Download Introduction

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
Document related concepts

Peering wikipedia , lookup

Deep packet inspection wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Network tap wikipedia , lookup

Wi-Fi wikipedia , lookup

Distributed firewall wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Wireless security wikipedia , lookup

Transcript 
Homework
Chapter 4
Secure Networks
Last Name: ____________________________
First Name: _______________________________________________
Date Due: _______________________________
Directions:
Place your cursor at the end of a question and hit Enter.
This will place you in the Answer style, which is indented.
Introduction
1.
a. Explain the four general goals for secure networking.
b. How can information be gathered from encrypted network traffic?
c. Give an example of how new technology has made networks less secure.
d. How does the castle model relate to secure networking?
e. What is meant by “death of the perimeter?”
f. How does the city model relate to secure networking?
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
Denial-of-Service (DoS) Attacks
2.
a. What is a denial-of-service attack?
b. Other than a DoS attack, what could cause a company’s webserver crash?
c. What are the main goals of DoS attacks?
d. Is a slow degradation of service worse than a total stoppage? Why?
Methods of DoS Attacks
DIRECT AND INDIRECT ATTACKS
3.
a. What is the difference between a direct and indirect DoS attack?
b. What is backscatter?
c. What types of packets can be sent as part of a DoS attack?
d. Describe a SYN flood.
e. How does a DDoS attack work?
f. What does a handler do?
REFLECTED ATTACK
4.
a. How does a P2P attack work?
b. How does a reflected attack work?
c. What is a DRDoS attack, and how does it work?
d. What is a Smurf flood?
e. What type of packet is sent in a Smurf flood? Why?
f. How could a malformed packet cause a host to crash?
Defending Against Denial-of-Service (DoS) Attacks
5.
a. What is black holing?
2
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
b. Is black holing an effective defense against DoS attacks? Why?
c. How can the effects of SYN floods be mitigated?
d. What is a false opening?
e. Why is rate limiting a good way to reduce the damage of some DoS attacks?
f. Why is it limited in effectiveness?
g. Why is DoS protection a community problem, not just a problem for individual
victim firms to solve?
ARP Poisoning
6.
a. Why do hosts use ARP?
b. Can ARP poisoning be used outside the LAN? Why not?
c. Why do hosts send ARP requests?
d. What is ARP spoofing?
e. How could an attacker use ARP spoofing to manipulate host ARP tables?
7.
a. Explain ARP poisoning.
b. Why does the attacker have to send a continuous stream of unrequested ARP
replies?
c. Do switches record IP addresses? Why not?
d. Does the attacker have to poison the gateway’s ARP tables too? Why?
3
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
e. Why does all network traffic go through the attacker after poisoning the network?
ARP DoS Attack
Preventing ARP Poisoning
8.
a. How can ARP poisoning be used as a DoS attack?
b. How can static IP and ARP tables be used to prevent ARP poisoning?
c. Can static IP and ARP tables be effectively used in large networks? Why not?
d. Why would limiting local access prevent DoS attacks?
e) Why is limiting local access difficult to do? (Not in the book).
SLAAC Attack
9.
a. What is a SLAAC attack?
b. Why do host automatically prefer IPv6 addressing?
c. What has to be introduced to a network for a SLAAC attack to work?
d. Would a SLAAC attack work on an existing IPv6 network? Why not?
e. Could a rogue router direct internal traffic to an outside rogue DNS server? How?
Access Control for Networks
LAN Connections
10.
a. What is the main access control threat to Ethernet LANs?
b. What is the main access control threat to wireless LANs?
c. Why is the access control threat to wireless LANs more severe?
d. Is eavesdropping usually a concern for wired LANs, wireless LANs, or both?
4
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
Ethernet Security
11.
a. Why is 802.1X called Port-Based Access Control?
b. Where is the heavy authentication work done?
c. What are the three benefits of using a central authentication server?
d. Which device is the verifier? Explain. (Trick question.)
e. Which device is called the authenticator?
The Extensible Authentication Protocol (EAP)
12.
a. How does an EAP session start?
b. What types of messages carry requests for authentication information and
responses to these requests?
c. Describe how the central authentication server tells the authenticator that the
supplicant is acceptable.
d. How does the authenticator pass this information on to the supplicant?
e. In what sense is EAP extensible?
f. When a new authentication method is added, what device software must be
changed to use the new method?
g. Why is there no need to change the operation of the authenticator when a new
EAP authentication method is added or an old EAP authentication mode is
dropped?
h. Why is this freedom from the need to make changes in the switch beneficial?
5
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
RADIUS Servers
13.
a. What standard do most central authentication servers follow?
b. How are EAP and RADIUS related in terms of functionality?
