Simple ways to secure Simple ways to secure Wireless ComputersWireless Computers

Jay Ferron,

ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI

QuestionsQuestions

How many of you have more than one How many of you have more than one computer at home?computer at home?

How do you connect to the Internet (DSL, How do you connect to the Internet (DSL, cable, dialup)?cable, dialup)?

How many already have a home router? How many already have a home router?

Already have a wireless router?Already have a wireless router?

AgendaAgenda

What is a Home networkWhat is a Home network

Connecting things togetherConnecting things together

Firewalls and FilteringFirewalls and Filtering

Setting up a home routerSetting up a home router

Setting up Print and File SharingSetting up Print and File Sharing

QuestionsQuestions

Home NetworkHome Network

One or more computers connected:One or more computers connected: To the Internet with a routerTo the Internet with a router To each other in order to share Resources: To each other in order to share Resources:

Internet ConnectionsInternet Connections

Sharing FilesSharing Files

Sharing PrintersSharing Printers

What is a RouterWhat is a Router

Connects one network to anotherConnects one network to another

Sometimes called a “Gateway”Sometimes called a “Gateway”

In our case it connects to your cable In our case it connects to your cable modem or DSL Linemodem or DSL Line

Routers keep track of IP addresses and Routers keep track of IP addresses and physical (MAC) addresses of hostsphysical (MAC) addresses of hosts

Managed (As we shall see)Managed (As we shall see)

What is a Cable/DSL ModemWhat is a Cable/DSL Modem

Usually provided and controlled by your Usually provided and controlled by your ISPISP

Connects your home to the Internet.Connects your home to the Internet.

This is the device that gets your public IP This is the device that gets your public IP addressaddress

Normally has no firewall protectionNormally has no firewall protection

Make sure you use the right cableMake sure you use the right cable

What is a FirewallWhat is a Firewall

A device the filters packets or trafficA device the filters packets or traffic

Its job is to be a traffic copIts job is to be a traffic cop

You configure the firewall:You configure the firewall: What will allow to passWhat will allow to pass What will it blockWhat will it block

Hides your home network from the outside Hides your home network from the outside worldworld

Can be either in hardware or softwareCan be either in hardware or software

Firewall ProtectionFirewall Protection

1.1. Implement a firewall (checks incoming traffic at the network before it gets to your home Implement a firewall (checks incoming traffic at the network before it gets to your home network) Default – Blocks all Incoming connectionsnetwork) Default – Blocks all Incoming connections

2.2. Leaving you home network default is allow all outbound connectionsLeaving you home network default is allow all outbound connections

3.3. Hardware firewalls protect you home network by stop all traffic before it get to your Hardware firewalls protect you home network by stop all traffic before it get to your computers computers

4.4. Personal software firewall on your computer blocks incoming and outgoing (lets you know Personal software firewall on your computer blocks incoming and outgoing (lets you know what is leaving your computer)what is leaving your computer)

FirewallHome

NetworkHome

Network

InternetInternet

Firewall RoutersFirewall Routers

The idea is layers of protectionThe idea is layers of protection

Examples of home combo units includeExamples of home combo units include DlinkDlink NetgearNetgear LinksysLinksys

Software FirewallsSoftware Firewalls

Add additional protection by:Add additional protection by: Controlling what leaves your computerControlling what leaves your computer Adding a second level of protectionAdding a second level of protection By being aware of application level attacksBy being aware of application level attacks By allow you to schedule By allow you to schedule

Usage of the internet by time (control access at Usage of the internet by time (control access at night)night)

By location (block content for young children)By location (block content for young children)

Software Firewalls for Home UseSoftware Firewalls for Home Use

McAfee FirewallMcAfee Firewall

Symantec’s Norton Personal FirewallSymantec’s Norton Personal Firewall

Zone AlarmZone Alarm (Free) (Free)

Computer Associates with Firewall (free)Computer Associates with Firewall (free)

Windows Firewall in XP Service Pack 2 (free) Windows Firewall in XP Service Pack 2 (free)

WirelessWireless

What is wirelessWhat is wireless

Wireless Networking StandardsWireless Networking Standards 802.11 a, b, and g802.11 a, b, and g Recommend a standard “g” modelRecommend a standard “g” model

Wireless Security StandardsWireless Security Standards Recommend Wired Equivalent Privacy (WEP)Recommend Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA)Wi-Fi Protected Access (WPA)

Wireless Wireless Network Network StandardsStandards

StandardStandard DescriptionDescription

802.11802.11

● A group of specifications for A group of specifications for WLANs developed by IEEEWLANs developed by IEEE

● Defines the physical and MAC Defines the physical and MAC portion of the data link layerportion of the data link layer

802.11a802.11a

● Transmission speeds up to 54 Transmission speeds up to 54 megabits per second (Mbps)megabits per second (Mbps)

● Works well in densely Works well in densely populated areaspopulated areas

802.11b802.11b

● 11 Mbps11 Mbps

● Good range but susceptible to Good range but susceptible to radio signal interferenceradio signal interference

802.11g802.11g

● Enhancement to and Enhancement to and compatible with 802.11bcompatible with 802.11b

● 54 Mbps, but at shorter ranges 54 Mbps, but at shorter ranges than 802.11bthan 802.11b

802.1x802.1x

● Authenticates clients before it Authenticates clients before it lets them on the networklets them on the network

● Requires greater hardware and Requires greater hardware and infrastructure investmentinfrastructure investment

Lesson: Introduction to Securing Lesson: Introduction to Securing Wireless NetworksWireless Networks

What are the benefits of wireless networks?What are the benefits of wireless networks?

