wireless network security lab last update 2011.06.01 1.0.0 1copyright 2011 kenneth m. chipps ph.d
TRANSCRIPT
Wireless Network Security Lab
Last Update 2011.06.01
1.0.0
1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
Method Used
• This lab will be done in Packet Tracer 5.2 or later
• Start Packet Tracer
2Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
Create the Lab Network
• Create this network in it
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 3
Create the Lab Network
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 4
Create the Lab Network
• The connections to the Server-PT devices from the Access Point switch ports are straight-through cables
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 5
Configure the Access Point
• Click on the Linksys WRT300N Wireless Access Point– Open the GUI tab and ensure that DHCP is
set to Automatic Configuration• Leave the Access Point’s IP address at the
default value of 192.168.0.1/24• Enable the DHCP Server and leave the Start
IP Address as 192.168.0.100• Set the maximum number of DHCP clients to
4Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 6
Configure the Wireless Client
• Open the Physical tab of the PC-PT computer and turn the power off
• Remove the Ethernet module and replace it with the Linksys WMP-300N wireless module
• Turn the power back on• After a few seconds you should have a
wireless connection to the access point
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 7
Enable WEP
• The original security method used in wireless LANs was WEP
• Let’s see how it is enabled• On the WRT-300N access point select the
Config tab– Change the SSID to
• CCNP
– Enable WEP Authentication• Use 1234567890 as the WEP key value
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 8
Enable WEP
• On the PC using the Wireless Settings• Change the SSID to
• CCNP
• Enable WEP Authentication• Use 1234567890 as the WEP key value
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 9
Configure the Web Server
• On the Web Server• Open the Desktop tab• Click the IP configuration icon
• Change the static settings of the Web Server as follows
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 10
Configure the Web Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 11
Configure the Web Server
• Open the Config tab disable all service except for HTTP and HTTPS
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 12
Configure the Web Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 13
Check Connectivity
• Open the wireless host’s Web Browser and verify that you can access the web server using the IP address 192.168.0.11
• If you are successful, your browser page should look this
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 14
Check Connectivity
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 15
Enable WPA with TKIP
• WEP was replaced by WPA using TKIP• Let’s see how WPA works• On the wireless access point, enable
WPA-PSK authentication• Set the Data Encryption type to TKIP• Use the PassPhase abcd1234
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 16
Enable WPA with TKIP
• On the wireless host, enable WPA-PSK authentication
• Use the PassPhase abcd1234• Ensure that the Data Encryption type is set
to TKIP
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 17
Check Connectivity
• After the wireless connection between the access point and the wireless host is resumed
• Verify connectivity by pinging the web server at 192.168.0.11
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 18
Enable WPA with AES
• TKIP was soon replaced in WPA by AES• Let’s see how this change is made• On the wireless access point, enable
WPA-PSK authentication• Set the Data Encryption type to AES• Use the PassPhase abcd1234
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 19
Enable WPA with AES
• On the wireless host, enable WPA-PSK authentication
• Ensure that the Data Encryption type is set to AES
• Use the PassPhase abcd1234
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 20
Check Connectivity
• After the wireless connection between the access point and the wireless host is resumed
• Verify connectivity by pinging the web server at 192.168.0.11
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 21
Enable WPA2
• There are two versions of WPA2– WPA2-PSK– WPA2-Enterprise
• We have just seen WPA-PSK enabled above at all it is is WPA with TKIP replaced by AES
• In other words PSK or pre-shared key• As in WEP and WPA, WPA-PSK is just a
password based systemCopyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 22
Enable WPA2
• As is true of any password based system, the password can be lost
• This requires all the devices be changed• A better solution is to use a RADIUS
server to enable WPA2-Enterprise• Let’s see how this is done
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 23
Configure the RADIUS Server
• Open the Desktop tab on the RADIUS Server and click the IP configuration icon
• Change the static settings of the RADIUS Server as follows
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 24
Configure the RADIUS Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 25
Configure the RADIUS Server
• Open the Config tab– Disable all services except AAA
• Click on the AAA service–Turn the AAA service on and leave the
RADIUS port set to 1645– Add a RADIUS client Linksys Access Point
with an IP address of 192.168.0.1 and a secret key ccnp1234
– Add a user student with a password ciscoCopyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 26
Configure the RADIUS Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 27
Configure the Access Point
• On the access point– Change the Authentication type to WPA2– Configure the RADIUS server IP address as
192.168.0.10– Set the Shared Secret key to ccnp1234– Set the Data Encryption Type to AES
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 28
Configure the Access Point
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 29
Configure the Wireless Client
• On the Wireless Client– Change the Authentication Type to WPA2
Change the Data Encryption Type to AES– Enter the User ID
• student
– Enter the password• cisco
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 30
Check Connectivity
• You should now have connectivity between the wireless host and the access point
• Verify this by connecting to the web server from the browser on the wireless host
• If you do not have connectivity to the web server, double-check all of your settings on access point, wireless host, and RADIUS server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 31
Source
• Most of this lab is stolen from John Morgan, but its ok, he said I could
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 32