Wireless Home Security by Adrian Mikeliunas, CISSP, CLP x 33478 - ISGGC
2
3
Agenda • Wireless LAN: Basic concepts • Network components • Configuration modes • Ad hoc mode (peer to peer) • Infrastructure mode (Access Point)
• Security
• Wi-Fi Protected Access with preshared key
• Feedback
4
Wireless LAN – WHY? • Convenience – Mobile (great for laptops!) – Less expensive than conventional wiring
• Cool factor • Drawbacks? – –
Subject to interference Sharing your network with the world…
5
Wireless Support in Windows Wireless Configuration Service
• • •
Discovers wireless LANs in proximity Notifies user about wireless LAN Stores and retrieves user-preferred configurations • Dynamically selects the wireless LAN to be joined • Dynamically detects addition/removal of wireless adapters 6
Wireless Configuration Service in Windows • Discovers wireless LANs in the proximity and notifies user
7
Wireless LAN Specs • 802.11a
(older)
– 5-GHz band – 54 Mbps “raw” (throughput ~25 Mbps)
• 802.11b (most popular) – 2.4-GHz band – 11 Mbps “raw” (throughput ~6 Mbps)
• 802.11g (latest & greatest) – 2.4-GHz band – 54 Mbps “raw” (throughput ~25 Mbps) 8
Wireless LAN – Concepts • Ad hoc mode (peer-to-peer) – Wireless clients connect directly
• Infrastructure mode – –
Require access points (AP) All wireless clients connect through the AP
9
Wireless LAN – Acronyms • • •
SSID – Service set identifier WEP – Wired Equivalent Privacy WPA – Wi-Fi Protected Access
• WPA-PSK – WPA with preshared key • TKIP – Temporal Key Integrity
Protocol • AES – Advanced Encryption Standard 10
Home Wireless Networks Peer-to-Peer Configuration
• No AP (Ad Hoc) • Internet Connection Sharing Home PC with wireless adapter in ad hoc mode and Internet connection shared Wireless Clients
To Internet (Cable modem, DSL, dial-up…) Wireless Medium (WM)
11
Home Wireless Networks in Ad Hoc Mode • Share the Internet Connection on the PC • Turn on Internet Connection Firewall 12
Home Wireless Networks in Ad Hoc Mode (2) • Add an ad hoc
network to the preferred list • Use maximum WEP key length (104 bit, input 13 characters)
13
Home Wireless Networks Infrastructure Configuration
• AP connected to cable or DSL modem
Wireless Base Station (Access point and router)
To Internet (Cable modem, DSL…)
Wireless Clients Home PC Wired Client Wireless Medium (WM)
14
Home Wireless Networks in Infrastructure Mode • AP requires configuration (do not keep default configuration)
– Open authentication without encryption – Default SSID
• Levels of wireless security – Nonbroadcast SSID – Media Access Control (MAC) address filtering – WEP
15
AP Configuration • Connect AP to PC • From web browser connect to AP – Broadband details – LAN details – Security
16
17
Infrastructure Mode Nonbroadcast SSID • SSID is required to associate to an
AP. • General operation: 802.11 beacon advertises the SSID of the network every 100 ms. • Nonbroadcast case: Still must be sent to associate (associate request). • Nonbroadcast means waiting longer 18 for the SSID (sniff).
19
Infrastructure Mode MAC Address Filtering • Restricting access to the wireless LAN based on a table of valid MAC addresses • Malicious user can easily try many MAC addresses until he finds one that works • Wait to sniff traffic from a valid user and then use its MAC address 20 20
Home Wireless Networks WEP Encryption • Each wireless client shares a key with AP • Each packet is encrypted with shared key and initialization vector (IV) • WEP key size 40 bit or 104 bit • Multiple problems (can be broken) 21
Home Wireless Networks in Infrastructure Mode • Windows client configuration
22
23
Home Wireless Networks Additional Protection:
• AT&T VPN – Encrypts traffic from client before broadcast – Just like a wired workstation
• WPA-PSK: 256-bit number – Input passphrase: 8 to 63 bytes long – TKIP: Replacement for WEP • Rekeying: Encryption keys are changed after a specified time interval
24
Home Wireless Networks WPA-PSK • Windows client
configuration • Requires support in the wireless network adapter driver 25
26
27
Additional Resources • At WB intranet, type http://GRAS – Help: Guides and Installation Instructions – Technical Documentation: Broadband Connectivity
• 802.11 Security
• www.wirelessdevnet.com/articles/80211security
• “Deploying Secure 802.11 Wireless Networks with Microsoft Windows” –
www.microsoft.com/mspress/books/6749.asp
• WPA information –
www.wifialliance.org/opensection/protected_access.asp
28
Additional Resources • Microsoft Wi-Fi Web site –
http://www.microsoft.com/windowsserver2003/technologies
• IEEE 802.11 –
http://grouper.ieee.org/groups/802/11/index.html
• “Security of the WEP Algorithm” –
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
29