CWNA Guide to Wireless LANs, Second Edition - PowerPoint PPT Presentation

1 / 116
About This Presentation
Title:

CWNA Guide to Wireless LANs, Second Edition

Description:

When installing a WLAN for an organization, areas of dead space might not be tolerated ... Keystream used to extract text and ICV. Text run through CRC ... – PowerPoint PPT presentation

Number of Views:187
Avg rating:3.0/5.0
Slides: 117
Provided by: wild9
Category:

less

Transcript and Presenter's Notes

Title: CWNA Guide to Wireless LANs, Second Edition


1
CWNA Guide to Wireless LANs, Second Edition
  • Chapter Seven thru Ten
  • Review

2
Note
  • Many of the test questions will come from these
    charts
  • I will still be updating the slides through
    Monday night. But only minor changes will be
    made.

3
What is a Site Survey?
  • When installing a WLAN for an organization, areas
    of dead space might not be tolerated
  • Ensure blanket coverage, meet per-user bandwidth
    requirements, minimize bleeding of signal
  • Factors affecting wireless coverage goals
  • Devices emitting RF signals
  • Building structure (walls, construction
    materials)
  • Open or closed office doors
  • Stationary versus mobile machinery/equipment
  • Movement of mobile walls (e.g., cubicles)

4
What is a Site Survey?
  • Factors affecting wireless coverage goals
  • Expansion of physical plant or growth of
    organization
  • Existing WLANs
  • Both inside organization, and within nearby
    organizations
  • Site survey Process of planning a WLAN to meet
    design goals
  • Effectiveness of a WLAN often linked to
    thoroughness of the site survey

5
What is a Site Survey?
  • Design goals for a site survey
  • Achieve best possible performance from WLAN
  • Certify that installation will operate as
    promised
  • Determine best location for APs
  • Develop networks optimized for variety of
    applications
  • Ensure coverage will fulfill organizations
    requirements
  • Locate unauthorized APs

6
What is a Site Survey?
  • Design goals for a site survey (continued)
  • Map nearby wireless networks to determine
    existing radio interference
  • Reduce radio interference as much as possible
  • Make wireless network secure
  • Survey provides realistic understanding of
    infrastructure required for proposed wireless
    link
  • Assists in predicting network capability and
    throughput
  • Helps determine exact location of APs and power
    levels required

7
What is a Site Survey?
  • When to perform a site survey
  • Before installing a new wireless network
  • Before changing an existing wireless network
  • When there are significant changes in personnel
  • When there are changes in network needs
  • After making physical changes to a building

8
Site Survey Tools Wireless Tools
  • Most basic tool is AP itself
  • Position in various locations
  • monitor signal as you move
  • APs should have ability to adjust output power
  • APs should have external antenna connectors
  • Notebook computer with wireless NIC also
    essential for testing
  • Previously configured and tested

9
Site Survey Tools Measurement Tools
  • Site Survey Analyzers Specifically designed for
    conducting WLAN site surveys
  • Software often built into AP
  • Receive Signal Strength Indicator (RSSI) value
  • Full-featured site survey analyzer software
    settings
  • Destination MAC Address
  • Continuous Link Test
  • Number of Packets
  • Packet Size
  • Data Retries

10
Site Survey Tools Measurement Tools
  • Site Survey Analyzers (continued)
  • Full-featured site survey analyzer software
    settings (continued)
  • Data Rate
  • Delay Between Packets
  • Packet Tx Type
  • Unicast or multicast
  • Percent Success Threshold
  • Basic survey analyzer software contains far fewer
    features

11
Site Survey Tools Measurement Tools
  • Spectrum Analyzers Scan radio frequency spectrum
    and provides graphical display of results
  • Typically measure signal-to-noise ratio
  • Single-frequency analyzers measure
    signal-to-noise ratio at specified frequency
  • Helpful in identifying interference problems
  • Thus, helps properly position/orient AP

12
Site Survey Tools Measurement Tools (continued)
  • Network Analyzers Can be used to pick up packets
    being transmitted by other WLANs in area
  • Provide additional information on transmissions
  • Packet sniffers or protocol analyzers
  • Not used in placement of AP

13
Site Survey Tools Documentation Tools
  • Create a hard copy of site survey results
  • Make available for future reference
  • No industry-standard form for site survey
    documentation
  • Site survey report should include
  • Purpose of report
  • Survey methods
  • RF coverage details (frequency and channel plan)
  • Throughput findings
  • Sources of interference

14
Site Survey Tools Documentation Tools
  • Site survey report should include (continued)
  • Problem zones
  • Marked-up facility drawings with access point
    placement
  • Access point configuration
  • Use building layout blueprints as tools
  • Advisable to create database to store site survey
    information and generate reports

