You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this?

Slides:



Advertisements
Similar presentations
Wi-Fi Technology.
Advertisements

Securing A Wireless Home Network. Wireless Facts Range about feet from access point Security anyone can eavesdrop on an unsecured wireless network.
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Security Awareness Chapter 5 Wireless Network Security.
Remote Desktop Connection Techniques Wireless Communication Networks.
December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Wi-Fi Structures.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Wireless LANs Presented by: Jerome Thompson Mei-Lun Huang Liu-Yin Hu Kai-Wing Sum.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.
Securing a Wireless Network
WIRELESS NETWORKING Presenter: Nhan Nguyên Phương.
Wireless Networking 102.
Wireless Networks. Why go wireless? C Don’t have to be tied to a N, furniture or infrastructure Can retrieve , access the Internet, a corporate database.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module E Network Basics.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
NETWORKING COMPONENTS By Cleve Rosser. Hubs allow large numbers of computers to be connected on a single or multiple LAN. Each computer plugs into the.
Udit Verma( ) Aditya Gulati( ) Abhishek Meena( )
Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
1 Chapter 7 - Networking Fundamentals Computer network: – Two or more computers connected together Each is a Node (other nodes: printers, network devices,
Wi-Fi Technology By Marc Bailey. What is Wi-Fi? Wi-Fi or Wireless Fidelity is a wireless technolgy owned by the Wi-Fi Alliance (formed in 1999) Goal:
Wireless Networks Tamus, Zoltán Ádám
Connecting Computers and Keeping them safe from Hackers and Viruses Bradie Britzmann and Courtney Hughes Britzmann & Hughes.
Computer Concepts 2014 Chapter 5 Local Area Networks.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
HUB Connects multiple workstations, servers, and other devices to a network. Can be used to connect two or more computers to one network port. Handles.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
Understanding Wireless Networking. WiFi Technology WiFi began as a way to extend home and small office network access without installing more cable. As.
Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.
A PRESENTATION ON “Wireless Networks”
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
5 SECTION A 1 Network Building Blocks  Network Classifications  LAN Standards  Network Devices  Clients, Servers, and Peers  Physical Topology  Network.
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
Week Four Rouda’s Sections.  LAN - Local Area Network ◦ small area (e.g. a building) ◦ small number of machines  WAN - Wide Area Network ◦ large area.
● Albert Einstein explained it best: ● "You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing.
1 LAN – local area network overview: 1.Types of networks 2.Network topology 3.LAN local area networks 4.Introduction to TCP/IP 5.IEEE / Wireless.
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Wireless Networks Standards and Protocols & x Standards and x refers to a family of specifications developed by the IEEE for.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Chapter 7 Part 2 Networks. Why would I ever consider a wired network connection over a wireless? – Wireless signals are more susceptible to interference.
Securing A Wireless Home Network. Simple home wired LAN.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.
Wireless Networking Devices. wireless LAN adapter cards wireless access Points wireless bridges wireless routers.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
There is a lot to talk about if we think of the advantages of a wireless connection, the most important of its aspects is mobility and everything that.
Securing a Wireless Home Network BY: ARGA PRIBADI.
COMPUTER FUNDAMENTALS David Samuel Bhatti
Brianne Stewart.   A wireless network is any computer network that is not connected with a cable  Many homes use this type of internet access  Less.
ICT Unit 4: Network and the effects of using them
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Objective of this Presentation To understand what is Wi-Fi and what is Bluetooth. Difference between Bluetooth and Wi-Fi.
 Two wireless gateways for home use that I choose are : - Linksys Wireless-G ADSL Home Gateway WAG354G - WAG160N Wireless-N ADSL2+ Gateway  The wireless.
Network and hardware revision
Instructor Materials Chapter 6 Building a Home Network
Wireless Technologies
How To Set Up A Wireless Network
Chapter 6 Networks Communicating and Sharing Resources
Presentation transcript:

You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is there is no cat. - Albert Einstein

Securing A Wireless b Home Network © 2004 ABACUS

Why wireless?  Low infrastructure costs –no network cable to install or maintain  Flexibility –computers can be added to, or removed from the network at any time  Inexpensive –wireless devices have dropped in price due to Moore’s Law © 2004 ABACUS

