Introduction toIntroduction to Wireless Networking and ...2profs.net/steve/CISNTWK440/PPT/Wireless...
Transcript of Introduction toIntroduction to Wireless Networking and ...2profs.net/steve/CISNTWK440/PPT/Wireless...
Introduction toIntroduction toIntroduction to Introduction to Wireless NetworkingWireless Networkinggg
and Securityand Security
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology CenterSteve Siedschlag, Associate ProfessorSteve Siedschlag, Associate Professor
What is a Wireless LAN?What is a Wireless LAN?What is a Wireless LAN?What is a Wireless LAN?
The wireless telegraph is not difficult to understand. The The wireless telegraph is not difficult to understand. The di l h i lik l Y ll h ildi l h i lik l Y ll h ilordinary telegraph is like a very long cat. You pull the tail ordinary telegraph is like a very long cat. You pull the tail
in New York, and it meows in Los Angeles. The wireless is in New York, and it meows in Los Angeles. The wireless is the same way, only without the cat.the same way, only without the cat.y, yy, y
-- Attributed to Albert EinsteinAttributed to Albert Einstein
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 22
What is a Wireless LAN?What is a Wireless LAN? ( ll )( ll )What is a Wireless LAN? What is a Wireless LAN? (really)(really)
•• It is a LANIt is a LAN•• Extension of Wired LANExtension of Wired LAN•• Uses High Frequency Radio Waves (RF)Uses High Frequency Radio Waves (RF)•• Speed : 2Mbps to 54MbpsSpeed : 2Mbps to 54Mbps•• Distance 100 feet to 15 miles Distance 100 feet to 15 miles (with fancy antennas)(with fancy antennas)
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 33
How WLANs OperateHow WLANs OperateHow WLANs OperateHow WLANs Operate
•• Although a variety of radio frequency Although a variety of radio frequency WLANs exist, different products share WLANs exist, different products share similarities and operate similarlysimilarities and operate similarly
•• Only two components are required for a Only two components are required for a O y t o co po e ts a e equ ed o aO y t o co po e ts a e equ ed o awireless networkwireless network–– Wireless network interface (NIC) cardsWireless network interface (NIC) cardsWireless network interface (NIC) cardsWireless network interface (NIC) cards–– Access points (AP)Access points (AP)
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 44
Wireless Network Interface CardWireless Network Interface CardWireless Network Interface CardWireless Network Interface Card
•• NICs connect a computer to the network NICs connect a computer to the network so it can send and receive dataso it can send and receive data–– On wired network, NIC has a port for a cable On wired network, NIC has a port for a cable
connectorconnectorOn wireless network the NIC has an antennaOn wireless network the NIC has an antenna–– On wireless network, the NIC has an antenna On wireless network, the NIC has an antenna to send and receive RF signalsto send and receive RF signals
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 55
Desktop PC Wireless NICDesktop PC Wireless NICDesktop PC Wireless NICDesktop PC Wireless NIC
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 66
Notebook Wireless NICNotebook Wireless NICNotebook Wireless NICNotebook Wireless NIC
•• PCMCIA wireless NICs are available for PCMCIA wireless NICs are available for notebook PCsnotebook PCs
•• Some vendors integrate components of Some vendors integrate components of wireless NIC onto single chip onwireless NIC onto single chip onwireless NIC onto single chip on wireless NIC onto single chip on motherboardmotherboard
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 77
Software for Wireless NICsSoftware for Wireless NICsSoftware for Wireless NICsSoftware for Wireless NICs
•• Software may be part of operating system Software may be part of operating system itselfitself–– Windows XP has software integrated while Windows XP has software integrated while
previous versions of Windows do notprevious versions of Windows do not•• Software may be separate program loadedSoftware may be separate program loaded•• Software may be separate program loaded Software may be separate program loaded
into the computerinto the computerAll operating systems before Windows XPAll operating systems before Windows XP–– All operating systems before Windows XP, All operating systems before Windows XP, require loading softwarerequire loading software
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 88
Access PointAccess PointAccess PointAccess Point