15
Site Survey Tools Documentation Tools
Figure 7-9 Sample site survey form
16
Performing a Site Survey Gathering Data
  • Obtaining Business Requirements Determine
    business reasons why WLAN being proposed or
    extended
  • If this step skipped, almost impossible to
    properly design and implement the network
  • Primary data gathering method is interviewing
  • Must determine type of mobility required within
    organization
  • Must determine per-user bandwidth requirements
  • May be different types of users with different
    bandwidth requirements

17
Performing a Site Survey Gathering Data
  • Defining Security Requirements Consider type of
    data encryption and type of authentication that
    will take place across WLAN
  • Consider existing security policies and
    procedures
  • Gathering Site-Specific Documentation
  • Blueprints, facility drawings, and other
    documents
  • Show specific building infrastructure components
  • Inspecting the site
  • Document changes to blueprints and get visual
    perspective

18
Performing a Site Survey Gathering Data
(continued)
  • Gathering Site-Specific Documentation
    (continued)
  • Behind-the-scenes site inspection
  • Documenting Existing Network Characteristics
  • New or expanded WLAN will dovetail into network
    already in place
  • Determine degree to which WLAN will interact with
    other wired networks
  • Legacy systems may require additional equipment
    to support WLAN

19
Performing a Site Survey Performing the Survey
  • Collecting RF Information
  • Note objects in and layout of room
  • Use digital camera
  • Position AP
  • Initial location will depend on antenna type
  • Document starting position of AP
  • Using notebook computer with site survey analyzer
    software running, walk slowly away from AP
  • Observe data displayed by analyzer program
  • Data rate, signal strength, noise floor, and
    signal-to-noise ratio

20
Performing a Site Survey Performing the Survey
  • Collecting RF Information
  • Continue moving until data collected for all
    areas
  • Data collected used to produce
  • Coverage pattern Area where signal can be
    received from the AP
  • Data rate boundaries Range of coverage for a
    specific transmission speed
  • Throughput Number of packets sent and received
    and data rates for each
  • Total transmission range Farthest distance at
    which signal can be received by wireless device

21
Performing a Site Survey Performing the Survey
  • Collecting Non-RF Information
  • Outdoor Surveys
  • Similar to indoor surveys
  • Must consider climatic conditions, trees,
    different possibilities for antenna positions,
    Permits and Zoning

22
CWNA Guide to Wireless LANs, Second Edition
  • Chapter Eight
  • Wireless LAN Security and Vulnerabilities

23
Security Principles What is Information Security?
  • Information security Task of guarding digital
    information
  • Ensures protective measures properly implemented
  • Protects confidentiality, integrity, and
    availability (CIA) on the devices that store,
    manipulate, and transmit the information through
    products, people, and procedures

24
Security Principles Challenges of Securing
Information
  • Trends influencing increasing difficultly in
    information security
  • Speed of attacks
  • Sophistication of attacks
  • Faster detection of weaknesses
  • Day zero attacks
  • Distributed attacks
  • The many against one approach
  • Impossible to stop attack by trying to identify
    and block source

25
Security Principles Categories of Attackers
  • Six categories of attackers
  • Hackers
  • Not malicious expose security flaws
  • Crackers
  • Script kiddies
  • Spies
  • Employees
  • Cyberterrorists

26
Security Principles Security Organizations
  • Many security organizations exist to provide
    security information, assistance, and training
  • Computer Emergency Response Team Coordination
    Center (CERT/CC)
  • Forum of Incident Response and Security Teams
    (FIRST)
  • InfraGard
  • Information Systems Security Association (ISSA)
  • National Security Institute (NSI)
  • SysAdmin, Audit, Network, Security (SANS)
    Institute

27
Basic IEEE 802.11 Security Protections
  • Data transmitted by a WLAN could be intercepted
    and viewed by an attacker
  • Important that basic wireless security
    protections be built into WLANs
  • Three categories of WLAN protections
  • Access control
  • Wired equivalent privacy (WEP)
  • Authentication
  • Some protections specified by IEEE, while others
    left to vendors

28
Access Control
  • Intended to guard availability of information
  • Wireless access control Limit users admission
    to AP
  • Filtering
  • Media Access Control (MAC) address filtering
    Based on a nodes unique MAC address

29
Access Control
  • MAC address filtering considered to be a basic
    means of controlling access
  • Requires pre-approved authentication
  • Difficult to provide temporary access for guest
    devices

30
Wired Equivalent Privacy (WEP)
  • Guard the confidentiality of information
  • Ensure only authorized parties can view it
  • Used in IEEE 802.11 to encrypt wireless
    transmissions
  • Scrambling

