Protecting Your Wireless Network 20071 Protecting Your Wireless Network University of Tasmania School Of Computing 2007

Protecting Your Wireless Network 2007

1

Protecting Your Wireless Network

University of TasmaniaSchool Of Computing

2007


2

Lecturer (Launceston) Dr. Daniel Rolf

School of Computing, Launceston Phone: 6324 3450 Email: [email protected]


3

Tonight

This is for Home users Those with limited or no technical

expertise Simple networks with no extra

hardware e.g. no RADIUS/VPN servers etc

Those who want some background and straightforward advice


4

Agenda Background

Issues

Typical Configuration Options What do they mean

What you should do


5

A Wireless Network

What does the Access Point do? Internet

Each Computer is uniquely identified by its own IP Address and MAC

AddressIP: Internet ProtocolMAC: Medium Access Control


6

Wireless Range

If you measure the radio signal 1meter from the antenna as 100% then At 10m you will measure 1% At 100m you will measure 0.01% At 1km you will measure 0.0001%

It never goes away! just disappears into the background…


7

Somewhere… http://www.larsen-b.com/Article/212.html


8

Wireless Products and Users

A home user can not be expected to have any IT expertise

Installing wireless equipment is made as simple as possible

Advertising highlights the good points


9

A Popular Product

NETGEAR 108Mbps Wireless Firewall Router

WGT624 v2

Cable or DSL modemWireless RouterPC

Telephone Socket


10

The Installation Guide How to connect the router How to Log in to the router

http://192.168.0.1 Run a setup wizard to connect to the

Internet Setup basic wireless connectivity

Default features Network Name(SSID): NETGEAR WEP Security: disabled


11

And now for the demo…


12

NETGEAR WGT624 Security These are the advertised security features

Double Firewall Network Address Translation (NAT) Stateful Packet Inspection (SPI)

Denial of Service (DoS) attack prevention Intrusion Detection and Prevention Wired Equivalent Privacy (WEP) 64 and 128 bit Wi-Fi Protected Access (Pre Shared Key) Wireless Access Control (SSID)

To identify authorized wireless network devices Multiple VPN tunnels

Pass Through, 2 IPSec, and multiple L2TP and PPTP Exposed Host (DMZ) MAC address authentication


13

The Pass Phrase

8-63 characters long

10 20 30

Length in characters

Possible time to crack

minutesyears

lots of years


14

Do’s Change the default settings

use your own SSID Makes your network less of an obvious attraction

change the administrator password on the AP

Enable and use the security features on the access point make use of the firewall and filtering offered on the access point

if they are not there then look at getting specific products

Use good passwords/pass-phrases for WPA for any shared directories on your computer

Enable MAC filtering (for the technically minded) allow only the computers you know/want on your network

this is a hurdle that can be bypassed (takes effort)


15

Do’s Manage the access point over a wired network

port

Look a the access point logs from time to time see who’s there

Keep the operational range to a minimum e.g. Lower the transmit power of the AP to minimise

signal propagation if you have the option.

Switch the access point off if you are not using it for any length of time


16

Don’t

Use a default for anything without serious consideration (and then still don’t)

Use WEP

Use a Pre Shared Key (PSK) based on a dictionary word


17

Choosing & Managing your Passwords Authentication passwords (secret)

Generally shorter Often written down and stored securely Chosen and changed according to a

method known only to the creator Access Control passwords (shared)

Generally longer: pass phrase Need different method to choose these


18

Choosing & Managing your Passwords

It is common to find people choosing authentication passwords based on their personal lives

Tiddles1 Fido&Tiddles MyFidoDog

Or personal names, car number plates, birth dates etc

Introducing Fido and Tiddles


19


Tip #1 choose your WPA password using a very different method from the one you use to chose your authentication password Your WPA password will be shared You are not the only one controlling

the sharing


20


Tip #2 find a method that will produce a 20 character password that you can remember tell someone else easily

Not &%^$3wd9!fhKK#?….

Hints Think of the term pass phrase rather

than word


21

Choosing & Managing your Passwords Hints

Use lines from poems and other texts The boy stood on the burning deck My teddy bear is rather fat

Use lines from tunes and songs We’re all going on a summer holiday By saying something stupid like I

Use funny phrases Configuring this router is making me cross I often cook burnt offerings


22

Choosing & Managing your Passwords Hints

Add some capitals and replace o with 0 & I with 1 and use some SMS abbreviations

The b0y stood on Burn1ng deck My teddy bear 1s Rather fat We’re All go1ng on a summer hol1day By saying Something Stupid like 1 Configuring th1s ** router is making me X

Write this down and file in a secure place With some physical access control


23

Choosing & Managing your Passwords Finally

Remember your WPA password will be shared

It should give no clues as to how you construct your authentication passwords

You may trust your daughter but do you trust your daughter’s friend’s boy friend?

If in doubt change the pass phrase Access to your network is the first step to

access to your money!


24

More Information Securing your Wireless Network

http://www.practicallynetworked.com/support/wireless_secure.htm

Improving your default Netgear Security http://kbserver.netgear.com/kb_web_files/n101379.asp

Documents

Protecting Your Wireless Network 20071 Protecting Your Wireless Network University of Tasmania School Of Computing 2007