•• An access point (AP) has three main partsAn access point (AP) has three main parts–– An antenna and a radio transmitter/receiverAn antenna and a radio transmitter/receiver–– An RJAn RJ--45 wired network interface to connect 45 wired network interface to connect
to a wired networkto a wired network–– Special bridging softwareSpecial bridging software
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 99
Access PointAccess PointAccess PointAccess Point
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1010
Functions of an Access PointFunctions of an Access PointFunctions of an Access PointFunctions of an Access Point
•• Access point has two basic functionsAccess point has two basic functions–– Acts as base station for wireless networkActs as base station for wireless network–– Acts as bridge between wireless and wired Acts as bridge between wireless and wired
networknetwork
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1111
Access Point CharacteristicsAccess Point CharacteristicsAccess Point CharacteristicsAccess Point Characteristics
•• Max range approximately 375 feet (115 meters)Max range approximately 375 feet (115 meters)–– Expect a LOT less when there are obstructionsExpect a LOT less when there are obstructions
•• S ppo ts as man as 100 se sS ppo ts as man as 100 se s•• Supports as many as 100 usersSupports as many as 100 users–– One access point for each 50 users with light One access point for each 50 users with light
email and basic Internet accessemail and basic Internet accessemail and basic Internet accessemail and basic Internet access–– One access point per 20 users for heavy One access point per 20 users for heavy
network access and large file transfernetwork access and large file transfergg•• APs typically mounted on ceiling, but AC power APs typically mounted on ceiling, but AC power
may be a problemmay be a problem
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1212
Features of Access PointsFeatures of Access PointsFeatures of Access PointsFeatures of Access Points
•• Coverage area should Coverage area should overlap when using overlap when using
lti l i tlti l i tmultiple access pointsmultiple access points–– Clients find the AP that Clients find the AP that
provides the bestprovides the bestprovides the best provides the best serviceservice
–– A seamless handoff A seamless handoff occurs when client occurs when client associates with new associates with new APAP
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1313
WLAN Alphabet SoupWLAN Alphabet SoupWLAN Alphabet SoupWLAN Alphabet Soup
802 11802 11•• 802.11802.11–– IEEE family of specifications for WLANsIEEE family of specifications for WLANs–– 2.4GHz 2Mbps2.4GHz 2Mbps
•• 802 11a802 11a802.11a802.11a–– 5GHz, 54Mbps5GHz, 54Mbps
•• 802.11b802.11b–– Often called WiOften called Wi--Fi, 2.4GHz, 11MbpsFi, 2.4GHz, 11Mbps
•• 802.11g802.11g–– 2.4GHz, 54Mbps2.4GHz, 54Mbps
•• 802.11i802.11iNewly adopted encryption standard parts of 802 11i are alreadyNewly adopted encryption standard parts of 802 11i are already–– Newly adopted encryption standard…parts of 802.11i are already Newly adopted encryption standard…parts of 802.11i are already available (WPA, TKIP, AES) on some new hardware/softwareavailable (WPA, TKIP, AES) on some new hardware/software
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1414
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1515
Wireless TopologiesWireless TopologiesWireless TopologiesWireless Topologies
•• There are multiple modes of operation for There are multiple modes of operation for wireless deviceswireless devices
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1616
WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic Concept
•• Ad Hoc ModeAd Hoc Mode–– Wireless clientWireless client--toto--client communicationclient communication
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1717
WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic Concept
•• Infrastructure ModeInfrastructure Mode–– All clients connect via an Access PointAll clients connect via an Access Point
AP
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1818
WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic Concept
•• SSID or BSSIDSSID or BSSID–– Basic Service Set IdentifierBasic Service Set Identifier
BSSBSSAn AP forms an An AP forms an
i ti ithi ti ithassociation with one or association with one or more wireless clients more wireless clients that is referred to as a that is referred to as a
BSSID BSSID or or SSIDSSID(Basic Service Set(Basic Service Set
Basic Service SetBasic Service Set