31
WEP Cryptography
  • Cryptography Science of transforming information
    so that it is secure while being transmitted or
    stored
  • scrambles data
  • Encryption Transforming plaintext to ciphertext
  • Decryption Transforming ciphertext to plaintext
  • Cipher An encryption algorithm
  • Given a key that is used to encrypt and decrypt
    messages
  • Weak keys Keys that are easily discovered

32
WEP Implementation
  • IEEE 802.11 cryptography objectives
  • Efficient
  • Exportable
  • Optional
  • Reasonably strong
  • Self-synchronizing
  • WEP relies on secret key shared between a
    wireless device and the AP
  • Same key installed on device and AP
  • Private key cryptography or symmetric encryption

33
WEP Implementation
  • WEP shared secret keys must be at least 40 bits
  • Most vendors use 104 bits
  • Options for creating WEP keys
  • 40-bit WEP shared secret key (5 ASCII characters
    or 10 hexadecimal characters)
  • 104-bit WEP shared secret key (13 ASCII
    characters or 16 hexadecimal characters)
  • Passphrase (16 ASCII characters)
  • APs and wireless devices can store up to four
    shared secret keys
  • Default key used for all encryption

34
WEP Implementation
  • When encrypted frame arrives at destination
  • Receiving device separates IV from ciphertext
  • Combines IV with appropriate secret key
  • Create a keystream
  • Keystream used to extract text and ICV
  • Text run through CRC
  • Ensure ICVs match and nothing lost in
    transmission
  • Generating keystream using the PRNG is based on
    the RC4 cipher algorithm
  • Stream Cipher

35
Vulnerabilities of IEEE 802.11 Security
  • IEEE 802.11 standards security mechanisms for
    wireless networks have fallen short of their goal
  • Vulnerabilities exist in
  • Authentication
  • Address filtering
  • WEP

36
Open System Authentication Vulnerabilities
  • Inherently weak
  • Based only on match of SSIDs
  • SSID beaconed from AP during passive scanning
  • Easy to discover
  • Vulnerabilities
  • Beaconing SSID is default mode in all APs
  • Not all APs allow beaconing to be turned off
  • Or manufacturer recommends against it
  • SSID initially transmitted in plaintext
    (unencrypted)

37
Other Wireless Attacks Denial of Service (DoS)
Attack
  • Standard DoS attack attempts to make a server or
    other network device unavailable by flooding it
    with requests
  • Attacking computers programmed to request, but
    not respond
  • Wireless DoS attacks are different
  • Jamming Prevents wireless devices from
    transmitting
  • Forcing a device to continually dissociate and
    re-associate with AP

38
Wireless Security Problems
  • Common Techniques to Compromise Wireless Data
    Networks
  • Rogue Access Point Insertion
  • Traffic Sniffing
  • Traffic Data Insertion
  • ARP-Snooping (via Dsniff) trick wired network
    to pass data over wireless

39
Security OverviewAuthentication
  • Determines
  • If you are who you say you are
  • If (and What) access rights are granted
  • Examples are
  • Smart Card - SecureId Server/Cards
  • S/Key One time password
  • Digital Certificates

40
WEP(Wired Equivalent Privacy)
  • RC4 (Rivest Cipher 4 / Rons Code 4) Encryption
    Algorithm lthttp//www.cebrasoft.co.uk/encryption/r
    c4.htmgt
  • Shared (but static) secret 64 or 128-bit key to
    encrypt and decrypt the data
  • 24-bit initialization vector (semi-random)
    leaving only 40 or 104 bits as the real key
  • WEP Key Cracking Software
  • WEPCrack / AirSnort / Aircrack (as well as
    others)
  • Cracking Time 64-bit key 2 seconds
  • 128-bit key 3-10 minutes
  • www.netcraftsmen.net/welcher/papers/wlansec01.html
    and www.tomsnetworking.com/Sections-article111-pa
    ge4.php

41
WPA and WPA2(WiFi Protected Access)
  • Created by the Wi-Fi Alliance industry group due
    to excessive delays in 802.11i approval
  • WPA and WPA2 designed to be backward compatible
    with WEP
  • Closely mirrors the official IEEE 802.11i
    standards but with EAP (Extensible Authentication
    Protocol)
  • Contains both authentication and encryption
    components
  • Designed to address WEP vulnerabilities

42
WPA / WPA2 Encryption
  • WPA
  • Mandates TKIP (Temporal Key Integrity Protocol)
  • Scheduled Shared Key Change (i.e. every 10,000
    data packets)
  • Optionally specifies AES (Advanced Encryption
    Standard) capability
  • WPA will essentially fall back to WEP-level
    security if even a single device on a network
    cannot use WPA
  • WPA2
  • Mandates both TKIP and AES capability
  • WPA / WPA2 networks will drop any altered packet
    or shut down for 30 seconds whenever a message
    alteration attack is detected.

