SlideShare a Scribd company logo

SecuringAWirelessNetwork_Capstone

Download as DOC, PDF
C
Cecil Sellars
1 of 30
Securing a Wireless Network Page 1 IT Capstone Written Project Cover Sheet Capstone Project Name: Securing a Company Wireless Network Student Name: Cecil Sellars Degree Program: Bachelor of Science, IT – Security Emphasis Student Mentor Name: Omoni Bazunu Signature Block Student's Signature: Cecil Sellars 01/16/16 Mentor's Signature:
Securing a Wireless Network Page 2 Capstone Project Waiver/Release Statement Acknowledgment It is the policy of Western Governors University (“WGU”) that student Capstone projects should not be based upon, and should not include, any proprietary or classified information or material belonging to your employer or any other organization (“Restricted Information”) without appropriate authorization. Please confirm (by signing below) that you will complete (and upload into TaskStream) the IT Capstone Waiver Release form (verbiage is available in Appendix 2 of this document) indicating that your project does not include any restricted content. If you have included restricted content, please confirm that, in addition to the IT Capstone Waiver Release form, you will upload a suitable release letter giving you permission to use restricted information (A sample release letter is available in Appendix 3 of this document). Cecil Sellars 000385291 01/16/2016 Student’s Ink or Electronic Signature Date
Securing a Wireless Network Page 3 Table of Contents Capstone Project Summary.........................................................................................................4 Review of Other Work ...............................................................................................................5 Project Rationale.........................................................................................................................7 Systems Analysis and Methodology...........................................................................................8 Goals and Objectives.................................................................................................................11 Project Deliverables..................................................................................................................15 Project Plan and Timelines........................................................................................................15 Project Development.................................................................................................................17 References.................................................................................................................................20 Appendix A :.............................................................................................................................21 Appendix B:..............................................................................................................................29
Securing a Wireless Network Page 4 Capstone Project Summary This project is a securing of a wireless network inside and out and everywhere possible. The project locks down the Wireless Access Point, physically and internally, and shores up all other holes in the wireless network's security. All and all the project was a success. Necessary Evil now has a very resilient wireless network. Re-configuring the Access Point settings went off without a hiccup. Physically securing the Access Point was simple. The security conference went better than expected. The new security policy document is very sound and took no time at all. Every aspect of the project kept to schedule, except the security conference that ran one day long. Everything that could be done, within the budget, was done. I researched the work of others that secure wireless networks on a regular basis and took the methods they use in their own networks, and the networks of their clients, and used them to secure Necessary Evil's network. From changing the SSID like AirTight, to using WPA2 like Geier, to locking away the Access Point like Geier, to doing vulnerability assessments like Phifer and her company, all these methods and best practices were paramount to the success of this project. This project was commissioned for a small insurance company, Necessary Evil. As an insurance company they have a multitude of personal customer information and that information must be safeguarded. Customers offer up social security numbers, addresses, phone numbers, driver's license numbers, and birthdays, to name a few. That information is highly sensitive and highly sought after by those with malicious intent. The company's insurance agents work in a big open office with many cubicles where they use computers and VoIP phones to handles claims and customer contact. The agents connect to the internet through a wireless access point, which is a target for malicious users looking to steal valuable customer information, and also internet service mooching outsiders. The wireless access point was in an unsecured state configured with default settings and just sitting out in the open. As such, the wireless access point, WAP or AP, and
Securing a Wireless Network Page 5 wireless network had to be secured. The previous state of the wireless network was a huge liability. The agents also were bringing their own unsecured devices to work and had limited knowledge of sound security practices. To lock down Necessary Evil's network I developed a whole new security plan, from software settings to hardware protections to a new security policy document. To fix Necessary Evil's current vulnerable network I adjusted the default settings of the WAP which made it more secure, as well as educated the employees on some common security practices. I will also disallowed agents bringing their own devices to work. Overall the network was very vulnerable and I will made it secure through these methods. Review of Other Work To backup my previous knowledge and planned practices for securing Necessary Evil's wireless network, I researched industry best practices and methods used in other companies' own networks to keep them secure. I found it is emphasized to change the default SSID, “Change the Manufacturer’s Default SSID to a ‘Secure’ SSID ” (AirTight Networks, 2006). AirTight stated that every manufacturer of Wireless Access Points publishes their manuals online for all to see and all to know the default SSID. AirTight explained that the first thing in securing a wireless network is changing the SSID from default. AirTight expressed that their old SSID was admin and is now changed to something less easy to guess. I concurred with AirTight Networks, changing the SSID makes the access point more secure. This solution was a key part of a more secure configured Access Point. Having a default SSID (Network Name) or weak one means anyone can find out the name and have half of what they need to login to the access point. Not to mention if the password is also default, the access point is a sitting duck. So something as simple as changing the SSID can make a big difference. I followed AirTight's security principles and made sure Necessary Evil's SSID was changed.
