Wireless Security Issues Home - PowerPoint PPT Presentation

Loading...

PPT – Wireless Security Issues Home PowerPoint presentation | free to download - id: 3c17b-YWI3Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Wireless Security Issues Home

Description:

I can pickup wireless when I go visiting family in ID or CO by just turning on my laptop ... For 'workgroups', laptop carts, home users, etc. ... – PowerPoint PPT presentation

Number of Views:109
Avg rating:3.0/5.0
Slides: 25
Provided by: ernest3
Learn more at: http://es-es.net
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Wireless Security Issues Home


1
Wireless Security Issues _at_ Home Hotspotting
Ernest Staats Director of Technology and Network
Services (TNS) MS Information Assurance, CISSP,
MCSE, CNA, CWNA, CCNA, Security, I-Net,
Network, Server, A erstaats_at_gcasda.org Resource
s available _at_ http//www.es-es.org/
2
Information Blowin' in the Wind
  • Wireless open by default
  • Wireless networks broadcast data into the air
  • Anyone can receive the broadcast
  • Certain steps must be taken to protect users of
    wireless networks

3
Wireless Basics - 802.11
  • 2.4 GHz (no license) band
  • Only 3 non-overlapping channels (in theory)
  • CSMA-CA (50 overhead)
  • Half Duplex (talk then listen)

4
Home Wireless Issues
  • Not enough bandwidth (when downloading or gaming)
  • Updates chew-up bandwidth
  • Co-channel interference (Phones, Microwaves)
  • Old Firmware (check for updates every quarter)
  • No Security or worse, they use WEP
  • SSID broadcast on
  • Raises your risk factor that someone could obtain
    personal information or worse

5
What Could Happen?
  • Slow down your Internet performance.
  • View files on your computers and spread
    dangerous software.
  • Monitor the Web sites you visit, read your
    e-mail and instant messages as they travel across
    the network, and copy your usernames and
    passwords.
  • Send spam or perform illegal activities with
    your Internet connection.

6
Changing Default Settings
  • Change the Default logon password and make it
    long!
  • All defaults are known and published on the Net
  • http//www.phenoelit.de/dpl/dpl.html updated Jan
    2007
  • AP Management Interface
  • HTTP, SNMP, Telnet
  • HTTP Login
  • Linksys UIDblank PWadmin
  • DLink UIDadmin PWblank
  • Generic UIDadmin PWadmin
  • SNMP (disable SNMP for home use)
  • All PWpublic
  • Change default no Open systems to WPA2 systems
    for home use a long passphrase

7
Cell Sizing
  • How far is your WIFI signal going? (that is
    called your cell size)
  • I can pickup wireless when I go visiting family
    in ID or CO by just turning on my laptop
  • Cant cover whole house?
  • Repeater
  • Better antenna
  • MIMO
  • 802.11N (if you like Vegas)
  • Power Setting
  • The Cell size is usually adjusted by the power
    setting
  • Go outside your house and see how far your
    wireless single is reaching you will be
    surprised.

8
SSID Naming
  • Identifies network
  • Helps others identify whether or not you have
    left default settings on
  • Broadcast on by default (turn it off)
  • Once again with the default settings your
    wireless device broadcasts its name saying my
    name is … connect to me
  • Turning off SSID cloaking is called Cloaking
  • Avoid naming your SSID a private or personal code
    (dont make it your password or your name)

9
MAC Filtering
  • MAC Filtering is where you tell your wireless
    device what other devices can connect to it.
  • A MAC address is the hardware number that is
    network card specific (literally burned into the
    network card when it is made)
  • Can be spoofed but is still a good option for
    homes