43
WPA / WPA2 (Contd)
  • Personal Pre-shared Key
  • Userentered 8 63 ASCII Character Passphrass
    Produces a 256-bit Pre-Shared Key
  • To minimize/prevent key cracking, use a minimum
    of 21 characters for the passphase
  • Key Generation
  • passphrase, SSID, and the SSIDlength is hashed
    4096 times to generate a value of 256 bits
  • WPA Key Cracking Software
  • coWPAtty / WPA Cracker (as well as others)

44
WPA / WPA2 Authentication (Since Extended
EAP-May 2005)
  • Now Five WPA / WPA2 Enterprise Standards
  • EAP-TLS
  • Original EAP Protocol
  • Among most secure but seldom implemented as it
    needs a Client-side certificate ie smartcard
    (SecurId Key Fob http//www.securid.com/)

45
CWNA Guide to Wireless LANs, Second Edition
  • Chapter Nine
  • Implementing Wireless LAN Security

46
Objectives
  • List wireless security solutions
  • Tell the components of the transitional security
    model
  • Describe the personal security model
  • List the components that make up the enterprise
    security model

47
Wireless Security Solutions
  • IEEE 802.11a and 802.11b standards included WEP
    specification
  • Vulnerabilities quickly realized
  • Organizations implemented quick fixes
  • Did not adequately address encryption and
    authentication
  • IEEE and Wi-Fi Alliance started working on
    comprehensive solutions
  • IEEE 802.11i and Wi-Fi Protected Access (WPA)
  • Foundations of todays wireless security

48
WEP2
  • Attempted to overcome WEP limitations
  • adding two new security enhancements
  • WEP key increased to 128 bits
  • Kerberos authentication
  • User issued ticket by Kerberos server
  • Presents ticket to network for a service
  • Used to authenticate user
  • No more secure than WEP
  • Collisions still occur
  • Dictionary-based attacks available

49
Dynamic WEP
  • Solves weak IV problem by rotating keys
    frequently
  • More difficult to crack encrypted packet
  • Different keys for unicast and broadcast traffic
  • Unicast WEP key unique to each users session
  • Dynamically generated and changed frequently
  • For example - When roaming to a new AP
  • Broadcast WEP key must be same for all users on a
    particular subnet and AP

50
Dynamic WEP (continued)
  • Can be implemented without upgrading device
    drivers or AP firmware
  • No-cost and minimal effort to deploy
  • Does not protect against man-in-the-middle
    attacks
  • Susceptible to DoS attacks

51
IEEE 802.11i
  • Provides good wireless security model
  • Robust security network (RSN)
  • Addresses both encryption and authentication
  • Encryption accomplished by replacing RC4 with a
    block cipher
  • Manipulates entire block of plaintext at one time
  • Block cipher used is Advanced Encryption Standard
    (AES)
  • Three step process
  • Second step consists of multiple rounds of
    encryption

52
IEEE 802.11i (continued)
Table 9-1 Time needed to break AES
53
IEEE 802.11i (continued)
  • IEEE 802.11i authentication and key management is
    accomplished by IEEE 802.1x standard
  • Implements port security
  • Blocks all traffic on port-by-port basis until
    client authenticated using credentials stored on
    authentication server
  • Key-caching Stores information from a device on
    the network, for faster re-authentication
  • Pre-authentication Allows a device to become
    authenticated to an AP before moving to it

54
IEEE 802.11i (continued)
Figure 9-2 IEEE 802.1x
55
Wi-Fi Protected Access (WPA)
  • Subset of 802.11i that addresses encryption and
    authentication
  • Temporal Key Integrity Protocol (TKIP) Replaces
    WEPs encryption key with 128-bit per-packet key
  • Dynamically generates new key for each packet
  • Prevents collisions
  • Authentication server can use 802.1x to produce
    unique master key for user sessions
  • Creates automated key hierarchy and management
    system

56
Wi-Fi Protected Access (continued)
  • Message Integrity Check (MIC) Designed to
    prevent attackers from capturing, altering, and
    resending data packets
  • Replaces CRC from WEP
  • CRC does not adequately protect data integrity
  • Authentication accomplished via IEEE 802.1x or
    pre-shared key (PSK) technology
  • PSK passphase serves as seed for generating keys

57
Wi-Fi Protected Access 2 (WPA2)
  • Second generation of WPA security
  • Based on final IEEE 802.11i standard
  • Uses AES for data encryption
  • Supports IEEE 802.1x authentication or PSK
    technology
  • Allows both AES and TKIP clients to operate in
    same WLAN

