Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research...
-
Upload
gordon-sherman -
Category
Documents
-
view
213 -
download
0
Transcript of Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research...
Computer Network ForensicsComputer Network ForensicsLecture 5 - WirelessLecture 5 - Wireless
© Joe CleetusConcurrent Engineering Research Center,
Lane Dept of Computer Science and Engineering, WVU
Wireless LANsWireless LANs
Transmitter/receiver (transceiver), called an
access point (AP), connects to a wired
network
End users access the wireless LAN through
wireless-LAN adapters
Single access point can support a group of
users within a range of few hundred feet
Wireless LANsWireless LANs
IEEE 802.11b standard by IEEE for wireless,
Ethernet local area networks in 2.4 gigahertz
bandwidth space
IEEE 802.11b connects computers and other
gadgets to each other, and to the Internet, at high
speed, without cumbersome wiring, at low cost
Wireless LANsWireless LANs
Laptops with PCMCIA card adapters
Wireless LAN adapters
Wired network
Wireless LANsWireless LANs
Data rates ~ 1.6 Mbps range
Throughput fine for e-mail, sharing printers,
Internet access, multi-user databases
Compatible with Ethernet or Token Ring
Wireless LAN systems from different
vendors might not be interoperable
Wireless LANs ApplicationsWireless LANs Applications
Doctors and nurses in hospitals with PDA with
wireless LAN access patient information instantly
Warehouse workers can exchange information
with central databases
Senior executives in conference rooms make
quicker decisions because they have real-time
information at their fingertips
Neighborhood Area Network (NAN)Neighborhood Area Network (NAN)
People put up Access Points to cover a geographic
neighborhood
Coverage can be up to 1 kilometer in radius if the AP
owner is using an omni-directional antenna
Neighbors -in the NAN would use a directional antenna
pointed back at the AP
Thanks to NANs, anyone can walk around with a
personal digital assistant (PDA) and be connected all
around the neighborhood
http://www.bawug.org/
Wireless LAN Popularity Wireless LAN Popularity
802.11b Wireless access points ~$150
PC Card adapters ~ $70
Cheapness induces departments to set up on
their own
But there are inherent security problems
Policy setting and technology deployment are
equally important
Wireless LAN Security Wireless LAN Security
802.11b Security features may not be turned on
Wired Equivalent Privacy (WEP) and Media Access
Control (MAC) address lists still leave WLANs
vulnerable
WEP encryption keys can be discovered by
listening passively to sufficient traffic
Positioning of APs is important to ensure traffic
does not go out of corporate area
Wireless LAN Security Wireless LAN Security
Service Set Identifier (SSID) of each AP is needed
by clients to access
But SSIDs are broadcast by APs often
Wireless Sniffer products can catch such points:
AiroPeek NX, Sniffer Wireless 4.7, Observer 8.1,
NetStumbler
See http://www.eweek.com/article2/0,3959,3586,00.asp
ReefEdge VPN WLAN Security FixReefEdge VPN WLAN Security Fix
ReefEdge implements VPN firewall function to the
wireless network
Protects and secures wireless access to the
enterprise network
Authentication, encryption and fine-grained access
controls
Stops intruders from reading, modifying or injecting
wireless traffic, or accessing protected resources
VPNs to the RescueVPNs to the Rescue VPNs can encrypt wireless network traffic directly from
the access point to the wireless client
VPN-based systems have the benefit of being platform-
and radio- technology-agnostic
The WLAN can be situated behind a DMZ that's blocked
off from the production network
WLAN users may access the Internet through their
wireless links — but will have to connect to the
corporate network through an encrypted VPN link
Standard WLAN DeploymentStandard WLAN Deployment
From - 802.11 Wireless Networks: The Definitive Guide by Matthew Gast
Matthew Gast http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html
Seven Security Problems of WLANSeven Security Problems of WLAN
Easy Access - your 802.11 network and its parameters are
available for anybody with an 802.11 card
Rogue Access Points - Any user can run to a nearby
computer store, purchase an access point, and connect it to the
corporate network without authorization
Unauthorized Use of Service – Anyone can access WLANs
whose WEP feature is not turned on
Service and Performance Constraints – 11 Mbps
capacity of 802.11b is easily overwhelmed by sharing among
multiple users; susceptible to DoS attacks by PING flood
Seven Security Problems of WLANSeven Security Problems of WLAN
MAC Spoofing and Session Hijacking - your Attackers
can observe the MAC addresses of stations on the network and
use them for malicious transmissions (User Authentication and AP
authentication needed)
Traffic Analysis and Eavesdropping – Frame headers
are always in the clear; WEP cracking is easy, though new
products change the WEP key every 15 mins; for highly
confidential data no substitute for strong encryption
Higher Level Attacks – Once the WLAN is penetrated more
dangerous attacks can be launched from within
Keeping your Wireless LAN Safe Keeping your Wireless LAN Safe
Enable WEP.
Change the default SSID of your product.
If your access point supports it, disable "broadcast SSID".
Change the default password on your access point or
wireless router.
As a network administrator, you should periodically survey
your site using a tool like NetStumbler to see if any
"rogue" access points pop up.
Keeping your Wireless LAN Safe Keeping your Wireless LAN Safe
Many access points allow you to control access based on the MAC
address of the NIC attempting to associate with it.
Assign static IP addresses for your wireless NICs and turn off
DHCP. It makes it tougher for the casual "drive by" to use your
network.
Buy access points or NICs that support 128-bit WEP.
Only purchase access points that have flashable firmware.
Check on additional proprietary security features beyond the
802.11b standard.
The most effective strategy:
– Put your wireless access points into a DMZ, and
– have the wireless users tunnel into your network using
a VPN.
Keeping your Wireless LAN Safe Keeping your Wireless LAN Safe
Using a tool such as NetStumbler to detect
– SSIDs
– Manufacturer
– Password
– Encryption key
Exercises Exercises
ReferenceReference
802.11 Wireless Networks: The Definitive Guide by Matthew Gast, O’Reilly Press April 2002 0-596-00183-5, 464 pages, $44.95 US http://www.oreilly.com/catalog/802dot11/index.html
WLAN Deployment and Security Basics http://www.extremetech.com/article2/0,3973,1073,00.asp
Keeping your Wireless Network Safe http://www.extremetech.com/article2/0,3973,34635,00.asp