Happenstance2001 template

Wireless Security2011/3/2003

Chapter 20

Wireless Security

Learning Objectives

In this lesson, you will teach students how to implement wireless security. At the end of the lesson, the students should be able to:

Understand the current wireless technology.

Understand the issues in wireless security.

Apply the wireless security.

Estimated Time for Module: 3 hours, 30 minutes

This lesson discusses the security risks involved in a wireless network attached to the internal network. This lesson also discusses the countermeasures that organizations can take to manage these risks.

Preparing for Class

Real-life examples can be used to explain the various security threats. Make a brief note of the security measures, so that teaching the students about this topic becomes much simpler.

Prerequisites for Class

Ensure that the students: ave read lesson 19.

Class Preparation Notes

A viewing projector will be required for the PowerPoint slides for this lesson. You will also find the figures in Chapter 20 - Fundamentals of Network Security, on the CD.

General Teaching Tips

Every topic is this lesson is important, but enough time should be budgeted to explain the following objectives:

Authentication techniques.

Attacks on the wireless network.

Site security.

Key Terms

access point

authentication server

NetStumbler

service set identifier (SSID)

Supplicant

Wired Equivalent Privacy (WEP)

Wireless Local Area Network (WLAN)

Lecture Outline

I.The Current Wireless Technology

A.Standard architecture1.In order to effectively use a wireless LAN (WLAN), the access points (AP) must be placed.

2.A DHCP server provides an IP address to allow a workstation to communicate on the network.

B.Transmission security1.The 802.11x standard defines the Wired Equivalent Privacy (WEP) protocol to protect the information as it passes over the WLAN.

Teaching Tip

The Figure 20-2 in the textbook can be used to show students the WEP authentication exchange.

2.The three basic WEP services are authentication, confidentiality, and integrity.

a)The authentication service is used to authenticate the workstation to the AP.

b)WEP can also use a cryptographic authentication mechanism along with the RC4 algorithm for authentication.

c)The workstation is open to attaching to rogue APs, since there is no mechanism to authenticate the AP back to the workstation.

d)Some of the authentication techniques are:

(1)Service set identifier (SSID) - This is a 32-byte string used to associate a workstation with an AP.

(2)Media Access Control (MAC) - This configuration address allows communication with only those MAC addresses that it is aware of.

(3)WEP - This is service does not provide mutual authentication.

(4)802.11x protocol - This protocol provides a generalized authentication mechanism for network access.

e)The confidentiality mechanism relies on the RC4 algorithm.

(1)This mechanism protects all of the protocol header information and data above the 802.11x protocol.

f)The cyclic redundancy check (CRC) of 32-bits is a type of integrity check on each packet.II.Understanding Wireless Security Issues

A.WLAN Detection can be detected using the following tools:

1.The NetStumbler tool - (http://www.netstumbler.com/).

2.Kismet - (http://www.kismetwireless.net/).

B.Organizations that use WEP are also subject to eavesdropping by tools such as the WEPCrack.

1.The WEPCrack tool allows an intruder to capture several packets to determine the encryption key.

2.In a WLAN, passive eavesdropping is almost impossible to detect.

C.Active attacks are more dangerous compared to eavesdropping.

1.By attacking from inside, the intruder bypasses the majority of the organizations' security mechanisms.

D.The organization may suffer potential liable issues if an intruder gains access to the internal network.

III.Deploying Wireless Safely

A.The security measures that can assist in risk management are:

1.Access point security allows setting of a WEP key.

a)HTTPS can be used to manage the AP and to prevent easy access for an intruder.

2.To secure transmissions, a VPN can be used from the WLAN workstations to the internal networks.

3.Workstation can be protected using anti-virus software or personal firewalls.

4.A strong authentication such as 802.1X must be used to secure a site.