58
Summary of Wireless Security Solutions (continued)
Table 9-2 Wi-Fi modes
Table 9-3 Wireless security solutions
59
Transitional Security Model
  • Transitional wireless implementation
  • Should be temporary
  • Until migration to stronger wireless security
    possible
  • Should implement basic level of security for a
    WLAN
  • Including authentication and encryption

60
Authentication Shared Key Authentication
  • First and perhaps most important step
  • Uses WEP keys
  • Networks that support multiple devices should use
    all four keys
  • Same key should not be designated as default on
    each device

61
Authentication SSID Beaconing
  • Turn off SSID beaconing by configuring APs to not
    include it
  • Beaconing the SSID is default mode for all APs
  • Good practice to use cryptic SSID
  • Should not provide any information to attackers

62
WEP Encryption
  • Although vulnerabilities exist, should be turned
    on if no other options for encryption are
    available
  • Use longest WEP key available
  • May prevent script kiddies or casual
    eavesdroppers from attacking

Table 9-4 Transitional security model
63
Personal Security Model
  • Designed for single users or small office home
    office (SOHO) settings
  • Generally 10 or fewer wireless devices
  • Two sections
  • WPA Older equipment
  • WPA2 Newer equipment

64
WPA Personal Security PSK Authentication
  • Uses passphrase (PSK) that is manually entered to
    generate the encryption key
  • PSK used a seed for creating encryption keys
  • Key must be created and entered in AP and also on
    any wireless device (shared) prior to (pre)
    the devices communicating with AP

65
WPA Personal Security TKIP Encryption
  • TKIP is a substitute for WEP encryption
  • Fits into WEP procedure with minimal change
  • Device starts with two keys
  • 128-bit temporal key
  • 64-bit MIC
  • Three major components to address
    vulnerabilities
  • MIC
  • IV sequence
  • TKIP key mixing
  • TKIP required in WPA

66
WPA2 Personal Security PSK Authentication
  • PSK intended for personal and SOHO users without
    enterprise authentication server
  • Provides strong degree of authentication
    protection
  • PSK keys automatically changed (rekeyed) and
    authenticated between devices after specified
    period of time or after set number of packets
    transmitted (rekey interval)
  • Employs consistent method for creating keys
  • Uses shared secret entered at AP and devices
  • Random sequence of at least 20 characters or 24
    hexadecimal digits

67
WPA2 Personal Security AES-CCMP Encryption
  • WPA2 personal security model encryption
    accomplished via AES
  • AES-CCMP Encryption protocol in 802.11i
  • CCMP based on Counter Mode with CBC-MAC (CCM) of
    AES encryption algorithm
  • CCM provides data privacy
  • CBC-MAC provides data integrity and
    authentication
  • AES processes blocks of 128 bits
  • Cipher key length can be 128, 192 and 256 bits
  • Number of rounds can be 10, 12, and 14

68
WPA2 Personal Security AES-CCMP Encryption
(continued)
  • AES encryption/decryption computationally
    intensive
  • Better to perform in hardware

Table 9-5 Personal security model
69
Enterprise Security Model
  • Most secure level of security that can be
    achieved today for wireless LANs
  • Designed for medium to large-size organizations
  • Intended for setting with authentication server
  • Like personal security model, divided into
    sections for WPA and WPA2
  • Additional security tools available to increase
    network protection

70
WPA Enterprise Security IEEE 802.1x
Authentication
  • Uses port-based authentication mechanisms
  • Network supporting 802.1x standard should consist
    of three elements
  • Supplicant Wireless device which requires secure
    network access
  • Authenticator Intermediary device accepting
    requests from supplicant
  • Can be an AP or a switch
  • Authentication Server Accepts requests from
    authenticator, grants or denies access

71
WPA Enterprise Security IEEE 802.1x
Authentication (continued)
  • Supplicant is software on a client implementing
    802.1x framework
  • Authentication server stores list of names and
    credentials of authorized users
  • Remote Authentication Dial-In User Service
    (RADIUS) typically used
  • Allows user profiles to be maintained in central
    database that all remote servers can share

72
WPA Enterprise Security IEEE 802.1x
Authentication
  • 802.1x based on Extensible Authentication
    Protocol (EAP)
  • Several variations
  • EAP-Transport Layer Security (EAP-TLS)
  • Lightweight EAP (LEAP)
  • EAP-Tunneled TLS (EAP-TTLS)
  • Protected EAP (PEAP)
  • Flexible Authentication via Secure Tunneling
    (FAST)
  • Each maps to different types of user logons,
    credentials, and databases used in authentication

73
WPA Enterprise Security TKIP Encryption
  • TKIP is a wrapper around WEP
  • Provides adequate encryption mechanism for WPA
    enterprise security
  • Dovetails into existing WEP mechanism
  • Vulnerabilities may be exposed in the future

