98-367 Chapter Eight
Chapter 8: Understanding Wireless Security
Topics Covered:
- Comparing Wireless Devices
- Configuring wireless security methods
- Configuring wireless routers
- Configuring Windows 7 for wireless
Comparing Wireless Devices
IEE Standard | Speed | Base Frequency |
---|---|---|
802.11a | 54 Mbps | 5Ghz |
802.11b | 11 Mbps | 2.4 GHz |
802.11g | 54 Mbps | 2.4 GHz |
802.11n | 300 Mbps | 2.4 GHz or 5 GHz |
802.11n uses multiple antennas in a MIMO (multiple input multiple outout) configuration to increase througput, can reach as high
as 600 Mbps. Security methods are not dependant on wireless radio.
Three types of devices (in general):
- Wireless Adapters
- Wireless Access Points
- Wireless Routers
Wireless Adapters
Adapters can be added to devices via usb, or PCI etc.
Everything has wifi now
Wireless Access Points
Provides connectivity for wireless clients to wired devices. It bridges the wireless clients to the wired network. WAPs include
the following components:
- At least one interface connecting it to a wired network
- A transceiver that allows WAP to send and receive wireless transmissions
- Bridging Software to bridge wireless and wired segments
Wireless Routers
Used in homes and smaller offices combines WAP with router in one device, also provide NAT and DHCP and some also have DNS.
Comparing Wireless Security Methods
WPA2 is current and should be used, WEP is old and easily broken
Understanding Encryption Keys
Wireless security uses symetric encryption (very fast) which means there is a single key used by both client and AP.
Encryption uses algorithm and key
Algorithm: mathematical formula that scrambles, or ciphers the data
Key should change frequently and must remain private
Wired Equivalent Privacy
Intended to provide same level of privacy as wired clients. Problems with WEP:
- Weak Encryption: RC4 cipher with reused keys. WPA/WPA2 use a block cipher which is much stronger than RC4 (stream cipher)
- Poor Key Management: Keys are transmitted in plaintext at beginning of a session. Subsequent keys are predictable and reused
- Attacker Tools Widely Available: Easy to find resources online
Wi-Fi Protected Access
WPA was introduced as a software solution to fix WEP while new standard was created. WPA does not need new hardware, WPA2 does.
WPA uses TKIP (Temporal Key Integrity Protocol) whcih regularly changes keys without requiring user to change passphrase.
WPA2 Provides 2 “Modes”:
- Personal
- Enterprise
Wi-Fi Protected Access Version 2
WPA2 supports FIPS 140-2 by default.
WPA/WPA2 Personal: Uses same PSK (Pre Shared Key) - Used in homes and small offices
WPA2 Enterprise: Uses 802.1X server for authentication, clients must authenticate and after they have done so get encryption keys sent
Enterprise Mode includes these elements:
- Supplicant: Wireless Client requesting access
- Authenticator: WAP acts as authenticator
- Authentication Server: Verifies credentials, server 2008 can do this with Network Policy and Access Services role as an 802.1X Authentication server.
Extended Authentication Protocol
EAP provides framework to create multiple additional authentication methods such as PEAP and EAP-TLS
Smart cards use EAP-TLS.
Server 2008 supports two primary EAP methods:
- EAP-TLS: Extensible Authentication Protocol Translport Layer Security uses certificates for authentication, supports smart cards
- PEAP: Protected EAP provides encapsulation and encryption to the authentication channel. PEAP can use smart cards with certificates for authentication or passwords.
When passwords are used PEAP uses EAP with MSCHAP-V2 (Microsoft Challenge Handshake Protocol Version 2)
Viewing Windows 7 Wireless Settings
Following Settings available in Windows 7:
- No Authentication (Open): Open networks
- Shared: WEP
- WPA-Personal/WPA2-Personal: Use PSK
- WPA-Enterprise/WPA2-Enterprise: 802.1X Authentication Server which authenticates clients before granting access to network
- 802.1X: For WEP networks that support 802.1X, should not be used
Configuring Wireless Routers
Most routers have web based admin pages, can usually find at 192.168.1.1
Most have default admin account named “admin”, some with password “admin” and others no password
Changing the Default Administrator Password
Default should be changed, duh
Changing the SSID
Potentially Avoid using the model or brand name in the network name to not provide attackers easy info
To Broadcast or Not to Broadcast?
If disabled router will not “advertise” itsself periodically to clients, this should not be viewed as a security setting
####### Reasons to Disable SSID Broadcast
Makes network harder to locate but software can still capture SSID easily as it is still sent in plain text in packets. If clients cant see networks
they must spam out probes looking for the network which leaks info.
####### Leave SSID Broadcast Enabled
Microsoft Recommends leaving it enabled, so if you are writing a Microsoft exam HINT HINT!
SSID should not be treated as a secret, wireless frequencies are well documented and software can easily detect hidden network
because they are not really that hidden.
Primary protection should be strong security protocols, not hidden networks.
Using MAC Filters
Can be used to filter but there are some problems. MACs are sent over the air in plaintext so attacker can just spoof one
and then have network access
Configuring Windows 7 for Wireless
Some stuff about how to navigate windows 7 UI to add wireless network manually, boring.
AES is stronger than TKIP
Chapter Review Questions:
- True or false: A wireless access point always includes routing capabilities
- True or false: Algorithms used by WEP, WPA and WPA2 are publishes and accessible to anyone who wants to look at them, and they are’t changed
from one transmission to another? - Of the following choices, which one provides the best security for a wireless network?
a. WEP
b. WPA
c. WPA2
d. WPA3 - True or false: WPA2-Enterprise allows clients to authentication with smart cards
- You want to use WPA2-Enterprise. What element is needed for WPA2-Enterprise that isn’t needed for WPA2-Personal?
- You want to provide the strongest security possible for your wireless network. Which one of the following choices provides
the strongest wireless security?
a. WPA-Personal
b. WPA2-Personal
C. WPA-Enterprise
d. WPA2-Enterprise - A wireless network is identified by its name. The tireless network name is also know as __
- Of the following choices, what can you do with the SSID to increase security for a wireless network?
a. Rename the default SSID
b. Disable SSID broadcast
c. Change the SSID password
d. Remove the SSID - True or false: WEP uses AES for encryption
- True or false: You can increase security in a network by disabling SSID broadcast
Answers:
- False
- True
- c
- True
- 802.1X Authentication Server
- d
- SSID
- a
- False
- False