* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download www.c-jump.com
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wireless USB wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Computer security wikipedia , lookup
Airborne Networking wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
Wireless security wikipedia , lookup
Transcript
Security Awareness Chapter 5 Wireless Network Security Objectives After completing this chapter you should be able to do the following: • Explain what a network is and the different types of networks • List the different attacks that can be launched against a wireless network • Give the steps necessary to secure a wireless network Security Awareness, 3rd Edition 2 How Networks Work • Understand the basics of how a network works – – – – What is a network? How does it transmit data? Different types of networks Devices typically found on a home wireless network Security Awareness, 3rd Edition 3 What Is a Computer Network? • Purpose of a computer network is to share – Information – Devices such as printers • Home network – Single Internet connection – Shared printer – Easier to perform backups Security Awareness, 3rd Edition 4 What Is a Computer Network? (cont’d.) Figure 5-2 Computer network Course Technology/Cengage Learning Security Awareness, 3rd Edition 5 Transmitting Across a Network • Sending and receiving devices must follow same set of standards (protocols) • Transmission Control Protocol/Internet Protocol (TCP/IP) – Most common set of protocols used today • IP address – Series of four sets of digits separated by periods – Static or dynamic Security Awareness, 3rd Edition 6 Transmitting Across a Network (cont’d.) • Media Access Control (MAC) address – Physical address – 12 characters separated by either dashes or colons • Packets – Small units of data sent through network Security Awareness, 3rd Edition 7 Transmitting Across a Network (cont’d.) Figure 5-3 Sending data by packets Course Technology/Cengage Learning Security Awareness, 3rd Edition 8 Types of Networks • Two types of classifications – Distance-based • Local area network (LAN) • Wide area network (WAN) • Personal area network (PAN) – Type of connection • Wired • Wireless local area network (WLAN) • Wi-Fi (Wireless Fidelity) Security Awareness, 3rd Edition 9 Network Devices • Network interface card (NIC) adapter – Hardware device that connects a computer to a wired network • Router – Hardware device – Responsible for sending packets through the network toward their destination • Firewall – Can repel attacks through filtering the data packets as they arrive at the perimeter of the network Security Awareness, 3rd Edition 10 Network Devices (cont’d.) Figure 5-5 Internal wireless NIC Course Technology/Cengage Learning Security Awareness, 3rd Edition 11 Network Devices (cont’d.) Figure 5-6 Hardware firewall Course Technology/Cengage Learning Security Awareness, 3rd Edition 12 Network Devices (cont’d.) • Network Attached Storage (NAS) device – Dedicated hard disk-based file storage device – Provides centralized and consolidated disk storage available to network user • Access point (AP) – Acts as the ‘‘base station’’ for the wireless network – Acts as a ‘‘bridge’’ between the wireless and wired networks • Wireless gateway – Combine the features of an AP, firewall, and router in a single hardware device Security Awareness, 3rd Edition 13 Attacks on Wireless Networks • Three-step process – Discovering the wireless network – Connecting to the network – Launching assaults Security Awareness, 3rd Edition 14 Discovering • Beaconing – At regular intervals, a wireless router sends a signal to announce its presence • Scanning – Wireless device looks for the incoming beacon information • Wireless location mapping – Also known as war driving – Finding a beacon from a wireless network and recording information about it Security Awareness, 3rd Edition 15 Discovering (cont’d.) • Tools needed for war driving – Mobile computing device – Wireless NIC adapter – Antenna • Omnidirectional antenna – Global positioning system (GPS) receiver – Software Security Awareness, 3rd Edition 16 Discovering (cont’d.) Figure 5-8 USB wireless NIC Course Technology/Cengage Learning Security Awareness, 3rd Edition 17 Connecting • Service Set Identifier (SSID) – ‘‘Network name’’ and can be any alphanumeric string from 2 to 32 characters • Wireless networks are designed to freely distribute rd 3 their SSID • Once a wireless device receives a beacon with the SSID, it can then attempt to join the network – Virtually nothing that an attacker must do in order to connect Security Awareness, 3rd Edition 18 Connecting (cont’d.) Figure 5-9 Connecting to a wireless network Course Technology/Cengage Learning Security Awareness, 3rd Edition 19 Connecting (cont’d.) • Some wireless security sources encourage users to configure APs to prevent the beacon from including the SSID – Does not provide protection Security Awareness, 3rd Edition 20 Launching Assaults • Eavesdropping – Attackers can easily view the contents of transmissions from hundreds of feet away – Even if they have not connected to the wireless network Security Awareness, 3rd Edition 21 Launching Assaults (cont’d.) • Wired Equivalent Privacy (WEP) – Ensure that only authorized parties can view transmitted wireless information – Encrypts information into ciphertext – Contains a