• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Each LAN card has a ‘burned in address’ – the MAC address. This is added to the hardware by the manufacturer. This address is Globally unique and is controlled by global standards. However, it is possible to modify this address in some instances. It is the MAC address that identifies a computer on a local network and it is used when sending any data. The IP address is used across the internet to identify the computer and the network the computer is on. Both the MAC and IP addresses are required (at least) to identify the sender and receiver of a message.

ProtectingYourWirele.. ProtectingYourWirele.. Presentation Transcript

  • Protecting Your Wireless Network University of Tasmania School Of Computing 2007
  • Lecturer (Launceston)
    • Dr. Daniel Rolf
      • School of Computing, Launceston
        • Phone: 6324 3450
        • Email: [email_address]
  • Tonight
    • This is for
      • Home users
      • Those with limited or no technical expertise
      • Simple networks with no extra hardware
        • e.g. no RADIUS/VPN servers etc
      • Those who want some background and straightforward advice
  • Agenda
    • Background
    • Issues
    • Typical Configuration Options
      • What do they mean
    • What you should do
  • A Wireless Network What does the Access Point do? Internet Each Computer is uniquely identified by its own IP Address and MAC Address IP: Internet Protocol MAC: Medium Access Control
  • Wireless Range
    • If you measure the radio signal 1meter from the antenna as 100% then
      • At 10m you will measure 1%
      • At 100m you will measure 0.01%
      • At 1km you will measure 0.0001%
    • It never goes away!
      • just disappears into the background…
  • Somewhere… http://www.larsen-b.com/Article/212.html
  • Wireless Products and Users
    • A home user can not be expected to have any IT expertise
    • Installing wireless equipment is made as simple as possible
    • Advertising highlights the good points
  • A Popular Product
      • 108Mbps Wireless Firewall Router
        • WGT624 v2
    Cable or DSL modem Wireless Router PC Telephone Socket
  • The Installation Guide
    • How to connect the router
    • How to Log in to the router
    • Run a setup wizard to connect to the Internet
    • Setup basic wireless connectivity
      • Default features
        • Network Name(SSID): NETGEAR
        • WEP Security: disabled
  • And now for the demo…
  • NETGEAR WGT624 Security
    • These are the advertised security features
      • Double Firewall
        • Network Address Translation (NAT)
        • Stateful Packet Inspection (SPI)
      • Denial of Service (DoS) attack prevention
      • Intrusion Detection and Prevention
      • Wired Equivalent Privacy (WEP) 64 and 128 bit
      • Wi-Fi Protected Access (Pre Shared Key)
      • Wireless Access Control (SSID)
        • To identify authorized wireless network devices
      • Multiple VPN tunnels
        • Pass Through, 2 IPSec, and multiple L2TP and PPTP
      • Exposed Host (DMZ)
      • MAC address authentication
  • The Pass Phrase
    • 8-63 characters long
    10 20 30 Length in characters Possible time to crack minutes years lots of years
  • Do’s
    • Change the default settings
      • use your own SSID
        • Makes your network less of an obvious attraction
      • change the administrator password on the AP
    • Enable and use the security features on the access point
      • make use of the firewall and filtering offered on the access point
        • if they are not there then look at getting specific products
    • Use good passwords/pass-phrases
      • for WPA
      • for any shared directories on your computer
    • Enable MAC filtering (for the technically minded)
      • allow only the computers you know/want on your network
        • this is a hurdle that can be bypassed (takes effort)
  • Do’s
    • Manage the access point over a wired network port
    • Look a the access point logs from time to time
      • see who’s there
    • Keep the operational range to a minimum
      • e.g. Lower the transmit power of the AP to minimise signal propagation if you have the option.
    • Switch the access point off if you are not using it for any length of time
  • Don’t
    • Use a default for anything without serious consideration
      • (and then still don’t)
    • Use WEP
    • Use a Pre Shared Key (PSK) based on a dictionary word
  • Choosing & Managing your Passwords
    • Authentication passwords (secret)
      • Generally shorter
      • Often written down and stored securely
      • Chosen and changed according to a method known only to the creator
    • Access Control passwords (shared)
      • Generally longer: pass phrase
      • Need different method to choose these
  • Choosing & Managing your Passwords
    • It is common to find people choosing authentication passwords based on their personal lives
      • Tiddles1
      • Fido&Tiddles
      • MyFidoDog
    • Or personal names, car number plates, birth dates etc
    Introducing Fido and Tiddles
  • Choosing & Managing your Passwords
    • Tip #1 choose your WPA password using a very different method from the one you use to chose your authentication password
      • Your WPA password will be shared
      • You are not the only one controlling the sharing
  • Choosing & Managing your Passwords
    • Tip #2 find a method that will produce a 20 character password that you can
      • remember
      • tell someone else easily
        • Not &%^$3wd9!fhKK#?….
    • Hints
      • Think of the term pass phrase rather than word
  • Choosing & Managing your Passwords
    • Hints
      • Use lines from poems and other texts
        • The boy stood on the burning deck
        • My teddy bear is rather fat
      • Use lines from tunes and songs
        • We’re all going on a summer holiday
        • By saying something stupid like I
      • Use funny phrases
        • Configuring this router is making me cross
        • I often cook burnt offerings
  • Choosing & Managing your Passwords
    • Hints
      • Add some capitals and replace o with 0 & I with 1 and use some SMS abbreviations
        • The b0y stood on Burn1ng deck
        • My teddy bear 1s Rather fat
        • We’re All go1ng on a summer hol1day
        • By saying Something Stupid like 1
        • Configuring th1s ** router is making me X
      • Write this down and file in a secure place
        • With some physical access control
  • Choosing & Managing your Passwords
    • Finally
      • Remember your WPA password will be shared
      • It should give no clues as to how you construct your authentication passwords
        • You may trust your daughter but do you trust your daughter’s friend’s boy friend?
      • If in doubt change the pass phrase
        • Access to your network is the first step to access to your money!
  • More Information
    • Securing your Wireless Network
      • http://www.practicallynetworked.com/support/wireless_secure.htm
    • Improving your default Netgear Security
      • http://kbserver.netgear.com/kb_web_files/n101379.asp