1 / 62

Protecting Your Wireless Network

Protecting Your Wireless Network. University of Tasmania School Of Computing. Tonight. This is for Home users Those with limited or no technical expertise Simple networks with no extra hardware e.g. no RADIUS/VPN servers etc Those who want some background and straightforward advice.

jonah
Download Presentation

Protecting Your Wireless Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Your Wireless Network University of Tasmania School Of Computing Wireless Networks

  2. Tonight • This is for • Home users • Those with limited or no technical expertise • Simple networks with no extra hardware • e.g. no RADIUS/VPN servers etc • Those who want some background and straightforward advice Wireless Networks

  3. Agenda • Background • Issues • Typical Configuration Options • What do they mean • What you should do Wireless Networks

  4. A Wireless Network What does the Access Point do? Internet Each Computer is uniquely identified by its own IP Address and MAC Address IP: Internet Protocol MAC: Medium Access Control Wireless Networks

  5. Wireless Local Area Networks • WLANs • Technical Standards • Institute of Electrical and Electronics Engineers (IEEE) 802 • 802.11 committee • Many sub committees e.g. • 802.11g - 54Mbps WLAN • 802.11i - WLAN Security Wireless Networks

  6. WLAN Standards Draft 2.0 802.11n final approval (publication date) is expected by October 2008. Standards are half duplex. Maximum achievable throughput is about 50% of theoretical capacity because of protocol overheads. Wireless Networks

  7. Unlicensed Spectrum - Legislation • Legal use of spectrum (in Australia) • The 2.4Ghz band is divided into 13 channels • Not all channels are independent (ie. not interference free) • Legislated power levels apply You 2.412GHz 2.472GHz Channel 1 Channel 6 Channel 11 Channel 7 Channel 12 Channel 2 Upstairs Channel 8 Channel 3 Channel 13 Channel 9 Channel 4 Channel 10 Channel 5 microwave ovens…. Wireless Networks

  8. Agenda • Background • Issues • Typical Configuration Options • What do they mean • What you should do Wireless Networks

  9. What’s the Problem • Radio signals … • Do not have a boundary • Penetrate walls, floors and ceilings • Get weaker the further away you are (from your wireless access point ) Wireless Networks

  10. Wireless Range • If you measure the radio signal 1meter from the antenna as 100% then • At 10m you will measure 1% • At 100m you will measure 0.01% • At 1km you will measure 0.0001% • It never goes away! • just disappears into the background… Wireless Networks

  11. Boosting the Received Signal Increasing the rangehttp://www.usbwifi.orcon.net.nz/ • Using cookware… USB wireless device Simple Cheap Effective Wireless Networks

  12. Wardriving • War-chalking, -driving, -flying • Recording the whereabouts of WLANs • Automation • Web sites Wireless Networks

  13. Somewhere… http://www.larsen-b.com/Article/212.html Wireless Networks

  14. Starting A Wireless Connection • A wireless computer will: • Start scanning automatically • Seeking an active WLAN within range • Listening or probing for broadcasts… • Access Points (networks) are identified by a Service Set IDentifier (SSID) • Configurable Wireless Networks

  15. Starting A Wireless Connection • Authentication • Identify yourself to the network • Access Point allows your equipment to use it • Association • Message exchange to form a network connection • Now you can use the network Wireless Networks

  16. WLAN Security Threats • Anyone within range • can connect to your access point • and use your computer and Internet services • can receive the signal • monitoring your activities • Unless… Wireless Networks

  17. Potential Threats • Drive by Hacking • Use of your facilities for what? • Annoying the Neighbours • Degradation of operation • More serious • look at http://www.wardrive.net Wireless Networks

  18. Agenda • Background • Issues • Typical Configuration Options • What do they mean • What you should do Wireless Networks

  19. Wireless Products and Users • A home user can not be expected to have any IT expertise • Installing wireless equipment is made as simple as possible • Advertising highlights the good points Wireless Networks

  20. A Popular Product • NETGEAR • 108Mbps Wireless Firewall Router • WGT624 v2 Telephone Socket Wireless Router Cable or DSL modem PC Wireless Networks

  21. NETGEAR WGT624 Security • These are the advertised security features • Double Firewall • Network Address Translation (NAT) • Stateful Packet Inspection (SPI) • Denial of Service (DoS) attack prevention • Intrusion Detection and Prevention • Wired Equivalent Privacy (WEP) 64 and 128 bit • Wi-Fi Protected Access (Pre Shared Key) • Wireless Access Control (SSID) • To identify authorized wireless network devices • Multiple VPN tunnels • Pass Through, 2 IPSec, and multiple L2TP and PPTP • Exposed Host (DMZ) • MAC address authentication Wireless Networks

  22. The Installation Guide • How to connect the router • How to Log in to the router • http://192.168.0.1 • Run a setup wizard to connect to the Internet • Setup basic wireless connectivity • Default features • Network Name(SSID): NETGEAR • WEP Security: disabled Wireless Networks

