Protecting Your Wireless Network
Download
Report
Transcript Protecting Your Wireless Network
Protecting Your Wireless
Network
University of Tasmania
School Of Computing
2007
Protecting Your Wireless Network
2007
1
Lecturer (Launceston)
Dr. Daniel Rolf
School of Computing, Launceston
Phone:
Email:
6324 3450
[email protected]
Protecting Your Wireless Network
2007
2
Tonight
This is for
Home users
Those with limited or no technical expertise
Simple networks with no extra hardware
e.g. no RADIUS/VPN servers etc
Those who want some background and
straightforward advice
Protecting Your Wireless Network
2007
3
Agenda
Background
Issues
Typical Configuration Options
What do they mean
What you should do
Protecting Your Wireless Network
2007
4
A Wireless Network
What does the
Access Point do?
Internet
Each Computer is uniquely
identified by its own IP
Address and MAC Address
IP: Internet Protocol
MAC: Medium Access Control
Protecting Your Wireless Network
2007
5
Wireless Range
If you measure the radio signal 1meter
from the antenna as 100% then
At 10m you will measure
At 100m you will measure
At 1km you will measure
1%
0.01%
0.0001%
It never goes away!
just disappears into the background…
Protecting Your Wireless Network
2007
6
Somewhere…
Protecting Your Wireless Network
2007
http://www.larsen-b.com/Article/212.html
7
Wireless Products and Users
A home user can not be expected to
have any IT expertise
Installing wireless equipment is made
as simple as possible
Advertising highlights the good points
Protecting Your Wireless Network
2007
8
A Popular Product
NETGEAR
108Mbps Wireless Firewall Router
PC
WGT624 v2
Wireless Router
Telephone Socket
Cable or DSL modem
Protecting Your Wireless Network
2007
9
The Installation Guide
How to connect the router
How to Log in to the router
http://192.168.0.1
Run a setup wizard to connect to the Internet
Setup basic wireless connectivity
Default features
Network Name(SSID):
WEP Security:
NETGEAR
disabled
Protecting Your Wireless Network
2007
10
And now for the demo…
Protecting Your Wireless Network
2007
11
NETGEAR WGT624 Security
These are the advertised security features
Double Firewall
Denial of Service (DoS) attack prevention
Intrusion Detection and Prevention
Wired Equivalent Privacy (WEP) 64 and 128 bit
Wi-Fi Protected Access (Pre Shared Key)
Wireless Access Control (SSID)
To identify authorized wireless network devices
Multiple VPN tunnels
Network Address Translation (NAT)
Stateful Packet Inspection (SPI)
Pass Through, 2 IPSec, and multiple L2TP and PPTP
Exposed Host (DMZ)
MAC address authentication
Protecting Your Wireless Network
2007
12
The Pass Phrase
8-63 characters long
lots of years
years
minutes
10
20
30
Length in
characters
Possible time to crack
Protecting Your Wireless Network
2007
13
Do’s
Change the default settings
use your own SSID
change the administrator password on the AP
Enable and use the security features on the access point
make use of the firewall and filtering offered on the access point
if they are not there then look at getting specific products
Use good passwords/pass-phrases
Makes your network less of an obvious attraction
for WPA
for any shared directories on your computer
Enable MAC filtering (for the technically minded)
allow only the computers you know/want on your network
this is a hurdle that can be bypassed (takes effort)
Protecting Your Wireless Network
2007
14
Do’s
Manage the access point over a wired network port
Look a the access point logs from time to time
Keep the operational range to a minimum
see who’s there
e.g. Lower the transmit power of the AP to minimise signal
propagation if you have the option.
Switch the access point off if you are not using it for
any length of time
Protecting Your Wireless Network
2007
15
Don’t
Use a default for anything without
serious consideration
(and then still don’t)
Use WEP
Use a Pre Shared Key (PSK) based on a
dictionary word
Protecting Your Wireless Network
2007
16
Choosing & Managing your
Passwords
Authentication passwords (secret)
Generally shorter
Often written down and stored securely
Chosen and changed according to a
method known only to the creator
Access Control passwords (shared)
Generally longer: pass phrase
Need different method to choose these
Protecting Your Wireless Network
2007
17
Choosing & Managing your
Passwords
It is common to find
people choosing
authentication
passwords based on
their personal lives
Tiddles1
Fido&Tiddles
MyFidoDog
Or personal names, car
number plates, birth
dates etc
Introducing Fido and Tiddles
Protecting Your Wireless Network
2007
18
Choosing & Managing your
Passwords
Tip #1 choose your WPA password
using a very different method from the
one you use to chose your
authentication password
Your WPA password will be shared
You are not the only one controlling the
sharing
Protecting Your Wireless Network
2007
19
Choosing & Managing your
Passwords
Tip #2 find a method that will produce
a 20 character password that you can
remember
tell someone else easily
Not &%^$3wd9!fhKK#?….
Hints
Think of the term pass phrase rather than
word
Protecting Your Wireless Network
2007
20
Choosing & Managing your
Passwords
Hints
Use lines from poems and other texts
Use lines from tunes and songs
The boy stood on the burning deck
My teddy bear is rather fat
We’re all going on a summer holiday
By saying something stupid like I
Use funny phrases
Configuring this router is making me cross
I often cook burnt offerings
Protecting Your Wireless Network
2007
21
Choosing & Managing your
Passwords
Hints
Add some capitals and replace o with 0 & I with 1
and use some SMS abbreviations
The b0y stood on Burn1ng deck
My teddy bear 1s Rather fat
We’re All go1ng on a summer hol1day
By saying Something Stupid like 1
Configuring th1s ** router is making me X
Write this down and file in a secure place
With some physical access control
Protecting Your Wireless Network
2007
22
Choosing & Managing your
Passwords
Finally
Remember your WPA password will be
shared
It should give no clues as to how you
construct your authentication passwords
You may trust your daughter but do you trust
your daughter’s friend’s boy friend?
If in doubt change the pass phrase
Access to your network is the first step to
access to your money!
Protecting Your Wireless Network
2007
23
More Information
Securing your Wireless Network
http://www.practicallynetworked.com/support/wireless_secure.htm
Improving your default Netgear Security
http://kbserver.netgear.com/kb_web_files/n101379.asp
Protecting Your Wireless Network
2007
24