Configuring your Home Network


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Welcome this the start of the 1 hour presentation we will allow time for questions. This presentation is aimed on SECURING YOUR HOME Computers This is not meant to replace policies and procedures used in the workplace.
  • These question allow you to understand you audience.
  • Agenda
  • Cross-over cable can be confusing. Hold them side by side and the colors should be the same, otherwise orange and blue are switched
  • Get and protect you computer by hiding it from the internet by using a firewall
  • 802.11a – 5 GHz OFDM 54 mbps 802.11b – 2.4 GHz DSSS 11 Mbps 802.11g – 2.4 GHz OFDM 54 mbps 3 useful channels DSSS Direct Sequence Spread Spectrum OFDM Orthogonal Frequency Division Multiplexing
  • Since the discovery of the security weaknesses in wireless networks, leading network vendors, standards bodies, and analysts have proposed a variety of solutions to combat these problems. One solution for implementing secure wireless networks is to use wireless networking standards. Wireless standards are specified by the Institute of Electrical and Electronics Engineers (IEEE). 802.11, also known as Wi-Fi , is a family of specifications for wireless local area networks (WLANs) and wireless personal area networks (WPANs). 802.11 defines the physical and MAC portion of the data link layer. The MAC layer is the same for all 802.11 standards, but the physical implementation varies. The 802.11 family of specifications includes the following standards: ! 802.11 . IEEE 802.11 is a shared WLAN standard using the carrier sense multiple access media access control protocol with collision avoidance (CS/MA CA). The standard allows for both direct sequence and frequencyhopping spread spectrum transmissions at the physical layer. The original 802.11 specification defines data rates of 1 megabit per second (Mbps) and 2 Mbps and uses a radio frequency of 2.45 gigahertz (GHz). ! 802.11a . 802.11a provides faster communication speeds, up to 54 Mbps, but usually at shorter ranges than other wireless standards. It operates with 12 non-overlapping channels, which makes it suitable for densely populated areas. It uses a different part of the radio spectrum than 802.11, 802.11b, and 802.11g, so it is not interoperable with them. 802.11b . 802.11b supports higher bit rates than 802.11 but is still compatible with it. 802.11b supports two additional speeds: 5.5 Mbps and 11 Mbps. It has good range but is susceptible to radio signal interference from other devices that operate in its frequency range, such as Bluetooth. Many vendors are making reasonably priced 802.11b devices for the home and small-business market. ! 802.11g . 802.11g is an enhancement to 802.11b and is compatible with that standard. Since it operates in the same frequency band, upgrading from 8021.11b to 802.11g may only require a firmware update instead of all new hardware. Speeds up to 54 Mbps are reachable, but at shorter ranges than 802.11b. It is susceptible to the same types interference as 802.11b. 802.1x is an extension to 802.11 that defines a way of authenticating access to the wireless access point before allowing access to the network. It was designed to address some of the shortcomings of 802.11 wireless security, but it can also be used for wired LANs. It requires a greater investment in infrastructure because it requires that public key infrastructure (PKI) and Remote Authentication Dial-In User Service (RADIUS) components be installed on the network. 802.1x uses Extensible Authentication Protocol (EAP) as the means of packaging the authentication conversation between various components of the solution and generating the keys used to protect traffic between clients and network access hardware. The hardware for 802.1x is generally more expensive than that of 802.11.
  • The benefits of WLAN technology can be divided into two categories: business benefits and operational benefits. The main advantage of using wireless networks in an organization is the increased flexibility and mobility that it provides to the employees in an organization. Employees can work away from their desks and be mobile without being disconnected from the network. The following list includes some examples of the core business benefits of WLANs: ! Mobile users moving between offices, and telecommuters coming into the office, save time and effort with transparent connection to the corporate local area network (LAN). Connection is instantaneous and available from any physical location with wireless coverage. Users do not have to search for network ports and cables to connect to the network. ! Mobile users can access corporate information while on the road through the use of Internet hot-spots, or public WLANs. Internet hot-spots, once only popular at major airports and hotels, are now becoming commonplace at major retail and commercial locations. These facilities allow mobile users on the road to access corporate information by using public WLANs and secure connection methods such as virtual private networks (VPNs). ! Users can remain online to use e-mail, electronic calendars, and chat technologies even while in meetings or working away from their desks. ! New smart devices capable of using wireless networks can be implemented in an organization, making users. information more available to them. ! Organizational flexibility is enhanced. Because users are not wired to their desks, quick and easy desk moves or even whole office moves become possible. This facilitates more productive team and interteam working. The operational benefits of WLAN technology include lower capital and operational costs. The following list summarizes the operational benefits of WLAN technologies. ! The cost of provisioning network access to buildings is substantially lowered. ! The network can be easily scaled to respond to different levels of demand as the organization changes. It is far easier to deploy a higher concentration of wireless access points (APs) to a given location than to increase the number of wired network ports. ! Wireless network infrastructure can be easily moved to a new building, whereas wired network wiring is a permanent fixture.