serious flaw – Attacker can discover a WEP key in less than one minute Security Awareness, 3rd Edition 22 Launching Assaults (cont’d.) • Stealing data – Once connected attacker treated as “trusted user” – Has access to any shared data • Injecting malware – “Trusted user” enters from behind the network’s firewall – Can easily inject malware • Storing illegal content – Can set up storage on user’s computer and store content Security Awareness, 3rd Edition 23 Launching Assaults (cont’d.) • Launching denial of service (DoS) attacks – Denial of service (DoS) attack • Designed to prevent a device from performing its intended function – Wireless DoS attacks • Designed to deny wireless devices access to the wireless router itself – Packet generator • Create fake packets; flood wireless network with traffic – Disassociation frames • Communication from a wireless device that indicates the device wishes to end the wireless connection Security Awareness, 3rd Edition 24 Launching Assaults (cont’d.) Figure 5-13 DoS attack using disassociation frames Course Technology/Cengage Learning Security Awareness, 3rd Edition 25 Launching Assaults (cont’d.) • Impersonating a legitimate network – Attackers will often impersonate legitimate networks in restaurants, coffee shops, airports, etc. – Does not require wireless router – Ad hoc or peer-to-peer network – Once the connection is made • Attacker might be able to directly inject malware into the user’s computer or steal data Security Awareness, 3rd Edition 26 Wireless Network Defenses • Secure the home wireless network • Use an unprotected public wireless network in the most secure manner possible Security Awareness, 3rd Edition 27 Securing a Home Wireless Network • Locking down the wireless router – Create username and password – Do not use default password – Typical settings on the wireless router login security screen • • • • Router Password Access Server Wireless Access Web Remote Management Security Awareness, 3rd Edition 28 Securing a Home Wireless Network (cont’d.) Figure 5-15 Wireless router login security screen Course Technology/Cengage Learning Security Awareness, 3rd Edition 29 Securing a Home Wireless Network (cont’d.) • Limiting users – Restrict who can access network by MAC address • MAC address filter – Dynamic Host Configuration Protocol (DHCP) rd 3 • Wireless routers distribute IP addresses to network devices • Properly configuring settings • DHCP lease Security Awareness, 3rd Edition 30 Securing a Home Wireless Network (cont’d.) Figure 5-16 MAC address filter Course Technology/Cengage Learning Security Awareness, 3rd Edition 31 Securing a Home Wireless Network (cont’d.) • Turning on Wi-Fi protected access 2 (WPA2) – Personal security model – Designed for single users or small office settings – Parts • Wi-Fi Protected Access (WPA) • Wi-Fi Protected Access 2 (WPA2) – To turn on WPA2 • Choose security mode • Select WPA Algorithm • Enter shared key Security Awareness, 3rd Edition 32 Securing a Home Wireless Network (cont’d.) Figure 5-18 Security Mode options Course Technology/Cengage Learning Security Awareness, 3rd Edition 33 Securing a Home Wireless Network (cont’d.) Figure 5-19 WPA Algorithms setting Course Technology/Cengage Learning Security Awareness, 3rd Edition 34 Securing a Home Wireless Network (cont’d.) • Configuring network settings – Network Address Translation (NAT) • Hides the IP addresses of network devices from attackers • Private addresses • NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address – Port address translation (PAT) • Each packet is sent to a different port number Security Awareness, 3rd Edition 35 Securing a Home Wireless Network (cont’d.) – Virtual local area networks (VLANs) • Segment users or network equipment in logical groupings • Creates a separate virtual network for each user of the wireless network – Demilitarized Zone (DMZ) • Separate network that sits outside the secure network perimeter • Limits outside access to the DMZ network only Security Awareness, 3rd Edition 36 Securing a Home Wireless Network (cont’d.) Figure 5-21 Demilitarized zone (DMZ) Course Technology/Cengage Learning Security Awareness, 3rd Edition 37 Securing a Home Wireless Network (cont’d.) – Port forwarding • More secure than DMZ • Opens only the ports that need to be available Security Awareness, 3rd Edition 38 Using a Public Wireless Network Securely • Turning on a personal firewall – Runs as a program on the user’s local computer – Operates according to a rule base – Rule options • Allow • Block • Prompt – Stateless packet filtering – Stateful packet filtering • Provides more protection Security Awareness, 3rd Edition 39 Using a Public Wireless Network Securely (cont’d.) • Virtual Private Networks (VPNs) – Uses an unsecured public network as if it were a secure private network – Encrypts all data that is transmitted between the remote device and the network – Advantages • • • • Full protection Transparency Authentication Industry standards Security Awareness, 3rd Edition 40 Figure 5-22 Virtual private network (VPN) Course Technology/Cengage Learning Security Awareness, 3rd Edition 41 Summary • Most home users install wireless networks • Attacking a wireless network involves three main steps – Discovery – Connection – Attack • Secure home wireless network • Use good security when using public wireless networks Security Awareness, 3rd Edition 42