View
214
Download
0
Tags:
Embed Size (px)
Citation preview
September 2007 Wireless Networks 1
Protecting Your Wireless Network
University of TasmaniaSchool Of Computing
September 2007 Wireless Networks 2
Tonight
This is for Home users Those with limited or no technical
expertise Simple networks with no extra
hardware e.g. no RADIUS/VPN servers etc
Those who want some background and straightforward advice
September 2007 Wireless Networks 3
Agenda Background
Issues
Typical Configuration Options What do they mean
What you should do
September 2007 Wireless Networks 4
A Wireless Network
What does the Access Point do? Internet
Each Computer is uniquely identified by its own IP Address and MAC
AddressIP: Internet ProtocolMAC: Medium Access Control
September 2007 Wireless Networks 5
Wireless Local Area Networks
WLANs Technical Standards Institute of Electrical and
Electronics Engineers (IEEE) 802 802.11 committee
Many sub committees e.g. 802.11g - 54Mbps WLAN 802.11i - WLAN Security
September 2007 Wireless Networks 6
WLAN StandardsSystem Advertise
dCapacityMax
Throughput
Frequency
Band
IEEE 802.11b
11Mbps 6Mbps 2.4GHz
IEEE 802.11g
54Mbps 31Mbps 2.4GHz
IEEE 802.11a
54Mbps 31Mbps 5GHz
IEEE802.11n
>100Mbps
?100Mbps 2.4GHz
802.11n final approval (publication date) is expected by October 2008. Standards are half duplex. Maximum achievable throughput is about 50% of theoretical capacity because of protocol overheads.
Draft 2.0
September 2007 Wireless Networks 7
Unlicensed Spectrum - Legislation
Legal use of spectrum (in Australia) The 2.4Ghz band is divided into 13 channels
Not all channels are independent (ie. not interference free) Legislated power levels apply
Channel 1
Channel 2
Channel 3
Channel 4
Channel 5
Channel 6
Channel 7
Channel 8
Channel 9
Channel 10
Channel 11
Channel 12
Channel 13
2.412GHz 2.472GHz
microwave ovens….
You
Upstairs
September 2007 Wireless Networks 8
Agenda Background
Issues
Typical Configuration Options What do they mean
What you should do
September 2007 Wireless Networks 9
What’s the Problem
Radio signals … Do not have a boundary
Penetrate walls, floors and ceilings
Get weaker the further away you are (from your wireless access point )
September 2007 Wireless Networks 10
Wireless Range
If you measure the radio signal 1meter from the antenna as 100% then At 10m you will measure 1% At 100m you will measure 0.01% At 1km you will measure 0.0001%
It never goes away! just disappears into the background…
September 2007 Wireless Networks 11
Boosting the Received Signal Increasing the rangehttp://www.usbwifi.orcon.net.nz/ Using cookware…
USB wireless device
SimpleCheap
Effective
September 2007 Wireless Networks 12
Wardriving
War-chalking, -driving, -flying Recording the
whereabouts of WLANs Automation Web sites
September 2007 Wireless Networks 14
Starting A Wireless Connection
A wireless computer will: Start scanning automatically Seeking an active WLAN within range
Listening or probing for broadcasts… Access Points (networks) are identified
by a Service Set IDentifier (SSID) Configurable
September 2007 Wireless Networks 15
Starting A Wireless Connection Authentication
Identify yourself to the network Access Point allows your equipment to use it
Association Message exchange to form a network
connection
Now you can use the network
September 2007 Wireless Networks 16
WLAN Security Threats Anyone within range
can connect to your access point and use your computer and Internet
services
can receive the signal monitoring your activities
Unless…
September 2007 Wireless Networks 17
Potential Threats Drive by Hacking
Use of your facilities for what?