Common threats to wireless securityCommon threats to wireless security

Wireless network standardsWireless network standards

Guidelines for using security to mitigate risks to wireless networksGuidelines for using security to mitigate risks to wireless networks

Wireless network architectureWireless network architecture

What Are the Benefits of Wireless What Are the Benefits of Wireless Networks?Networks?

● Mobile users moving between offices save time andMobile users moving between offices save time andeffort with a transparent connection to the corporate effort with a transparent connection to the corporate networknetwork

● Mobile users moving between offices save time andMobile users moving between offices save time andeffort with a transparent connection to the corporate effort with a transparent connection to the corporate networknetwork

● Users can use e-mail, electronic calendars, and chat Users can use e-mail, electronic calendars, and chat technologies when away from their deskstechnologies when away from their desks

● Users can use e-mail, electronic calendars, and chat Users can use e-mail, electronic calendars, and chat technologies when away from their deskstechnologies when away from their desks

● The cost of provisioning network access to buildings The cost of provisioning network access to buildings is substantially loweredis substantially lowered

● The cost of provisioning network access to buildings The cost of provisioning network access to buildings is substantially loweredis substantially lowered

● The network can be easily scaled to respond to The network can be easily scaled to respond to different levels of demand when the organization different levels of demand when the organization changeschanges

● The network can be easily scaled to respond to The network can be easily scaled to respond to different levels of demand when the organization different levels of demand when the organization changeschanges

Operational benefits:

Business benefits:

Common Threats to Wireless Common Threats to Wireless SecuritySecurity

● Eavesdropping Eavesdropping

● SpoofingSpoofing

● Interception and modification of transmitted Interception and modification of transmitted datadata

● FreeloadingFreeloading

● Denial of service Denial of service

● Rogue WLANsRogue WLANs

● Eavesdropping Eavesdropping

● SpoofingSpoofing

● Interception and modification of transmitted Interception and modification of transmitted datadata

● FreeloadingFreeloading

● Denial of service Denial of service

● Rogue WLANsRogue WLANs

Guidelines for Using Security to Mitigate Guidelines for Using Security to Mitigate Risks to Wireless NetworksRisks to Wireless Networks

Specify the use of software scanning tools Specify the use of software scanning tools to locate and shut down rogue WLANs on to locate and shut down rogue WLANs on your corporate network your corporate network

Specify the use of software scanning tools Specify the use of software scanning tools to locate and shut down rogue WLANs on to locate and shut down rogue WLANs on your corporate network your corporate network

If you allow unauthenticated access to If you allow unauthenticated access to your wireless network, require a VPN your wireless network, require a VPN connection to access the corporate connection to access the corporate network network

If you allow unauthenticated access to If you allow unauthenticated access to your wireless network, require a VPN your wireless network, require a VPN connection to access the corporate connection to access the corporate network network

Require data encryption for all wireless Require data encryption for all wireless communicationscommunications Require data encryption for all wireless Require data encryption for all wireless communicationscommunications

Require 802.1x authentication to help Require 802.1x authentication to help prevent spoofing, freeloading, and prevent spoofing, freeloading, and accidental threats to your networkaccidental threats to your network

Require 802.1x authentication to help Require 802.1x authentication to help prevent spoofing, freeloading, and prevent spoofing, freeloading, and accidental threats to your networkaccidental threats to your network

Wireless Network ArchitectureWireless Network Architecture

BSS

BSS

DS

ESSIBSS

STASTA

STASTASTASTA

STASTA

APAP

APAP

Demo: Demo: Wireless Devices Wireless Devices

Clearsight ScannerClearsight Scanner

Demo: How to configure Wireless Demo: How to configure Wireless Firewall/router Firewall/router

Example:Example: Basic SettingsBasic Settings Wireless SettingsWireless Settings Backup SettingsBackup Settings Set Account name and passwordSet Account name and password Blocking and FilteringBlocking and Filtering

Steps to protect your wireless Steps to protect your wireless networknetwork

1. Change the default password on your router

2. Enable WEP on router and wireless workstation

3. Use MAC address filtering

4. SSID broadcast of

5. Prohibit Peer-to-peer (Ad Hoc) networking

5. Keep current on hardware bios upgrades

Demo: Demo: Rogue Wireless Devices Rogue Wireless Devices

AirSnareAirSnare AirSnareAirSnare

Weak PasswordsWeak Passwords

Your computer password is the Your computer password is the foundation of your computer securityfoundation of your computer security

No Password = No Security No Password = No Security

Old Passwords & Same Password = Little SecurityOld Passwords & Same Password = Little Security

Change the “administrator” password on your Change the “administrator” password on your computercomputer

QuestionsQuestions

WWW.MIR.NETWWW.MIR.NET

FOR COPIES OF THIS DECKFOR COPIES OF THIS DECK