Introduction toIntroduction to Wireless Networking and ...2profs.net/steve/CISNTWK440/PPT/Wireless...

Introduction toIntroduction toIntroduction to Introduction to Wireless NetworkingWireless Networkinggg

and Securityand Security

Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology CenterSteve Siedschlag, Associate ProfessorSteve Siedschlag, Associate Professor

What is a Wireless LAN?What is a Wireless LAN?What is a Wireless LAN?What is a Wireless LAN?

The wireless telegraph is not difficult to understand. The The wireless telegraph is not difficult to understand. The di l h i lik l Y ll h ildi l h i lik l Y ll h ilordinary telegraph is like a very long cat. You pull the tail ordinary telegraph is like a very long cat. You pull the tail

in New York, and it meows in Los Angeles. The wireless is in New York, and it meows in Los Angeles. The wireless is the same way, only without the cat.the same way, only without the cat.y, yy, y

-- Attributed to Albert EinsteinAttributed to Albert Einstein

Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 22

What is a Wireless LAN?What is a Wireless LAN? ( ll )( ll )What is a Wireless LAN? What is a Wireless LAN? (really)(really)

•• It is a LANIt is a LAN•• Extension of Wired LANExtension of Wired LAN•• Uses High Frequency Radio Waves (RF)Uses High Frequency Radio Waves (RF)•• Speed : 2Mbps to 54MbpsSpeed : 2Mbps to 54Mbps•• Distance 100 feet to 15 miles Distance 100 feet to 15 miles (with fancy antennas)(with fancy antennas)


How WLANs OperateHow WLANs OperateHow WLANs OperateHow WLANs Operate

•• Although a variety of radio frequency Although a variety of radio frequency WLANs exist, different products share WLANs exist, different products share similarities and operate similarlysimilarities and operate similarly

•• Only two components are required for a Only two components are required for a O y t o co po e ts a e equ ed o aO y t o co po e ts a e equ ed o awireless networkwireless network–– Wireless network interface (NIC) cardsWireless network interface (NIC) cardsWireless network interface (NIC) cardsWireless network interface (NIC) cards–– Access points (AP)Access points (AP)


Wireless Network Interface CardWireless Network Interface CardWireless Network Interface CardWireless Network Interface Card

•• NICs connect a computer to the network NICs connect a computer to the network so it can send and receive dataso it can send and receive data–– On wired network, NIC has a port for a cable On wired network, NIC has a port for a cable

connectorconnectorOn wireless network the NIC has an antennaOn wireless network the NIC has an antenna–– On wireless network, the NIC has an antenna On wireless network, the NIC has an antenna to send and receive RF signalsto send and receive RF signals


Desktop PC Wireless NICDesktop PC Wireless NICDesktop PC Wireless NICDesktop PC Wireless NIC


Notebook Wireless NICNotebook Wireless NICNotebook Wireless NICNotebook Wireless NIC

•• PCMCIA wireless NICs are available for PCMCIA wireless NICs are available for notebook PCsnotebook PCs

•• Some vendors integrate components of Some vendors integrate components of wireless NIC onto single chip onwireless NIC onto single chip onwireless NIC onto single chip on wireless NIC onto single chip on motherboardmotherboard


Software for Wireless NICsSoftware for Wireless NICsSoftware for Wireless NICsSoftware for Wireless NICs

•• Software may be part of operating system Software may be part of operating system itselfitself–– Windows XP has software integrated while Windows XP has software integrated while

previous versions of Windows do notprevious versions of Windows do not•• Software may be separate program loadedSoftware may be separate program loaded•• Software may be separate program loaded Software may be separate program loaded

into the computerinto the computerAll operating systems before Windows XPAll operating systems before Windows XP–– All operating systems before Windows XP, All operating systems before Windows XP, require loading softwarerequire loading software


Access PointAccess PointAccess PointAccess Point

•• An access point (AP) has three main partsAn access point (AP) has three main parts–– An antenna and a radio transmitter/receiverAn antenna and a radio transmitter/receiver–– An RJAn RJ--45 wired network interface to connect 45 wired network interface to connect

to a wired networkto a wired network–– Special bridging softwareSpecial bridging software