Securing a Wireless Network Page 6 It is also imperative to enable the very strong authentication, WPA2 security. “WEP security can easily be cracked. That’s why you should use Wi-Fi Protected Access 2 (WPA2) to protect your wireless network” (Geier, 2011). Geier explained the old standards of authentication were very weak; WEP isn't much better than no authentication because when entering the key with WEP it shows up in plain-text. WPA was an improvement, but not as good as WPA2. WPA2 is a very advanced, many bit authentication protocol. A fully loaded super computer could take weeks, months or years trying to figure out the password if WPA2 is enabled; so, having a strong password and protecting it is a great way to strengthen your defense. Geier emphasized using WPA2 in every wireless network is a must, and uses it in all networks that he configures. Enabling WPA2 authentication makes the password to the AP very hard to guess; so, imploring Geier's advice, it was enabled. I nearly forgot about this very important piece to fortifying the software settings before doing the research, and now, thanks to Geier, the network is more secure. Physically securing the wireless access point is also ideal. Physically securing the network was the second piece of the development of a new security plan for Necessary Evil. “Think about the physical security of your network and facility as well. You can have the best encryption setup and change the password every hour, for instance, but still become hacked via other means. One way is by someone gaining physical access to your wireless router or an access point and then quickly performing a factory restore using the restore button on the device” (Geier, 2015). Having all the most secure settings in the world are all for naught if your access point is just sitting out in the open. Geier's own company keeps their Access Point in a wiring closet with key-card access, with a CCTV surveillance camera pointed at the entry and one in the closet to monitor any changes to the network. Having physical access to the Access Point gives one a lot of power and control. Physically securing the access point prevents just anyone walking
Securing a Wireless Network Page 7 up to it, plugging into and changing settings; so, in agreement with Geier, the AP was locked away. Necessary Evil did not have the means to afford a key card access door, but putting away the WAP in a closet with lock in key was sufficient. Another firm practice is to do vulnerability assessments. Vulnerability assessments are done by occasionally walking the premises looking for any unauthorized wireless devices or access points, and if discovered, removing them. “Discovery tools should be used during site surveys and periodically thereafter to detect rogue APs and unauthorized peer-to-peer connections” (Phifer, 2003). Phifer's company does weekly assessments of their facilities and encourages all to do the same, or more frequently if you have the means. Detecting malicious access points and unauthorized connections is paramount to security. Rogue access points can be used to trick ignorant users into to connecting to them, and then allow their data to be monitored and stolen. I followed Phifer's advice and the practice of her company, and did and will continue to do frequent inspections to discover those threats. This solid security practice is a good compliment to locking away the access point, and, thanks to Phifer, this practice has greatly helped the ultimate goal of strengthening the network. Those are just a few industry standards and daily practices for securing wireless networks. As such, I used these methods as well as several others to secure Necessary Evil's network. Project Rationale Starting out, Necessary Evil's wireless network had many security deficiencies that needed patching. Those vulnerabilities were cause for action and cause for this project.
Securing a Wireless Network Page 8 The access point had default settings. Those settings were a huge security risk. Anyone can go online and find the default login credentials for Necessary Evil's model of access point and use them to login and do as they please with the wireless network. Employees had no knowledge of basic security practices. The agents were susceptible to being tricked into giving out the Wi-Fi SSID and password over the phone or in an email to some one posing as a superior or network technician. The agents needed to be trained about suspicious activity and taught not to give out that information no matter what. To top it off, the company had no policy that prohibited outside devices. Allowing outside devices creates numerous network vulnerabilities. Chances are employees will bring in a laptop that has no firewall or anti-virus software and can corrupt other computers in the office and the wireless network. Employees might also get the idea to bring in their own access point to get better bandwidth to their computer, instead of sharing the current AP with the other agents, which most likely would have default settings and become a target. Also rogue employees might try to steal important customer information to sell, and this had to be avoided by prohibiting cell phones and other capture capable devices. All in all, bring your own device (BYOD) is a big problem and had to be avoided. All combined, there were lot of huge holes in the company network that need to be filled. Because of the company's previous wireless network state and employee threats, I implemented all suggested solutions, and helped secure Necessary Evil's network inside and out. Systems Analysis and Methodology First and foremost I had to change some of the basic settings on the access point to better secure it. The first thing to change was the default SSID, which is the name of the network that the insurance agents connect to. The SSID is typically set to admin or the name of the access
Securing a Wireless Network Page 9 point manufacturer, like Netgear, by default. I will had the name changed to JustInCase, which is not as obvious and has case variation, making it more secure. I also changed the default login credentials of the access point; the admin username and password are typically set to admin and password out of the box. Anyone who has the login credentials for the access point can login and make changes, which can be very detrimental. To change those you simply plug an ethernet cord into the port on the wireless access point, open a web browser and type in your access point's IP address. Once I logged in and began adjusting the settings of the AP, I also adjusted a few other settings. Not only did I update the SSID and login credentials, I also set a password that users will use to connect to the AP. The strongest security setting for an AP password is WPA2, so that is what was set. The password to be chosen had to be a strong password as well. Strong passwords consist of letters, numbers, special characters and a least one change in case. Although not typical, I also turned off SSID broadcast, which means that users won't automatically see the name of the network when looking through a list of available networks to connect to on their devices. Shutting of SSID broadcast prevents outsiders from even realizing your network is there if they are sitting outside your building trying to connect to your network. To still allow the insurance agents to connect to the network after the SSID broadcast is shut off, I manually entered the settings into their computers and saved them for future connections. To prevent unauthorized devices from connecting to the AP, I enabled the setting for MAC filtering. This setting allows only those computers with hardware addresses entered into the MAC address list on the access point to connect to it. So, even if somehow and unauthorized person was able to guess the SSID and password, they still would not be allowed to connect.
