soho diy secure wireless
DESCRIPTION
SOHO DIY SECURE WIRELESS. Matthew Maples Eastern Kentucky University Networking Security and Electronics. Overview. Cost effective implementation of dual SSIDS in SOHO environment Utilize wireless technology for maximum connectivity and decrease security risks - PowerPoint PPT PresentationTRANSCRIPT
SOHO DIY SECURE WIRELESSMatthew MaplesEastern Kentucky UniversityNetworking Security and Electronics
Overview
•Cost effective implementation of dual SSIDS in SOHO environment
•Utilize wireless technology for maximum connectivity and decrease security risks
•Re-purpose old or unused hardware
Motivation
•Mobile technology is growing•More security risks from unsecure
devices•Experience customizing network to solve
a problem•Cost effectiveness
Problem Statement
•Design and implementation of a mock SOHO setting using common or old hardware.
•Utilize dual SSIDs to provide connectivity to typical network devices (file server) to secure connection while providing protection from unsecure devices.
Initial Assumptions
•Key for “secure” line will be handled appropriately by personnel.
•Background in PC communications and networking or willingness to learn.
•Designed for small settings. Number of devices would need to be increased for larger networks.
Components Needed
•FreeNas (or your choice of live cd/os to setup file server)
•3 PCS (1 for server, 2 workstations for demonstration)
•1 Linksys WRT54G Wireless-G Router•1 Modem•Ethernet Cable•Wireless NIC/Adapters
Preparation
•3 PCs (2 Workstations and 1 File Server)•File Server Min. Specs:
▫CPU: 32 bit or 64 bit (64bit for ZFS▫RAM: 4gb, 6gb for ZFS▫HD: Sata drives
•After choosing specifications for each system, make sure that the master/slave drives are appropriately set and documented
Preparation
•Download FreeNAS to appropriate removable media (CD or USB)
•Run FreeNAS image on File Server •Set static IP for file server by selecting
Configure Network Interfaces during installation
•Typing the IP into a web browser from a LAN workstation will connect to the server setup.
Preparation
•Under Storage Volumes choose the volumes used for storage within the server.
•Under Services CIFS setup the shares for the file server. Choose home directory
Preparation
•Setup Wireless router for dual APS.• If the router does not come configured
with DD-WRT then it must be installed.•Download the DD-WRT version that fits
your router onto a PC•Connect the router to the PC via ethernet
cable and log into the config using web browser (internet explorer recommended)
Preparations• Log in with the appropriate credentials for
your router. Click on Router Upgrade under Maintenance
• Browse to the image located on your systems hard drive.
• Wait for the installation to finish (takes some time) and log back into the router.
• DD-WRT IP: 192.168.1.1, User: root, Pass: Admin
• Perform hard reset (30/30/30) to restore factory defaults and confirm installation.
Preparations
•Setup 2 SSIDS on WRT54G router•Connect router to PC via Ethernet cable•In web browser, connect to 192.168.1.1•Navigate to WirelessBasic Settings. •Click Add below Virtual Interfaces•Change SSIDs as needed. (I.E office and
guest)
Preperations•Navigate to Wireless Wireless Security•Set Security Mode on main SSID to WPA2
Personal. Set shared key and save•Navigate to Setup- Networking•Under Bridging, click ADD•Change first slot to br1, click apply settings• In the new bridge set the IP address to 1 off
the primary network (i.e 192.168.1.1192.168.2.1), subnet mask 255.255.255.0
Preparations• Scroll to bottom to DHCPD section. Click ADD• Switch first slot to br1, click apply settings• Navigate to Administration Commands• Command Shell: Paste and Save firewall and
reset routeriptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROPiptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP#Removes guest access to the router's config GUI/portsiptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-resetiptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-resetiptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-resetiptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset
Setup
•Now that the Router is configured for dual SSIDS, you can setup the network
•Setup workstations and file server with wireless communications via either wireless NICs or wireless adapters
•On one workstation connect to the main network (i.e office) and on the other connect to the new one (i.e guest).
•On the file server, connect to the main network.
Testing/Results
•From the workstation connected to the main network, create a new file under the share for the file server.
•Try to do the same from a the second workstation. If setup properly the second workstation should not see the network share from the file server.
Conclusion
•The setup takes time and some knowledge of networking/pc hardware or willingness to learn.
•Utilizing older systems/hardware can be a cost effective way to segregate small office or home networks to protect sensitive information without having to spend a lot of money on numerous WAP or limiting connectivity.
Future Work
•For added security, enable AP isolation for Guest SSID to prevent any workstation-> workstation communications on the guest network.
•Inclusion of groups within FreeNAS software can also add an extra layer of security
References• (n.d.). Wireless Networking. Retrieved from
http://www.vicomsoft.com/learning-center/wireless- networking/• Bernadette, J. How WiFi Works (n.d). Retrived from
http://computer.howstuffworks.com/wireless- network.htm• Fitzpatrick, J. (2013, April 22). How to Enable a Guest Access Point on Your Wireless
Network. HowTo Geek RSS. Retrieved May 6, 2014, from http://www.howtogeek.com/153827/how-to-enable-a-guest-access-point-on-your- wireless-network/
• Heyne, C. (2013, 06 23). 7 tips to boost wireless speed, range, and reliablity. Retrieved from http://www.audioholics.com/home-theater-connection/increase-wireless-speed-and-range
• NetworkOC. Converting stand-alone cisco autonomous access point to lightweight access point. 2013, 09 23). Retrieved from http://www.networkoc.net/blog/ converting-stand-alone-cisco-autonomous-access-point-to-lightweight-access-point/
• Rubens, P. (2012, 05 10). Top 10 ways to secure a windows file server. Retrieved from http://www.esecurityplanet.com/windows-security/top-10-ways-to-secure-a-windows-
file- server.html• Trived, Y. (2011, March 22). Turn Your Home Router Into a Super-Powered Router with
DD- WRT. HowTo Geek RSS. Retrieved May 6, 2014, from http://www.howtogeek.com/56612/turn-your- home-router-into-a-super-powered-router-
with-dd-wrt/