  • There are many vulnerabilities inherent in wireless networking. Remember that you are broadcasting to the world, especially if you do not use encryption. Many access points ship with default configurations that are unencrypted and broadcast the access point.s Service Set Identifier (SSID). Access points ship with a default SSID that is easy for a malicious user to obtain. Configuration of a wireless access point can be complicated and time consuming, so network administrators might sometimes leave access points in a default configuration that is unsecure. Following are some of the threats to your wireless network: ! Eavesdropping . Attackers can use a variety of tools to find wireless access points where they can pick up an SSID broadcast. Attackers often run these tools on portable computers or mobile devices. They can simply drive in a car and scan for access points that are not secured. This practice is sometimes referred to as war driving , which comes from the term war dialing . War dialing refers to calling blocks of numbers randomly until a modem answers. Attackers who find an access point running without encryption can borrow your Internet connectivity or sniff your network and use it to attack another network, or your own network. ! Spoofing . Even if you disable broadcasting or turn on Media Access Control (MAC) filtering on the wireless access point, attackers can use antennas to capture your signal, determine your SSID or valid MAC address, and then use it to impersonate an authorized client. ! Interception and modification of transmitted data . Attackers who gain access to a network can insert a rogue computer to intercept, modify, and relay communications between two legitimate parties. ! Freeloading . An attacker can use your network as free access point to the Internet. Although this attack is not as damaging as some of the other threats, it can lower the available level of service for your legitimate users. Introduction Common threats to wireless security ! Denial of service (DoS) . Attackers can shut down access points by jamming air with noise, rerouting connections to dead ends, or disconnecting valid clients. Wireless communication uses radio frequencies, which are vulnerable to these attacks. ! Rogue WLANs . Even if your company does not have an official WLAN deployed, or if it does have one and has secured it adequately, you might still be at risk from employees installing unauthorized WLANs on your network. You can purchase a low-end wireless AP and a WLAN card inexpensively.
  • In addition to using the wireless network standards, there are other guidelines that you can follow to ensure that your wireless networks are secure. Use the following guidelines when implementing wireless networks in your organization. ! Require data encryption for all wireless communications . Data encryption will help prevent eavesdropping, interception, and data modification. ! Require 802.1x authentication to help prevent spoofing, freeloading, and accidental threats to your network by unintentional guest connections . Authentication will also help prevent network-level denial of service attacks; however, it will not help prevent low-level denial of service attacks. ! If you allow unauthenticated access to your wireless network, require a VPN connection to access the corporate network . You can configure your wireless network to allow anyone to connect to it and use it to access the Internet. This allows visitors to your offices to check their e-mail and browse the Internet by using a wireless network connection. However, all employees that need to access the corporate network must use a VPN connection to access resources on the corporate network. ! Specify the use of software scanning tools to locate and shut down rogue WLANs on your corporate network . Also specify a security policy that specifically prohibits the use of wireless access points that are not approved by your corporate information technology (IT) department.
  • The 802.11 architecture contains the following components: ! Station (STA) . The wireless STA (wireless client) contains an adapter card, a PC card, or an embedded device to provide wireless connectivity. ! Access point (AP) . The AP functions as a bridge between the wireless STAs and the existing network backbone for network access. ! Independent basic service set (IBSS) . An IBSS is a wireless network, consisting of at least two STAs, that is used where access to a distribution system (DS) is not available. An IBSS is also sometimes referred to as an ad hoc wireless network . ! Basic service set (BSS) . A BSS includes connectivity to the existing network backbone through an AP. A BSS is also sometimes referred to as an infrastructure wireless network . All STAs in a BSS communicate through the AP. The AP provides connectivity to the wired LAN and provides bridging functionality when one STA initiates communication with another STA. ! Extended service set (ESS) . An ESS interconnects the APs of multiple BSSs. It allows for mobility because STAs can move from one BSS to another BSS. APs can be interconnected with or without wires; however, most of the time they are connected with wires. The DS is the logical component used to interconnect BSSs. The DS provides distribution services to allow for the roaming of STAs between BSSs.
