Download presentation
Presentation is loading. Please wait.
1
Security Awareness Chapter 5 Wireless Network Security
2
Security Awareness, 3 rd Edition2 Objectives After completing this chapter you should be able to do the following: Explain what a network is and the different types of networks List the different attacks that can be launched against a wireless network Give the steps necessary to secure a wireless network
3
How Networks Work Understand the basics of how a network works –What is a network? –How does it transmit data? –Different types of networks –Devices typically found on a home wireless network Security Awareness, 3 rd Edition3
4
What Is a Computer Network? Purpose of a computer network is to share –Information –Devices such as printers Home network –Single Internet connection –Shared printer –Easier to perform backups Security Awareness, 3 rd Edition4
5
What Is a Computer Network? (cont’d.) Figure 5-2 Computer network Security Awareness, 3 rd Edition5 Course Technology/Cengage Learning
6
Transmitting Across a Network Sending and receiving devices must follow same set of standards (protocols) Transmission Control Protocol/Internet Protocol (TCP/IP) –Most common set of protocols used today IP address –Series of four sets of digits separated by periods –Static or dynamic Security Awareness, 3 rd Edition6
7
Transmitting Across a Network (cont’d.) Media Access Control (MAC) address –Physical address –12 characters separated by either dashes or colons Packets –Small units of data sent through network Security Awareness, 3 rd Edition7
8
Transmitting Across a Network (cont’d.) Figure 5-3 Sending data by packets Security Awareness, 3 rd Edition8 Course Technology/Cengage Learning
9
Types of Networks Two types of classifications –Distance-based Local area network (LAN) Wide area network (WAN) Personal area network (PAN) –Type of connection Wired Wireless local area network (WLAN) Wi-Fi (Wireless Fidelity) Security Awareness, 3 rd Edition9
10
Network Devices Network interface card (NIC) adapter –Hardware device that connects a computer to a wired network Router –Hardware device –Responsible for sending packets through the network toward their destination Firewall –Can repel attacks through filtering the data packets as they arrive at the perimeter of the network Security Awareness, 3 rd Edition10
11
Network Devices (cont’d.) Figure 5-5 Internal wireless NIC Security Awareness, 3 rd Edition11 Course Technology/Cengage Learning
12
Network Devices (cont’d.) Figure 5-6 Hardware firewall Security Awareness, 3 rd Edition12 Course Technology/Cengage Learning
13
Network Devices (cont’d.) Network Attached Storage (NAS) device –Dedicated hard disk-based file storage device –Provides centralized and consolidated disk storage available to network user Access point (AP) –Acts as the ‘‘base station’’ for the wireless network –Acts as a ‘‘bridge’’ between the wireless and wired networks Wireless gateway –Combine the features of an AP, firewall, and router in a single hardware device Security Awareness, 3 rd Edition13
14
Attacks on Wireless Networks Three-step process –Discovering the wireless network –Connecting to the network –Launching assaults Security Awareness, 3 rd Edition14
15
Discovering Beaconing –At regular intervals, a wireless router sends a signal to announce its presence Scanning –Wireless device looks for the incoming beacon information Wireless location mapping –Also known as war driving –Finding a beacon from a wireless network and recording information about it Security Awareness, 3 rd Edition15
16
Discovering (cont’d.) Tools needed for war driving –Mobile computing device –Wireless NIC adapter –Antenna Omnidirectional antenna –Global positioning system (GPS) receiver –Software Security Awareness, 3 rd Edition16
17
Discovering (cont’d.) Figure 5-8 USB wireless NIC Security Awareness, 3 rd Edition17 Course Technology/Cengage Learning
18
Connecting Service Set Identifier (SSID) –‘‘Network name’’ and can be any alphanumeric string from 2 to 32 characters Wireless networks are designed to freely distribute their SSID Once a wireless device receives a beacon with the SSID, it can then attempt to join the network –Virtually nothing that an attacker must do in order to connect Security Awareness, 3 rd Edition18 3 rd
19
Connecting (cont’d.) Figure 5-9 Connecting to a wireless network Security Awareness, 3 rd Edition19 Course Technology/Cengage Learning
20
Connecting (cont’d.) Some wireless security sources encourage users to configure APs to prevent the beacon from including the SSID –Does not provide protection Security Awareness, 3 rd Edition20
21
Launching Assaults Eavesdropping –Attackers can easily view the contents of transmissions from hundreds of feet away –Even if they have not connected to the wireless network Security Awareness, 3 rd Edition21
22
Launching Assaults (cont’d.) Wired Equivalent Privacy (WEP) –Ensure that only authorized parties can view transmitted wireless information –Encrypts information into ciphertext –Contains a serious flaw –Attacker can discover a WEP key in less than one minute Security Awareness, 3 rd Edition22
23
