Protect your Wireless

1
Protect your Wireless

• IMGT 4990

2
Risks of Computer Networks

• Steve Scott

3
Information

• Confidential Information
• Passwords, internal data analysis, trade secrets
• Expose Financial data
• Credit card numbers, future forecasts value,
  accounts
• Employee/Customer information
• Private customer/employee profiles,
  customer/employee history
• Shutdown voicemail
• Access to messages, divert access points

4
Network Risks

• Fraud
• IP Fraud, SPAM through your account,
  innapropriate material.
• Denial Of Service
• Overloading of network resources.
• Viruses
• Trojan horses and worms.
• Legal Risks
• Law suits and government regulations.

5
Additional Risks of Wireless
6
Wireless is Everywhere

• Intentionally broadcasts data in all directions.
• Security of data becomes an issue.
• Data is not sent directly between devices, but
  dispersed across a large area.
• Possible for data to be viewed by anyone.

7
Controlling Broadcasts

• Difficulties in controlling the geographic
  regions of wireless broadcasts.
• Provides numerous uncontrolled locations where
  hackers can enter a network.

8
Wireless Interruptions

• Wireless transmissions are sent as radio waves.
• Interference with waves from other devices.
• Microwaves
• Cordless telephones
• Can cause temporary loss of service.

9
Encryption Failures

• Wired Equivalent Privacy (WEP)
• Encryption of wireless data to provide same
  security as wired networks.
• Flaws in the encryption algorithm.
• Can easily be cracked.
• Improvements are soon to come.

10
Rogue Access Points

• Employees may unknowingly setup backdoors.
• Connect a wireless router without approval.
• Creates an insecure access point into company
  network.

11
Wireless Protection

• Worry about the bumps in the night
• Darrell Waurio

12
Ways to protect yourself

• Abstinence
• Knowledge
• Software
• Hardware

13
Abstinence

• Dont use a computer
• 100 Safe Guarantee
• Turn it off

"After all, firewalls are simply a less extreme
example of the dictum that there is nothing more
secure then a computer which is not connected to
the network --- and powered off!" http\\Web.mit.
edu/kerberos/www/what_is
14
Knowledge

• Know your system
• Educate Users
• Create and Use
•  Acceptable User Policy AUP
• Secure Use Policy SUP

15
Software

• Intruder Detection
• Antivirus
• Firewall
• Security Policies
• Parental Controls
• Windows Update

16
Hardware

• Computer
• Router/Access Points
• Dont use Default Settings

17
General SecurityPat Purcell
18
Basic Good Policy Information

• Dont leave your network open
• Dont download unknown attachments
• Dont receive IMs from unknown users

19
Use Good Password Protection

• Security tokens prevent password theft.
• One-time password
• Smart card
• USB and smart card capabilities
• Encryption Translation of data into a secret
  code
• asymmetric encryption
• symmetric encryption
• Other security devices (firewalls)
• To prevent unauthorized internet users from
  accessing private networks.

20
Use Intrusion Detection

• Honey pot - A specially configured server that
  serves as a decoy.
• Network address translation enables LAN to use
  one set of IP addresses for internal traffic and
  a second set of addresses for external traffic.
• Provides a type of firewall by hiding internal IP
  addresses
• Enables a company to use more internal IP
  addresses

21
General Wireless

• Always enable the inherent security features
• Set SSID (Service Set Identifier) to something
  with jumbled letters, numbers, symbols, etc
• Use Static IP addresses

22
General Wireless

• Be sure to encrypt your WEP (Wired equivalent
  Privacy) and SSID files that will be stored on
  windows registry
• Use a closed network set-up
• Forces employees to login by typing in their SSID
  instead of choosing from a list
• Enforce and disseminate policy information once
  they are implemented. very important!

23
Data Transmission Security

• Brandon Bundt

24
Handling Rogue Access Points

• What is a RAP?
• Extensive site surveys
• Use of directional antennas when possible
• Set authentication method to open rather than
  shared encryption key

25
Data Transmission Protection

• Use encryption tools
• PGP
• SSH
• SSL
• Turn on WEP
• Use EAP
• Activate the Broadcast Key Rotation
  functionality (EAP)

26
Spyware

• A general term for a program that surreptitiously
  monitors your actions. While they are sometimes
  sinister, like a remote control program used by a
  hacker, software companies have been known to use
  spyware to gather data about customers. The
  practice is generally frowned upon.
  blackice.iss.net/glossary.php

27
The dark side

• Many different definitions and interpretations of
  spyware.
• Spyware can be more than just a cookie used for
  tracking a user that visits a site. These
  programs record whatever information is seen or
  typed by the computer user no matter what the
  website or whether they are online or not.
• Different from adware in that it installs itself
  without the users knowledge or most of the time
  even its existence.
• Spyware can do anything from simply capture a
  users information to installing viruses and
  worms.

28
The dark side continued

• Spyware typically installs itself on the hardrive
  and from there launches programs that often run
  in the back ground.
• One way of seeing spyware, if you know what to
  look for, is to open task manager and see what is
  running, but sometimes like a virus it may
  disguise itself to look like a legitimate
  program.
• Most people do not know what to look for so they
  should use a spyware removal program.

29
Spyware tips

• Download a reputable spyware removal program such
  as SpyBot Search and Destroy or AdAware. These
  are also free and very respected.
• Be wary of websites you dont know much about or
  find links to in IMs or e-mail.
• As with any security software, keep your spyware
  removal tools up to date.
• Try not to log in as an Administrator, try
  logging in as general user. Only Administrators
  under Windows have privileges to install software.

30
Wireless Tutorial
31
(No Transcript)
32
Questions

• Thanks for Attending