Discussion Point

Discuss the types of security measures that are used now days to secure sites. Ask the students to search for the site security tools on the Web.

a)Using a strong authentication in conjunction with a VPN decreases the ability of an intruder to gain access to internal systems.

b)Organizations should perform a wireless assessment on their own networks.

c)Tools such as NetStumbler, APTools (http://winfingerprint.sourceforge.net/aptools.php), or FoundScan (http://www.foundstone.com/) can be used for periodical assessments.

Project

An organization has decided to deploy a WLAN in the building to reduce costs.

Ask the students to identify the security risks with WLAN deployments. Also, ask them to propose appropriate management strategies for these risks.

Project Solution

The students can begin the project with a paper study. They can identify the services of the organization. The risks and in-competency of WLANs can also be identified.

After the risks have been identified, the countermeasures used to reduce these risks can be identified.

Chapter Review

This lesson covers the following facts about wireless security:

WEP provides the three basic services of authentication, confidentiality, and integrity.

The risks of using WLANs include eavesdropping, direct internal attacks, and attacks against external sites.

Determining the physical location of an intruder is difficult because the IP address is not location-specific.

Configuring the AP for security is an important starting point.

Using a combination of WEP and MAC authentication will improve the security of the AP.

Illegitimate or unauthorized access points cause problems, and organizations should conduct periodic assessment for unauthorized wireless networks.

Assessment Quiz

The following quiz will help you gauge the level of understanding of your students.

Questions

1.List the steps that are required to secure an access point.

2.What are the three basic services of a WEP protocol?

3.____________________ is the source of the authentication services.

4.____________________ is the process used to execute the authentication protocol.

5.The ____________________ is the point where a workstation accesses the wireless network.

6.____________________ is the most obvious security risk of a wireless network running a strong firewall and a VPN on the PCs.

7.What should be done before deploying a WLAN?

A.No planning is required.

B.Ensure there is a wired equivalency.

C.Conduct a risk assessment.

D.Locate security sensors.

8.Which of these is a wireless standard?

A.803.11b

B.803.11e

C.801.11c

D.802.11b

9.True or false? Anti-virus and personal firewall software would NOT aid in security.

10.True or false? WEP relies on the RC4 encryption algorithm.

11.True or false? WEP keys are dynamic.

12.True or false? Mutual authentication is optional with 802.1X.

13.True or false? 802.1X provides a stronger authentication means than the SSID or MAC address.

14.True or false? The IEEE 802.11x (a, b, and g) series of standards allow workstations to establish connections up to 128 Mbps with a wireless access point.

15.True or false? RC4 is used to generate a pseudo-random key stream that is combined with the information to produce the ciphertext.

Answers

1.An access point can be made secure using the following steps:

Step1.Use a WEP key that is difficult to guess.

Step2.Use MAC addresses to limit the use of workstations that are not allowed to connect.

Step3.Ensure that the AP does not broadcast the SSID.

Step4.Most of the APs that are available on the market have some type of management interface.

Step5.APs should be positioned appropriately, so that their range outside the facility is limited as much as possible.

2.The three basic services of a WEP protocol are authentication, confidentiality, and integrity.

3.Authentication server is the source of the authentication services.

4.Port Access Entity (PAE) is the process used to execute the authentication protocol.

5.The network access is the point where a workstation accesses the wireless network.

6.Eavesdropping is the most obvious security risk of a wireless network running a strong firewall and a VPN on the PCs.

7.C. A risk assessment should be conducted before deploying a WLAN.

8.D. 802.11b is a wireless standard.

9.False. Anti-virus and personal firewall software would aid in security.

10.True. WEP relies on the RC4 encryption algorithm.

11.False. WEP keys are not dynamic, hence they can break easily.

12.True. Mutual authentication is optional with 802.1X.

13.True. 802.1X provides a stronger authentication means than the SSID or MAC address.

14.False. The IEEE 802.11x (a, b, and g) series of standards allow workstations to establish connections up to 54 Mbps with a wireless access point.

15.True. RC4 is used to generate a pseudo-random key stream that is combined with the information to produce the ciphertext.

093-220-1