security awareness chapter 5 wireless network security
Post on 19-Dec-2015
225 views
TRANSCRIPT
![Page 1: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/1.jpg)
Security Awareness
Chapter 5Wireless Network Security
![Page 2: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/2.jpg)
Security Awareness, 3rd Edition 2
Objectives
After completing this chapter you should be able to do the following:
•Explain what a network is and the different types of networks
•List the different attacks that can be launched against a wireless network
•Give the steps necessary to secure a wireless network
![Page 3: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/3.jpg)
How Networks Work
• Understand the basics of how a network works– What is a network?– How does it transmit data?– Different types of networks– Devices typically found on a home wireless network
Security Awareness, 3rd Edition 3
![Page 4: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/4.jpg)
What Is a Computer Network?
• Purpose of a computer network is to share– Information– Devices such as printers
• Home network– Single Internet connection– Shared printer– Easier to perform backups
Security Awareness, 3rd Edition 4
![Page 5: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/5.jpg)
What Is a Computer Network? (cont’d.)
Figure 5-2 Computer network
Security Awareness, 3rd Edition 5
Course Technology/Cengage Learning
![Page 6: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/6.jpg)
Transmitting Across a Network
• Sending and receiving devices must follow same set of standards (protocols)
• Transmission Control Protocol/Internet Protocol (TCP/IP)– Most common set of protocols used today
• IP address – Series of four sets of digits separated by periods– Static or dynamic
Security Awareness, 3rd Edition 6
![Page 7: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/7.jpg)
Transmitting Across a Network (cont’d.)
• Media Access Control (MAC) address– Physical address– 12 characters separated by either dashes or colons
• Packets– Small units of data sent through network
Security Awareness, 3rd Edition 7
![Page 8: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/8.jpg)
Transmitting Across a Network (cont’d.)
Figure 5-3 Sending data by packets
Security Awareness, 3rd Edition 8
Course Technology/Cengage Learning
![Page 9: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/9.jpg)
Types of Networks
• Two types of classifications– Distance-based
• Local area network (LAN)
• Wide area network (WAN)
• Personal area network (PAN)
– Type of connection• Wired
• Wireless local area network (WLAN)
• Wi-Fi (Wireless Fidelity)
Security Awareness, 3rd Edition 9
![Page 10: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/10.jpg)
Network Devices
• Network interface card (NIC) adapter– Hardware device that connects a computer to a
wired network
• Router – Hardware device– Responsible for sending packets through the
network toward their destination
• Firewall– Can repel attacks through filtering the data packets
as they arrive at the perimeter of the network
Security Awareness, 3rd Edition 10
![Page 11: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/11.jpg)
Network Devices (cont’d.)
Figure 5-5 Internal wireless NIC
Security Awareness, 3rd Edition 11
Course Technology/Cengage Learning
![Page 12: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/12.jpg)
Network Devices (cont’d.)
Figure 5-6 Hardware firewall
Security Awareness, 3rd Edition 12
Course Technology/Cengage Learning
![Page 13: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/13.jpg)
Network Devices (cont’d.)
• Network Attached Storage (NAS) device– Dedicated hard disk-based file storage device – Provides centralized and consolidated disk storage
available to network user
• Access point (AP)– Acts as the ‘‘base station’’ for the wireless network– Acts as a ‘‘bridge’’ between the wireless and wired
networks
• Wireless gateway– Combine the features of an AP, firewall, and router in
a single hardware deviceSecurity Awareness, 3rd Edition 13
![Page 14: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/14.jpg)
Attacks on Wireless Networks
• Three-step process– Discovering the wireless network– Connecting to the network– Launching assaults
Security Awareness, 3rd Edition 14
![Page 15: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/15.jpg)
Discovering
• Beaconing– At regular intervals, a wireless router sends a signal
to announce its presence
• Scanning– Wireless device looks for the incoming beacon
information
• Wireless location mapping– Also known as war driving– Finding a beacon from a wireless network and
recording information about it
Security Awareness, 3rd Edition 15
![Page 16: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/16.jpg)
Discovering (cont’d.)
