wireless home security
DESCRIPTION
TRANSCRIPT
![Page 1: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/1.jpg)
Wireless Home SecurityWireless Home Security
by Adrian Mikeliunas, CISSP, by Adrian Mikeliunas, CISSP, CLP x 33478 - ISGGCCLP x 33478 - ISGGC
![Page 2: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/2.jpg)
22
![Page 3: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/3.jpg)
33
![Page 4: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/4.jpg)
44
AgendaAgenda
• Wireless LAN: Basic concepts Wireless LAN: Basic concepts • Network componentsNetwork components• Configuration modesConfiguration modes
• Ad hoc mode (peer to peer)Ad hoc mode (peer to peer)• Infrastructure mode (Access Point)Infrastructure mode (Access Point)
• Security Security • Wi-Fi Protected Access with preshared keyWi-Fi Protected Access with preshared key
• FeedbackFeedback
![Page 5: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/5.jpg)
55
Wireless LAN – WHY?Wireless LAN – WHY?
• ConvenienceConvenience– Mobile (great for laptops!)Mobile (great for laptops!)– Less expensive than conventional wiringLess expensive than conventional wiring
• Cool factorCool factor
• Drawbacks?Drawbacks?– Subject to interferenceSubject to interference– Sharing your network with the world…Sharing your network with the world…
![Page 6: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/6.jpg)
66
Wireless Support in WindowsWireless Support in WindowsWireless Configuration ServiceWireless Configuration Service
• Discovers wireless LANs in proximityDiscovers wireless LANs in proximity
• Notifies user about wireless LANNotifies user about wireless LAN
• Stores and retrieves user-preferred Stores and retrieves user-preferred configurationsconfigurations
• Dynamically selects the wireless LAN Dynamically selects the wireless LAN to be joinedto be joined
• Dynamically detects Dynamically detects addition/removal of wireless addition/removal of wireless adaptersadapters
![Page 7: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/7.jpg)
77
Wireless Configuration Wireless Configuration Service in WindowsService in Windows
• Discovers wireless LANs in the Discovers wireless LANs in the proximity and notifies userproximity and notifies user
![Page 8: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/8.jpg)
88
![Page 9: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/9.jpg)
99
![Page 10: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/10.jpg)
1010
Wireless LAN SpecsWireless LAN Specs
• 802.11a802.11a (older)(older)– 5-GHz band5-GHz band– 54 Mbps “raw” (throughput ~25 Mbps)54 Mbps “raw” (throughput ~25 Mbps)
• 802.11b802.11b (most popular)(most popular)– 2.4-GHz band2.4-GHz band– 11 Mbps “raw” (throughput ~6 Mbps)11 Mbps “raw” (throughput ~6 Mbps)
• 802.11g802.11g (latest & greatest)(latest & greatest)– 2.4-GHz band2.4-GHz band– 54 Mbps “raw” (throughput ~25 Mbps)54 Mbps “raw” (throughput ~25 Mbps)
![Page 11: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/11.jpg)
1111
Wireless LAN – ConceptsWireless LAN – Concepts
• Ad hoc mode (peer-to-peer)Ad hoc mode (peer-to-peer)– Wireless clients connect directlyWireless clients connect directly
• Infrastructure modeInfrastructure mode– Require access points (AP)Require access points (AP)– All wireless clients connect through the All wireless clients connect through the
APAP
![Page 12: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/12.jpg)
1212
Wireless LAN – AcronymsWireless LAN – Acronyms
• SSID – Service set identifier SSID – Service set identifier
• WEP – Wired Equivalent PrivacyWEP – Wired Equivalent Privacy
• WPA – Wi-Fi Protected AccessWPA – Wi-Fi Protected Access
• WPA-PSK – WPA with preshared keyWPA-PSK – WPA with preshared key
• TKIP – Temporal Key Integrity TKIP – Temporal Key Integrity ProtocolProtocol
• AES – Advanced Encryption StandardAES – Advanced Encryption Standard
![Page 13: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/13.jpg)
1313
Home Wireless NetworksHome Wireless NetworksPeer-to-Peer ConfigurationPeer-to-Peer Configuration
• No AP (Ad Hoc)No AP (Ad Hoc)
• Internet Connection SharingInternet Connection Sharing
To Internet To Internet (Cable modem, (Cable modem, DSL, dial-up…)DSL, dial-up…)
Wireless Medium Wireless Medium (WM)(WM)
Wireless ClientsWireless Clients
Home PC with wireless adapter in Home PC with wireless adapter in ad hoc mode and Internet ad hoc mode and Internet
connection sharedconnection shared
![Page 14: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/14.jpg)
1414
Home Wireless Networks inHome Wireless Networks inAd Hoc ModeAd Hoc Mode
• Share the Internet Share the Internet
Connection on the Connection on the PCPC
• Turn on Internet Turn on Internet
Connection Connection FirewallFirewall
![Page 15: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/15.jpg)
1515
Home Wireless Networks inHome Wireless Networks inAd Hoc Mode Ad Hoc Mode (2)(2)
• Add an ad hoc Add an ad hoc network network
to the preferred listto the preferred list
• Use maximum WEP Use maximum WEP keykey
length (104 bit, length (104 bit, inputinput
13 characters)13 characters)
![Page 16: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/16.jpg)
1616
Home Wireless NetworksHome Wireless NetworksInfrastructure ConfigurationInfrastructure Configuration
• AP connected to cable or DSL AP connected to cable or DSL modemmodem
Wireless ClientsWireless Clients
To Internet To Internet (Cable modem, (Cable modem,
DSL…)DSL…)
Wireless Medium Wireless Medium (WM)(WM)
Home PC Home PC Wired ClientWired Client
Wireless Base StationWireless Base Station(Access point and router)(Access point and router)
![Page 17: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/17.jpg)
1717
Home Wireless Networks in Home Wireless Networks in Infrastructure ModeInfrastructure Mode
• AP requires configuration (do not AP requires configuration (do not keep default configuration)keep default configuration)– Open authentication without encryptionOpen authentication without encryption– Default SSIDDefault SSID
• Levels of wireless securityLevels of wireless security– Nonbroadcast SSIDNonbroadcast SSID– Media Access Control (MAC) address Media Access Control (MAC) address
filteringfiltering– WEPWEP
![Page 18: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/18.jpg)
1818
AP ConfigurationAP Configuration
• Connect AP to PCConnect AP to PC
• From web browser connect to APFrom web browser connect to AP– Broadband detailsBroadband details– LAN detailsLAN details– SecuritySecurity
![Page 19: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/19.jpg)
1919
![Page 20: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/20.jpg)
2020
Infrastructure ModeInfrastructure ModeNonbroadcast SSIDNonbroadcast SSID
• SSID is required to associate to an SSID is required to associate to an AP.AP.