Access PointAccess PointAccess PointAccess Point


Functions of an Access PointFunctions of an Access PointFunctions of an Access PointFunctions of an Access Point

•• Access point has two basic functionsAccess point has two basic functions–– Acts as base station for wireless networkActs as base station for wireless network–– Acts as bridge between wireless and wired Acts as bridge between wireless and wired

networknetwork


Access Point CharacteristicsAccess Point CharacteristicsAccess Point CharacteristicsAccess Point Characteristics

•• Max range approximately 375 feet (115 meters)Max range approximately 375 feet (115 meters)–– Expect a LOT less when there are obstructionsExpect a LOT less when there are obstructions

•• S ppo ts as man as 100 se sS ppo ts as man as 100 se s•• Supports as many as 100 usersSupports as many as 100 users–– One access point for each 50 users with light One access point for each 50 users with light

email and basic Internet accessemail and basic Internet accessemail and basic Internet accessemail and basic Internet access–– One access point per 20 users for heavy One access point per 20 users for heavy

network access and large file transfernetwork access and large file transfergg•• APs typically mounted on ceiling, but AC power APs typically mounted on ceiling, but AC power

may be a problemmay be a problem


Features of Access PointsFeatures of Access PointsFeatures of Access PointsFeatures of Access Points

•• Coverage area should Coverage area should overlap when using overlap when using

lti l i tlti l i tmultiple access pointsmultiple access points–– Clients find the AP that Clients find the AP that

provides the bestprovides the bestprovides the best provides the best serviceservice

–– A seamless handoff A seamless handoff occurs when client occurs when client associates with new associates with new APAP


WLAN Alphabet SoupWLAN Alphabet SoupWLAN Alphabet SoupWLAN Alphabet Soup

802 11802 11•• 802.11802.11–– IEEE family of specifications for WLANsIEEE family of specifications for WLANs–– 2.4GHz 2Mbps2.4GHz 2Mbps

•• 802 11a802 11a802.11a802.11a–– 5GHz, 54Mbps5GHz, 54Mbps

•• 802.11b802.11b–– Often called WiOften called Wi--Fi, 2.4GHz, 11MbpsFi, 2.4GHz, 11Mbps

•• 802.11g802.11g–– 2.4GHz, 54Mbps2.4GHz, 54Mbps

•• 802.11i802.11iNewly adopted encryption standard parts of 802 11i are alreadyNewly adopted encryption standard parts of 802 11i are already–– Newly adopted encryption standard…parts of 802.11i are already Newly adopted encryption standard…parts of 802.11i are already available (WPA, TKIP, AES) on some new hardware/softwareavailable (WPA, TKIP, AES) on some new hardware/software


Wireless TopologiesWireless TopologiesWireless TopologiesWireless Topologies

•• There are multiple modes of operation for There are multiple modes of operation for wireless deviceswireless devices


WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic Concept

•• Ad Hoc ModeAd Hoc Mode–– Wireless clientWireless client--toto--client communicationclient communication



•• Infrastructure ModeInfrastructure Mode–– All clients connect via an Access PointAll clients connect via an Access Point

AP



•• SSID or BSSIDSSID or BSSID–– Basic Service Set IdentifierBasic Service Set Identifier

BSSBSSAn AP forms an An AP forms an

i ti ithi ti ithassociation with one or association with one or more wireless clients more wireless clients that is referred to as a that is referred to as a

BSSID BSSID or or SSIDSSID(Basic Service Set(Basic Service Set

Basic Service SetBasic Service Set

(Basic Service Set (Basic Service Set Identifier)Identifier)

beacon

beacon


beacon

WLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptWLAN Terms & Basic ConceptESSESS

•• ESSIDESSID–– Extended Service Set IdentifierExtended Service Set Identifier

To increase the range To increase the range and coverage of a and coverage of a wireless network, wireless network, overlapping APs areoverlapping APs areoverlapping APs are overlapping APs are installed. This is installed. This is referred to as an referred to as an Extended Service SetExtended Service Set

