Presentation is loading. Please wait.

Presentation is loading. Please wait.

You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this?

Published byCorey Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this?"— Presentation transcript:

1 You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is there is no cat. - Albert Einstein

2 Securing A Wireless 802.11b Home Network © 2004 ABACUS

3 Why wireless?  Low infrastructure costs –no network cable to install or maintain  Flexibility –computers can be added to, or removed from the network at any time  Inexpensive –wireless devices have dropped in price due to Moore’s Law © 2004 ABACUS

4 Wireless disadvantages  Interference –cordless phones and other devices use same frequency  Range –about 50 - 200 feet from access point  Security –anyone can eavesdrop on an unsecured wireless network © 2004 ABACUS

5 Wireless history  1902 –Guglielmo Marconi sends first radio transmission  1990 –Institute of Electrical and Electronics Engineers (IEEE) forms 802.11 Working Group to set standards for wireless networking  1997 –IEEE publishes the first set of 802.11 standards  1999 –IEEE publishes standard 802.11b © 2004 ABACUS

6 802.11 wireless standards StandardMax. RateFrequencyModulation 802.112 Mb/sec2.4 GHz FHSS DSSS 802.11b11 Mb/sec2.4 GHzDSSS 802.11a54 Mb/sec5 GHzOFDM 802.11g54 Mb/sec2.4 GHz OFDM DSSS © 2004 ABACUS

7 802.11 (1997)  Slow –2 Mb/second data rate  Interoperability problems –Implemented two different modulations: FHSS (Frequency Hopping Spread Spectrum) DSSS (Direct Sequence Spread Spectrum) –Devices with FHSS couldn’t talk to devices with DSSS and vice versa © 2004 ABACUS

8 802.11b (1999)  Currently most common –Equipment is inexpensive  Faster than 802.11 –11 Mb/second vs. 2 Mb/second nominal Maximum data rate is 5-6 Mbps due to overhead  No interoperability problems –DSSS modulation only  Security issues –Encryption can be broken © 2004 ABACUS

9 802.11a (1999 - first devices 2001)  Faster than 802.11b –54 Mb/second vs. 11 Mb/second  Uses Orthogonal Frequency Division Multiplexing (OFDM) for modulation  Not compatible with 802.11b –Uses 5 GHz frequency band vs. 2.4 GHz for 802.11b –Shorter range than 802.11b due to higher frequency © 2004 ABACUS

10 802.11g (2003)  Faster than 802.11b –54 Mb/second vs. 11 Mb/second nominal Max. realistic data rate about 25-30 Mbps  Better security than 802.11b  Compatible with 802.11b –Most devices support OFDM and DSSS –Networks can use 802.11b and 802.11g equipment together © 2004 ABACUS

11 More 802.11b factoids  First widespread implementation – Apple’s Airport in 1999  Also called Wi-Fi –Wi-Fi equipment has been certified for interoperability by the Wi-Fi Alliance, a group of wireless equipment manufacturers. Every manufacturer’s Wi-Fi equipment should work with every other manufacturer’s WI-Fi equipment. © 2004 ABACUS

12 So what is the difference between a wired LAN (Local Area Network) and a wireless LAN? Aside from the obvious, let’s look at the details. © 2004 ABACUS

13 Wired LAN  Devices being networked –Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems  Devices for connecting the above –Include network adapters, hubs, switches, routers, gateways and more  Connecting medium –Networking cable; most common is Category 5 or CAT-5 for short © 2004 ABACUS

14 Simple home wired LAN © 2004 ABACUS

15 Wireless LAN  Devices being networked (same as for wired) –Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems  Devices for connecting the above –Include wireless adapters, access points, bridges, base stations and more  Connecting medium –Radio waves; per Einstein, there is no CAT-5 © 2004 ABACUS

16 Simple home wireless LAN © 2004 ABACUS

17 Securing your home LAN Preventing (or limiting) attacks against your network © 2004 ABACUS

18 Wired LAN outside attacks  Must come in through Internet Gateway  Attacks workstations and servers on the network  Can be prevented by: –Installing a firewall (hardware and/or software) This is often done on the Internet gateway –Turning off (or limiting) file-sharing and remote access © 2004 ABACUS

19 Wired LAN attack blocked by firewall © 2004 ABACUS

20 Wireless LAN outside attacks  Even if you have a firewall installed on your Internet gateway, a wireless LAN attacker is, effectively, already inside your network –Wireless base station has to signal its existence so clients can connect  Attackers of wireless LANs therefore need to be kept out by other means in addition to firewalls © 2004 ABACUS

21 Wireless attacker is inside firewall! © 2004 ABACUS

22 Types of attacks 1. Attack servers and workstations on the LAN 2. Steal information being transmitted over your wireless LAN 3. Steal Internet access through your Internet gateway © 2004 ABACUS

