Transcript Department of Computing and Information Sciences

Revising Home Wi-Fi Security
Issues
Sankardas Roy
Department of Computing and Information Sciences
Kansas State University
Network Address Translation (NAT)
• IP addresses in a private network are not
globally unique
• Private networks use addresses from the
following address ranges :
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
• A Private IP network can be connected to the
Internet via a NAT device
Acknowledgement:
http://www.cs.virginia.edu/~itlab/book/slides/index.html
2
Private Addresses: An Example
Scenario
H1
H3
H2
10.0.1.2
H4
10.0.1.2
10.0.1.3
10.0.1.1
10.0.1.3
10.0.1.1
Private network 1
Private network 1
Internet
R1
128.195.4.119
128.143.71.21
R2
213.168.112.3
H5
3
Acknowledgement:
http://www.cs.virginia.edu/~itlab/book/slides/index.html
Why a Home Router Needs to Work
as a NAT Device?
• You have multiple computers at home but you have
been given only one public IP address by the Internet
Service Provider (ISP)
• The NAT feature of a home router possibly changes IP
addresses (and port numbers) of IP datagrams when
the datagrams leave/enter the private network
• The NAT feature of a home router allows multiple
computers at home to communicate with the outer
world.
4
Basic operation of a NAT Device
NAT device has an address translation table (green
one); the datagrams (yellow ones) flow in and out.
5
Acknowledgement:
http://www.cs.virginia.edu/~itlab/book/slides/index.html
IP masquerading: In this example, the outside world
thinks there is only one IP (i.e. 128.143.71.21) inside
the private home network.
6
Acknowledgement:
http://www.cs.virginia.edu/~itlab/book/slides/index.html
A Case Study: the Belkin Wireless
Home Router
 Screenshots of the configuration pages for a few
features of the router are shown in the following
slides
 Examples of router features are






Firewall
Port forwarding
IP filtering or MAC filtering
DMZ
Dynamic DNS
Ping blocking
7
Configuring the LAN Settings
8
Configuring the Port Forwarding
9
Configuring the DMZ Option
10
Configuring the Dynamic DNS
11
Configuring the Firewall
12
Configuring the IP Filtering
13
Configuring the MAC Filtering
14
Configuring the Ping Blocking
15
Configuring the Utilities
16
What We Learned
 Open home Wi-Fi poses many threats
 Eavesdropping
 Web session hijacking
 Adversary’s launching attacks using your home network as the launch pad
 We discussed the standard solution
 Configure your home wireless router with security protocol such as WPA2
 Disable insecure features such as DMZ, WPS, remote access, UPnP, etc.
17
Questions
 What is the difference between Port Forwarding and DMZ?
 Can these two features exist together in the same router?
 Which option is less dangerous? Why?
 What is the Dynamic DNS feature in your home router?
 When do we need it?
 How does it work?
Reminders
 The next class will be in Room 128
 Get credentials to use computers in Room 128
 Please carefully observe your homework grade
 KSOL can show some “zeros” by default
 I have graded until Homework 4 and posted the grade online
 I have also sent you graded Homework 1, 2, 3, 4 via email
 You can always email me ([email protected]) if any confusion
 We can meet off the class
 Please attend each class
 30% of the grade comes from the class participation
 Ask questions; raise relevant issues in class or via emails