Top Banner
WIRELESS NETWORK SECURITY SUMMARY AND CONCLUSIONS
29

WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

Sep 12, 2021

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

WIRELESS NETWORK SECURITY

SUMMARY AND CONCLUSIONS

Page 2: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

AGENDA

REVEIW

RECOMMENDATIONS

COMMENTS

Page 3: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

Page 4: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

WIRELESS

RADIO FREQUENCY SPECTRUM

PROPERTIES OF RADIO WAVES

802.11 STANDARDS, A/B/G, WIMAX

POINT-TO-POINT NETWORKS

MESH NETWORKS

Page 5: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

ACCESS POINTS TO BUILD WIRELESS NETWORKS

CONFIGURATION ACCESS POINTS

ESSID, MODE, CHANNELS, SNMP

ACCESS-POINT MODE V. “STATION”/CLIENT MODE

POWER SETTINGS

BRIDGING

WPA2 POINT-TO-POINT LINKS

UBIQUITI ACCESS POINTS

Page 6: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

EXTENDING WIRELESS NETWORKS

ADDING ADDITIONAL ACCESS POINTS

SITE DEPLOYMENT ISSUES

POWER/ENVIRONMENTAL CONCERNS

CAPTIVE PORTAL APPROACHES

USING M0N0WALL OR NOCAT TO SECURE A WIRELESS NETWORK

Page 7: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

M0N0WALL

A GUI-BASED CAPTIVE PORTAL/FIREWALL SOLUTION

INEXPENSIVE (FREE!)

SUITABLE FOR WIRELESS CAPTIVE PORTALS

RUNS ON INEXPENSIVE HARDWARE

Page 8: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

NETWORK PROTOCOLS

THE MAC LAYER, “LAYER2” IS SIMILAR IN BOTH WIRED AND WIRELESS NETWORKS

THERE IS NO SECURITY BUILT INTO THE ETHERNET OR MAC LAYER

BECAUSE OF THIS, ARP MECHANISMS ARE SUBJECT TO TAMPERING, POISONING, MASQUERADING ATTACKS

Page 9: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

TCP/IP

SIMILARLY, TCP/IP HAS NO SECURITY BUILT INTO THE PROTOCOLS

BECAUSE OF THAT IP ADDRESSES ARE ALSO SUBJECT TO FORGERY. TCP/IP CAN ALSO BE TAMPERED WITH, ESPECIALLY FOR DENIAL OF SERVICE ATTACKS

LEARNED UNIX TOOLS FOR NETWORK CONFIGURATION: IFCONFIG, NETSTAT, ARP, ARPING, PING, TRACEROUTE, MTR, TCPTRACEROUTE

Page 10: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

BACKTRACK

LEARNED ABOUT LIVE-CD DISTRIBUTIONS

LOTS OF TOOLS ON THE BACKTRACK LIVE-CD

INSTALLING BACKTRCK ON USB

WIRELESS CONFIGURATION TOOLS: IFCONFIG, IWCONFIG, IWLIST, DHCPCD

Page 11: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

NETWORK DESIGN

ADDING WIRELESS NETWORKS AND ADDITIONAL SECURITY SYSTEMS WILL REQUIRE NETWORK DESIGN

THIS REQUIRES CAREFUL CONSIDERATION OF THE TOPOLOGY OF THE EXISTING NETWORK

IT ALSO REQUIRES UNDERSTANDING WHAT THE GOAL IS FOR THE NEW DESIGN

Page 12: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

NETWORK DESIGN (CONTINUED)

SECURITY “ZONES” CAN BE CREATED, OUTSIDE, IN A DMZ, OR INSIDE OF NETWORKS. EX: GUEST V. INTERNAL

CAPTIVE PORTALS (AUTHENTICATION GATEWAYS) CAN BE USED TO CREATE THE EDGE OF A SECURITY ZONE

ACCOUNT MANAGEMENT, AUTHENTICATION, AND ACCESS CONTROL ARE CRITICAL COMPONENTS IN A CAPTIVE PORTAL (AUTHENTICATION GATEWAY)