• Tools needed for war driving– Mobile computing device– Wireless NIC adapter– Antenna
• Omnidirectional antenna
– Global positioning system (GPS) receiver– Software
Security Awareness, 3rd Edition 16
![Page 17: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/17.jpg)
Discovering (cont’d.)
Figure 5-8 USB wireless NIC
Security Awareness, 3rd Edition 17
Course Technology/Cengage Learning
![Page 18: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/18.jpg)
Connecting
• Service Set Identifier (SSID)– ‘‘Network name’’ and can be any alphanumeric string
from 2 to 32 characters
• Wireless networks are designed to freely distribute their SSID
• Once a wireless device receives a beacon with the SSID, it can then attempt to join the network– Virtually nothing that an attacker must do in order to
connect
Security Awareness, 3rd Edition 18
3rd
![Page 19: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/19.jpg)
Connecting (cont’d.)
Figure 5-9 Connecting to a wireless network
Security Awareness, 3rd Edition 19
Course Technology/Cengage Learning
![Page 20: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/20.jpg)
Connecting (cont’d.)
• Some wireless security sources encourage users to configure APs to prevent the beacon from including the SSID– Does not provide protection
Security Awareness, 3rd Edition 20
![Page 21: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/21.jpg)
Launching Assaults
• Eavesdropping– Attackers can easily view the contents of
transmissions from hundreds of feet away– Even if they have not connected to the wireless
network
Security Awareness, 3rd Edition 21
![Page 22: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/22.jpg)
Launching Assaults (cont’d.)
• Wired Equivalent Privacy (WEP) – Ensure that only authorized parties can view
transmitted wireless information– Encrypts information into ciphertext– Contains a serious flaw– Attacker can discover a WEP key in less than one
minute
Security Awareness, 3rd Edition 22
![Page 23: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/23.jpg)
Launching Assaults (cont’d.)
• Stealing data– Once connected attacker treated as “trusted user”– Has access to any shared data
• Injecting malware– “Trusted user” enters from behind the network’s
firewall– Can easily inject malware
• Storing illegal content– Can set up storage on user’s computer and store
content
Security Awareness, 3rd Edition 23
![Page 24: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/24.jpg)
Launching Assaults (cont’d.)
• Launching denial of service (DoS) attacks– Denial of service (DoS) attack
• Designed to prevent a device from performing its intended function
– Wireless DoS attacks • Designed to deny wireless devices access to the
wireless router itself
– Packet generator• Create fake packets; flood wireless network with traffic
– Disassociation frames• Communication from a wireless device that indicates the
device wishes to end the wireless connectionSecurity Awareness, 3rd Edition 24
![Page 25: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/25.jpg)
Launching Assaults (cont’d.)
Figure 5-13 DoS attack using disassociation frames
Security Awareness, 3rd Edition 25
Course Technology/Cengage Learning
![Page 26: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/26.jpg)
Launching Assaults (cont’d.)
• Impersonating a legitimate network– Attackers will often impersonate legitimate networks
in restaurants, coffee shops, airports, etc.– Does not require wireless router– Ad hoc or peer-to-peer network– Once the connection is made
• Attacker might be able to directly inject malware into the user’s computer or steal data
Security Awareness, 3rd Edition 26
![Page 27: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/27.jpg)
Wireless Network Defenses
• Secure the home wireless network
• Use an unprotected public wireless network in the most secure manner possible
Security Awareness, 3rd Edition 27
![Page 28: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/28.jpg)
Securing a Home Wireless Network
• Locking down the wireless router– Create username and password– Do not use default password– Typical settings on the wireless router login security
screen• Router Password
• Access Server
• Wireless Access Web
• Remote Management
Security Awareness, 3rd Edition 28
![Page 29: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/29.jpg)
Securing a Home Wireless Network (cont’d.)