23 Server and workstation attacks  Attacker attempts to steal data from hard drives  Attacker attempts to damage the data on the hard drives  Attacker plants malicious software to attack other computers –Spam servers –Denial of service attack software –Worms –Attacks can be traced to your computer, not his!  Handled like attacks on wired LANs –Firewalls on individual computers –Turn off or limit file-sharing © 2004 ABACUS

24 Attacks to steal data being transmitted over wireless network  Examples: –Personal information contained in e-mails –Copyrighted audio and video files being streamed over your wireless LAN –Financial information being shared between different computers on the network  Prevented by encryption © 2004 ABACUS

25 Attacks to steal Internet access  Attacker’s computer joins your network, uses your Internet gateway  Attacker could be (for example): –Downloading copyrighted music files –Downloading child pornography –Performing DOS attacks on other computers –Broadcasting spam –These can be traced back to your Internet connection  Prevented by encryption, closing the network and other tricks © 2004 ABACUS

26 How easy is it to attack a wireless LAN?  Very easy –All an attacker needs is a laptop computer, a wireless card and some software –A directional antenna will increase the range over which the attacker can access your network Directional antenna can be made from a Pringles potato chip can! –Attackers drive around with their computers looking for open wireless networks –Practice is called ‘wardriving’ © 2004 ABACUS

27 “Wardriving?”  From 1983 movie War Games –‘Wardialing’ was the practice of using an automatic dialer program to get your modem to locate access numbers for unsecured computers and networks © 2004 ABACUS

28 There is even ‘warflying’ Open networks found by aircraft flying into San Carlos -- from Ars TechnicaArs Technica © 2004 ABACUS

29 Why is it so easy to invade a wireless LAN?  Ease of setup –Default settings allow even people with limited technical skills to set up and run a basic wireless network  Allows wireless users to use open, public networks (usually for Internet access) –Such as the one at your local Starbucks © 2004 ABACUS

30 How do you keep attackers out of your home wireless LAN?  Secure the network –Change the service set identifier (SSID) of your base station –Change your base station’s password –Close your network Shut off your base station’s SSID broadcast –Change your base station’s IP address –Enable encryption (WEP) Done on your base station and all the other wireless devices in your LAN –Other tricks  Wireless security measures won’t completely protect your LAN, but all will help © 2004 ABACUS

31 Changing your SSID  To access the LAN you need the service set identifier (SSID) of your base station  Changing the default SSID reduces the chance the attacker will be able to guess it  Like taking your keys when you park your car  Works best with other security measures Each of these is an SSID (except Alviso) © 2004 ABACUS

32 Change your password  To access the LAN you need the base station’s password  Changing the default password (often ‘admin’ or ‘password’) drastically reduces the chance the attacker will be able get into your network  Like locking your car when you park it © 2004 ABACUS

33 Close your network  Shut off SSID broadcast  Reduces chances that the attacker can see your network at all –Network beacon signals can still be detected  Like parking your car in a closed garage –If the thief can’t see it, he won’t know that it’s available to steal If your SSID broadcast is off, you won’t even show up on this map © 2004 ABACUS

34 Change the IP address of your base station and other devices  Changes the address ranges other devices on your network can use –Defaults are typically 192.168.0.x or 192.168.1.x –Available private address ranges: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255  Also reduces the odds your neighbor’s wireless LAN will overlap yours  Like using “The Club” in your car –Requires the thief have additional tools to steal your car © 2004 ABACUS

35 Enable wireless encryption  Encrypt your network traffic (packets) –This has to be done on the base station and all access points, bridges, wireless adapters, etc. All devices use the same WEP key  WEP (Wireless Encryption Protocol) uses a key to encrypt each packet sent –Key can be generated using a pass phrase or entered directly in hexadecimal Don’t forget yours; write it down –WEP slows network traffic slightly Each packet has to be encrypted by sender; decrypted by receiver © 2004 ABACUS

36 How safe is WEP?  WEP can be broken, but it takes time –How long? Depends on network traffic volume –High traffic networks transmit lots of packets to analyze WEP Keys can be broken quickly –Lower traffic networks generate fewer packets Breaking WEP takes longer Skilled professionals with custom tools have broken WEP keys in less than a week Readily available tools, such as Airsnort or WEPCrack, in amateur hands, may take a lot longer © 2004 ABACUS

37 Increasing WEP security  Use longer encryption keys –128-bit/104-bit instead of 64-bit/40-bit WEP key consists of two parts –A 24-bit initialization vector (IV) –The user-generated portion (40 bits or 104 bits) –Together these are used to encrypt the packets Unfortunately WEP sends the IV in clear (unencrypted), so most cracking software can use this as a starting point to break the whole key and read your packets  Change your WEP keys often –This forces attackers to start decryption from scratch © 2004 ABACUS