Page 13: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

WIRELESS SECURITY STANDARDS

OLDER WIRELESS ENCRYPTION STANDARDS HAVE NOT PERFORMED WELL

WEP IS CRACKABLE USING A NUMBER OF TOOLS

WPA2 APPEARS TO BE THE BEST OF THE CURRENTLY AVAILABLE STANDARDS

WPA2 MAY NOT BE SUPPORTED ON ALL OF YOUR CLIENT MACHINES

A CERTIFICATE/PKI SYSTEM MAY PROVIDE ADDITIONAL SUPPORT FOR AN IMPLEMENTATION

Page 14: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEWS

TRAFFIC ANALYSIS

A NUMBER OF FREE TOOLS ARE AVAILABLE

THESE CAN BE USED TO MONITOR THE CONDITION OF YOUR NETWORK

THEY CAN ALSO BE USED TO DO FORENSICS AFTER A BREAKIN HAS OCCURRED

FLOWTOOLS, WIRESHARK, AND NTOP ARE COMMONLY USED BY MANY NETWORK ENGINEERS

Page 15: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

WIRELESS TOOLS

NETSTUMBLER CAN BE USED TO MAP OUT THE STATE OF THE WIRELESS NETWORK

KISMET CAN BE USED TO ANALYZE THE WIRELESS TRAFFIC IN MORE DETAIL

INEXPENSIVE SPECTRUM ANALYSIS TOOLS, SUCH AS WISPY, CAN BE USED TO ANALYZE RADIO ISSUES

Page 16: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

UBUNTU

POPULAR, EASY-TO-USE LINIX DISTRIBUTION

PACKAGE MANAGEMENT USING: APT-GET, APT-CACHE, DPKG

USE OF THE ROOT ACCOUNT USING: SUDO, SUDO -S

START/STOP SERVICE USING: /ETC/INIT.D/

Page 17: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

INFORMATION SECURITY CONCEPTS

INFORMATION SECURITY RESOURCES

NETWORK SECURITY

NETWORK ACCESS CONTROL

Page 18: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

NETWORK ACCESS CONTROL

NAC SYSTEMS ARE STARTING TO APPEAR THAT BUILD COMPLEX ACCESS CONTROL MECHANISMS

SIMPLER ACCESS CONTROL MECHANISMS ARE POSSIBLE

PROXIES, SSL VPNS, AND IPSEC VPNS ARE A SIMPLE SOLUTION TO THIS PROBLEM IN SOME CASES

CAPTIVE PORTALS (AUTHENTICATION GATEWAYS) PROVIDE MOST OF THE BENEFITS OF NAC, WITHOUT THE HIGH COSTS AND COMPLEXITY

Page 19: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

NETWORK ATTACKS

ATTACK RESOURCES: CONFERENCES, WEBSITES, MAGAZINES

ATTACK TYPES

DENIAL OF SERVICE

ARP SPOOFING

MAN-IN-THE-MIDDLE

PHISHING ATTACKS

ATTACK TOOLS: DSNIFF, ETTERCAP, AIRCRACK, AIREPLAY

Page 20: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

REVIEW

NMAP, NESSUS, AND SNORT

VULNERABILITY ANALYSIS CONCEPTS

INTRUSION DETECTION CONCEPTS

THE USE OF OPEN-SOURCE TOOLS

Page 21: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

Page 22: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

MONITOR YOUR NETWORK

MANAGE YOUR ACCESS POINTS

GRAPH NETWORK STATISTICS

DEPLOY A FLOWTOOLS OR MONITORING STATION

Page 23: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

APPLY ACCESS CONTROLS WHERE NECESSARY

CAPTIVE PORTALS WORK WELL TO SECURE OPEN WIRELESS NETWORKS

Page 24: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

MONITOR YOUR WIRELESS ENVIRONMENT

LOOK FOR ROGUE ACCESS POINTS WITH NETSTUMBLER

WATCH OUT FOR ROGUE DHCP SERVERS

ADDRESS ROGUE AP ISSUES QUICKLY

Page 25: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

ENCRYPTION

USE ENCRYPTION WHERE IT MAKES SENSE

USE WPA2 OR SIMILAR SOLUTIONS

USE SSL-VPN AND IPSEC VPNS, AND SSH

USE END-TO-END ENCRYPTION, AND PAY ATTENTION TO DATA SECURITY: PGP, AND OTHER TOOLS