Launching Assaults (cont’d.) Stealing data –Once connected attacker treated as “trusted user” –Has access to any shared data Injecting malware –“Trusted user” enters from behind the network’s firewall –Can easily inject malware Storing illegal content –Can set up storage on user’s computer and store content Security Awareness, 3 rd Edition23
24
Launching Assaults (cont’d.) Launching denial of service (DoS) attacks –Denial of service (DoS) attack Designed to prevent a device from performing its intended function –Wireless DoS attacks Designed to deny wireless devicesaccess to the wireless router itself –Packet generator Create fake packets; flood wireless network with traffic –Disassociation frames Communication from a wireless device that indicates the device wishes to end the wireless connection Security Awareness, 3 rd Edition24
25
Launching Assaults (cont’d.) Figure 5-13 DoS attack using disassociation frames Security Awareness, 3 rd Edition25 Course Technology/Cengage Learning
26
Launching Assaults (cont’d.) Impersonating a legitimate network –Attackers will often impersonate legitimate networks in restaurants, coffee shops, airports, etc. –Does not require wireless router –Ad hoc or peer-to-peer network –Once the connection is made Attacker might be able to directly inject malware into the user’s computer or steal data Security Awareness, 3 rd Edition26
27
Wireless Network Defenses Secure the home wireless network Use an unprotected public wireless network in the most secure manner possible Security Awareness, 3 rd Edition27
28
Securing a Home Wireless Network Locking down the wireless router –Create username and password –Do not use default password –Typical settings on the wireless router login security screen Router Password Access Server Wireless Access Web Remote Management Security Awareness, 3 rd Edition28
29
Securing a Home Wireless Network (cont’d.) Figure 5-15 Wireless router login security screen Security Awareness, 3 rd Edition29 Course Technology/Cengage Learning
30
Securing a Home Wireless Network (cont’d.) Limiting users –Restrict who can access network by MAC address MAC address filter –Dynamic Host Configuration Protocol (DHCP) Wireless routers distribute IP addresses to network devices Properly configuring settings DHCP lease Security Awareness, 3 rd Edition30 3 rd
31
Securing a Home Wireless Network (cont’d.) Figure 5-16 MAC address filter Security Awareness, 3 rd Edition31 Course Technology/Cengage Learning
32
Securing a Home Wireless Network (cont’d.) Turning on Wi-Fi protected access 2 (WPA2) –Personal security model –Designed for single users or small office settings –Parts Wi-Fi Protected Access (WPA) Wi-Fi Protected Access 2 (WPA2) –To turn on WPA2 Choose security mode Select WPA Algorithm Enter shared key Security Awareness, 3 rd Edition32
33
Securing a Home Wireless Network (cont’d.) Figure 5-18 Security Mode options Security Awareness, 3 rd Edition33 Course Technology/Cengage Learning
34
Securing a Home Wireless Network (cont’d.) Figure 5-19 WPA Algorithms setting Security Awareness, 3 rd Edition34 Course Technology/Cengage Learning
35
Securing a Home Wireless Network (cont’d.) Configuring network settings –Network Address Translation (NAT) Hides the IP addresses of network devices from attackers Private addresses NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address –Port address translation (PAT) Each packet is sent to a different port number Security Awareness, 3 rd Edition35
36
Securing a Home Wireless Network (cont’d.) –Virtual local area networks (VLANs) Segment users or network equipment in logical groupings Creates a separate virtual network for each user of the wireless network –Demilitarized Zone (DMZ) Separate network that sits outside the secure network perimeter Limits outside access to the DMZ network only Security Awareness, 3 rd Edition36
37
Securing a Home Wireless Network (cont’d.) Figure 5-21 Demilitarized zone (DMZ) Security Awareness, 3 rd Edition37 Course Technology/Cengage Learning
38
Securing a Home Wireless Network (cont’d.) –Port forwarding More secure than DMZ Opens only the ports that need to be available Security Awareness, 3 rd Edition38
39
Using a Public Wireless Network Securely Turning on a personal firewall –Runs as a program on the user’s local computer –Operates according to a rule base –Rule options Allow Block Prompt –Stateless packet filtering –Stateful packet filtering Provides more protection Security Awareness, 3 rd Edition39
40
Using a Public Wireless Network Securely (cont’d.) Virtual Private Networks (VPNs) –Uses an unsecured public network as if it were a secure private network –Encrypts all data that is transmitted between the remote device and the network –Advantages Full protection Transparency Authentication Industry standards Security Awareness, 3 rd Edition40
41
Figure 5-22 Virtual private network (VPN) Security Awareness, 3 rd Edition41 Course Technology/Cengage Learning
42
Summary Most home users install wireless networks Attacking a wireless network involves three main steps –Discovery –Connection –Attack Secure home wireless network Use good security when using public wireless networks Security Awareness, 3 rd Edition42
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.