ESSIDESSID


ESSID ESSID (Extended Service Set Identifier)(Extended Service Set Identifier)


•• WEPWEP–– Optional Optional method to encrypt (scramble) method to encrypt (scramble) pp yp ( )yp ( )

transmissionstransmissions–– Offers Offers somesome level of protection for wireless level of protection for wireless

networksnetworks–– NOTNOT enabled by defaultenabled by default



•• There are 11 channels used by 802 11b & 802 11gThere are 11 channels used by 802 11b & 802 11g•• There are 11 channels used by 802.11b & 802.11gThere are 11 channels used by 802.11b & 802.11g•• Most APs default to channel 6Most APs default to channel 6•• 802 11a uses different (higher frequency)802 11a uses different (higher frequency)1 2 3 4 5 6 7 8 9 10 11802.11a uses different (higher frequency) 802.11a uses different (higher frequency)

channelschannels1 2 3 4 5 6 7 8 9 10 11

Channel 10Channel 5

Channel 9

Channel 10Channel 5

Channel 4

Channel 3 Channel 8

Channel 7

Channel 1 Channel 6 Channel 11

Channel 2

Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology Center 22222.

400

2.41

2

2.43

7

2.46

2

2.47

4

Frequency (GHz)

WLAN RiskWLAN RiskWLAN RiskWLAN Risk

•• Unauthorized ClientsUnauthorized Clients

In rangeMalicious client

Detector


WLAN RiskWLAN RiskWLAN RiskWLAN Risk

•• Unauthorized or Renegade Access PointsUnauthorized or Renegade Access Points•• Interception and unauthorized monitoring of Interception and unauthorized monitoring of

wireless traffic wireless traffic •• ClientClient--toto--Client AttacksClient Attacks•• Jamming (DoS)Jamming (DoS)

Client-to-client attack

Jamming


malicious

WLAN RiskWLAN Risk Fake Access PointFake Access PointWLAN Risk WLAN Risk -- Fake Access PointFake Access Point

•• Access Point Clone (Evil Twin) Traffic Access Point Clone (Evil Twin) Traffic InterceptionInterception

AP1

AP1*


WLAN RiskWLAN RiskWLAN Risk WLAN Risk

•• Brute force attacks against access point Brute force attacks against access point passwords passwords

•• WEP weaknessWEP weakness•• WEP weakness WEP weakness •• MisconfigurationMisconfiguration


WLAN RiskWLAN RiskWLAN Risk WLAN Risk (continued)(continued)

•• WEP weakness WEP weakness –– WEP security flaws documented in a 2001 UC WEP security flaws documented in a 2001 UC

Berkley studyBerkley studyBerkley studyBerkley study•• Weak encryption (never intended for repeated use)Weak encryption (never intended for repeated use)•• Short keys (64bits Short keys (64bits –– 24bit Init Vector = 40 bits)24bit Init Vector = 40 bits)•• Static KeysStatic Keys•• Static KeysStatic Keys•• No distribution method (shared key)No distribution method (shared key)


WLAN RiskWLAN RiskWLAN Risk WLAN Risk (continued)(continued)

•• “Mis“Mis--configurations”configurations”–– Default SSIDDefault SSID

•• SSID broadcasting is on by defaultSSID broadcasting is on by default•• SSID broadcasting is on by defaultSSID broadcasting is on by default–– Default PasswordDefault Password–– SNMP Community (RO & RW)SNMP Community (RO & RW)

•• Newer hardware/firmware turns this off by defaultNewer hardware/firmware turns this off by default–– Default security settings (none)Default security settings (none)



•• Unauthorized installationUnauthorized installation–– Rogue APs can open a ‘back door’ to the Rogue APs can open a ‘back door’ to the

network.network.–– Who is allowed to install?Who is allowed to install?–– Where are they be installed?Where are they be installed?



