98-367 Chapter Eight

Chapter 8: Understanding Wireless Security

Topics Covered:

  • Comparing Wireless Devices
  • Configuring wireless security methods
  • Configuring wireless routers
  • Configuring Windows 7 for wireless
Comparing Wireless Devices
IEE Standard Speed Base Frequency
802.11a 54 Mbps 5Ghz
802.11b 11 Mbps 2.4 GHz
802.11g 54 Mbps 2.4 GHz
802.11n 300 Mbps 2.4 GHz or 5 GHz

802.11n uses multiple antennas in a MIMO (multiple input multiple outout) configuration to increase througput, can reach as high
as 600 Mbps. Security methods are not dependant on wireless radio.

Three types of devices (in general):

  • Wireless Adapters
  • Wireless Access Points
  • Wireless Routers
Wireless Adapters

Adapters can be added to devices via usb, or PCI etc.
Everything has wifi now

Wireless Access Points

Provides connectivity for wireless clients to wired devices. It bridges the wireless clients to the wired network. WAPs include
the following components:

  • At least one interface connecting it to a wired network
  • A transceiver that allows WAP to send and receive wireless transmissions
  • Bridging Software to bridge wireless and wired segments
Wireless Routers

Used in homes and smaller offices combines WAP with router in one device, also provide NAT and DHCP and some also have DNS.

Comparing Wireless Security Methods

WPA2 is current and should be used, WEP is old and easily broken

Understanding Encryption Keys

Wireless security uses symetric encryption (very fast) which means there is a single key used by both client and AP.
Encryption uses algorithm and key
Algorithm: mathematical formula that scrambles, or ciphers the data
Key should change frequently and must remain private

Wired Equivalent Privacy

Intended to provide same level of privacy as wired clients. Problems with WEP:

  • Weak Encryption: RC4 cipher with reused keys. WPA/WPA2 use a block cipher which is much stronger than RC4 (stream cipher)
  • Poor Key Management: Keys are transmitted in plaintext at beginning of a session. Subsequent keys are predictable and reused
  • Attacker Tools Widely Available: Easy to find resources online
Wi-Fi Protected Access

WPA was introduced as a software solution to fix WEP while new standard was created. WPA does not need new hardware, WPA2 does.
WPA uses TKIP (Temporal Key Integrity Protocol) whcih regularly changes keys without requiring user to change passphrase.

WPA2 Provides 2 “Modes”:

  • Personal
  • Enterprise
Wi-Fi Protected Access Version 2

WPA2 supports FIPS 140-2 by default.

WPA/WPA2 Personal: Uses same PSK (Pre Shared Key) - Used in homes and small offices
WPA2 Enterprise: Uses 802.1X server for authentication, clients must authenticate and after they have done so get encryption keys sent

Enterprise Mode includes these elements:

  • Supplicant: Wireless Client requesting access
  • Authenticator: WAP acts as authenticator
  • Authentication Server: Verifies credentials, server 2008 can do this with Network Policy and Access Services role as an 802.1X Authentication server.
Extended Authentication Protocol

EAP provides framework to create multiple additional authentication methods such as PEAP and EAP-TLS
Smart cards use EAP-TLS.

Server 2008 supports two primary EAP methods:

  • EAP-TLS: Extensible Authentication Protocol Translport Layer Security uses certificates for authentication, supports smart cards
  • PEAP: Protected EAP provides encapsulation and encryption to the authentication channel. PEAP can use smart cards with certificates for authentication or passwords.
    When passwords are used PEAP uses EAP with MSCHAP-V2 (Microsoft Challenge Handshake Protocol Version 2)
Viewing Windows 7 Wireless Settings

Following Settings available in Windows 7:

  • No Authentication (Open): Open networks
  • Shared: WEP
  • WPA-Personal/WPA2-Personal: Use PSK
  • WPA-Enterprise/WPA2-Enterprise: 802.1X Authentication Server which authenticates clients before granting access to network
  • 802.1X: For WEP networks that support 802.1X, should not be used
Configuring Wireless Routers

Most routers have web based admin pages, can usually find at 192.168.1.1
Most have default admin account named “admin”, some with password “admin” and others no password

Changing the Default Administrator Password

Default should be changed, duh

Changing the SSID

Potentially Avoid using the model or brand name in the network name to not provide attackers easy info

To Broadcast or Not to Broadcast?

If disabled router will not “advertise” itsself periodically to clients, this should not be viewed as a security setting

####### Reasons to Disable SSID Broadcast

Makes network harder to locate but software can still capture SSID easily as it is still sent in plain text in packets. If clients cant see networks
they must spam out probes looking for the network which leaks info.

####### Leave SSID Broadcast Enabled

Microsoft Recommends leaving it enabled, so if you are writing a Microsoft exam HINT HINT!
SSID should not be treated as a secret, wireless frequencies are well documented and software can easily detect hidden network
because they are not really that hidden.
Primary protection should be strong security protocols, not hidden networks.

Using MAC Filters

Can be used to filter but there are some problems. MACs are sent over the air in plaintext so attacker can just spoof one
and then have network access

Configuring Windows 7 for Wireless

Some stuff about how to navigate windows 7 UI to add wireless network manually, boring.

AES is stronger than TKIP

Chapter Review Questions:

  1. True or false: A wireless access point always includes routing capabilities
  2. True or false: Algorithms used by WEP, WPA and WPA2 are publishes and accessible to anyone who wants to look at them, and they are’t changed
    from one transmission to another?
  3. Of the following choices, which one provides the best security for a wireless network?
    a. WEP
    b. WPA
    c. WPA2
    d. WPA3
  4. True or false: WPA2-Enterprise allows clients to authentication with smart cards
  5. You want to use WPA2-Enterprise. What element is needed for WPA2-Enterprise that isn’t needed for WPA2-Personal?
  6. You want to provide the strongest security possible for your wireless network. Which one of the following choices provides
    the strongest wireless security?
    a. WPA-Personal
    b. WPA2-Personal
    C. WPA-Enterprise
    d. WPA2-Enterprise
  7. A wireless network is identified by its name. The tireless network name is also know as __
  8. Of the following choices, what can you do with the SSID to increase security for a wireless network?
    a. Rename the default SSID
    b. Disable SSID broadcast
    c. Change the SSID password
    d. Remove the SSID
  9. True or false: WEP uses AES for encryption
  10. True or false: You can increase security in a network by disabling SSID broadcast

Answers:

  1. False
  2. True
  3. c
  4. True
  5. 802.1X Authentication Server
  6. d
  7. SSID
  8. a
  9. False
  10. False

Relevant sections of Certification Exam

Notes