Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.

Published byGordon Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU."— Presentation transcript:

1 Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU

2 Wireless LANs Transmitter/receiver (transceiver), called an access point (AP), connects to a wired network End users access the wireless LAN through wireless-LAN adapters Single access point can support a group of users within a range of few hundred feet

3 Wireless LANs IEEE 802.11b standard by IEEE for wireless, Ethernet local area networks in 2.4 gigahertz bandwidth space IEEE 802.11b connects computers and other gadgets to each other, and to the Internet, at high speed, without cumbersome wiring, at low cost

4 Wireless LANs Laptops with PCMCIA card adapters Wireless LAN adapters Wired network

5 Wireless LANs Data rates ~ 1.6 Mbps range Throughput fine for e-mail, sharing printers, Internet access, multi-user databases Compatible with Ethernet or Token Ring Wireless LAN systems from different vendors might not be interoperable

6 Wireless LANs Applications Doctors and nurses in hospitals with PDA with wireless LAN access patient information instantly Warehouse workers can exchange information with central databases Senior executives in conference rooms make quicker decisions because they have real-time information at their fingertips

7 Neighborhood Area Network (NAN) People put up Access Points to cover a geographic neighborhood Coverage can be up to 1 kilometer in radius if the AP owner is using an omni-directional antenna Neighbors -in the NAN would use a directional antenna pointed back at the AP Thanks to NANs, anyone can walk around with a personal digital assistant (PDA) and be connected all around the neighborhood http://www.bawug.org/

8 Wireless LAN Popularity 802.11b Wireless access points ~$150 PC Card adapters ~ $70 Cheapness induces departments to set up on their own But there are inherent security problems Policy setting and technology deployment are equally important

9 Wireless LAN Security 802.11b Security features may not be turned on Wired Equivalent Privacy (WEP) and Media Access Control (MAC) address lists still leave WLANs vulnerable WEP encryption keys can be discovered by listening passively to sufficient traffic Positioning of APs is important to ensure traffic does not go out of corporate area

10 Wireless LAN Security Service Set Identifier (SSID) of each AP is needed by clients to access But SSIDs are broadcast by APs often Wireless Sniffer products can catch such points: AiroPeek NX, Sniffer Wireless 4.7, Observer 8.1, NetStumbler See http://www.eweek.com/article2/0,3959,3586,00.asp http://www.eweek.com/article2/0,3959,3586,00.asp

11 ReefEdge VPN WLAN Security Fix ReefEdge implements VPN firewall function to the wireless network Protects and secures wireless access to the enterprise network Authentication, encryption and fine-grained access controls Stops intruders from reading, modifying or injecting wireless traffic, or accessing protected resources

12 VPNs to the Rescue VPNs can encrypt wireless network traffic directly from the access point to the wireless client VPN-based systems have the benefit of being platform- and radio- technology-agnostic The WLAN can be situated behind a DMZ that's blocked off from the production network WLAN users may access the Internet through their wireless links — but will have to connect to the corporate network through an encrypted VPN link

13 Standard WLAN Deployment From - 802.11 Wireless Networks: The Definitive Guide by Matthew Gast

14 Matthew Gast http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.htmlhttp://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html Seven Security Problems of WLAN Easy Access - your 802.11 network and its parameters are available for anybody with an 802.11 card Rogue Access Points - Any user can run to a nearby computer store, purchase an access point, and connect it to the corporate network without authorization Unauthorized Use of Service – Anyone can access WLANs whose WEP feature is not turned on Service and Performance Constraints – 11 Mbps capacity of 802.11b is easily overwhelmed by sharing among multiple users; susceptible to DoS attacks by PING flood

15 Seven Security Problems of WLAN MAC Spoofing and Session Hijacking - your Attackers can observe the MAC addresses of stations on the network and use them for malicious transmissions (User Authentication and AP authentication needed) Traffic Analysis and Eavesdropping – Frame headers are always in the clear; WEP cracking is easy, though new products change the WEP key every 15 mins; for highly confidential data no substitute for strong encryption Higher Level Attacks – Once the WLAN is penetrated more dangerous attacks can be launched from within

16 Keeping your Wireless LAN Safe Enable WEP. Change the default SSID of your product. If your access point supports it, disable "broadcast SSID". Change the default password on your access point or wireless router. As a network administrator, you should periodically survey your site using a tool like NetStumbler to see if any "rogue" access points pop up.

17 Keeping your Wireless LAN Safe Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. Assign static IP addresses for your wireless NICs and turn off DHCP. It makes it tougher for the casual "drive by" to use your network. Buy access points or NICs that support 128-bit WEP. Only purchase access points that have flashable firmware. Check on additional proprietary security features beyond the 802.11b standard.

18 The most effective strategy: –Put your wireless access points into a DMZ, and –have the wireless users tunnel into your network using a VPN. Keeping your Wireless LAN Safe

19 Using a tool such as NetStumbler to detect –SSIDs –Manufacturer –Password –Encryption key Exercises

20 Reference 802.11 Wireless Networks: The Definitive Guide by Matthew Gast, O’Reilly Press April 2002 0-596-00183-5, 464 pages, $44.95 US http://www.oreilly.com/catalog/802dot11/index.html http://www.oreilly.com/catalog/802dot11/index.html WLAN Deployment and Security Basics http://www.extremetech.com/article2/0,3973,1073, 00.asp http://www.extremetech.com/article2/0,3973,1073, 00.asp Keeping your Wireless Network Safe http://www.extremetech.com/article2/0,3973,34635,00.asp http://www.extremetech.com/article2/0,3973,34635,00.asp

Download ppt "Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU."

Similar presentations

Ethical Hacking Module XV Hacking Wireless Networks.

Ethical Hacking Module XV Hacking Wireless Networks.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
1 Wireless LAN Security Presented by Vikrant Karan.

1 Wireless LAN Security Presented by Vikrant Karan.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Security and Wireless LANs Or Fun and Profit With Your Neighbor’s Bandwidth Chris Murphy MIT Information Systems.

Security and Wireless LANs Or Fun and Profit With Your Neighbor’s Bandwidth Chris Murphy MIT Information Systems.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Similar presentations

Ads by Google