Wireless Network Security

homuskratΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

154 εμφανίσεις

Wireless Network Security

IEEE 802.11x


Andrew
Adekunle

Mark Clements



Image source:

www.pcdefence.ca




WLAN Time Line


WLANs are based on the IEEE 802.11
standard

(first developed 1997, 1


2 Mbps rates)



Designed 802.11 to support medium
-
range, higher data rate
applications.



1999 802.11a (5 GHz band, supported 54 Mbps rates)


802.11b (2.4


2.48 GHz band, supported 11 Mbps rates)



2003 802.11g (2.4 GHz band, supports 54 Mbps rates)



2009 802.11n (2.4, 5 GHz band, supports 140 Mbps rates )



2004
802.11i Security (CCMP


AES, WPA2)



802.1x Authentication (RADIUS + EAP)






2.4000

2.4835

GHz band is divided into 13 channels each of width
22

MHz but spaced only 5

MHz apart.



Japan adds a 14th channel 12

MHz above channel 13.



S
tations can only use every fourth or fifth channel without overlap


typically 1, 6 and 11 in the Americas


in theory, 1, 5, 9 and 13 in Europe (1, 6, 11 is typical


802.11 Channels

Table 1: Comparison of Dial
-
up and Broadband Services



Dial
-
up

Broadband

Connection type

Dial on demand

Always on

IP address

Changes on each call

Static or infrequently
changing

Relative connection
speed

Low

High

Remote control
potential

Computer must
be

dialled
in to control
remotely

Computer is always
connected, so remote
control can occur
anytime

ISP
-
provided security

Little or none

Little or none




Dial
-
up
vs

Broadband

Wireless Architecture I

Home network wireless router

Security

Firewall:
Stateful

Packet Inspection

(SPI), Intrusion logging and reporting,
Denial of Service (
DoS
) protection

VPN Functionality: Supports up to 5

IPSec VPN end points; NAT traversal

(VPN
passthrough
) for IPSec, PPTP and

L2TP VPNs

Mode of Operation: Network Address

Translation (NAT), static routing

Security Attacks

How could this network be
made secure?

Wireless Architecture II

Remote Authentication Dial In User Service

(
RADIUS
) is a networking protocol that
provides centralised Authentication, Authorisation, and Accounting (AAA) management for
computers to connect and use a network service.

RADIUS is a client/server protocol that runs in the application layer, using UDP as transport.

The RADIUS server is usually a background process running on a UNIX or Windows NT
machine. RADIUS serves three functions:



to authenticate users or devices before granting them access to a network,


to authorise those users or devices for certain network services and


to account for usage of those services.

RADIUS I

RADIUS II

http://www.eusso.com

Basic Defence Steps



Develop WLAN security policy + staff awareness training




Secure your wireless router or access point administration
interface


(change default passwords, disable remote administration)




Use MAC filtering for

access

control




Enable firewall on wireless router, VLANs, WIDS




Reduce your WLAN transmitter power

(turn off WLAN after hours + at weekends if possible)



Enable

cryptography (WPA2, 802.1x)



Router

Address

Username

Password

3Com

http://192.168.1.1

admin

admin

D
-
Link

http://192.168.0.1

admin

(leave blank)

Linksys

http://192.168.1.1

admin

admin

NETGEAR

http://192.168.0.1

admin

password

TRENDnet

http://192.168.10.1

admin

admin