c. What authentication method does RADIUS use?
Wireless Security
Wireless Attacks
14.
a. What is the most common attack against wireless networks? Why?
b. Which IEEE standard governs WLAN transmission?
c. Which device acts as a relay between wired and wireless networks?
d. What is the typical range of a WLAN?
e. What is the difference between an open network and a private network?
f. Who would set up a rogue access point? Why?
g. Give examples of both internal and external harm caused by unauthorized
wireless access.
h. Are you liable if someone else uses your wireless network to commit a crime?
Why, or why not?
Evil Twin Access Points
15.
a. What man-in-the-middle attack is a danger for 802.11 WLANs?
b. Physically, what is an evil twin access point?
6
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
c. What happens when the legitimate supplicant sends credentials to the legitimate
access point?
d. In what two types of attacks can the evil twin engage?
e. Are evil twin attacks frequent?
f. Where are they the most frequently encountered?
g. How can the danger of evil twin attacks be addressed?
Wireless Denial of Service
16.
a. How would a wireless DoS attack be carried out?
b. What type of devices could be used to flood the transmission frequency for a
WLAN?
c. What device could be used to identify a DoS flood if the entire frequency is being
flooded by EMI?
d. What type of attack commands could be sent to cause a wireless DoS attack?
e. What would happen if a wireless network were flooded with CTS frames?
ADDING SECURITY TO EAP
17.
a. Why is it impossible to extend 802.1X operation using EAP directly to WLANs?
b. What standard did the 802.3 Working Group create to extend 802.1X operation
to WLANs with security for EAP?
c. For 802.11i, distinguish between outer and inner authentication.
d. What authentication method or methods does outer authentication use?
e. What two extended EAP protocols are popular today?
f. Distinguish between their options for inner authentication.
g. Is 802.11i security strong? Explain.
7
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
Core Wireless Security Protocols
Wired Equivalent Privacy (WEP)
Cracking WEP
18.
a. What was the first core wireless security standard?
b. What encryption algorithm does it use?
c. Why are permanent shared keys undesirable?
d. What per-frame key does a WEP computer or access point use to encrypt when it
transmits?
e. What mistake did the 802.11 Working Group make in selecting the length of the
IV?
f. How long may WEP take to crack today?
g. Should corporations today use WEP for security?
Wi-Fi Protected Access (WPA™)
19.
a. What prompted the Wi-Fi Alliance to create WPA?
b. Compare WPA and 802.11i security.
c. What does the Wi-Fi Alliance call 802.11i?
d. Despite its security weaknesses, why do many companies continue to use WPA
instead of 802.11i?
Pre-Shared Key (PSK) Mode
20.
a. Why is 802.1X mode unsuitable for homes and small offices?
b. What mode was created for homes or very small businesses with a single access point?
c. How do users in this mode authenticate themselves to the access point?
8
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
d. Why is using a shared initial key not dangerous?
e. How are PSK/personal keys generated?
f. How long must passphrases be for adequate security?
Wireless Intrusion Detection Systems
21.
a. What is the purpose of a wireless IDS?
b. How do wireless IDSs get their data?
c. What is a rogue access point?
d. What are the two alternative to using a centralized wireless IDS?
e. Why are they not attractive?
False 802.11 Security Measures
22.
a. Does the use of spread spectrum transmission in 802.11 create security?
b. What are SSIDs?
c. Does turning off SSID broadcasting offer real security? Explain.
d. What are MAC access control lists?
e. Do they offer real security? Explain.
Conclusion
Thought Questions
1.
Distinguish between EAP and RADIUS in terms of functionality.
9
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
2.
Why would it be desirable to protect all of a corporation’s IP traffic by IPsec? Give
multiple reasons.
3.
What wireless LAN security threats do 802.11i and WPA not address?
4.
Given the weakness of commercial WAN security, why do you think companies continue
to use WAN technology without added cryptographic protections?
5.
What could a company do if it was using a commercial WAN and a vulnerability
appeared that allowed attackers to easily find routing information and therefore be able to
eavesdrop on corporate transmissions?
6.
The 802.1X standard today is being applied primarily to wireless LANs rather than to
wired LANs. Why do you think that is?
Hands-on Projects
Project 1 A useful program that network administrators can use to manage their wireless
networks is inSSIDer®. It shows 1) the MAC (physical) address of the network, 2) its SSID, 3)
the channel it is using, 4) a signal-to-noise ratio, 5) the type of security the network is using, 6)
the type and speed of the network, and 7) the times the network appeared.
Another benefit of inSSIDer is that it displays the encryption type used on a specific network.
This is important information if you are doing a penetration test or a security audit. If your
company is using wired equivalent privacy (WEP), it would be wise to switch to Wi-Fi protected