Wireless disadvantages  Interference –cordless phones and other devices use same frequency  Range –about feet from access point  Security –anyone can eavesdrop on an unsecured wireless network © 2004 ABACUS

Wireless history  1902 –Guglielmo Marconi sends first radio transmission  1990 –Institute of Electrical and Electronics Engineers (IEEE) forms Working Group to set standards for wireless networking  1997 –IEEE publishes the first set of standards  1999 –IEEE publishes standard b © 2004 ABACUS

wireless standards StandardMax. RateFrequencyModulation Mb/sec2.4 GHz FHSS DSSS b11 Mb/sec2.4 GHzDSSS a54 Mb/sec5 GHzOFDM g54 Mb/sec2.4 GHz OFDM DSSS © 2004 ABACUS

(1997)  Slow –2 Mb/second data rate  Interoperability problems –Implemented two different modulations: FHSS (Frequency Hopping Spread Spectrum) DSSS (Direct Sequence Spread Spectrum) –Devices with FHSS couldn’t talk to devices with DSSS and vice versa © 2004 ABACUS

802.11b (1999)  Currently most common –Equipment is inexpensive  Faster than –11 Mb/second vs. 2 Mb/second nominal Maximum data rate is 5-6 Mbps due to overhead  No interoperability problems –DSSS modulation only  Security issues –Encryption can be broken © 2004 ABACUS

802.11a ( first devices 2001)  Faster than b –54 Mb/second vs. 11 Mb/second  Uses Orthogonal Frequency Division Multiplexing (OFDM) for modulation  Not compatible with b –Uses 5 GHz frequency band vs. 2.4 GHz for b –Shorter range than b due to higher frequency © 2004 ABACUS

802.11g (2003)  Faster than b –54 Mb/second vs. 11 Mb/second nominal Max. realistic data rate about Mbps  Better security than b  Compatible with b –Most devices support OFDM and DSSS –Networks can use b and g equipment together © 2004 ABACUS

More b factoids  First widespread implementation – Apple’s Airport in 1999  Also called Wi-Fi –Wi-Fi equipment has been certified for interoperability by the Wi-Fi Alliance, a group of wireless equipment manufacturers. Every manufacturer’s Wi-Fi equipment should work with every other manufacturer’s WI-Fi equipment. © 2004 ABACUS

So what is the difference between a wired LAN (Local Area Network) and a wireless LAN? Aside from the obvious, let’s look at the details. © 2004 ABACUS

Wired LAN  Devices being networked –Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems  Devices for connecting the above –Include network adapters, hubs, switches, routers, gateways and more  Connecting medium –Networking cable; most common is Category 5 or CAT-5 for short © 2004 ABACUS

Simple home wired LAN © 2004 ABACUS

Wireless LAN  Devices being networked (same as for wired) –Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems  Devices for connecting the above –Include wireless adapters, access points, bridges, base stations and more  Connecting medium –Radio waves; per Einstein, there is no CAT-5 © 2004 ABACUS

Simple home wireless LAN © 2004 ABACUS

Securing your home LAN Preventing (or limiting) attacks against your network © 2004 ABACUS

Wired LAN outside attacks  Must come in through Internet Gateway  Attacks workstations and servers on the network  Can be prevented by: –Installing a firewall (hardware and/or software) This is often done on the Internet gateway –Turning off (or limiting) file-sharing and remote access © 2004 ABACUS

Wired LAN attack blocked by firewall © 2004 ABACUS

Wireless LAN outside attacks  Even if you have a firewall installed on your Internet gateway, a wireless LAN attacker is, effectively, already inside your network –Wireless base station has to signal its existence so clients can connect  Attackers of wireless LANs therefore need to be kept out by other means in addition to firewalls © 2004 ABACUS

Wireless attacker is inside firewall! © 2004 ABACUS

Types of attacks 1. Attack servers and workstations on the LAN 2. Steal information being transmitted over your wireless LAN 3. Steal Internet access through your Internet gateway © 2004 ABACUS