(Basic Service Set (Basic Service Set Identifier)Identifier)
beacon
beacon
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 1919
beacon
WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptESSESS
•• ESSIDESSID–– Extended Service Set IdentifierExtended Service Set Identifier
To increase the range To increase the range and coverage of a and coverage of a wireless network, wireless network, overlapping APs areoverlapping APs areoverlapping APs are overlapping APs are installed. This is installed. This is referred to as an referred to as an Extended Service SetExtended Service Set
ESSIDESSID
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2020
ESSID ESSID (Extended Service Set Identifier)(Extended Service Set Identifier)
WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic Concept
•• WEPWEP–– Optional Optional method to encrypt (scramble) method to encrypt (scramble) pp yp ( )yp ( )
transmissionstransmissions–– Offers Offers somesome level of protection for wireless level of protection for wireless
networksnetworks–– NOTNOT enabled by defaultenabled by default
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2121
WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic Concept
•• There are 11 channels used by 802 11b & 802 11gThere are 11 channels used by 802 11b & 802 11g•• There are 11 channels used by 802.11b & 802.11gThere are 11 channels used by 802.11b & 802.11g•• Most APs default to channel 6Most APs default to channel 6•• 802 11a uses different (higher frequency)802 11a uses different (higher frequency)1 2 3 4 5 6 7 8 9 10 11802.11a uses different (higher frequency) 802.11a uses different (higher frequency)
channelschannels1 2 3 4 5 6 7 8 9 10 11
Channel 10Channel 5
Channel 9
Channel 10Channel 5
Channel 4
Channel 3 Channel 8
Channel 7
Channel 1 Channel 6 Channel 11
Channel 2
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 22222.
400
2.41
2
2.43
7
2.46
2
2.47
4
Frequency (GHz)
WLAN RiskWLAN RiskWLAN RiskWLAN Risk
•• Unauthorized ClientsUnauthorized Clients
In rangeMalicious client
Detector
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2323
WLAN RiskWLAN RiskWLAN RiskWLAN Risk
•• Unauthorized or Renegade Access PointsUnauthorized or Renegade Access Points•• Interception and unauthorized monitoring of Interception and unauthorized monitoring of
wireless traffic wireless traffic •• ClientClient--toto--Client AttacksClient Attacks•• Jamming (DoS)Jamming (DoS)
Client-to-client attack
Jamming
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2424
malicious
WLAN RiskWLAN Risk Fake Access PointFake Access PointWLAN Risk WLAN Risk -- Fake Access PointFake Access Point
•• Access Point Clone (Evil Twin) Traffic Access Point Clone (Evil Twin) Traffic InterceptionInterception
AP1
AP1*
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2525
WLAN RiskWLAN RiskWLAN Risk WLAN Risk
•• Brute force attacks against access point Brute force attacks against access point passwords passwords
•• WEP weaknessWEP weakness•• WEP weakness WEP weakness •• MisconfigurationMisconfiguration
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2626
WLAN RiskWLAN RiskWLAN Risk WLAN Risk (continued)(continued)
•• WEP weakness WEP weakness –– WEP security flaws documented in a 2001 UC WEP security flaws documented in a 2001 UC
Berkley studyBerkley studyBerkley studyBerkley study•• Weak encryption (never intended for repeated use)Weak encryption (never intended for repeated use)•• Short keys (64bits Short keys (64bits –– 24bit Init Vector = 40 bits)24bit Init Vector = 40 bits)•• Static KeysStatic Keys•• Static KeysStatic Keys•• No distribution method (shared key)No distribution method (shared key)
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2727
WLAN RiskWLAN RiskWLAN Risk WLAN Risk (continued)(continued)
•• “Mis“Mis--configurations”configurations”–– Default SSIDDefault SSID
•• SSID broadcasting is on by defaultSSID broadcasting is on by default•• SSID broadcasting is on by defaultSSID broadcasting is on by default–– Default PasswordDefault Password–– SNMP Community (RO & RW)SNMP Community (RO & RW)
•• Newer hardware/firmware turns this off by defaultNewer hardware/firmware turns this off by default–– Default security settings (none)Default security settings (none)
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2828
WLAN RiskWLAN RiskWLAN Risk WLAN Risk
•• Unauthorized installationUnauthorized installation–– Rogue APs can open a ‘back door’ to the Rogue APs can open a ‘back door’ to the
network.network.–– Who is allowed to install?Who is allowed to install?–– Where are they be installed?Where are they be installed?
