Download
evaluating wireless networks n.
Skip this Video
Loading SlideShow in 5 Seconds..
Evaluating Wireless Networks PowerPoint Presentation
Download Presentation
Evaluating Wireless Networks

Evaluating Wireless Networks

482 Views Download Presentation
Download Presentation

Evaluating Wireless Networks

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Evaluating Wireless Networks Robert W. Cobb and Staff National Aeronautics and Space Administration IT Roundtable 25 March 2003

  2. Outline • Introduction to wireless networks • Threats and vulnerabilities • Evaluating wireless networks • Objectives • Methodology • Tools • Findings • General recommendations • Conclusion

  3. Introduction to Wireless Networks • Fastest-growing computer communications technology • Agencies increasingly use wireless networks • Convenient • Flexible • Inexpensive • Easy to implement

  4. Introduction to Wireless Networks (cont.) • Uses radio waves instead of cables • Consists of • Access Points • Wireless clients (e.g. laptops, PDAs) • Gateways to wired networks • Major standard • Institute of Electrical and Electronic Engineers (IEEE) 802.11, Wireless Local Area Networks

  5. Threats • Disclosure of sensitive/confidential data • Denial of service (DoS) • Unauthorized access to wireless-enabled resources • Potential weakening of existing security measures on connected wired networks and systems

  6. Vulnerabilities • Wired Equivalent Privacy (WEP) encryption standard extremely weak • Radio signals susceptible to jamming and interference • Protocol vulnerabilities allow • Network sessions to be taken over by an intruder • Injection of invalid data into network traffic • Network reconnaissance

  7. Evaluating Wireless Networks • Wireless networks are • Easy to implement • Difficult to secure • Policies often have not been developed

  8. Evaluation Objectives • Assess the current Agency/Department position regarding wireless networks • Examine the use of wireless technology • Evaluate the security of wireless network applications including threats to • Data integrity • Confidentiality • Availability of services and resources • Security of wired networks • Determine the level of staff awareness of wireless technology

  9. Evaluation Methodology • External scanning to illustrate the ease with which unauthorized persons could intercept wireless signals • Internal scanning and physical inspection to verify the source of signals • Traffic analysis to see if sensitive data is being transmitted, if transmissions are encrypted, and how vulnerable the networks are to attack • Review network topologies to assess connectivity to wired networks and determine measures to protect wired networks • Meet with wireless users and administrators to assess awareness, employee expertise, and strength of security measures

  10. Evaluation Tools • Hardware • Laptop • Wireless network card • Antenna • GPS • Wireless sniffing software • WEP encryption cracking software • Mapping software

  11. Evaluation Findings • Wireless networks with inadequate security • Ranges of wireless networks exceed physical boundaries of user organizations • Non-existent or inadequate policies on wireless networks • IT staff with inadequate enforcement authority over wireless networks • Insufficient employee awareness on agency position over the use of wireless networks

  12. Example: Many wireless networks do not use WEP or other encryption to protect network traffic. ▲ = Access points using encryption ▲ = Access points without encryption

  13. Example: The radio signal from a wireless network can spill over from the building where access points are located to neighboring buildings, parking lots and public roads.

  14. General Evaluation Recommendations • Develop wireless network policies • Perform risk assessments to determine required level of security • Limit access to wireless networks through the use of Virtual Private Networks (VPN) • Maintain logical separation between wireless and wired networks • Monitor for wireless applications (i.e., actively enforce policies)

  15. Conclusion • Wireless network evaluations are easy to conduct using inexpensive or freely available tools. • Evaluations are very necessary • Wireless networks are inexpensive, convenient, and simple to use – so people will use them. • BUT, wireless networks are vulnerable.

  16. Stephen Mullins (916) 408-5573 stephen.mullins@tigta.treas.gov Jamil Farshchi (202) 358-1897 jamil@nasa.gov Contacts for Wireless Network Evaluations