here t - Sun Vista Computer Club

equableunalaskaΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

129 εμφανίσεις



Wi
-
Fi Security

January 21, 2008


by


Larry Finger

Wi
-
Fi Security


Most laptops now come with built
-
in wireless
capability, which can be very handy;
however, always remember that the device is
a radio. Whatever it broadcasts can be seen
by any receiver tuned to that channel.


This presentation will cover how to protect
your own (private) network, and how to
protect yourself when you use a public
network.

Wi
-
Fi Security

A “typical” home network

Wi
-
Fi Security

Why Secure the home network (part
1
)


Protect your information

Using a program called wireshark, I captured data from
the tengointernet wifi. One of the messages contained
the following:

href="/prize/prize
-
rules.jsp" target="_top">Prize
Rules</a>';.prizes[
2
]='<a href="/prize/prize
-
winners.jsp "
target="_top">

This gobbledygook is HTML, the language of web pages.
These data contain no secrets; however, the parts I didn't
show could be used to determine what sites you visit,
etc.

Note: Wireshark does not work with Windows.

Wi
-
Fi Security


Things are not quite as bad as the previous
slide would suggest.


When really sensitive information such as
bank account numbers, log
-
in names, and
passwords are transmitted, and you are
using an “https” site, the data are already
encrypted, and are usually safe. I'll cover the
exception later.

Wi
-
Fi Security

Why secure the home network (part
2
)


Keep strangers from using your Internet
connection

You may have excess capacity, and sharing may
not hurt, but what happens if the unwanted guest
is downloading
kiddie porn
? The Internet record
will point to
YOUR

connection!!! To my
knowledge, no one has been prosecuted for this;
however, why take a chance?

Wi
-
Fi Security

How do you encrypt your Access Point? There
are several flavors of encryption:


WEP


W
ired
E
quivalency
P
rotocol


WPA


W
i
-
Fi
P
rotected
A
ccess


WPA Personal (TKIP
-

T
emporal
K
ey
I
ntegrity
P
rotocol
or AES
-

A
dvanced
E
ncryption
S
tandard)



WPA
2
Personal (TKIP or TKIP + AES)



RADIUS


R
emote
A
uthentication
D
ial
I
n
U
ser
S
ervice


needs separate server
-

mostly for companies (highly
secure)



WPA Enterprise


needs RADIUS server


WPA
2
Enterprise


needs RADIUS server


Wi
-
Fi Security

WEP


Use only if it is the only encryption
available!!!

The designers did it badly. Even with the
128
-
bit version, the encryption can be broken in
as little as
5
minutes!

Be aware that the conversion of a WEP
passphrase into a hexadecimal string is not
unique and the key used by your AP may not
match that of the computer!! Put a
passphrase into the AP, but copy the string
for later usage.


Wi
-
Fi Security


WPA2 Personal


The best available encryption for
the home network. Use this one if it is available.


WPA Personal


This method is less secure than
WPA2, but is designed to work with equipment
originally designed for WEP.

Unlike WEP, the WPA methods can only be cracked
by dictionary attack. If the passphrase is 20
characters or more, cracking is essentially
impossible. Use a strange combination of
upper/lower case and special characters and/or
numbers. My phrase is 28 characters, and includes
special characters. WPA and WPA2 passphrase
conversion is unique.

Wi
-
Fi Security

How do you set the encryption method?


The answer depends on the maker of your AP.
For the Linksys models, you connect via a
wired connection

and point your browser to


192.168.1.1

This address is the default value for these
routers. I'll show later how to determine these
“magic” numbers.



Wi
-
Fi Security

You will be presented with this window.






No “User Name” is required. Note: If you have
not already changed the default password, do
so now!

Wi
-
Fi Security

After logging into the router, select the
“Wireless” and “Wireless Security” tabs, and
pull down “Security” to get

Wi
-
Fi Security

To set up your AP for WPA2 with TKIP + AES,
you would select

Wi
-
Fi Security

This slide shows the way to generate the WEP
key from a passphrase. Only the “Default”
key will be needed

Wi
-
Fi Security

If you have a different make of access point,
the process may differ, but in general, you
still will have to contact the IP address of the
AP, log in, and select the encryption method
and passphrase.


To find the IP address that is needed, select
“start/run”, put “cmd.exe” in the box, and click
“Ok”. In the window that pops up, type
“ipconfig /all”. The address listed as the
“Default gateway” for the wired interface is
what you need..

Wi
-
Fi Security

I have now described what you do to secure
your private network, but what can you do if
you are using a public network such as found
in RV parks, libraries, motels, and coffee
shops?

The solution is a
V
irtual
P
rivate
N
etwork or
VPN. Unless your employer has a VPN
server, these are not free. The one I use
costs $
40
/year.

Note: VPN's will also work with wired
connections.

Wi
-
Fi Security

A VPN is a network “tunnel” between your
computer and the VPN server. With the tunnel,
ALL transmitted data are encrypted before
leaving your computer and is not decrypted
until it reaches your VPN server, which sends
your data on to the final target. Of course, if you
are using https, there is an additional level of
encryption.

Wi
-
Fi Security

There are three flavors of VPN's:


PPTP


P
oint to
P
oint
T
ransfer
P
rotocol

This method is easiest to implement, but relies on a
password that is entered when you connect. It also uses a
less
-
secure encryption than the other two.


SSL


S
ecure
S
ockets
L
ibrary

This method uses a certificate, which was generated by the
VPN provider, to authenticate the client. No password need
be entered. Both the openvpn and ipsec programs use this
method.


IPSec


I
nternet
P
rotocol
SEC
urity

This method is very secure; however, it requires
modification to the operating system. Thus, it is harder to
implement.

Wi
-
Fi Security

Besides encryption, VPN has other benefits:


Access “blocked” sites


Use blocked servers and services


Eliminate “Man
-
in
-
the
-
Middle” attacks

Wi
-
Fi Security

References

Detailed description of encryption methods:

en.wikipedia.org

The commercial VPN provider that I use:

www.witopia.net


Wi
-
Fi Security

I will now show you the steps needed to create
a PPTP VPN on Windows.