Introduction to Wireless Networking and Security Chino Information Technology Center Steve Siedschlag, Associate Professor
What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in New York, and it meows in Los Angeles. The wireless is the same way, only without the cat. - Attributed to Albert Einstein Chino Information Technology Center 2
What is a Wireless LAN? (really) It is a LAN Extension of Wired LAN Uses High Frequency Radio Waves (RF) Speed : 2Mbps to 54Mbps Distance 100 feet to 15 miles (with fancy antennas) Chino Information Technology Center 3
How WLANs Operate Although a variety of radio frequency WLANs exist, different products share similarities and operate similarly Only two components are required ed for a wireless network Wireless network interface (NIC) cards Access points (AP) Chino Information Technology Center 4
Wireless Network Interface Card NICs connect a computer to the network so it can send and receive data On wired network, NIC has a port for a cable connector On wireless network, the NIC has an antenna to send and receive RF signals Chino Information Technology Center 5
Desktop PC Wireless NIC Chino Information Technology Center 6
Notebook Wireless NIC PCMCIA wireless NICs are available for notebook PCs Some vendors integrate components of wireless NIC onto single chip on motherboard Chino Information Technology Center 7
Software for Wireless NICs Software may be part of operating system itself Windows XP has software integrated while previous versions of Windows do not Software may be separate program loaded into the computer All operating systems before Windows XP, require loading software Chino Information Technology Center 8
Access Point An access point (AP) has three main parts An antenna and a radio transmitter/receiver An RJ-45 wired network interface to connect to a wired network Special bridging software Chino Information Technology Center 9
Access Point Chino Information Technology Center 10
Functions of an Access Point Access point has two basic functions Acts as base station for wireless network Acts as bridge between wireless and wired network Chino Information Technology Center 11
Access Point Characteristics Max range approximately 375 feet (115 meters) Expect a LOT less when there are obstructions Supports as many as 100 users s One access point for each 50 users with light email and basic Internet access One access point per 20 users for heavy network access and large file transfer APs typically mounted on ceiling, but AC power may be a problem Chino Information Technology Center 12
Features of Access Points Coverage area should overlap when using multiple l access points Clients find the AP that provides the best service A seamless handoff occurs when client associates with new AP Chino Information Technology Center 13
WLAN Alphabet Soup 802.11 IEEE family of specifications for WLANs 2.4GHz 2Mbps 802.11a 5GHz, 54Mbps 802.11b Often called Wi-Fi, 2.4GHz, 11Mbps 802.11g 2.4GHz, 54Mbps 802.11i Newly adopted encryption standard parts of 802.11i are already available (WPA, TKIP, AES) on some new hardware/software Chino Information Technology Center 14
Chino Information Technology Center 15
Wireless Topologies There are multiple modes of operation for wireless devices Chino Information Technology Center 16
WLAN Terms & Basic Concept Ad Hoc Mode Wireless client-to-client communication Chino Information Technology Center 17
WLAN Terms & Basic Concept Infrastructure Mode All clients connect via an Access Point AP Chino Information Technology Center 18
WLAN Terms & Basic Concept SSID or BSSID Basic Service Set Identifier beacon BSS BSSID or SSID (Basic Service Set Identifier) An AP forms an association with one or more wireless clients that is referred to as a Basic Service Set beacon beacon Chino Information Technology Center 19
WLAN Terms & Basic Concept ESSID Extended Service Set Identifier ESS To increase the range and coverage of a wireless network, overlapping APs are installed. This is referred to as an Extended Service Set ESSID (Extended Service Set Identifier) Chino Information Technology Center 20
WLAN Terms & Basic Concept WEP Optional method to encrypt (scramble) transmissions Offers some level of protection for wireless networks NOT enabled by default Chino Information Technology Center 21
WLAN Terms & Basic Concept There are 11 channels used by 802.11b & 802.11g Most APs default to channel 6 802.11a 1 uses 2 3 different 4 5 (higher 6 7 frequency) 8 9 10 11 channels Channel 4 Channel 5 Channel 9 Channel 10 Channel 3 Channel 8 Channel 2 Channel 7 Channel 1 Channel 6 Channel 11 2.400 2.412 2.437 Chino Information Technology Center 22 Frequency (GHz) 2.462 2.474
WLAN Risk Unauthorized Clients In range Malicious client Detector Chino Information Technology Center 23
WLAN Risk Unauthorized or Renegade Access Points Interception and unauthorized monitoring of wireless traffic Client-to-Client Attacks Jamming (DoS) Client-to-client attack Jamming malicious Chino Information Technology Center 24
WLAN Risk - Fake Access Point Access Point Clone (Evil Twin) Traffic Interception AP1 AP1* Chino Information Technology Center 25
WLAN Risk Brute force attacks against access point passwords WEP weakness Misconfiguration Chino Information Technology Center 26
WLAN Risk (continued) WEP weakness WEP security flaws documented in a 2001 UC Berkley study Weak encryption (never intended for repeated use) Short keys (64bits 24bit Init Vector = 40 bits) Static Keys No distribution method (shared key) Chino Information Technology Center 27
WLAN Risk (continued) Mis-configurations Default SSID SSID broadcasting is on by default Default Password SNMP Community (RO & RW) Newer hardware/firmware turns this off by default Default security settings (none) Chino Information Technology Center 28
WLAN Risk Unauthorized installation Rogue APs can open a back door to the network. Who is allowed to install? Where are they be installed? Chino Information Technology Center 29
WLAN Risk Network Stumbler Chino Information Technology Center 30
WLAN Risk Wardriving Network Stumbler Chino Information Technology Center 31
WLAN Risk Low cost product prevalent limited features, insecure Well-intentioned user may compromise network security Accidental detection Windows xp automatically discovers access points Chino Information Technology Center 32
Wireless LAN Protection Strategies Chino Information Technology Center Steve Siedschlag, Associate Professor
Recommendations Wireless LAN related Configuration Enable WEP, use 128bit key Disable SSID Broadcasts No SNMP access Use MAC (hardware) address to restrict access Non-default Access Point password Change default Access Point Name Use 802.1x / WPA / 802.11i (when available) Chino Information Technology Center 34
Wireless LAN related Configuration Enable WEP, use 128bit key Chino Information Technology Center 35
Wireless LAN related Configuration Enable WEP, use 128bit key Chino Information Technology Center 36
Wireless LAN related Configuration Enable WEP, use 128bit key Chino Information Technology Center 37
Wireless LAN related Configuration Disable SSID Broadcast Chino Information Technology Center 38
Wireless LAN related Configuration No SNMP access Chino Information Technology Center 39
Wireless LAN related Configuration Use 802.1x / WPA / 802.11i (when available) Chino Information Technology Center 40
General Recommendations Always (wired or wireless) Install virus protection software plus automatic frequent pattern file update Shared folders must impose password Management Issue Prohibit installation of AP s without authorization Discover any new APs constantly (NetStumbler is free, Antenna is cheap) Power off Access Point when not in use Carefully select the physical location of your AP, not near windows or front doors. Chino Information Technology Center 41
Thank You! Computer Network Security Resources at the Robert Pile Chino Information Technology Center CIS-420 PC Security & Privacy CISNTWK-440 Fund. Of Network Security (Security+) CISNTWK-441 Firewalls & Intrusion Detection CISNTWK-442 Disaster Recovery Planning CISNTWK-445 Windows Security Administration CISNTWK-447 Linux Security Administration Steve Siedschlag Associate Professor steve.siedschlag@chaffey.edu Chino Information Technology Center 42