1 / 20

How to Secure a Home Wi-Fi

How to Secure a Home Wi-Fi. S . Roy. Acknowledgement. In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor Gurdip Singh Professor Eugene Vasserman Alex Bardas. What is a home Wi-Fi?.

fiona
Download Presentation

How to Secure a Home Wi-Fi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Secure a Home Wi-Fi S. Roy

  2. Acknowledgement In preparing the presentation slides and the lab setup, I received help from • Professor Simon Ou • Professor Gurdip Singh • Professor Eugene Vasserman • Alex Bardas

  3. What is a home Wi-Fi? • Provides a wireless access point (AP) via which household machines (e.g. laptops, tablets and smart phones in an apartment) can connect to the Internet • The access point is also known as home router.

  4. More about Home Wi-Fi • The router(also called AP) is connected with the Internet via a modem. • Note: typically, the same router also supports wired connection at home as shown in the figure. AP • Any wireless-capable computer or smartphone in the house communicates with the router.

  5. Risks in a Home Wi-Fi • An insecure home Wi-Fi has all problems of using a free public Wi-Fi • A neighboring (e.g. nextdoor) attacker can launch similar attacks on the computers of a home Wi-Fi. • And an additionalconcern: the admin responsibility • The intruder may use your network as a stepping stone for doing DoS, SPAMing, downloading music, and so on. • The home owner has to deal with the law enforcement agency for any wrong doing rooted at his/her network • Well before the police comes, the mobile intruder can flee away while the home owner will stay

  6. Abusing a Home Wi-Fi network • The attacker M intrudes your home network • M uses it as a stepping stone for bad activities • You (the home owner) face FBI Pentagon Server Mallory (M) DoS attack AP Alice download pirated items A Home Wi-Fi with a user and an attacker P2P Server Internet

  7. Securing a Home Wi-Fi: Task 1 Stop the intruder from joining the network • The AP employs an access control mechanism to authenticate the legitimate computers • Each legitimate computer may share the same key with the AP while the intruder does NOT have the key hello Mallory hello; proof of the key Access denied authenticated AP Alice Bob A Home Wi-Fi with two users; an attacker M is denied access

  8. Securing a Home Wi-Fi: Task 2 Stop the intruder from eavesdropping • Encrypt the traffic (i.e. communicated messages) between the AP and each legitimate computer Malary Encrypted mesg Encrypted mesg Alice AP Bob Mallory should NOT be able to decrypt the airborne traffic.

  9. Outdated Algorithms for Wi-Fi Security • Wired Equivalent Privacy (WEP) algorithm has numerous flaws. • You should NOT use WEP in your home Wi-Fi. An attacker can easily break into the network. • Available attack/monitor tools: aircrack-ng, CommView • The algorithm WPA (Wi-Fi Protected Access) is stronger than WEP • But, WPA still has some serious weakness • So, you should avoid WPA

  10. Current Standard for a Wi-Fi Security: An overview • The current standard WPA2has replaced WPA • Its Pre-shared Key (PSK) mode (also known as Personal mode) is designed for home network • Caution: WPA and WPA2 remain vulnerable if users rely on weak password or passphrase • available attack/monitor tools: aircrack-ng, kismet • a passphrase longer than 13 characters is probably secure

  11. Wi-Fi Protected Setup(WPS) • A standard that attempts to allow establishment of a secure Wi-Fi (WPA) in an easy way • But WPS has serious security flaws • We should not use the WPS • An attacker can recover the WPS PIN in a few hours • and thus the network's WPA/WPA2 pre-shared key. Acknowledgement: wikipedia.org

  12. Configuring a Router (AP) with WPA2 • Walking through the setup procedure • Connect acomputer to one of the LAN ports on the back of the router • Open a web browserand type http://router-IP-address(e.g. 192.168.0.1. It should be available in the router manual) to get the configuration page of the router. Then do the following. • Change the router’s administrative default password • Choose a SSID name (otherwise, the default one will be used) • Select WPA2-PSK among the available security algorithms • Set a password/passphrase for the WPA2-PSK protocol to use. • Give each user (each computer at home) the same passphrase. • Check / ensure that WPA2 is ON on the router at the end of the above steps. Configuring Computer

  13. More on Router Configuration • Enablethe built-in NAT/firewall in the router • the router has two sides i.e. the outside world (the Internet) and the inside network (home) • the outside world sees only the router public address (globally unique IP address) • multiple computers inside your home get local addresses (e.g. IP address like 192.168.1.3) • The DMZ option • router exposes some specific internal computer • router forwards incoming traffic to the specific host • this is an unsecure option; so, avoid DMZ

  14. More on Router Configuration • The router can be configured with remote access option • this option allows to access your router configuration page from the outside world • instead of using the router’s LAN IP Address you have to use the router’s Internet IP Address. • Remote access can cause security problems • disable the remote access of the router as soon as it is installed.

  15. Case Study: A Linksys Router • E1200 is a Wirelessrouter • It also has 4 Ethernet ports • the default IP address is 192.168.1.1.  • the admin username and the default password is “admin”. • the default SSID of the E1200 is CiscoXXXXX • supports security protocols e.g. WPA2, WPA, WEP • the WPSis Enabled by default; disable it Acknowledgement: Linksys E1200 manual

  16. A Hands-On Activity: Configure a Router

  17. Afew additional security measures: Tradeoff b/w usability and security • Disable the SSID broadcast • SSID broadcast attracts the attacker. • But disabling it means each of your computer needs to remember the SSID • Assign static IP addresses to all computers at home; turn off DHCP • If DHCP (dynamic addressing) option is ON, the attacker may get a valid IP address from the AP. • Turn off DHCP; configure each connected device with a unique static IP. • Use a private IP address range (like 192.168.x.x or 10.0.0.x) to prevent computers at home from being directly reached from the Internet. • Use access control for any computers offering files and services.

  18. Wireless Intrusion Detection Tools We should monitor our home Wi-Fi network whenever possible. The available tools are: • Wireshark : captures the wireless network’s all communications; analyzes the traffic to detect possible intrusion attempts • AirSnare: monitors for unfriendly MAC addresses and alerts us; also monitors DHCP requests from clients.

  19. Case Study: The Att Wireless Router • Discuss why this is an advanced router

  20. Summary • We discussed common security threats of an open Wi-Fi at home • We presented a few standard countermeasures to mitigate the risks • Remainder: • the next homework is due before the next class (1pm on February 21) • the next class will be held in Room 128

More Related