•• Network StumblerNetwork Stumbler


WLAN RiskWLAN RiskWLAN Risk WLAN Risk WardrivingWardriving

•• Network StumblerNetwork Stumbler



•• Low cost product prevalentLow cost product prevalent–– limited features, insecurelimited features, insecure–– WellWell--intentioned user may compromise intentioned user may compromise

network securitynetwork security•• Accidental detectionAccidental detection

–– Windows xp automatically discovers accessWindows xp automatically discovers accessWindows xp automatically discovers access Windows xp automatically discovers access pointspoints


Wireless LAN Protection StrategiesWireless LAN Protection Strategies

Chaffey CollegeChaffey CollegeChino Information Technology CenterChino Information Technology CenterSteve Siedschlag, Associate ProfessorSteve Siedschlag, Associate Professor

RecommendationsRecommendationsRecommendationsRecommendations

•• Wireless LAN related ConfigurationWireless LAN related Configuration–– Enable WEP, use 128bit keyEnable WEP, use 128bit key

Disable SSID BroadcastsDisable SSID Broadcasts–– Disable SSID BroadcastsDisable SSID Broadcasts–– No SNMP access No SNMP access –– Use MAC (hardware) address to restrict accessUse MAC (hardware) address to restrict access( )( )–– NonNon--default Access Point password default Access Point password –– Change default Access Point NameChange default Access Point Name

U 802 1 / WPA / 802 11i ( h il bl )U 802 1 / WPA / 802 11i ( h il bl )–– Use 802.1x / WPA / 802.11i (when available)Use 802.1x / WPA / 802.11i (when available)


Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationEnable WEP, use 128bit keyEnable WEP, use 128bit key


Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationDisable SSID BroadcastDisable SSID Broadcast


Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationNo SNMP access No SNMP access


Wireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationWireless LAN related ConfigurationUse 802.1x / WPA / 802.11i (when available)Use 802.1x / WPA / 802.11i (when available)


General RecommendationsGeneral RecommendationsGeneral RecommendationsGeneral Recommendations

l ( i d i l )l ( i d i l )•• Always (wired or wireless)Always (wired or wireless)–– Install virus protection software plus automatic frequent pattern Install virus protection software plus automatic frequent pattern

file updatefile updateShared folders must impose passwordShared folders must impose password–– Shared folders must impose passwordShared folders must impose password

•• Management IssueManagement IssueProhibit installation of AP’s without authorizationProhibit installation of AP’s without authorization–– Prohibit installation of AP s without authorizationProhibit installation of AP s without authorization

–– Discover any new APs constantly (NetStumbler is free, Antenna Discover any new APs constantly (NetStumbler is free, Antenna is cheap)is cheap)

–– Power off Access Point when not in usePower off Access Point when not in use–– Carefully select the physical location of your AP, not near Carefully select the physical location of your AP, not near

windows or front doors.windows or front doors.


Thank You!Thank You!Thank You!Thank You!

•• Computer Network Security Resources at the Robert Pile Computer Network Security Resources at the Robert Pile Chaffey College Chino Information Technology CenterChaffey College Chino Information Technology Center–– CISCIS--420420 PC Security & PrivacyPC Security & PrivacyCISCIS 420420 PC Security & PrivacyPC Security & Privacy–– CISNTWKCISNTWK--440440 Fund. Of Network Security (Security+)Fund. Of Network Security (Security+)–– CISNTWKCISNTWK--441441 Firewalls & Intrusion DetectionFirewalls & Intrusion Detection

CISNTWKCISNTWK 442442 Di t R Pl iDi t R Pl i–– CISNTWKCISNTWK--442442 Disaster Recovery PlanningDisaster Recovery Planning–– CISNTWKCISNTWK--445445 Windows Security AdministrationWindows Security Administration–– CISNTWKCISNTWK--447447 Linux Security AdministrationLinux Security Administration

Steve SiedschlagSteve Siedschlag [email protected]@chaffey.eduAssociate ProfessorAssociate Professor


Associate ProfessorAssociate Professor

Introduction toIntroduction to Wireless Networking and ...2profs.net/steve/CISNTWK440/PPT/Wireless...

Documents

Transcript of Introduction toIntroduction to Wireless Networking and ...2profs.net/steve/CISNTWK440/PPT/Wireless...