  • Show Airsnare – Installed on Instructor computer only
  • Blocking such as FTP or IM services
  • See the vendor a manual for specific instructions on how to do these steps. Also you can download newest versions of the firmware (software that runs inside of router).
  • Show Airsnare – Installed on Instructor computer only
  • Configuring your Home Network

    1. 1. Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI
    2. 2. Questions <ul><li>How many of you have more than one computer at home? </li></ul><ul><li>How do you connect to the Internet (DSL, cable, dialup)? </li></ul><ul><li>How many already have a home router? </li></ul><ul><li>Already have a wireless router? </li></ul>
    3. 3. Agenda <ul><li>What is a Home network </li></ul><ul><li>Connecting things together </li></ul><ul><li>Firewalls and Filtering </li></ul><ul><li>Setting up a home router </li></ul><ul><li>Setting up Print and File Sharing </li></ul><ul><li>Questions </li></ul>
    4. 4. Home Network <ul><li>One or more computers connected: </li></ul><ul><ul><li>To the Internet with a router </li></ul></ul><ul><ul><li>To each other in order to share Resources: </li></ul></ul><ul><ul><ul><li>Internet Connections </li></ul></ul></ul><ul><ul><ul><li>Sharing Files </li></ul></ul></ul><ul><ul><ul><li>Sharing Printers </li></ul></ul></ul>
    5. 5. What is a Router <ul><li>Connects one network to another </li></ul><ul><li>Sometimes called a “Gateway” </li></ul><ul><li>In our case it connects to your cable modem or DSL Line </li></ul><ul><li>Routers keep track of IP addresses and physical (MAC) addresses of hosts </li></ul><ul><li>Managed (As we shall see) </li></ul>
    6. 6. What is a Cable/DSL Modem <ul><li>Usually provided and controlled by your ISP </li></ul><ul><li>Connects your home to the Internet. </li></ul><ul><li>This is the device that gets your public IP address </li></ul><ul><li>Normally has no firewall protection </li></ul><ul><li>Make sure you use the right cable </li></ul>
    7. 7. What is a Firewall <ul><li>A device the filters packets or traffic </li></ul><ul><li>Its job is to be a traffic cop </li></ul><ul><li>You configure the firewall: </li></ul><ul><ul><li>What will allow to pass </li></ul></ul><ul><ul><li>What will it block </li></ul></ul><ul><li>Hides your home network from the outside world </li></ul><ul><li>Can be either in hardware or software </li></ul>
    8. 8. Firewall Protection <ul><li>Implement a firewall (checks incoming traffic at the network before it gets to your home network) Default – Blocks all Incoming connections </li></ul><ul><li>Leaving you home network default is allow all outbound connections </li></ul><ul><li>Hardware firewalls protect you home network by stop all traffic before it get to your computers </li></ul><ul><li>Personal software firewall on your computer blocks incoming and outgoing (lets you know what is leaving your computer) </li></ul>Firewall Home Network Internet
    9. 9. Firewall Routers <ul><li>The idea is layers of protection </li></ul><ul><li>Examples of home combo units include </li></ul><ul><ul><li>Dlink </li></ul></ul><ul><ul><li>Netgear </li></ul></ul><ul><ul><li>Linksys </li></ul></ul>
    10. 10. Software Firewalls <ul><li>Add additional protection by: </li></ul><ul><ul><li>Controlling what leaves your computer </li></ul></ul><ul><ul><li>Adding a second level of protection </li></ul></ul><ul><ul><li>By being aware of application level attacks </li></ul></ul><ul><ul><li>By allow you to schedule </li></ul></ul><ul><ul><ul><li>Usage of the internet by time (control access at night) </li></ul></ul></ul><ul><ul><ul><li>By location (block content for young children) </li></ul></ul></ul>
    11. 11. Software Firewalls for Home Use <ul><li>McAfee Firewall </li></ul><ul><li>Symantec’s Norton Personal Firewall </li></ul><ul><li>Zone Alarm (Free) </li></ul><ul><li>Computer Associates with Firewall (free) </li></ul><ul><li> </li></ul><ul><li>Windows Firewall in XP Service Pack 2 (free) </li></ul>