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 2929
WLAN RiskWLAN RiskWLAN Risk WLAN Risk
•• Network StumblerNetwork Stumbler
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3030
WLAN RiskWLAN RiskWLAN Risk WLAN Risk WardrivingWardriving
•• Network StumblerNetwork Stumbler
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3131
WLAN RiskWLAN RiskWLAN Risk WLAN Risk
•• Low cost product prevalentLow cost product prevalent–– limited features, insecurelimited features, insecure–– WellWell--intentioned user may compromise intentioned user may compromise
network securitynetwork security•• Accidental detectionAccidental detection
–– Windows xp automatically discovers accessWindows xp automatically discovers accessWindows xp automatically discovers access Windows xp automatically discovers access pointspoints
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3232
Wireless LAN Protection StrategiesWireless LAN Protection Strategies
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology CenterSteve Siedschlag, Associate ProfessorSteve Siedschlag, Associate Professor
RecommendationsRecommendationsRecommendationsRecommendations
•• Wireless LAN related ConfigurationWireless LAN related Configuration–– Enable WEP, use 128bit keyEnable WEP, use 128bit key
Disable SSID BroadcastsDisable SSID Broadcasts–– Disable SSID BroadcastsDisable SSID Broadcasts–– No SNMP access No SNMP access –– Use MAC (hardware) address to restrict accessUse MAC (hardware) address to restrict access( )( )–– NonNon--default Access Point password default Access Point password –– Change default Access Point NameChange default Access Point Name
U 802 1 / WPA / 802 11i ( h il bl )U 802 1 / WPA / 802 11i ( h il bl )–– Use 802.1x / WPA / 802.11i (when available)Use 802.1x / WPA / 802.11i (when available)
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3434
Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationEnable WEP, use 128bit keyEnable WEP, use 128bit key
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3535
Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationEnable WEP, use 128bit keyEnable WEP, use 128bit key
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3636
Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationEnable WEP, use 128bit keyEnable WEP, use 128bit key
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3737
Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationDisable SSID BroadcastDisable SSID Broadcast
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3838
Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationNo SNMP access No SNMP access
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 3939
Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationUse 802.1x / WPA / 802.11i (when available)Use 802.1x / WPA / 802.11i (when available)
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 4040
General RecommendationsGeneral RecommendationsGeneral RecommendationsGeneral Recommendations
l ( i d i l )l ( i d i l )•• Always (wired or wireless)Always (wired or wireless)–– Install virus protection software plus automatic frequent pattern Install virus protection software plus automatic frequent pattern
file updatefile updateShared folders must impose passwordShared folders must impose password–– Shared folders must impose passwordShared folders must impose password
•• Management IssueManagement IssueProhibit installation of AP’s without authorizationProhibit installation of AP’s without authorization–– Prohibit installation of AP s without authorizationProhibit installation of AP s without authorization
–– Discover any new APs constantly (NetStumbler is free, Antenna Discover any new APs constantly (NetStumbler is free, Antenna is cheap)is cheap)
–– Power off Access Point when not in usePower off Access Point when not in use–– Carefully select the physical location of your AP, not near Carefully select the physical location of your AP, not near
windows or front doors.windows or front doors.
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 4141
Thank You!Thank You!Thank You!Thank You!
•• Computer Network Security Resources at the Robert Pile Computer Network Security Resources at the Robert Pile Chaffey College Chino Information Technology CenterChaffey College Chino Information Technology Center–– CISCIS--420420 PC Security & PrivacyPC Security & PrivacyCISCIS 420420 PC Security & PrivacyPC Security & Privacy–– CISNTWKCISNTWK--440440 Fund. Of Network Security (Security+)Fund. Of Network Security (Security+)–– CISNTWKCISNTWK--441441 Firewalls & Intrusion DetectionFirewalls & Intrusion Detection
CISNTWKCISNTWK 442442 Di t R Pl iDi t R Pl i–– CISNTWKCISNTWK--442442 Disaster Recovery PlanningDisaster Recovery Planning–– CISNTWKCISNTWK--445445 Windows Security AdministrationWindows Security Administration–– CISNTWKCISNTWK--447447 Linux Security AdministrationLinux Security Administration
Steve SiedschlagSteve Siedschlag [email protected]@chaffey.eduAssociate ProfessorAssociate Professor
Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 4242
Associate ProfessorAssociate Professor