10
Obtaining Your MAC Address
  • WINDOWS NT / 2000 PROFESSIONAL or XP
  • After clicking on the Start Button, click on Run.
  • Once a small black window appears, type in
    ipconfig /all (with a space between the g and the
    /).
  • Locate the number to the right of Physical
    Address. This is your MAC address.
  • Macintosh (OS X)
  • If your computer is running OS X, it is best to
    have it upgraded to at least 10.1
  • From the dock, select "System Preferences".
  • Select the "Network" Pane
  • With the TCP/IP tab selected, the number next to
    Ethernet Address is you MAC addres
  • Linux
  • On Linux systems, the ethernet device is
    typically called eth0. In order to find the MAC
    address of the ethernet device, you must first
    become root, through the use of su. Then, type
    ifconfig -a and look up the relevant info.
  • For example
  • ifconfig -a eth0 Link encapEthernet HWaddr
    006008C499AA inet addr131.225.84.67
    Bcast131.225.87.255 Mask255.255.248.0 UP
    BROADCAST RUNNING MULTICAST MTU1500 Metric1 RX
    packets15647904 errors0 dropped0 overruns0 TX
    packets69559 errors0 dropped0 overruns0
    Interrupt10 Base address0x300
  • The MAC address is the HWaddr listed on the first
    line. In the case of this machine, it is
    006008C499AA.

11
Encryption
  • WEP First Wireless Security
  • Cracked -- Any middle-schooler can crack your
    WEP key in short order
  • WPA
  • Cracked… but
  • Key changes
  • WPA2
  • Cracked… but
  • Harder to crack than WPA
  • 802.1x
  • Uses Server to Authorize User
  • Can be very secure
  • 802.11i
  • AES encryption Uncrackable

12
Wi-Fi Protected Access (WPA)
  • WPA WPA stands for Wi-Fi Protected Access. WPA
    is much better than WEP we recommend that you
    put at least WPA on your wireless. It has been
    cracked, but it takes much longer and is almost
    not worth the effort.
  • For workgroups, laptop carts, home users, etc.
  • Keep secret long and obscure (set a long
    passphrase of at least 20 random characters.
    Better yet, use the full 63 characters by typing
    a sentence you can rememberjust don't make it
    something that's easily guessed, like a line from
    a movie.)
  • Additional weakness in social engineering the
    secret

13
Wi-Fi Protected Access (WPA2)
  • WPA2 is very effective for keeping most normal
    people off your wireless.
  • Changes encryption from RC4 to AES
  • coWPAtty v4 can attack and crack it
  • Some hardware may not support it
  • Firmware upgrade may be necessary
  • Use it if available

14
Turn It Off
  • The easiest wireless security option. When you
    dont need it, TURN IT OFF.
  • On vacation
  • After a certain hour at night
  • Turn OFF access point / wireless router and your
    laptops wireless card (saves your battery life
    some also)
  • Turn off DHCP on the router or access point, set
    a fixed IP address range, then set each connected
    device to match. Use a private IP range (like
    10.0.0.x) to prevent computers from being
    directly reached from the Internet. Assign Static
    IP Addresses to Devices Or Limit the number of
    DHCP address your router will give out

15
Home Wireless Summary
  • Change default settings -- SSID and passwords
  • Use WPA or (better WPA2)
  • Use a MAC filter
  • Turn off SSID broadcasting
  • Know how far your wireless signal is reaching
  • Turn off wireless when not being used for
    extended time periods Turn off DHCP or limit
    DHCP
  • Disable remote administration
  • Update Firmware on AP and wireless cards
    semiannually
  • Secure your Home machines
  • Current AV
  • Firewall (if the wireless router has a firewall
    option turn it on)
  • Spyware protection
  • Auto update Windows
  • Common Sense (Check the Secure Your Laptop
    Section)

16
Hot Spot or Public Access
  • Everything you do can be observed by other
    people including your email, logon and surfing.
  • Etherwatch (driftnet, etherpeg)
  • Capture and display images
  • Ethereal, Commview, AirMagnet…
  • Capture packets and display email, web pages,
    etc.
  • Data is unencrypted
  • Unless an application does it
  • Your system can be probed to see if someone can
    get into your laptop