Annoying the Neighbours Degradation of operation
More serious look at http://www.wardrive.net
September 2007 Wireless Networks 18
Agenda Background
Issues
Typical Configuration Options What do they mean
What you should do
September 2007 Wireless Networks 19
Wireless Products and Users
A home user can not be expected to have any IT expertise
Installing wireless equipment is made as simple as possible
Advertising highlights the good points
September 2007 Wireless Networks 20
A Popular Product
NETGEAR 108Mbps Wireless Firewall Router
WGT624 v2
Cable or DSL modemWireless RouterPC
Telephone Socket
September 2007 Wireless Networks 21
NETGEAR WGT624 Security These are the advertised security features
Double Firewall Network Address Translation (NAT) Stateful Packet Inspection (SPI)
Denial of Service (DoS) attack prevention Intrusion Detection and Prevention Wired Equivalent Privacy (WEP) 64 and 128 bit Wi-Fi Protected Access (Pre Shared Key) Wireless Access Control (SSID)
To identify authorized wireless network devices Multiple VPN tunnels
Pass Through, 2 IPSec, and multiple L2TP and PPTP Exposed Host (DMZ) MAC address authentication
September 2007 Wireless Networks 22
The Installation Guide How to connect the router How to Log in to the router
http://192.168.0.1 Run a setup wizard to connect to the
Internet Setup basic wireless connectivity
Default features Network Name(SSID): NETGEAR WEP Security: disabled
September 2007 Wireless Networks 24
The wireless router was workingafter I switched it on.
I didn’t have to set anything!!
September 2007 Wireless Networks 25
Proprietary
The network is opento anyone in range
Default
This is wrong
September 2007 Wireless Networks 27
WEP Security Wired Equivalent Privacy (WEP)
Encryption intended to provide a level of security comparable to that of a wired LAN.
Confidentiality The fundamental goal of WEP is to prevent casual
eavesdropping
Access control (Optional) feature to discard all packets that are not properly
encrypted using WEP
Data integrity There is an integrity checksum field
The claimed security of the protocol “relies on the difficulty of discovering the secret key through a brute-force attack”
September 2007 Wireless Networks 30
What is WPA WiFi Protected Access
WPA - WPA-Personal Uses an upgrade to WEP
Temporal Key Integrity Protocol (TKIP) Uses a pre-shared key based on a pass-phrase
WPA-PSK
WPA2 - WPA-Enterprise Uses Advanced Encryption Standard Ratified IEEE 802.11i Requires additional server support
extensible authentication protocol (EAP)
September 2007 Wireless Networks 31
The Pass Phrase
8-63 characters long
10 20 30
Length in characters
Possible time to crack
minutesyears
lots of years
September 2007 Wireless Networks 34
Agenda Background
Issues
Typical Configuration Options What do they mean
What you should do
September 2007 Wireless Networks 35
Do’s Change the default settings
use your own SSID Makes your network less of an obvious attraction
change the administrator password on the AP
Enable and use the security features on the access point make use of the firewall and filtering offered on the access point
if they are not there then look at getting specific products
Use good passwords/pass-phrases for WPA for any shared directories on your computer
Enable MAC filtering allow only the computers you know/want on your network
this is a hurdle that can be bypassed (takes effort)
September 2007 Wireless Networks 36
Do’s Manage the access point over a wired network
port
Look a the access point logs from time to time see who’s there
Keep the operational range to a minimum e.g. Lower the transmit power of the AP to minimise
signal propagation if you have the option.
Switch the access point off if you are not using it for any length of time
September 2007 Wireless Networks 38
Don’t
Use a default for anything without serious consideration (and then still don’t)
Use WEP
Use a Pre Shared Key (PSK) based on a dictionary word
September 2007 Wireless Networks 39
More on Passwords What you have learnt so far:
Passwords Protect your wireless networks
Effective passwords should be at least 20 characters long
Effective implementation is WPA The next bit:
Passwords and their uses Choosing and managing your passwords
September 2007 Wireless Networks 40
Choosing & Managing your Passwords Authentication passwords (secret)
Generally shorter Often written down and stored securely Chosen and changed according to a
method known only to the creator Access Control passwords (shared)
Generally longer: pass phrase Need different method to choose these
September 2007 Wireless Networks 41
Choosing & Managing your Passwords
It is common to find people choosing authentication passwords based on their personal lives
Tiddles1 Fido&Tiddles MyFidoDog
Or personal names, car number plates, birth dates etc
Introducing Fido and Tiddles
September 2007 Wireless Networks 42
Choosing & Managing your Passwords Such methods are insecure because
attackers can guess these using ‘social engineering’ But they are very common as a basis for
authentication passwords What clues do we give attackers if our
access control WPA password is FidoFidoFidoTiddlesTiddles AnthonyBen2102861234
September 2007 Wireless Networks 43
Choosing & Managing your Passwords
Tip #1 choose your WPA password using a very different method from the one you use to chose your authentication password Your WPA password will be shared You are not the only one controlling
the sharing
September 2007 Wireless Networks 44
Choosing & Managing your Passwords
Tip #2 find a method that will produce a 20 character password that you can remember tell someone else easily
Not &%^$3wd9!fhKK#?….