74
WPA2 Enterprise Security IEEE 802.1x
Authentication
  • Enterprise security model using WPA2 provides
    most secure level of authentication and
    encryption available on a WLAN
  • IEEE 802.1x is strongest type of wireless
    authentication currently available
  • Wi-Fi Alliance certifies WPA and WPA2 enterprise
    products using EAP-TLS
  • Other EAP types not tested, but should run a WAP
    or WAP2 environment

75
WPA2 Enterprise Security AES-CCMP Encryption
  • AES Block cipher that uses same key for
    encryption and decryption
  • Bits encrypted in blocks of plaintext
  • Calculated independently
  • block size of 128 bits
  • Three possible key lengths 128, 192, and 256
    bits
  • WPA2/802.11i uses128-bit key length
  • Includes four stages that make up one round
  • Each round is iterated 10 times

76
WPA2 Enterprise Security AES-CCMP Encryption
(continued)
Table 9-6 Enterprise security model
77
Other Enterprise Security Tools Virtual Private
Network (VPN)
  • Virtual private network (VPN) Uses a public,
    unsecured network as if it were private, secured
    network
  • Two common types
  • Remote-access VPN User-to-LAN connection used by
    remote users
  • Site-to-site VPN Multiple sites can connect to
    other sites over Internet
  • VPN transmissions are achieved through
    communicating with endpoints

78
Other Enterprise Security Tools Virtual Private
Network
  • Endpoint End of tunnel between VPN devices
  • Can local software, dedicated hardware device, or
    even a firewall
  • VPNs can be used in WLAN setting
  • Tunnel though WLAN for added security
  • Enterprise trusted gateway Extension of VPN
  • Pairs of devices create trusted VPN connection
    between themselves
  • Can protect unencrypted packets better than a VPN
    endpoint

79
Other Enterprise Security Tools Wireless Gateway
  • AP equipped with additional functionality
  • Most APs are wireless gateways
  • Combine functionality of AP, router, network
    address translator, firewall, and switch
  • On enterprise level, wireless gateway may combine
    functionality of a VPN and an authentication
    server
  • Can provide increased security for connected APs

80
Other Enterprise Security Tools Wireless
Intrusion Detection System (WIDS)
  • Intrusion-detection system (IDS) Monitors
    activity on network and what the packets are
    doing
  • May perform specific function when attack
    detected
  • May only report information, and not take action
  • Wireless IDS (WIDS) Constantly monitors RF
    frequency for attacks
  • Based on database of attack signatures or on
    abnormal behavior
  • Wireless sensors lie at heart of WIDS
  • Hardware-based have limited coverage,
    software-based have extended coverage

81
Other Enterprise Security Tools Captive Portal
  • Web page that wireless users are forced to visit
    before they are granted access to Internet
  • Used in one of the following ways
  • Notify users of wireless policies and rules
  • Advertise to users specific services or products
  • Authenticate users against a RADIUS server
  • Often used in public hotspots

82
CWNA Guide to Wireless LANs, Second Edition
  • Chapter Ten
  • Managing a Wireless LAN

83
Monitoring the Wireless Network
  • Network monitoring provides valuable data
    regarding current state of a network
  • Generate network baseline
  • Detect emerging problems
  • Monitoring a wireless network can be performed
    with two sets of tools
  • Utilities designed specifically for WLANs
  • Standard networking tools

84
WLAN Monitoring Tools
  • Two classifications of tools
  • Operate on wireless device itself
  • Function on AP
  • Device and Operating System Utilities
  • Most OSs provide basic utilities for monitoring
    the WLAN
  • Some vendors provide more detailed utilities

85
WLAN Monitoring Tools
  • Access Point Utilities
  • All APs have WLAN reporting utilities
  • Status information sometimes just a summary of
    current AP configuration
  • No useful monitoring information
  • Many enterprise-level APs provide utilities that
    offer three types of information
  • Event logs
  • Statistics on wireless transmissions
  • Information regarding connection to wired
    Ethernet network

86
Standard Network Monitoring Tools
  • Drawbacks to relying solely on info from AP and
    wireless devices
  • Lack of Retention of data
  • Laborious and time-intensive data collection
  • Data generally not collected in time manner
  • Standard network monitoring tools
  • Used on wired networks
  • Proven to be reliable
  • Simple Network Management Protocol (SNMP)
  • Remote Monitoring (RMON)

87
Simple Network Management Protocol (SNMP)
  • Protocol allowing computers and network equipment
    to gather data about network performance
  • Part of TCP/IP protocol suite
  • Software agent loaded onto each network device
    that will be managed using SNMP
  • Monitors network traffic and stores info in
    management information base (MIB)
  • SNMP management station Computer with the SNMP
    management software