Server and workstation attacks  Attacker attempts to steal data from hard drives  Attacker attempts to damage the data on the hard drives  Attacker plants malicious software to attack other computers –Spam servers –Denial of service attack software –Worms –Attacks can be traced to your computer, not his!  Handled like attacks on wired LANs –Firewalls on individual computers –Turn off or limit file-sharing © 2004 ABACUS

Attacks to steal data being transmitted over wireless network  Examples: –Personal information contained in s –Copyrighted audio and video files being streamed over your wireless LAN –Financial information being shared between different computers on the network  Prevented by encryption © 2004 ABACUS

Attacks to steal Internet access  Attacker’s computer joins your network, uses your Internet gateway  Attacker could be (for example): –Downloading copyrighted music files –Downloading child pornography –Performing DOS attacks on other computers –Broadcasting spam –These can be traced back to your Internet connection  Prevented by encryption, closing the network and other tricks © 2004 ABACUS

How easy is it to attack a wireless LAN?  Very easy –All an attacker needs is a laptop computer, a wireless card and some software –A directional antenna will increase the range over which the attacker can access your network Directional antenna can be made from a Pringles potato chip can! –Attackers drive around with their computers looking for open wireless networks –Practice is called ‘wardriving’ © 2004 ABACUS

“Wardriving?”  From 1983 movie War Games –‘Wardialing’ was the practice of using an automatic dialer program to get your modem to locate access numbers for unsecured computers and networks © 2004 ABACUS

There is even ‘warflying’ Open networks found by aircraft flying into San Carlos -- from Ars TechnicaArs Technica © 2004 ABACUS

Why is it so easy to invade a wireless LAN?  Ease of setup –Default settings allow even people with limited technical skills to set up and run a basic wireless network  Allows wireless users to use open, public networks (usually for Internet access) –Such as the one at your local Starbucks © 2004 ABACUS

How do you keep attackers out of your home wireless LAN?  Secure the network –Change the service set identifier (SSID) of your base station –Change your base station’s password –Close your network Shut off your base station’s SSID broadcast –Change your base station’s IP address –Enable encryption (WEP) Done on your base station and all the other wireless devices in your LAN –Other tricks  Wireless security measures won’t completely protect your LAN, but all will help © 2004 ABACUS

Changing your SSID  To access the LAN you need the service set identifier (SSID) of your base station  Changing the default SSID reduces the chance the attacker will be able to guess it  Like taking your keys when you park your car  Works best with other security measures Each of these is an SSID (except Alviso) © 2004 ABACUS

Change your password  To access the LAN you need the base station’s password  Changing the default password (often ‘admin’ or ‘password’) drastically reduces the chance the attacker will be able get into your network  Like locking your car when you park it © 2004 ABACUS

Close your network  Shut off SSID broadcast  Reduces chances that the attacker can see your network at all –Network beacon signals can still be detected  Like parking your car in a closed garage –If the thief can’t see it, he won’t know that it’s available to steal If your SSID broadcast is off, you won’t even show up on this map © 2004 ABACUS

Change the IP address of your base station and other devices  Changes the address ranges other devices on your network can use –Defaults are typically x or x –Available private address ranges:  Also reduces the odds your neighbor’s wireless LAN will overlap yours  Like using “The Club” in your car –Requires the thief have additional tools to steal your car © 2004 ABACUS

Enable wireless encryption  Encrypt your network traffic (packets) –This has to be done on the base station and all access points, bridges, wireless adapters, etc. All devices use the same WEP key  WEP (Wireless Encryption Protocol) uses a key to encrypt each packet sent –Key can be generated using a pass phrase or entered directly in hexadecimal Don’t forget yours; write it down –WEP slows network traffic slightly Each packet has to be encrypted by sender; decrypted by receiver © 2004 ABACUS

How safe is WEP?  WEP can be broken, but it takes time –How long? Depends on network traffic volume –High traffic networks transmit lots of packets to analyze WEP Keys can be broken quickly –Lower traffic networks generate fewer packets Breaking WEP takes longer Skilled professionals with custom tools have broken WEP keys in less than a week Readily available tools, such as Airsnort or WEPCrack, in amateur hands, may take a lot longer © 2004 ABACUS