access (WPA) or WPA2 (even better). There are several tools available that can crack WEP
keys.
Running a quick scan of your network using inSSIDer may help you determine if you need to
make changes to your network. It can also tell you if your network has dead spots or rogue
access points. Let’s look at a simple example.
1.
2.
3.
4.
5.
6.
7.
8.
Download inSSIDer from: http://www.metageek.net/products/inssider.
Click Download inSSIDer.
Click Download.
Click Save.
Select the C:\networking\ folder.
If the program doesn’t automatically start, browse to the C:\networking\ folder.
Double-click Inssider_Installer.msi.
Click Next, Next, Next, and Close.
10
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
9.
10.
11.
12.
13.
14.
15.
16.
Click Start, All Programs, MetaGeek, and inSSIDer.
Select your wireless network card from the drop-down menu.
Click Start Scanning.
Wait a few minutes for surrounding networks to show up on the list.
Take a screenshot.
Walk 20-40 feet in one direction.
Wait a few minutes for surrounding networks to show up on the list.
Take another screenshot showing the changes in network strength.
Project 2 Ekahau HeatMapper shows you the location of access points and relative signal
strength of a wireless network on a map. This is a tremendous advantage to network
administrators because they can identify dead zones, locate rogue access points, and map
coverage areas.
Small wireless networks are easy to set up. Large wireless networks, on the other hand, are
notoriously difficult to implement correctly. Placement of multiple access points to cover a
specific geographic area can be difficult due to 1) variations in building materials in the
walls/floors, 2) integrating different wireless standards (802.11b, 802.11g, or 802.11n), 3) the
number of users in a given area, and 4) accounting for 3-dimensional buildings.
HeatMapper allows you to use your own custom map (building, campus, neighborhood, etc.) to
pinpoint access points and wireless coverage. It’s also free and easy to use.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Download Ekahau HeatMapper from:
http://www.ekahau.com/products/heatmapper/overview.html.
Fill in any information in the required fields. (The download will start automatically so
you do not have to put in your personal email address.)
Click Download.
Click Save.
Select the C:\networking\ folder.
If the program doesn’t automatically start, browse to the C:\networking\ folder.
Double-click Ekahau_HeatMapper-Setup.exe.
Click Next, I Agree, and Install.
Click Install Driver Software if you are prompted.
Click Finish.
Click “I don’t have a map.”
Note: You are going to be walking around for this project. Be careful. You are going to be
marking waypoints every few steps. It’s important to keep your directions so the map is accurate.
11
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4: Secure Networks
Corporate Computer and Network Security, 2nd Edition
Raymond R. Panko
You can use the grid to help estimate your distance. You can use each block as five steps. You
might get better results if you make a change in direction.
12.
13.
14.
15.
16.
Click any point on the map as your first waypoint. (You are going to click several so it’s
a good idea to start at the bottom.)
Walk 5-20 paces in one direction and stop.
Click another point on the grid. (In this example every square on the grid was five paces.)
Make at least three more waypoints including one change of direction. (Once enough data
is collected HeatMapper will automatically map the access points (AP) and draw the map
showing signal strength.)
Take a screenshot showing all access points and signal strength mapping.
Project Thought Questions
1.
2.
3.
4.
5.
6.
7.
8.
How does the program know where to place the icons representing other networks?
What do the colors represent on the map?
Would it be difficult to map an entire campus or corporate location?
Can you use your own existing map? Where would you get it?
What are channels? Would one be better than another?
Why is WEP considered cryptographically weak?
What is the difference between WPA and WPA2?
Why do some networks run at 11 Mbps and others at 54 Mbps?
Perspective Questions
1.
What was the most surprising thing you learned in this chapter?
2.
What part was the most difficult for you?
12
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall
Related documents
88% 73%
88% 73%
Wireless Monitoring System
Wireless Monitoring System
Downlaod File
Downlaod File
Check Your Understanding Chapter 7 Part 1 For a quick review to
Check Your Understanding Chapter 7 Part 1 For a quick review to
Chapter 8 Power Point Solutions Define communications including
Chapter 8 Power Point Solutions Define communications including
William Stallings Data and Computer Communications
William Stallings Data and Computer Communications
Introduction
Introduction
Introduction to Mobile Computing CNT 5517-5564
Introduction to Mobile Computing CNT 5517-5564
Discussion Points for 802.21 Security
Discussion Points for 802.21 Security
Wireless Communications and Networks
Wireless Communications and Networks
HERE - Jemez Mountains Electric Cooperative, Inc.
HERE - Jemez Mountains Electric Cooperative, Inc.
Wireless Optimizer Installation Flexibility
Wireless Optimizer Installation Flexibility