1 / 18

Evaluating Wireless Networks

Evaluating Wireless Networks. Robert W. Cobb and Staff National Aeronautics and Space Administration IT Roundtable 25 March 2003. Outline. Introduction to wireless networks Threats and vulnerabilities Evaluating wireless networks Objectives Methodology Tools Findings

Mia_John
Download Presentation

Evaluating Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluating Wireless Networks Robert W. Cobb and Staff National Aeronautics and Space Administration IT Roundtable 25 March 2003

  2. Outline • Introduction to wireless networks • Threats and vulnerabilities • Evaluating wireless networks • Objectives • Methodology • Tools • Findings • General recommendations • Conclusion

  3. Introduction to Wireless Networks • Fastest-growing computer communications technology • Agencies increasingly use wireless networks • Convenient • Flexible • Inexpensive • Easy to implement

  4. Introduction to Wireless Networks (cont.) • Uses radio waves instead of cables • Consists of • Access Points • Wireless clients (e.g. laptops, PDAs) • Gateways to wired networks • Major standard • Institute of Electrical and Electronic Engineers (IEEE) 802.11, Wireless Local Area Networks

  5. Threats • Disclosure of sensitive/confidential data • Denial of service (DoS) • Unauthorized access to wireless-enabled resources • Potential weakening of existing security measures on connected wired networks and systems

  6. Vulnerabilities • Wired Equivalent Privacy (WEP) encryption standard extremely weak • Radio signals susceptible to jamming and interference • Protocol vulnerabilities allow • Network sessions to be taken over by an intruder • Injection of invalid data into network traffic • Network reconnaissance

  7. Evaluating Wireless Networks • Wireless networks are • Easy to implement • Difficult to secure • Policies often have not been developed

  8. Evaluation Objectives • Assess the current Agency/Department position regarding wireless networks • Examine the use of wireless technology • Evaluate the security of wireless network applications including threats to • Data integrity • Confidentiality • Availability of services and resources • Security of wired networks • Determine the level of staff awareness of wireless technology

  9. Evaluation Methodology • External scanning to illustrate the ease with which unauthorized persons could intercept wireless signals • Internal scanning and physical inspection to verify the source of signals • Traffic analysis to see if sensitive data is being transmitted, if transmissions are encrypted, and how vulnerable the networks are to attack • Review network topologies to assess connectivity to wired networks and determine measures to protect wired networks • Meet with wireless users and administrators to assess awareness, employee expertise, and strength of security measures

  10. Evaluation Tools • Hardware • Laptop • Wireless network card • Antenna • GPS • Wireless sniffing software • WEP encryption cracking software • Mapping software

  11. Evaluation Findings • Wireless networks with inadequate security • Ranges of wireless networks exceed physical boundaries of user organizations • Non-existent or inadequate policies on wireless networks • IT staff with inadequate enforcement authority over wireless networks • Insufficient employee awareness on agency position over the use of wireless networks

  12. Example: Many wireless networks do not use WEP or other encryption to protect network traffic. ▲ = Access points using encryption ▲ = Access points without encryption

  13. Example: The radio signal from a wireless network can spill over from the building where access points are located to neighboring buildings, parking lots and public roads.

  14. General Evaluation Recommendations • Develop wireless network policies • Perform risk assessments to determine required level of security • Limit access to wireless networks through the use of Virtual Private Networks (VPN) • Maintain logical separation between wireless and wired networks • Monitor for wireless applications (i.e., actively enforce policies)

  15. Conclusion • Wireless network evaluations are easy to conduct using inexpensive or freely available tools. • Evaluations are very necessary • Wireless networks are inexpensive, convenient, and simple to use – so people will use them. • BUT, wireless networks are vulnerable.

  16. Stephen Mullins (916) 408-5573 stephen.mullins@tigta.treas.gov Jamil Farshchi (202) 358-1897 jamil@nasa.gov Contacts for Wireless Network Evaluations

More Related