protecting your wireless network 20071 protecting your wireless network university of tasmania...
TRANSCRIPT
Protecting Your Wireless Network 2007
1
Protecting Your Wireless Network
University of TasmaniaSchool Of Computing
2007
Protecting Your Wireless Network 2007
2
Lecturer (Launceston) Dr. Daniel Rolf
School of Computing, Launceston Phone: 6324 3450 Email: [email protected]
Protecting Your Wireless Network 2007
3
Tonight
This is for Home users Those with limited or no technical
expertise Simple networks with no extra
hardware e.g. no RADIUS/VPN servers etc
Those who want some background and straightforward advice
Protecting Your Wireless Network 2007
4
Agenda Background
Issues
Typical Configuration Options What do they mean
What you should do
Protecting Your Wireless Network 2007
5
A Wireless Network
What does the Access Point do? Internet
Each Computer is uniquely identified by its own IP Address and MAC
AddressIP: Internet ProtocolMAC: Medium Access Control
Protecting Your Wireless Network 2007
6
Wireless Range
If you measure the radio signal 1meter from the antenna as 100% then At 10m you will measure 1% At 100m you will measure 0.01% At 1km you will measure 0.0001%
It never goes away! just disappears into the background…
Protecting Your Wireless Network 2007
8
Wireless Products and Users
A home user can not be expected to have any IT expertise
Installing wireless equipment is made as simple as possible
Advertising highlights the good points
Protecting Your Wireless Network 2007
9
A Popular Product
NETGEAR 108Mbps Wireless Firewall Router
WGT624 v2
Cable or DSL modemWireless RouterPC
Telephone Socket
Protecting Your Wireless Network 2007
10
The Installation Guide How to connect the router How to Log in to the router
http://192.168.0.1 Run a setup wizard to connect to the
Internet Setup basic wireless connectivity
Default features Network Name(SSID): NETGEAR WEP Security: disabled
Protecting Your Wireless Network 2007
12
NETGEAR WGT624 Security These are the advertised security features
Double Firewall Network Address Translation (NAT) Stateful Packet Inspection (SPI)
Denial of Service (DoS) attack prevention Intrusion Detection and Prevention Wired Equivalent Privacy (WEP) 64 and 128 bit Wi-Fi Protected Access (Pre Shared Key) Wireless Access Control (SSID)
To identify authorized wireless network devices Multiple VPN tunnels
Pass Through, 2 IPSec, and multiple L2TP and PPTP Exposed Host (DMZ) MAC address authentication
Protecting Your Wireless Network 2007
13
The Pass Phrase
8-63 characters long
10 20 30
Length in characters
Possible time to crack
minutesyears
lots of years
Protecting Your Wireless Network 2007
14
Do’s Change the default settings
use your own SSID Makes your network less of an obvious attraction
change the administrator password on the AP
Enable and use the security features on the access point make use of the firewall and filtering offered on the access point
if they are not there then look at getting specific products
Use good passwords/pass-phrases for WPA for any shared directories on your computer
Enable MAC filtering (for the technically minded) allow only the computers you know/want on your network
this is a hurdle that can be bypassed (takes effort)
Protecting Your Wireless Network 2007
15
Do’s Manage the access point over a wired network
port
Look a the access point logs from time to time see who’s there
Keep the operational range to a minimum e.g. Lower the transmit power of the AP to minimise
signal propagation if you have the option.
Switch the access point off if you are not using it for any length of time
Protecting Your Wireless Network 2007
16
Don’t
Use a default for anything without serious consideration (and then still don’t)
Use WEP
Use a Pre Shared Key (PSK) based on a dictionary word
Protecting Your Wireless Network 2007
17
Choosing & Managing your Passwords Authentication passwords (secret)
Generally shorter Often written down and stored securely Chosen and changed according to a
method known only to the creator Access Control passwords (shared)
Generally longer: pass phrase Need different method to choose these
Protecting Your Wireless Network 2007
18
Choosing & Managing your Passwords
It is common to find people choosing authentication passwords based on their personal lives
Tiddles1 Fido&Tiddles MyFidoDog
Or personal names, car number plates, birth dates etc
Introducing Fido and Tiddles
Protecting Your Wireless Network 2007
19
Choosing & Managing your Passwords
Tip #1 choose your WPA password using a very different method from the one you use to chose your authentication password Your WPA password will be shared You are not the only one controlling
the sharing
Protecting Your Wireless Network 2007
20
Choosing & Managing your Passwords
Tip #2 find a method that will produce a 20 character password that you can remember tell someone else easily
Not &%^$3wd9!fhKK#?….
Hints Think of the term pass phrase rather
than word
Protecting Your Wireless Network 2007
21
Choosing & Managing your Passwords Hints
Use lines from poems and other texts The boy stood on the burning deck My teddy bear is rather fat
Use lines from tunes and songs We’re all going on a summer holiday By saying something stupid like I
Use funny phrases Configuring this router is making me cross I often cook burnt offerings
Protecting Your Wireless Network 2007
22
Choosing & Managing your Passwords Hints
Add some capitals and replace o with 0 & I with 1 and use some SMS abbreviations
The b0y stood on Burn1ng deck My teddy bear 1s Rather fat We’re All go1ng on a summer hol1day By saying Something Stupid like 1 Configuring th1s ** router is making me X
Write this down and file in a secure place With some physical access control
Protecting Your Wireless Network 2007
23
Choosing & Managing your Passwords Finally
Remember your WPA password will be shared
It should give no clues as to how you construct your authentication passwords
You may trust your daughter but do you trust your daughter’s friend’s boy friend?
If in doubt change the pass phrase Access to your network is the first step to
access to your money!