Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

Published byFrancis Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor."— Presentation transcript:

1 How to Secure a Home Wi-Fi S. Roy

2 Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor Gurdip Singh Professor Eugene Vasserman Alex Bardas 2

3 What is a home Wi-Fi? Provides a wireless access point (AP) via which household machines (e.g. laptops, tablets and smart phones in an apartment) can connect to the Internet The access point is also known as home router.

4 More about Home Wi-Fi Note: typically, the same router also supports wired connection at home as shown in the figure. The router (also called AP) is connected with the Internet via a modem. Any wireless-capable computer or smartphone in the house communicates with the router. AP

5 Risks in a Home Wi-Fi An insecure home Wi-Fi has all problems of using a free public Wi-Fi – A neighboring (e.g. nextdoor) attacker can launch similar attacks on the computers of a home Wi-Fi. And an additional concern: the admin responsibility – The intruder may use your network as a stepping stone for doing DoS, SPAMing, downloading music, and so on. – The home owner has to deal with the law enforcement agency for any wrong doing rooted at his/her network – Well before the police comes, the mobile intruder can flee away while the home owner will stay

6 Abusing a Home Wi-Fi network 1.The attacker M intrudes your home network 2.M uses it as a stepping stone for bad activities 3.You (the home owner) face FBI Pentagon Server Alice Mallory (M) AP A Home Wi-Fi with a user and an attacker DoS attack P2P Server download pirated items Internet

7 Securing a Home Wi-Fi: Task 1 Stop the intruder from joining the network – The AP employs an access control mechanism to authenticate the legitimate computers – Each legitimate computer may share the same key with the AP while the intruder does NOT have the key Alice Mallory AP A Home Wi-Fi with two users; an attacker M is denied access Bob hello; proof of the key authenticated hello Access denied

8 Securing a Home Wi-Fi: Task 2 Stop the intruder from eavesdropping – Encrypt the traffic (i.e. communicated messages) between the AP and each legitimate computer Mallory should NOT be able to decrypt the airborne traffic. Alice Malary AP Bob Encrypted mesg

9 Outdated Algorithms for Wi-Fi Security Wired Equivalent Privacy (WEP) algorithm has numerous flaws. – You should NOT use WEP in your home Wi-Fi. An attacker can easily break into the network. – Available attack/monitor tools: aircrack-ng, CommView The algorithm WPA (Wi-Fi Protected Access) is stronger than WEP – But, WPA still has some serious weakness – So, you should avoid WPA

10 Current Standard for a Wi-Fi Security: An overview The current standard WPA2 has replaced WPA Its Pre-shared Key (PSK) mode (also known as Personal mode) is designed for home network Caution: WPA and WPA2 remain vulnerable if users rely on weak password or passphrase – available attack/monitor tools: aircrack-ng, kismet – a passphrase longer than 13 characters is probably secure

11 Wi-Fi Protected Setup(WPS) A standard that attempts to allow establishment of a secure Wi-Fi (WPA) in an easy way But WPS has serious security flaws – We should not use the WPS An attacker can recover the WPS PIN in a few hours – and thus the network's WPA/WPA2 pre-shared key. Acknowledgement: wikipedia.org

12 Configuring a Router (AP) with WPA2 Walking through the setup procedure 1.Connect a computer to one of the LAN ports on the back of the router 2.Open a web browser and type http://router-IP-address (e.g. 192.168.0.1. It should be available in the router manual) to get the configuration page of the router. Then do the following.http://router-IP-address 3.Change the router’s administrative default password 4.Choose a SSID name (otherwise, the default one will be used) 5.Select WPA2-PSK among the available security algorithms 6.Set a password/passphrase for the WPA2-PSK protocol to use. 7.Give each user (each computer at home) the same passphrase. Check / ensure that WPA2 is ON on the router at the end of the above steps. Configuring Computer

13 More on Router Configuration Enable the built-in NAT/firewall in the router – the router has two sides i.e. the outside world (the Internet) and the inside network (home) – the outside world sees only the router public address (globally unique IP address) – multiple computers inside your home get local addresses (e.g. IP address like 192.168.1.3) The DMZ option – router exposes some specific internal computer – router forwards incoming traffic to the specific host – this is an unsecure option; so, avoid DMZ

14 More on Router Configuration The router can be configured with remote access option – this option allows to access your router configuration page from the outside world – instead of using the router’s LAN IP Address you have to use the router’s Internet IP Address. Remote access can cause security problems – disable the remote access of the router as soon as it is installed.

15 Case Study: A Linksys Router E1200 is a Wireless router – It also has 4 Ethernet ports – the default IP address is 192.168.1.1. – the admin username and the default password is “admin”. – the default SSID of the E1200 is CiscoXXXXX – supports security protocols e.g. WPA2, WPA, WEP – the WPS is Enabled by default; disable it Acknowledgement: Linksys E1200 manual

16 A Hands-On Activity: Configure a Router

17 A few additional security measures: Tradeoff b/w usability and security 1.Disable the SSID broadcast – SSID broadcast attracts the attacker. – But disabling it means each of your computer needs to remember the SSID 2.Assign static IP addresses to all computers at home; turn off DHCP – If DHCP (dynamic addressing) option is ON, the attacker may get a valid IP address from the AP. – Turn off DHCP; configure each connected device with a unique static IP. – Use a private IP address range (like 192.168.x.x or 10.0.0.x) to prevent computers at home from being directly reached from the Internet. 3.Use access control for any computers offering files and services.

18 Wireless Intrusion Detection Tools We should monitor our home Wi-Fi network whenever possible. The available tools are: – Wireshark : captures the wireless network’s all communications; analyzes the traffic to detect possible intrusion attempts – AirSnare: monitors for unfriendly MAC addresses and alerts us; also monitors DHCP requests from clients.

19 Case Study: The Att Wireless Router Discuss why this is an advanced router

20 Summary We discussed common security threats of an open Wi-Fi at home We presented a few standard countermeasures to mitigate the risks Remainder: – the next homework is due before the next class (1pm on February 21) – the next class will be held in Room 128 20

Download ppt "How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor."

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.

Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.
Home Wireless Security David Mitchell 12/11/2007.

Home Wireless Security David Mitchell 12/11/2007.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Chapter 9 Connecting to and Setting up a Network

Chapter 9 Connecting to and Setting up a Network
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
DVG-N5402SP.

DVG-N5402SP.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Similar presentations

Ads by Google