  23. Wireless Networks

  24. The wireless router was working after I switched it on. I didn’t have to set anything!! Wireless Networks

  25. Default This is wrong Proprietary The network is open to anyone in range Wireless Networks

  26. Wireless Networks

  27. WEP Security • Wired Equivalent Privacy (WEP) • Encryption intended to provide a level of security comparable to that of a wired LAN. • Confidentiality • The fundamental goal of WEP is to preventcasual eavesdropping • Access control • (Optional) feature to discard all packets that are not properly encrypted using WEP • Data integrity • There is an integrity checksum field • The claimed security of the protocol “relies on the difficulty of discovering the secret key through a brute-force attack” Wireless Networks

  28. Wireless Networks

  29. Wireless Networks

  30. What is WPA • WiFi Protected Access • WPA - WPA-Personal • Uses an upgrade to WEP • Temporal Key Integrity Protocol (TKIP) • Uses a pre-shared key based on a pass-phrase • WPA-PSK • WPA2 - WPA-Enterprise • Uses Advanced Encryption Standard • Ratified IEEE 802.11i • Requires additional server support • extensible authentication protocol (EAP) Wireless Networks

  31. The Pass Phrase • 8-63 characters long lots of years years minutes Length in characters 20 30 10 Possible time to crack Wireless Networks

  32. Now look at your other wireless computers Wireless Networks

  33. Configuring a Wireless Computer Wireless Networks

  34. Agenda • Background • Issues • Typical Configuration Options • What do they mean • What you should do Wireless Networks

  35. Do’s • Change the default settings • use your own SSID • Makes your network less of an obvious attraction • change the administrator password on the AP • Enable and use the security features on the access point • make use of the firewall and filtering offered on the access point • if they are not there then look at getting specific products • Use good passwords/pass-phrases • for WPA • for any shared directories on your computer • Enable MAC filtering • allow only the computers you know/want on your network • this is a hurdle that can be bypassed (takes effort) Wireless Networks

  36. Do’s • Manage the access point over a wired network port • Look a the access point logs from time to time • see who’s there • Keep the operational range to a minimum • e.g. Lower the transmit power of the AP to minimise signal propagation if you have the option. • Switch the access point off if you are not using it for any length of time Wireless Networks

  37. Wireless Networks

  38. Don’t • Use a default for anything without serious consideration • (and then still don’t) • Use WEP • Use a Pre Shared Key (PSK) based on a dictionary word Wireless Networks

  39. More on Passwords • What you have learnt so far: • Passwords Protect your wireless networks • Effective passwords should be at least 20 characters long • Effective implementation is WPA • The next bit: • Passwords and their uses • Choosing and managing your passwords Wireless Networks

  40. Choosing & Managing your Passwords • Authentication passwords (secret) • Generally shorter • Often written down and stored securely • Chosen and changed according to a method known only to the creator • Access Control passwords (shared) • Generally longer: pass phrase • Need different method to choose these Wireless Networks

  41. Choosing & Managing your Passwords • It is common to find people choosing authentication passwords based on their personal lives • Tiddles1 • Fido&Tiddles • MyFidoDog • Or personal names, car number plates, birth dates etc Introducing Fido and Tiddles Wireless Networks

  42. Choosing & Managing your Passwords • Such methods are insecure because attackers can guess these using ‘social engineering’ • But they are very common as a basis for authentication passwords • What clues do we give attackers if our access control WPA password is • FidoFidoFidoTiddlesTiddles • AnthonyBen2102861234 Wireless Networks

  43. Choosing & Managing your Passwords • Tip #1 choose your WPA password using a very different method from the one you use to chose your authentication password • Your WPA password will be shared • You are not the only one controlling the sharing Wireless Networks

  44. Choosing & Managing your Passwords • Tip #2 find a method that will produce a 20 character password that you can • remember • tell someone else easily • Not &%^$3wd9!fhKK#?…. • Hints • Think of the term pass phrase rather than word Wireless Networks

  45. Choosing & Managing your Passwords • Hints • Use lines from poems and other texts • The boy stood on the burning deck • My teddy bear is rather fat • Use lines from tunes and songs • We’re all going on a summer holiday • By saying something stupid like I • Use funny phrases • Configuring this router is making me cross • I often cook burnt offerings Wireless Networks

  46. Choosing & Managing your Passwords • Hints • Add some capitals and replace o with 0 & I with 1 and use some SMS abbreviations • The b0y stood on Burn1ng deck • My teddy bear 1s Rather fat • We’re All go1ng on a summer hol1day • By saying Something Stupid like 1 • Configuring th1s ** router is making me X • Write this down and file in a secure place • With some physical access control Wireless Networks

  47. Choosing & Managing your Passwords • Finally • Remember your WPA password will be shared • It should give no clues as to how you construct your authentication passwords • You may trust your daughter but do you trust your daughter’s friend’s boy friend? • If in doubt change the pass phrase • Access to your network is the first step to access to your money! Wireless Networks

  48. More Information • Understanding the updated WPA and WPA2 standards • Date: June 2nd, 2005 • http://blogs.techrepublic.com.com/Ou/?p=67 • www.wigle.net/gps/gps/main/stats/ • www.gwifi.net Wireless Networks

  49. Additional (technical) Information Wireless Networks

  50. WEP (very simply) YOUR DATA YOUR DATA + + ENCRYPTED DATA “KEY STREAM” “KEY STREAM” You need to know the “Key Stream” to extract the data BUT If you know the “encrypted data” and “your data” you can work out the key stream Wireless Networks

More Related