Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Chapter 5 Wireless Network Security.

Similar presentations

Presentation on theme: "Security Awareness Chapter 5 Wireless Network Security."— Presentation transcript:

1 Security Awareness Chapter 5 Wireless Network Security

2 Security Awareness, 3 rd Edition2 Objectives After completing this chapter you should be able to do the following: Explain what a network is and the different types of networks List the different attacks that can be launched against a wireless network Give the steps necessary to secure a wireless network

3 How Networks Work Understand the basics of how a network works –What is a network? –How does it transmit data? –Different types of networks –Devices typically found on a home wireless network Security Awareness, 3 rd Edition3

4 What Is a Computer Network? Purpose of a computer network is to share –Information –Devices such as printers Home network –Single Internet connection –Shared printer –Easier to perform backups Security Awareness, 3 rd Edition4

5 What Is a Computer Network? (cont’d.) Figure 5-2 Computer network Security Awareness, 3 rd Edition5 Course Technology/Cengage Learning

6 Transmitting Across a Network Sending and receiving devices must follow same set of standards (protocols) Transmission Control Protocol/Internet Protocol (TCP/IP) –Most common set of protocols used today IP address –Series of four sets of digits separated by periods –Static or dynamic Security Awareness, 3 rd Edition6

7 Transmitting Across a Network (cont’d.) Media Access Control (MAC) address –Physical address –12 characters separated by either dashes or colons Packets –Small units of data sent through network Security Awareness, 3 rd Edition7

8 Transmitting Across a Network (cont’d.) Figure 5-3 Sending data by packets Security Awareness, 3 rd Edition8 Course Technology/Cengage Learning

9 Types of Networks Two types of classifications –Distance-based Local area network (LAN) Wide area network (WAN) Personal area network (PAN) –Type of connection Wired Wireless local area network (WLAN) Wi-Fi (Wireless Fidelity) Security Awareness, 3 rd Edition9

10 Network Devices Network interface card (NIC) adapter –Hardware device that connects a computer to a wired network Router –Hardware device –Responsible for sending packets through the network toward their destination Firewall –Can repel attacks through filtering the data packets as they arrive at the perimeter of the network Security Awareness, 3 rd Edition10

11 Network Devices (cont’d.) Figure 5-5 Internal wireless NIC Security Awareness, 3 rd Edition11 Course Technology/Cengage Learning

12 Network Devices (cont’d.) Figure 5-6 Hardware firewall Security Awareness, 3 rd Edition12 Course Technology/Cengage Learning

13 Network Devices (cont’d.) Network Attached Storage (NAS) device –Dedicated hard disk-based file storage device –Provides centralized and consolidated disk storage available to network user Access point (AP) –Acts as the ‘‘base station’’ for the wireless network –Acts as a ‘‘bridge’’ between the wireless and wired networks Wireless gateway –Combine the features of an AP, firewall, and router in a single hardware device Security Awareness, 3 rd Edition13

14 Attacks on Wireless Networks Three-step process –Discovering the wireless network –Connecting to the network –Launching assaults Security Awareness, 3 rd Edition14

15 Discovering Beaconing –At regular intervals, a wireless router sends a signal to announce its presence Scanning –Wireless device looks for the incoming beacon information Wireless location mapping –Also known as war driving –Finding a beacon from a wireless network and recording information about it Security Awareness, 3 rd Edition15

16 Discovering (cont’d.) Tools needed for war driving –Mobile computing device –Wireless NIC adapter –Antenna Omnidirectional antenna –Global positioning system (GPS) receiver –Software Security Awareness, 3 rd Edition16

17 Discovering (cont’d.) Figure 5-8 USB wireless NIC Security Awareness, 3 rd Edition17 Course Technology/Cengage Learning

18 Connecting Service Set Identifier (SSID) –‘‘Network name’’ and can be any alphanumeric string from 2 to 32 characters Wireless networks are designed to freely distribute their SSID Once a wireless device receives a beacon with the SSID, it can then attempt to join the network –Virtually nothing that an attacker must do in order to connect Security Awareness, 3 rd Edition18 3 rd

19 Connecting (cont’d.) Figure 5-9 Connecting to a wireless network Security Awareness, 3 rd Edition19 Course Technology/Cengage Learning

20 Connecting (cont’d.) Some wireless security sources encourage users to configure APs to prevent the beacon from including the SSID –Does not provide protection Security Awareness, 3 rd Edition20

21 Launching Assaults Eavesdropping –Attackers can easily view the contents of transmissions from hundreds of feet away –Even if they have not connected to the wireless network Security Awareness, 3 rd Edition21

22 Launching Assaults (cont’d.) Wired Equivalent Privacy (WEP) –Ensure that only authorized parties can view transmitted wireless information –Encrypts information into ciphertext –Contains a serious flaw –Attacker can discover a WEP key in less than one minute Security Awareness, 3 rd Edition22