88
Simple Network Management Protocol (continued)
  • SNMP management station communicates with
    software agents on network devices
  • Collects data stored in MIBs
  • Combines and produces statistics about network
  • Whenever network exceeds predefined limit,
    triggers an SNMP trap
  • Sent to management station
  • Implementing SNMP provides means to acquire
    wireless data for establishing baseline and
    generating alerts

89
Remote Monitoring (RMON)
  • SNMP-based tool used to monitor LANs connected
    via a wide area network (WAN)
  • WANs provide communication over larger
    geographical area than LANs
  • Allows remote network node to gather network data
    at almost any point on a LAN or WAN
  • Uses SNMP and incorporates special database for
    remote monitoring
  • WLAN AP can be monitored using RMON
  • Gathers data regarding wireless and wired
    interfaces

90
Maintaining the Wireless Network
  • Wireless networks are not static
  • Must continually be modified, adjusted, and
    tweaked
  • Modifications often made in response to data
    gathered during network monitoring
  • Two of most common functions
  • Updating AP firmware
  • Adjusting antennas to enhance transmissions

91
Upgrading Firmware
  • Firmware Software embedded into hardware to
    control the device
  • Electronic heart of a hardware device
  • Resides on EEPROM
  • Nonvolatile storage chip
  • Most APs use a browser-based management system
  • Keep APs current with latest changes by
    downloading the changes to the APs

92
Upgrading Firmware (continued)
  • General steps to update AP firmware
  • Download firmware from vendors Web site
  • Select Upgrade Firmware or similar option from
    AP
  • Enter location of firmware file
  • Click Upgrade button
  • Enterprise-level APs often have enhanced firmware
    update capabilities
  • e.g., may be able to update System firmware, Web
    Page firmware, and Radio firmware separately

93
Upgrading Firmware (continued)
  • With many enterprise-level APs, once a single AP
    has been upgraded to the latest firmware, can
    distribute to all other APs on the WLAN
  • Receiving AP must be able to hear IP multicast
    issued by Distribution AP
  • Receiving AP must be set to allow access through
    a Web browser
  • If Receiving AP has specific security
    capabilities enabled, must contain in its
    approved user lists a user with the same user
    name, password, and capabilities as user logged
    into Distribution AP

94
Upgrading Firmware (continued)
  • RF site tuning After firmware updates applied,
    adjusting APs setting
  • Adjust radio power levels on all access points
  • Firmware upgrades may increase RF coverage areas
  • Adjust channel settings
  • Validate coverage area
  • Modify integrity and throughput
  • Document changes

95
Adjusting Antennas RF Transmissions
  • May need to adjust antennas in response to
    firmware upgrades or changes in environment
  • May require reorientation or repositioning
  • May require new type of antenna
  • Radio frequency link between sender and receiver
    consists of three basic elements
  • Effective transmitting power
  • Propagation loss
  • Effective receiving sensibility

96
Adjusting Antennas RF Transmissions (continued)
Figure 10-14 Radio frequency link
97
Adjusting Antennas RF Transmissions (continued)
  • Link budget Calculation to determine if signal
    will have proper strength when it reaches links
    end
  • Required information
  • Antenna gain
  • Free space path loss
  • Frequency of the link
  • Loss of each connector at the specified frequency
  • Number of connectors used
  • Path length
  • Power of the transmitter

98
Adjusting Antennas RF Transmissions (continued)
  • Link budget (continued)
  • Required information (continued)
  • Total length of transmission cable and loss per
    unit length at specified frequency
  • For proper WLAN performance, link budget must be
    greater than zero
  • System operating margin (SOM)
  • Good WLAN link has link budget over 6 dB
  • Fade margin Difference between strongest RF
    signal in an area and weakest signal that a
    receiver can process

99
Adjusting Antennas RF Transmissions (continued)
  • Attenuation (loss) Negative difference in
    amplitude between RF signals
  • Absorption
  • Reflection
  • Scattering
  • Refraction
  • Diffraction
  • Voltage Standing Wave Ratio

100
Adjusting Antennas Antenna Types
  • Rod antenna Antenna typically used on a WLAN
  • Omnidirectional
  • 360 degree radiation pattern
  • Transmission pattern focused along horizontal
    plane
  • Increasing length creates tighter 360-degree
    beam
  • Sectorized antenna Cuts standard 360-degree
    pattern into four quarters
  • Each quarter has own transmitter and antenna
  • Can adjust power to each sector independently

101
Adjusting Antennas Antenna Types (continued)
  • Panel antenna Typically used in outdoor areas
  • Tight beamwidth
  • Phase shifter Allows wireless device to use a
    beam steering antenna to improve receiver
    performance
  • Direct transmit antenna pattern to target
  • Phased array antenna Incorporates network of
    phase shifters, allowing antenna to be pointed
    electronically in microseconds,
  • Without physical realignment or movement

