Wireless Home Security

Wireless Home Security
by Adrian Mikeliunas, CISSP,

CLP x 33478 - ISGGC
2
3
Agenda
• Wireless LAN: Basic concepts
• Network components
• Configuration modes
• Ad hoc mode (peer to peer)
• Infrastructure mode (Access Point)
• Security
• Wi-Fi Protected Access with preshared
key
• Feedback
4
Wireless LAN – WHY?
• Convenience
– Mobile (great for laptops!)
– Less expensive than conventional wiring
• Cool factor
• Drawbacks?
– Subject to interference
– Sharing your network with the world…
5
Wireless Support in Windows
Wireless Configuration Service
• Discovers wireless LANs in proximity

• Notifies user about wireless LAN
• Stores and retrieves user-preferred
configurations
• Dynamically selects the wireless LAN
to be joined
• Dynamically detects
addition/removal of wireless
adapters 6
Wireless Configuration
Service in Windows
• Discovers wireless LANs in the

proximity and notifies user
7
Wireless LAN Specs
• 802.11a (older)
– 5-GHz band
– 54 Mbps “raw” (throughput ~25 Mbps)
• 802.11b (most popular)
– 2.4-GHz band
• 802.11g (latest & greatest)
– 2.4-GHz band
8
Wireless LAN – Concepts
• Ad hoc mode (peer-to-peer)

– Wireless clients connect directly
• Infrastructure mode
– Require access points (AP)
– All wireless clients connect through the
AP
9
Wireless LAN – Acronyms
• SSID – Service set identifier

• WEP – Wired Equivalent Privacy
• WPA – Wi-Fi Protected Access
• WPA-PSK – WPA with preshared key

• TKIP – Temporal Key Integrity
Protocol
• AES – Advanced Encryption Standard
10
Home Wireless Networks
Peer-to-Peer Configuration
• No AP (Ad Hoc)
• Internet Connection Sharing
Home PC with wireless adapter
in ad hoc mode and Internet
connection shared
Wireless Clients
To Internet
(Cable modem,
DSL, dial-up…)
Wireless Medium
(WM)
11
Home Wireless Networks in
Ad Hoc Mode
• Share the Internet

Connection on the
PC
• Turn on Internet
Connection
Firewall
12
Ad Hoc Mode (2)
• Add an ad hoc
network
to the preferred list
• Use maximum WEP
key
length (104 bit,
input
13 characters) 13
Infrastructure Configuration
• AP connected to cable or DSL

modem
Wireless Base Station
(Access point and router)
To Internet
(Cable modem,
DSL…)
Wireless Clients
Home PC
Wired Client
Wireless Medium
(WM)
14
Infrastructure Mode
• AP requires configuration (do not
keep default configuration)
– Open authentication without encryption
– Default SSID
• Levels of wireless security
– Nonbroadcast SSID
– Media Access Control (MAC) address
filtering
– WEP 15
AP Configuration
• Connect AP to PC
• From web browser connect to AP
– Broadband details
– LAN details
– Security
16
17
Infrastructure Mode
Nonbroadcast SSID
• SSID is required to associate to an

AP.
• General operation: 802.11 beacon
advertises the SSID of the network
every 100 ms.
• Nonbroadcast case: Still must be sent
to associate (associate request).
• Nonbroadcast means waiting longer
for the SSID (sniff). 18
19
Infrastructure Mode
MAC Address Filtering
• Restricting access to the wireless LAN

based on a table of valid MAC
addresses
• Malicious user can easily try many
MAC addresses until he finds one that
works
• Wait to sniff traffic from a valid user
and then use its MAC address
20
20
WEP Encryption
• Each wireless client shares a key with

AP
• Each packet is encrypted with shared
key and initialization vector (IV)
• WEP key size 40 bit or 104 bit
• Multiple problems (can be broken)
21
Infrastructure Mode
• Windows client configuration
22
23
Additional Protection:
• AT&T VPN
– Encrypts traffic from client before
broadcast
– Just like a wired workstation
• WPA-PSK: 256-bit number
– Input passphrase: 8 to 63 bytes long
– TKIP: Replacement for WEP
• Rekeying: Encryption keys are changed
after a specified time interval 24
WPA-PSK
• Windows client
configuration
• Requires
support
in the wireless
network adapter
driver
25
26
27
Additional Resources
• At WB intranet, type http://GRAS
– Help: Guides and Installation Instructions
– Technical Documentation: Broadband
Connectivity
• 802.11 Security
• www.wirelessdevnet.com/articles/80211security
• “Deploying Secure 802.11 Wireless

Networks with Microsoft Windows”
– www.microsoft.com/mspress/books/6749.asp
• WPA information
– www.wifialliance.org/opensection/protected_access.asp
28
Additional Resources
• Microsoft Wi-Fi Web site

– http://www.microsoft.com/windowsserver2003/technologies
• IEEE 802.11
– http://grouper.ieee.org/groups/802/11/index.html
• “Security of the WEP Algorithm”

– http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
29

Wireless Home Security

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Wireless Home Security

Caricato da

Copyright:

Formati disponibili

Wireless Home Security

by Adrian Mikeliunas, CISSP,

• Discovers wireless LANs in proximity

• Discovers wireless LANs in the

• Ad hoc mode (peer-to-peer)

• SSID – Service set identifier

• WPA-PSK – WPA with preshared key

• Share the Internet

• AP connected to cable or DSL

• SSID is required to associate to an

• Restricting access to the wireless LAN

• Each wireless client shares a key with

• “Deploying Secure 802.11 Wireless

• Microsoft Wi-Fi Web site

• “Security of the WEP Algorithm”

Potrebbero piacerti anche