23 Launching Assaults (cont’d.) Stealing data –Once connected attacker treated as “trusted user” –Has access to any shared data Injecting malware –“Trusted user” enters from behind the network’s firewall –Can easily inject malware Storing illegal content –Can set up storage on user’s computer and store content Security Awareness, 3 rd Edition23

24 Launching Assaults (cont’d.) Launching denial of service (DoS) attacks –Denial of service (DoS) attack Designed to prevent a device from performing its intended function –Wireless DoS attacks Designed to deny wireless devicesaccess to the wireless router itself –Packet generator Create fake packets; flood wireless network with traffic –Disassociation frames Communication from a wireless device that indicates the device wishes to end the wireless connection Security Awareness, 3 rd Edition24

25 Launching Assaults (cont’d.) Figure 5-13 DoS attack using disassociation frames Security Awareness, 3 rd Edition25 Course Technology/Cengage Learning

26 Launching Assaults (cont’d.) Impersonating a legitimate network –Attackers will often impersonate legitimate networks in restaurants, coffee shops, airports, etc. –Does not require wireless router –Ad hoc or peer-to-peer network –Once the connection is made Attacker might be able to directly inject malware into the user’s computer or steal data Security Awareness, 3 rd Edition26

27 Wireless Network Defenses Secure the home wireless network Use an unprotected public wireless network in the most secure manner possible Security Awareness, 3 rd Edition27

28 Securing a Home Wireless Network Locking down the wireless router –Create username and password –Do not use default password –Typical settings on the wireless router login security screen Router Password Access Server Wireless Access Web Remote Management Security Awareness, 3 rd Edition28

29 Securing a Home Wireless Network (cont’d.) Figure 5-15 Wireless router login security screen Security Awareness, 3 rd Edition29 Course Technology/Cengage Learning

30 Securing a Home Wireless Network (cont’d.) Limiting users –Restrict who can access network by MAC address MAC address filter –Dynamic Host Configuration Protocol (DHCP) Wireless routers distribute IP addresses to network devices Properly configuring settings DHCP lease Security Awareness, 3 rd Edition30 3 rd

31 Securing a Home Wireless Network (cont’d.) Figure 5-16 MAC address filter Security Awareness, 3 rd Edition31 Course Technology/Cengage Learning

32 Securing a Home Wireless Network (cont’d.) Turning on Wi-Fi protected access 2 (WPA2) –Personal security model –Designed for single users or small office settings –Parts Wi-Fi Protected Access (WPA) Wi-Fi Protected Access 2 (WPA2) –To turn on WPA2 Choose security mode Select WPA Algorithm Enter shared key Security Awareness, 3 rd Edition32

33 Securing a Home Wireless Network (cont’d.) Figure 5-18 Security Mode options Security Awareness, 3 rd Edition33 Course Technology/Cengage Learning

34 Securing a Home Wireless Network (cont’d.) Figure 5-19 WPA Algorithms setting Security Awareness, 3 rd Edition34 Course Technology/Cengage Learning

35 Securing a Home Wireless Network (cont’d.) Configuring network settings –Network Address Translation (NAT) Hides the IP addresses of network devices from attackers Private addresses NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address –Port address translation (PAT) Each packet is sent to a different port number Security Awareness, 3 rd Edition35

36 Securing a Home Wireless Network (cont’d.) –Virtual local area networks (VLANs) Segment users or network equipment in logical groupings Creates a separate virtual network for each user of the wireless network –Demilitarized Zone (DMZ) Separate network that sits outside the secure network perimeter Limits outside access to the DMZ network only Security Awareness, 3 rd Edition36

37 Securing a Home Wireless Network (cont’d.) Figure 5-21 Demilitarized zone (DMZ) Security Awareness, 3 rd Edition37 Course Technology/Cengage Learning

38 Securing a Home Wireless Network (cont’d.) –Port forwarding More secure than DMZ Opens only the ports that need to be available Security Awareness, 3 rd Edition38

39 Using a Public Wireless Network Securely Turning on a personal firewall –Runs as a program on the user’s local computer –Operates according to a rule base –Rule options Allow Block Prompt –Stateless packet filtering –Stateful packet filtering Provides more protection Security Awareness, 3 rd Edition39

40 Using a Public Wireless Network Securely (cont’d.) Virtual Private Networks (VPNs) –Uses an unsecured public network as if it were a secure private network –Encrypts all data that is transmitted between the remote device and the network –Advantages Full protection Transparency Authentication Industry standards Security Awareness, 3 rd Edition40

41 Figure 5-22 Virtual private network (VPN) Security Awareness, 3 rd Edition41 Course Technology/Cengage Learning

42 Summary Most home users install wireless networks Attacking a wireless network involves three main steps –Discovery –Connection –Attack Secure home wireless network Use good security when using public wireless networks Security Awareness, 3 rd Edition42

Download ppt "Security Awareness Chapter 5 Wireless Network Security."

Similar presentations

Ads by Google