Figure 5-15 Wireless router login security screen
Security Awareness, 3rd Edition 29
Course Technology/Cengage Learning
![Page 30: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/30.jpg)
Securing a Home Wireless Network (cont’d.)
• Limiting users– Restrict who can access network by MAC address
• MAC address filter
– Dynamic Host Configuration Protocol (DHCP)• Wireless routers distribute IP addresses to network
devices
• Properly configuring settings
• DHCP lease
Security Awareness, 3rd Edition 30
3rd
![Page 31: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/31.jpg)
Securing a Home Wireless Network (cont’d.)
Figure 5-16 MAC address filter
Security Awareness, 3rd Edition 31
Course Technology/Cengage Learning
![Page 32: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/32.jpg)
Securing a Home Wireless Network (cont’d.)
• Turning on Wi-Fi protected access 2 (WPA2)– Personal security model– Designed for single users or small office settings– Parts
• Wi-Fi Protected Access (WPA)
• Wi-Fi Protected Access 2 (WPA2)
– To turn on WPA2• Choose security mode
• Select WPA Algorithm
• Enter shared key
Security Awareness, 3rd Edition 32
![Page 33: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/33.jpg)
Securing a Home Wireless Network (cont’d.)
Figure 5-18 Security Mode options
Security Awareness, 3rd Edition 33
Course Technology/Cengage Learning
![Page 34: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/34.jpg)
Securing a Home Wireless Network (cont’d.)
Figure 5-19 WPA Algorithms setting
Security Awareness, 3rd Edition 34
Course Technology/Cengage Learning
![Page 35: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/35.jpg)
Securing a Home Wireless Network (cont’d.)
• Configuring network settings– Network Address Translation (NAT)
• Hides the IP addresses of network devices from attackers
• Private addresses
• NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address
– Port address translation (PAT)• Each packet is sent to a different port number
Security Awareness, 3rd Edition 35
![Page 36: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/36.jpg)
Securing a Home Wireless Network (cont’d.)
– Virtual local area networks (VLANs) • Segment users or network equipment in logical
groupings
• Creates a separate virtual network for each user of the wireless network
– Demilitarized Zone (DMZ)• Separate network that sits outside the secure network
perimeter
• Limits outside access to the DMZ network only
Security Awareness, 3rd Edition 36
![Page 37: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/37.jpg)
Securing a Home Wireless Network (cont’d.)
Figure 5-21 Demilitarized zone (DMZ)
Security Awareness, 3rd Edition 37
Course Technology/Cengage Learning
![Page 38: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/38.jpg)
Securing a Home Wireless Network (cont’d.)
– Port forwarding• More secure than DMZ
• Opens only the ports that need to be available
Security Awareness, 3rd Edition 38
![Page 39: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/39.jpg)
Using a Public Wireless Network Securely
• Turning on a personal firewall– Runs as a program on the user’s local computer– Operates according to a rule base– Rule options
• Allow
• Block
• Prompt
– Stateless packet filtering– Stateful packet filtering
• Provides more protection
Security Awareness, 3rd Edition 39
![Page 40: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/40.jpg)
Using a Public Wireless Network Securely (cont’d.)
• Virtual Private Networks (VPNs)– Uses an unsecured public network as if it were a
secure private network– Encrypts all data that is transmitted between the
remote device and the network– Advantages
• Full protection
• Transparency
• Authentication
• Industry standards
Security Awareness, 3rd Edition 40
![Page 41: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/41.jpg)
Figure 5-22 Virtual private network (VPN)
Security Awareness, 3rd Edition 41
Course Technology/Cengage Learning
![Page 42: Security Awareness Chapter 5 Wireless Network Security](https://reader035.vdocuments.us/reader035/viewer/2022062714/56649d2c5503460f94a01bba/html5/thumbnails/42.jpg)
Summary
• Most home users install wireless networks
• Attacking a wireless network involves three main steps– Discovery– Connection– Attack
• Secure home wireless network
• Use good security when using public wireless networks
Security Awareness, 3rd Edition 42