Increasing WEP security  Use longer encryption keys –128-bit/104-bit instead of 64-bit/40-bit WEP key consists of two parts –A 24-bit initialization vector (IV) –The user-generated portion (40 bits or 104 bits) –Together these are used to encrypt the packets Unfortunately WEP sends the IV in clear (unencrypted), so most cracking software can use this as a starting point to break the whole key and read your packets  Change your WEP keys often –This forces attackers to start decryption from scratch © 2004 ABACUS

Problem with longer WEP keys  128/104-bit encryption was not part of the original b standard  Different b equipment makers implemented 128-bit encryption differently  Hence, one maker’s 128-bit keys may not work on another’s devices –To avoid this buy all your b devices from one manufacturer, if possible © 2004 ABACUS

Why is WEP security so bad?  WEP was designed during a period when strong (i.e.,long-key) encryption systems were subject to export restrictions as weapons!  WEP was intentionally made weak to allow WEP devices to be exported and/or made overseas  Unfortunately, WEP was made too weak © 2004 ABACUS

WEP encryption is like a hidden ‘kill’ switch on your car’s ignition  A car thief may be able to find the switch by tracing the wires, but it will take him time  Similarly, WEP can be cracked, but it will take an attacker time to do so  If it takes too much effort, he may look for an easier target –Easier targets may include retail stores! Retailers often use wireless networking cash registers to connect to the store computer or the company network If unencrypted, attackers can steal credit card and authorization numbers from the store’s network traffic © 2004 ABACUS

Other wireless security tricks  Limit number of network users –Set a low limit to the number of users the base station will accept, or –Turn off DHCP (Dynamic Host Configuration Protocol) and assign each device in your network a static IP address  Apply address filtering –Locks out devices from Internet access by either IP or MAC (hardware) address © 2004 ABACUS

Non security for wireless LANs  Use 802.1x (Robust Security Network) –Provides additional layer of encryption over –Not all b devices support it –RSN encryption may be breakable  Use a proprietary encryption scheme –Example: Buffalo Technologies’ AOSSAOSS –All wireless devices on LAN must be from same manufacturer  Use a virtual private network (VPN) –VPNs use strong encryption –Not supported by all devices © 2004 ABACUS

Virtual Private Networks  May be overkill for a home LAN  VPNs can secure all network traffic, both wired and wireless –VPNs can securely connect computers up to thousands of miles apart over another network (such as the Internet) via a process called ‘tunneling’ –Tunneled VPN traffic can be seen by wireless attackers, but can’t be cracked © 2004 ABACUS

Tunneling and VPNs  Three common VPN tunneling modes –Point-to-Point Tunneling Protocol (PPTP) –Layer Two Tunneling Protocol (L2TP) –IP Security (IPSec)  All nodes on the network must use the same tunneling mode –Wireless base station must be: Special router which supports VPN, or Server computer w/ wireless adapter running VPN software –Wireless client computers must also have VPN software installed © 2004 ABACUS

Setting up wireless security  Make security changes in all devices (routers, access points, bridges, adapters, etc.) through a wired link –If you change a device setting through a wireless link, you could lose the connection when you apply the changes –Set up devices in this order: Base station Access points Bridges and adapters –Test each device for connectivity before you install it in its final location © 2004 ABACUS

Wireless security is not perfect  A determined car thief can steal almost any car if he wants it bad enough  However, many simple measures can be taken to make his job harder  If you make it difficult enough, most thieves will pick another target  Wireless LAN security is similar; if you make it difficult enough, attackers will pick other targets © 2004 ABACUS

802.11g features  Better security than b –Automatically changes keys  Up to more than 4 times faster than b –Much faster than either DSL or cable broadband; the broadband connection is the bottleneck –Extra speed is only useful for such applications as streaming digital video over your network © 2004 ABACUS

The future of wireless LAN security  i –Supposedly more secure than WEP –Supposedly compatible with older equipment (802.11b and g) This doesn’t mean that b equipment will be able to use i security; it just means that b and i equipment can be used in the same network –Not available yet © 2004 ABACUS

To return to ABACUS September 2004 Links Page >>>Click here<<<Click here