• General operation: 802.11 beacon General operation: 802.11 beacon advertises the SSID of the network advertises the SSID of the network every 100 ms.every 100 ms.
• Nonbroadcast case: Still must be sent Nonbroadcast case: Still must be sent to associate (associate request).to associate (associate request).
• Nonbroadcast means waiting longer Nonbroadcast means waiting longer for the SSID (sniff).for the SSID (sniff).
![Page 21: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/21.jpg)
2121
![Page 22: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/22.jpg)
2222
Infrastructure ModeInfrastructure ModeMAC Address FilteringMAC Address Filtering
• Restricting access to the wireless LAN Restricting access to the wireless LAN based on a table of valid MAC based on a table of valid MAC addressesaddresses
• Malicious user can easily try many Malicious user can easily try many MAC addresses until he finds one that MAC addresses until he finds one that worksworks
• Wait to sniff traffic from a valid user Wait to sniff traffic from a valid user and then use its MAC addressand then use its MAC address
• MAC address table management MAC address table management overheadoverhead
![Page 23: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/23.jpg)
2323
Home Wireless NetworksHome Wireless NetworksWEP EncryptionWEP Encryption
• Each wireless client shares a key with Each wireless client shares a key with APAP
• Each packet is encrypted with shared Each packet is encrypted with shared key and initialization vector (IV)key and initialization vector (IV)
• WEP key size 40 bit or 104 bitWEP key size 40 bit or 104 bit
• Multiple problems (can be broken)Multiple problems (can be broken)
![Page 24: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/24.jpg)
2424
Home Wireless Networks in Home Wireless Networks in Infrastructure ModeInfrastructure Mode
• Windows client configurationWindows client configuration
![Page 25: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/25.jpg)
2525
![Page 26: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/26.jpg)
2626
Home Wireless NetworksHome Wireless NetworksAdditional Protection:Additional Protection:
• AT&T VPN AT&T VPN – Encrypts traffic from client before Encrypts traffic from client before
broadcastbroadcast– Just like a wired workstation Just like a wired workstation
• WPA-PSK: 256-bit numberWPA-PSK: 256-bit number– Input passphrase: 8 to 63 bytes longInput passphrase: 8 to 63 bytes long– TKIP: Replacement for WEPTKIP: Replacement for WEP
• Rekeying: Encryption keys are changed Rekeying: Encryption keys are changed after a specified time intervalafter a specified time interval
![Page 27: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/27.jpg)
2727
Home Wireless Networks Home Wireless Networks WPA-PSKWPA-PSK
• Windows clientWindows clientconfiguration configuration
• Requires Requires supportsupportin the wirelessin the wirelessnetwork adapternetwork adapterdriverdriver
![Page 28: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/28.jpg)
2828
WB ResourcesWB Resources
• At WB intranet, At WB intranet, type type http://GRAS – Help: Help: – Guides and Guides and
Installation Installation InstructionsInstructions
– Technical Technical Documentation: Documentation:
– Broadband Broadband ConnectivityConnectivity
GRAS Walk-in GRAS Walk-in LocationsLocations
I building:I building:
2—3002—300
H building:H building:
H5-268H5-268
MC building:MC building:
MC1-401MC1-401
![Page 29: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/29.jpg)
2929
Additional ResourcesAdditional Resources
• IEEE 802.11IEEE 802.11– http://grouper.ieee.org/groups/802/11/index.ht
ml
• ““Security of the WEP Algorithm”Security of the WEP Algorithm”– http://www.isaac.cs.berkeley.edu/isaac/wep-fa
q.html
• WPA informationWPA information– www.wifialliance.org/opensection/protected_access.asp
• 802.11 Security802.11 Security• www.wirelessdevnet.com/articles/80211sec
urity
![Page 30: Wireless Home Security](https://reader034.vdocuments.site/reader034/viewer/2022051109/5485c7f8b4af9fc2158b4792/html5/thumbnails/30.jpg)
3030
QuestionsQuestions
??
??
??