    12. 12. Wireless <ul><li>What is wireless </li></ul><ul><li>Wireless Networking Standards </li></ul><ul><ul><li>802.11 a, b, and g </li></ul></ul><ul><ul><li>Recommend a standard “g” model </li></ul></ul><ul><li>Wireless Security Standards </li></ul><ul><ul><li>Recommend Wired Equivalent Privacy (WEP) </li></ul></ul><ul><ul><li>Wi-Fi Protected Access (WPA) </li></ul></ul>
    13. 13. Wireless Network Standards <ul><li>Transmission speeds up to 54 megabits per second (Mbps) </li></ul><ul><li>Works well in densely populated areas </li></ul>802.11a <ul><li>Authenticates clients before it lets them on the network </li></ul><ul><li>Requires greater hardware and infrastructure investment </li></ul>802.1x <ul><li>Enhancement to and compatible with 802.11b </li></ul><ul><li>54 Mbps, but at shorter ranges than 802.11b </li></ul>802.11g <ul><li>11 Mbps </li></ul><ul><li>Good range but susceptible to radio signal interference </li></ul>802.11b <ul><li>A group of specifications for WLANs developed by IEEE </li></ul><ul><li>Defines the physical and MAC portion of the data link layer </li></ul>802.11 Description Standard
    14. 14. Lesson: Introduction to Securing Wireless Networks <ul><li>What are the benefits of wireless networks? </li></ul><ul><li>Common threats to wireless security </li></ul><ul><li>Wireless network standards </li></ul><ul><li>Guidelines for using security to mitigate risks to wireless networks </li></ul><ul><li>Wireless network architecture </li></ul>
    15. 15. What Are the Benefits of Wireless Networks? <ul><li>Mobile users moving between offices save time and effort with a transparent connection to the corporate network </li></ul><ul><li>Users can use e-mail, electronic calendars, and chat technologies when away from their desks </li></ul><ul><li>The cost of provisioning network access to buildings is substantially lowered </li></ul><ul><li>The network can be easily scaled to respond to different levels of demand when the organization changes </li></ul>Operational benefits: Business benefits:
    16. 16. Common Threats to Wireless Security <ul><li>Eavesdropping </li></ul><ul><li>Spoofing </li></ul><ul><li>Interception and modification of transmitted data </li></ul><ul><li>Freeloading </li></ul><ul><li>Denial of service </li></ul><ul><li>Rogue WLANs </li></ul>
    17. 17. Guidelines for Using Security to Mitigate Risks to Wireless Networks Specify the use of software scanning tools to locate and shut down rogue WLANs on your corporate network If you allow unauthenticated access to your wireless network, require a VPN connection to access the corporate network Require data encryption for all wireless communications Require 802.1x authentication to help prevent spoofing, freeloading, and accidental threats to your network
    18. 18. Wireless Network Architecture BSS BSS DS ESS IBSS STA STA STA STA AP AP
    19. 19. Demo: Wireless Devices Clearsight Scanner
    20. 20. Demo: How to configure Wireless Firewall/router <ul><li>Example: </li></ul><ul><ul><li>Basic Settings </li></ul></ul><ul><ul><li>Wireless Settings </li></ul></ul><ul><ul><li>Backup Settings </li></ul></ul><ul><ul><li>Set Account name and password </li></ul></ul><ul><ul><li>Blocking and Filtering </li></ul></ul>
    21. 21. Steps to protect your wireless network <ul><li>Change the default password on your router </li></ul><ul><li>2. Enable WEP on router and wireless workstation </li></ul><ul><li>Use MAC address filtering </li></ul><ul><li>SSID broadcast of </li></ul><ul><li>Prohibit Peer-to-peer (Ad Hoc) networking </li></ul><ul><li>5. Keep current on hardware bios upgrades </li></ul>
    22. 22. Demo: Rogue Wireless Devices AirSnare
    23. 23. Weak Passwords <ul><li>Your computer password is the foundation of your computer security </li></ul><ul><li> No Password = No Security </li></ul><ul><li>Old Passwords & Same Password = Little Security </li></ul><ul><li>Change the “administrator” password on your computer </li></ul>
    24. 24. Questions <ul><li>WWW.MIR.NET </li></ul><ul><li>FOR COPIES OF THIS DECK </li></ul>