102
Adjusting Antennas Antenna Types (continued)
  • Radiation pattern emitting from antennas travels
    in three-dimensional donut form
  • Azimuth and elevation planes
  • Antenna Accessories
  • Transmission problem can be resolved by adding
    accessories to antenna system
  • Provide additional power to the antenna, decrease
    power when necessary, or provide additional
    functionality

103
Adjusting Antennas Antenna Types (continued)
Figure 10-17 Azimuth and elevation pattern
104
Adjusting Antennas RF Amplifier
  • Increases amplitude of an RF signal
  • Signal gain
  • Unidirectional amplifier Increases RF signal
    level before injected into transmitting antenna
  • Bidirectional amplifier Boosts RF signal before
    injected into device containing the antenna
  • Most amplifiers for APs are bidirectional

105
Adjusting Antennas RF Attenuators
  • Decrease RF signal
  • May be used when gain of an antenna did not match
    power output of an AP
  • Fixed-loss attenuators Limit RF power by set
    amount
  • Variable-loss attenuators Allow user to set
    amount of loss
  • Fixed-loss attenuators are the only type
    permitted by the FCC for WLAN systems

106
Adjusting Antennas Cables and Connectors
  • Basic rules for selecting cables and connectors
  • Ensure connector matches electrical capacity of
    cable and device, along with type and gender of
    connector
  • Use high-quality connectors and cables
  • Make cable lengths as short as possible
  • Make sure cables match electrical capacity of
    connectors
  • Try to purchase pre-manufactured cables
  • Use splitters sparingly

107
Adjusting Antennas Lightning Arrestor
  • Antennas can inadvertently pick up high
    electrical discharges
  • From nearby lightning strike or contact with
    high-voltage electrical source
  • Lightning Arrestor Limits amplitude and
    disturbing interference voltages by channeling
    them to ground
  • Designed to be installed between antenna cable
    and wireless device
  • One end (3) connects to antenna
  • Other end (2) connects to wireless device
  • Ground lug (1) connects to grounded cable

108
Establishing a Wireless Security Policy
  • One of most important acts in managing a WLAN
  • Should be backbone of any wireless network
  • Without it, no effective wireless security

109
General Security Policy Elements
  • Security policy Document or series of documents
    clearly defining the defense mechanisms an
    organization will employ to keep information
    secure
  • Outlines how to respond to attacks and
    information security duties/responsibilities of
    employees
  • Three key elements
  • Risk assessment
  • Security auditing
  • Impact analysis

110
Risk Assessment
  • Determine nature of risks to organizations
    assets
  • First step in creating security policy
  • Asset Any item with positive economic value
  • Physical assets
  • Data
  • Software
  • Hardware
  • Personnel
  • Assets should be assigned numeric values
    indicating relative value to organization

111
Risk Assessment (continued)
  • Factors to consider in determining relative
    value
  • How critical is this asset to the goals of the
    organization?
  • How much profit does it generate?
  • How much revenue does it generate?
  • What is the cost to replace it?
  • How much does it cost to protect it?
  • How difficult would it be to replace it?
  • How quickly can it be replaced?
  • What is the security impact if this asset is
    unavailable?

112
Risk Assessment (continued)
Table 10-1 Threats to information security
113
Security Auditing
  • Determining what current security weaknesses may
    expose assets to threats
  • Takes current snapshot of wireless security of
    organization
  • Each threat may reveal multiple vulnerabilities
  • Vulnerability scanners Tools that can compare an
    asset against database of known vulnerabilities
  • Produce discovery report that exposes the
    vulnerability and assesses its severity

114
Impact Analysis
  • Involves determining likelihood that
    vulnerability is a risk to organization
  • Each vulnerability can be ranked
  • No impact
  • Small impact
  • Significant
  • Major
  • Catastrophic
  • Next, estimate probability that vulnerability
    will actually occur
  • Rank on scale of 1 to 10

115
Impact Analysis (continued)
  • Final step is to determine what to do about risks
  • Accept the risk
  • Diminish the risk
  • Transfer the risk
  • Desirable to diminish all risks to some degree
  • If not possible, risks for most important assets
    should be reduced first

116
Functional Security Policy Elements
  • Baseline practices Establish benchmark for
    actions using wireless network
  • Can be used for creating design and
    implementation practices
  • Foundation of what conduct is acceptable on the
    WLAN
  • Security policy must specifically identify
    physical security
  • Prevent unauthorized users from reaching
    equipment in order to use, steal, or vandalize it
Write a Comment
User Comments (0)
About PowerShow.com