Hints Think of the term pass phrase rather
than word
September 2007 Wireless Networks 45
Choosing & Managing your Passwords Hints
Use lines from poems and other texts The boy stood on the burning deck My teddy bear is rather fat
Use lines from tunes and songs We’re all going on a summer holiday By saying something stupid like I
Use funny phrases Configuring this router is making me cross I often cook burnt offerings
September 2007 Wireless Networks 46
Choosing & Managing your Passwords Hints
Add some capitals and replace o with 0 & I with 1 and use some SMS abbreviations
The b0y stood on Burn1ng deck My teddy bear 1s Rather fat We’re All go1ng on a summer hol1day By saying Something Stupid like 1 Configuring th1s ** router is making me X
Write this down and file in a secure place With some physical access control
September 2007 Wireless Networks 47
Choosing & Managing your Passwords Finally
Remember your WPA password will be shared
It should give no clues as to how you construct your authentication passwords
You may trust your daughter but do you trust your daughter’s friend’s boy friend?
If in doubt change the pass phrase Access to your network is the first step to
access to your money!
September 2007 Wireless Networks 48
More Information Understanding the updated WPA and WPA2 standards
Date: June 2nd, 2005 http://blogs.techrepublic.com.com/Ou/?p=67
www.wigle.net/gps/gps/main/stats/
www.gwifi.net
September 2007 Wireless Networks 50
WEP (very simply)
YOUR DATA
+
“KEY STREAM”
ENCRYPTED DATA
You need to know the “Key Stream” to extract the dataBUT
If you know the “encrypted data” and “your data” you can work out the key stream
YOUR DATA
+
“KEY STREAM”
September 2007 Wireless Networks 51
More BUTs BUT
The Key stream changes for each data message sent
BUT There are a fixed number of these streams
You have to tell the receiver which one to use
September 2007 Wireless Networks 52
Open System Authentication[Clear text]
Client sends probe (seeking AP)
AP sends response
Clients sends authentication request to AP
AP sends confirmation
Clients sends association request to AP
AP sends confirmation and registers
ClientAccesspoint
September 2007 Wireless Networks 53
Shared Key
Clients sends authentication request to AP
AP sends response containing unencrypted challenge
Clients sends WEP encrypted challenge to AP
AP checks response before confirming and registering
Client
Accesspoint
Client sends probe (seeking AP)
AP sends response
September 2007 Wireless Networks 54
Issues Open System
A computer can authenticate to the access point without knowing the WEP encryption key
The computer can’t, however, communicate without this key
Shared Key A listener can see the “challenge” and then
the encrypted challenge This allows a keystream to be worked out
September 2007 Wireless Networks 55
TKIP
Temporal Key Integrity Protocol
Keep the same hardware used for WEP but replace WEP with new firmware
Ensures that every data packet is sent with it’s own unique encryption key
September 2007 Wireless Networks 56
IEEE 802.1X Provides a framework
authentication and control dynamically varying encryption keys
Requires a server
Makes use of a protocol called EAP (Extensible Authentication Protocol)
this is used across both the wired and wireless LAN media
Multiple authentication methods are supported
September 2007 Wireless Networks 57
IEEE 802.1X Does not provide the actual authentication
mechanisms Choose an EAP type
EAP software support resides on an authentication server and within the operating system or application software on the client devices
The wireless access point passes on 802.1X messages
No new access point is needed when updating EAP
September 2007 Wireless Networks 58
IEEE 802.1X Referred to as port based network access
control
Network or InternetAccess
AuthenticationServer
UncontrolledPort
ControlledPort
AccessPoint
Wireless Link
Supplicant
September 2007 Wireless Networks 59
IEEE 802.1X After authentication
Network or InternetAccess
AuthenticationServer
UncontrolledPort
ControlledPort
AccessPoint
Wireless LinkNow, you are allowed access
Supplicant
September 2007 Wireless Networks 61
Passwords &Their Uses Authentication
Used to verify a claimed identity Eg account number/password for Internet banking ATM card and PIN
Vital that this is SECRET Knowledge of these kinds of passwords allow
someone else to pretend to be you Most people use several of these kinds of
passwords User has to remember which one to use and what it
is
September 2007 Wireless Networks 62
Passwords &Their Uses
Access Control Used to verify the right to use a resource
Eg wireless network name / WPA password Passwords protecting shared files
These passwords are designed to be SHARED But only among the special few
This is a new use for passwords Choosing and managing these provides different
challenges