17
Common Laptop Issues
  • Most laptop users leave wireless on all the
    time
  • Peer attack may be possible
  • Firewall might block
  • Access to shared folders or administrative share
    C
  • \\Name or IP address\c
  • Set WiFi client to infrastructure

18
(No Transcript)
19
Secure Your Laptop
  • Turn your firewall on Start gt Settings gt Network
    Connections gt Wireless Network Connection gt
    Change Advanced Settings gt Advanced Tab gt Windows
    Firewall Settings gt Select On gt OK
  • BETTER YET use Another Firewall (i.e. Kerio,
    Jetico, or Zone Alarm)
  • Turn ad-hoc mode off Start gt Settings gt Network
    Connections gt Wireless Network Connection gt
    Change Advanced Settings gt Wireless Networks Tab
    gt Select Network gt Properties gt Uncheck This is
    a computer-to-computer (ad-hoc) network gt OK
  • Disable file sharing Start gt Settings gt Network
    Connections gt Wireless Network Connection gt
    Change Advanced Settings gt Uncheck File and
    Printer Sharing gt OK
  • Change Administrator password Click Start gt
    Control Panel gt User Accounts. Ensure the Guest
    account is disabled. Click your Administrator
    User Account, and reset the password

20
Infrastructure Networks Only
  • To allow only connections to approved access
    points
  • In Control Panel, double-click Network
    Connections.
  • In the Network Connections window, right-click
    Wireless Network Connection, and then click
    Properties.
  • In the Wireless Network Connection Properties
    dialog box, on the Wireless Networks tab, make
    sure that the Use Windows to configure my
    wireless network settings check box is selected.
  • Under Preferred networks, make sure that the
    name of the network that you want to connect to
    is highlighted, and then click Advanced.
  • In the Advanced dialog box, click Access point
    (infrastructure) network only, and then click
    Close. Click OK.

21
VPN Solutions
  • AnchorFree's Hotspot Shield, a new free software
    download. Install it on a Windows 2000 or XP
    system
  • Paid VPN Solutions
  • WiTopia's personalVPN,
  • HotspotVPN (SSL)
  • JiWire's SpotLock (IPSec) software.
  • All charge for the VPN connections they provide,
    and require installation of a utility on the
    computer.

22
Security Tips for Public Hotspots
  • Use a personal firewall
  • Use anti-virus software (update daily or hourly)
  • Update your operating system and other
    applications (i.e. office. adobe reader)
    regularly.
  • Turn off file sharing.
  • Use Web-based email that employs secure http
    (https) (beware of some SSL issues though)
  • Use a virtual private network (VPN).
  • Password-protect your computer and important
    files (make sure your administrator account has a
    good long password).
  • Encrypt files before transferring or emailing
    them.
  • Make sure you're connected to a legitimate access
    point.
  • Be aware of people around you.
  • Properly log out of web sites by clicking log out
    instead of just closing your browser, or typing
    in a new Internet address

23
TIPS for WIFI at Work
  • TO keep a work WIFI system so it does not drop
    users as they move around all vendors have some
    common suggestions.
  • Name all your AP's with the same name so if the
    single gets blocked by an individual standing in
    front of the AP or in front of another users
    laptop and they then get a stronger single from
    another work AP they do not have to re
    authenticate to the work wireless network.
  • Make sure all your AP's are on the same subnet if
    your are doing AD authentication. 
  • Make sure the network is the only one listed on
    the preferred networks under the wireless tab of
    the "wireless network connection properties" on
    the network card adapter settings in control
    panel.

24
TIPS for WIFI at Work (cont.)
  • Also on the wireless tab of the "wireless network
    connection properties, click on the advanced tab
    and
  • Make sure it is set on the (Networks to Access)
    section to only access the Access Point also
    called (infrastructure) networks only
  • Then make sure the Automatically connect to
    non-preferred networks is unchecked
  • These steps will greatly help you only once these
    steps are done, and if you still have issues then
    turning off Windows Zero Config for WIFI might
    help
  • Use 802.1x or (better) 802.11i in offices that
    need secure wireless.
About PowerShow.com