wireless security
Download
Skip this Video
Download Presentation
Wireless Security

Loading in 2 Seconds...

play fullscreen
1 / 23

Wireless Security - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

Wireless Security. Objective:. Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your network. Benefits of a Wireless Network. Can be an extension to a wired LAN Wired LANs can be at time, impractical, or impossible

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Wireless Security' - nasim-white


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
objective
Objective:
  • Understand the benefits of a wireless network
  • Understand security risks
  • Examples of vulnerabilities
  • Methods to protect your network
benefits of a wireless network
Benefits of a Wireless Network
  • Can be an extension to a wired LAN
  • Wired LANs can be at time, impractical, or impossible
  • No wiring
  • Moving does not require re-wiring, network re-configuration or cable drops.
  • Portability/Flexibility
  • Less Expenditures on relocation and initial setup
wva wireless vulnerabilities and attacks
WVA-Wireless Vulnerabilities and Attacks

Wireless attacks fall under 4 main categories:

  • Passive Attacks
  • Active Attacks
  • Man in the Middle Attacks
  • Jamming
passive attack
Passive Attack
  • Eavesdropping: People listening and monitoring your network
  • Network Monitor, TCPdump in Linux ,NetStumbler, or Airsnort, are tools used to capture and “analyze” network traffic by “war drivers”
war driving
“War Driving”
  • The act of driving around looking for open

WI FI nodes

  • There are websites and software that allows potential hackers to get a map of open APs.
  • Many sites/forums with thousands of users have adopted war driving as a hobby. While many claim this to be solely as hobby, your network may be at risk if a potential hacker discovers your unsecured network
  • Same sites and forums map your Wi Fi location on the internet..
active attacks
Active Attacks
  • Insertion :based on placing unauthorized devices on the wireless network without going through a security process.
  • Spoofing: Cloaking SSID or MAC addresses to get by security measures
  • DOS (denial of service): Jamming, flooding attacks that prevent sites/networks from performing efficiently.
  • Releasing Malware into Network: software with the intent to cause harm to nodes/network. (viruses, trojan horses, spyware, adware, keystroke loggers, etc.
wva wireless vulnerability and attacks
WVA-Wireless Vulnerability and Attacks

MAC Authentication SpoofingMost Wi-Fi WLAN equipment vendors include a sublevel of rudimentary authentication via MAC address white/black listing. Standard tools can "spoof" MAC addresses which allow any attacker to mask himself/herself as an authorized client thereby gaining access to the WLAN.

man in the middle attack
Man in the Middle Attack
  • attacker will control the communication between two parties by secretly controlling both sides of the communication stream.
  • Attacker can use a rogue AP and “spoof” the SSID to which unsuspecting users will log on to.
wva wireless vulnerabilities and attacks1
WVA-Wireless Vulnerabilities and Attacks
  • 802.11 SSID Can be SpoofedThe SSID used to identify an 802.11 network can be trivially faked by an attacker.

If a client can be tricked into connecting to a malicious AP then it may become vulnerable in a number of ways: (a) it may accept an unencrypted connection, (b) the malicious AP might be used as part of a man-in-the-middle attack, (c) the user might be tricked by phishing attacks behind the AP (e.g. a fake hotspot signup page).

jamming
Jamming
  • RF frequencies interfere with the operation of the wireless network
  • Can be unintentional jamming: cordless phones and other devices on the same frequency
  • Not very common attack: A lot of work only to “interfere”…The payoff isn\'t as great for hackers.
wva wireless vulnerability and attacks1
WVA-Wireless Vulnerability and Attacks

Falling victim to an insertion attack can prove to be costly.

  • Personal information is exposed
  • Corporations risk losing money, personnel info., client accounts, etc. (possibly lead to lawsuits)
security measures
Security Measures
  • Although there is no guarantee that your network will be 100 % secure, you can minimize the chances and, perhaps, even deter a few “wannabe hackers”. After all, you wouldn’t leave your front door open…would you?
security measures1
Security Measures

Avoid Misconfiguration

  • Change ALL default passwords on your router.
  • Enable WEP. WEP is disabled by default.
  • Avoid using DHCP if possible (especially in corporate environment)
  • Periodically change Passwords.
security measures2
Security Measures

Use Static IP addresses

  • Avoid dynamic addresses assigned by DHCP. (default setting on AP is to use DHCP)
  • Corporate environment: Avoid employees bringing in their personal, possibly misconfigured AP.
  • Assign every node a private address so as to avoid your devices from being reached directly from the internet.
  • Private IP EX: 10.192.193.45
security measures3
Security Measures
  • MAC filtering: Enable MAC filtering in your router so that only specified computers can connect to your AP
  • Reduce signal “leakage” by placing router in an area where its radius covers only your work space. (i.e. avoid the coverage including front yard)
security measures4
Security Measures

From a corporate standpoint:

  • It is crucial to create an risk assessment before incorporating a wireless network.
  • They should make security measures which they have a need for, so that they can aquire the proper hardware/software solutions
security measures5
Security Measures

-continued

  • Agencies should understand the need to constantly having to provide upgrades, fixes, and or patches, to maintain proper security.
  • No one protocol or encryption is 100% safe or effective.
conclusion
Conclusion
  • An overall good practice for a personal or corporate level, is to use common sense.
  • Educate yourself about the risks and vulnerabilities, and make sure that you use every security measure available to you:

Firewalls, encryptions, properly placed APs, MAC filtering, etc.

sources for further information
Sources for further Information
  • NIST (National Institute of Standards and Technology) http://csrc.nist.gov
  • http://www.networkworld.com
  • http://www.wirelessve.org
  • http://www.wardriving.com
  • http://wigle.net
ad