38 Problem with longer WEP keys  128/104-bit encryption was not part of the original 802.11b standard  Different 802.11b equipment makers implemented 128-bit encryption differently  Hence, one maker’s 128-bit keys may not work on another’s devices –To avoid this buy all your 802.11b devices from one manufacturer, if possible © 2004 ABACUS

39 Why is WEP security so bad?  WEP was designed during a period when strong (i.e.,long-key) encryption systems were subject to export restrictions as weapons!  WEP was intentionally made weak to allow WEP devices to be exported and/or made overseas  Unfortunately, WEP was made too weak © 2004 ABACUS

40 WEP encryption is like a hidden ‘kill’ switch on your car’s ignition  A car thief may be able to find the switch by tracing the wires, but it will take him time  Similarly, WEP can be cracked, but it will take an attacker time to do so  If it takes too much effort, he may look for an easier target –Easier targets may include retail stores! Retailers often use wireless networking cash registers to connect to the store computer or the company network If unencrypted, attackers can steal credit card and authorization numbers from the store’s network traffic © 2004 ABACUS

41 Other wireless security tricks  Limit number of network users –Set a low limit to the number of users the base station will accept, or –Turn off DHCP (Dynamic Host Configuration Protocol) and assign each device in your network a static IP address  Apply address filtering –Locks out devices from Internet access by either IP or MAC (hardware) address © 2004 ABACUS

42 Non-802.11 security for wireless LANs  Use 802.1x (Robust Security Network) –Provides additional layer of encryption over 802.11 –Not all 802.11b devices support it –RSN encryption may be breakable  Use a proprietary encryption scheme –Example: Buffalo Technologies’ AOSSAOSS –All wireless devices on LAN must be from same manufacturer  Use a virtual private network (VPN) –VPNs use strong encryption –Not supported by all devices © 2004 ABACUS

43 Virtual Private Networks  May be overkill for a home LAN  VPNs can secure all network traffic, both wired and wireless –VPNs can securely connect computers up to thousands of miles apart over another network (such as the Internet) via a process called ‘tunneling’ –Tunneled VPN traffic can be seen by wireless attackers, but can’t be cracked © 2004 ABACUS

44 Tunneling and VPNs  Three common VPN tunneling modes –Point-to-Point Tunneling Protocol (PPTP) –Layer Two Tunneling Protocol (L2TP) –IP Security (IPSec)  All nodes on the network must use the same tunneling mode –Wireless base station must be: Special router which supports VPN, or Server computer w/ wireless adapter running VPN software –Wireless client computers must also have VPN software installed © 2004 ABACUS

45 Setting up wireless security  Make security changes in all devices (routers, access points, bridges, adapters, etc.) through a wired link –If you change a device setting through a wireless link, you could lose the connection when you apply the changes –Set up devices in this order: Base station Access points Bridges and adapters –Test each device for connectivity before you install it in its final location © 2004 ABACUS

46 Wireless security is not perfect  A determined car thief can steal almost any car if he wants it bad enough  However, many simple measures can be taken to make his job harder  If you make it difficult enough, most thieves will pick another target  Wireless LAN security is similar; if you make it difficult enough, attackers will pick other targets © 2004 ABACUS

47 802.11g features  Better security than 802.11b –Automatically changes keys  Up to more than 4 times faster than 802.11b –Much faster than either DSL or cable broadband; the broadband connection is the bottleneck –Extra speed is only useful for such applications as streaming digital video over your network © 2004 ABACUS

48 The future of wireless LAN security  802.11i –Supposedly more secure than WEP –Supposedly compatible with older equipment (802.11b and 802.11g) This doesn’t mean that 802.11b equipment will be able to use 802.11i security; it just means that 802.11b and 802.11i equipment can be used in the same network –Not available yet © 2004 ABACUS

49 To return to ABACUS September 2004 Links Page >>>Click here<<<Click here

Download ppt "You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this?"

Similar presentations

Wi-Fi Technology.

Wi-Fi Technology.
Securing A Wireless Home Network. Wireless Facts Range about 50 - 200 feet from access point Security anyone can eavesdrop on an unsecured wireless network.

Securing A Wireless Home Network. Wireless Facts Range about feet from access point Security anyone can eavesdrop on an unsecured wireless network.
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber

Wireless Networking TGIF, April 18th, 2003 Alvin Chew Kent Reuber
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Remote Desktop Connection Techniques Wireless Communication Networks.

Remote Desktop Connection Techniques Wireless Communication Networks.
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Wi-Fi Structures.

Wi-Fi Structures.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Wireless LANs Presented by: Jerome Thompson Mei-Lun Huang Liu-Yin Hu Kai-Wing Sum.

Wireless LANs Presented by: Jerome Thompson Mei-Lun Huang Liu-Yin Hu Kai-Wing Sum.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.

Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.
Securing a Wireless Network

Securing a Wireless Network

Similar presentations

Ads by Google