Page 26: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

ADVANCED NETWORK SETTINGS

USE VLANS TO SEGMENT SUBNETS

ENABLE “ARP INSPECTION” OR “PORT-SECURITY” ON CHALLENGING SUBNETS

ENABLE “DHCP SNOOPING” TO LIMIT THE DAMAGE FROM ROGUE DHCP SYSTEMS

STATIC ARP ON SOME CRITICAL DEVICES

Page 27: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

RECOMMENDATIONS

VULNERABILITY SCANNING

PERORM REGULAR SCANS OF YOUR NETWORK

APPLY PATCHES

SUPPORT ANTI-VIRUS FIREWALL SOFTWARE

USE IDS TO DETECT RECENT KNOWN ATTACKS

EDUCATE YOUR USERS

Page 28: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

COMMENTS

FEEDBACK IS WELCOME

MORE LAB TIME?

MORE TIME ON SITE PLANNING AND DEPLOYMENT LABS?

MORE TIME ON MESH NETWORKING?

OTHER TYPES OF WIRELESS TECHNOLOGY?

MORE TIME ON DEMONSTRATING CAPTIVE PORTALS?

Page 29: WIRELESS NETWORK SECURITY - Network Startup Resource Center (NSRC)

SUMMARY AND CONCLUSIONS WIRELESS NETWORK SECURITY

COMMENTS

THANK YOU!


Related Documents
Campus Network Best Practices: Structured Cabling Dale Smith University of Oregon/NSRC dsmith@nsrc.org This document is a result of work by the Network.

Campus Network Best Practices: Structured Cabling Dale Smith...

Category: Documents
Campus Networking Best Practices Session 3: Layer 0 Campus Network Structured Cabling Dale Smith University of Oregon & NSRC dsmith@uoregon.edu.

Campus Networking Best Practices Session 3: Layer 0 Campus.....

Category: Documents
Sophos Computer Security SBE network startup guide

Sophos Computer Security SBE network startup guide

Category: Documents
© 2010 NSRC Corporation1 Foreign Material Management Dr. Bill Corcoran NSRC Corporation 860-285-8779 William.R.Corcoran@1959.USNA.com.

© 2010 NSRC Corporation1 Foreign Material Management Dr....

Category: Documents
Nsrc@walc 2008 Mérida, Venezuela nsrc@APRICOT 2010 Kuala Lumpur, Malaysia Network and Server Statistics using Cacti APRICOT 2010 Kuala Lumpur, Malaysia.

Nsrc@walc 2008 Mérida, Venezuela nsrc@APRICOT 2010 Kuala...

Category: Documents
Network and Server Statistics Using Cacti - NSRC

Network and Server Statistics Using Cacti - NSRC

Category: Documents
Nsrc@AfNOG 2012 Serrekunda, The Gambia TCP/IP Network Essentials Linux System Administration and IP Services AfNOG 2012 Serrekunda, The Gambia.

Nsrc@AfNOG 2012 Serrekunda, The Gambia TCP/IP Network...

Category: Documents
Gestión de Logs - Network Startup Resource Center

Gestión de Logs - Network Startup Resource Center

Category: Documents
Nsrc@apricot 2010 Network Performance Definitions and Analysis APRICOT 2010 Kuala Lumpur, Malaysia.

Nsrc@apricot 2010 Network Performance Definitions and...

Category: Documents
Deploying MPLS L2VPN - NSRC

Deploying MPLS L2VPN - NSRC

Category: Documents
Device connection and startup 1. computer startup startup via network– bootp connection to the network 2.

Device connection and startup 1. computer startup startup....

Category: Documents
Automated Instance Creation - NSRC: Workshops · Automated Instance Creation Network Startup Resource Center These materials are licensed under the Creative Commons Attribution-NonCommercial

Automated Instance Creation - NSRC: Workshops · Automated....

Category: Documents