings
– Network Address Translation (NAT)
• Hides the IP addresses of network devices from
attackers
• Private addresses
• NAT removes the private IP address from the sender’s
packet and replaces it with an alias IP address
– Port address translation (PAT)
• Each packet is sent to a different port number
Security Awareness, 3rd Edition 23
Securing a Home Wireless Network
(cont’d.)
– Virtual local area networks (VLANs)
• Segment users or network equipment in logical
groupings
• Creates a separate virtual network for each user of the
wireless network
– Demilitarized Zone (DMZ)
• Separate network that sits outside the secure network
perimeter
• Limits outside access to the DMZ network only
Security Awareness, 3rd Edition 24
Securing a Home Wireless Network
(cont’d.)
Figure 5-21 Demilitarized zone (DMZ)
Security Awareness, 3rd Edition 25
Course Technology/Cengage Learning
Securing a Home Wireless Network
(cont’d.)
– Port forwarding
• More secure than DMZ
• Opens only the ports that need to be available
Security Awareness, 3rd Edition 26
Using a Public Wireless Network
Securely
• Turning on a personal firewall
– Runs as a program on the user’s local computer
– Operates according to a rule base
– Rule options
• Allow
• Block
• Prompt
– Stateless packet filtering
– Stateful packet filtering
• Provides more protection
Security Awareness, 3rd Edition 27
Using a Public Wireless Network
Securely (cont’d.)
• Virtual Private Networks (VPNs)
– Uses an unsecured public network as if it were a
secure private network
– Encrypts all data that is transmitted between the
remote device and the network
– Advantages
• Full protection
• Transparency
• Authentication
• Industry standards
Security Awareness, 3rd Edition 28
Figure 5-22 Virtual private network (VPN)
Security Awareness, 3rd Edition 29
Course Technology/Cengage Learning
top related