Securing a Wireless Network Page 10 The next order of business was to physically protect the AP. If a malicious user can walk right up to the access point and plug into it, all those security settings are useless. One suggested way to secure the wireless access point is to lock it in a closet behind a key card entry access door with security cameras monitoring who goes in and out of the closet. Also you can put it in the ceiling, which puts it “out of sight, out of mind” and hard to access, and allows the best signal distribution throughout the office (AirTight Networks, 2006). A reduction in the power level of the AP is also necessary to prevent the wireless signal from going outside the office. “A very effective, but more extreme, way to do this would be to secure the building itself by making it act as a Faraday cage, shielding the radio frequency waves used by Wi-Fi” (Dayal, 2006). If the signal extends from the office it can be seen and intercepted by outside users who may not have good intentions. Some outsiders may have bad intentions, other may just want to piggyback on your network, which could cause slow downs and is stealing. A Faraday is created using copper mesh throughout the walls of the building to keep signal from escaping, it also prevents signals from coming in, such as cell phone signal. One can buy copper mesh at Home Depot for four dollars and fifty cents per square foot (Home Depot, n.d.). Necessary Evil's office space is 3000 square foot, making it a cost of $13,500 to insulate. This cost was too great, so simply reducing the power signal of the wireless access point, so it doesn't extend beyond the office, was sufficient. I wanted to configure an intrusion prevention system as well on the network, which monitors the network and would alert me and isolate any unauthorized device on it. Also, I recommended doing weekly vulnerability assessments of the property. To top everything off, one of the best things that can be done for security is educate the users. Users can be a big hazard; they can be tricked into giving out the Wi-Fi password, or bring
Securing a Wireless Network Page 11 unauthorized devices into the office. So a yearly security meeting with the insurance agents and an entry security meeting with new employees was advised. During the meeting it is important to inform the employees to not give the AP password out to anyone, not over the phone or email, no matter who it is. Also it should be company policy to not allow outside devices into the work space, including cell phones and computers of any sort. Employee cell phones should be locked away in company lockers before entering the office for their shifts. This concludes the steps necessary to protect Necessary Evil's wireless network. The methodology that was used to guide this project is Analysis, Design, Development, Implementation, and Evaluation (ADDIE). The Analysis part showed a need for major changes in the security of the wireless network, and determined what all the company wants to implement. The Design portion included a list of all the network and company security needs. The Development process entailed writing up a document that lists all the necessary settings for the wireless access point, creating and formally documenting a company security policy, and creating a blueprint for the Faraday if one is required. The Implementation step was simply carried out by invoking the new AP settings, writing up the new security document and hosting the security conference. The Evaluation step will be placed on the shoulders of Necessary Evil's current network administrator. If there are any complications or concern, the administrator can contact me. Goals and Objectives There were three main goals for this project. The first was to change the software settings of the wireless network. The first goal was achieved easily by logging in to the access point and changing the settings. The second goal, physically protect the hardware, was met with the help of a lockable closet. The third goal was to educate the insurance agents on security and
Securing a Wireless Network Page 12 create company wide security policy documents. The third goal was fulfilled through a company- wide training conference and the creation of a security guide document in Microsoft Word. The objectives that achieve the goals, and the project, are the following eleven key points: 1. Create a new SSID and password 2. Set the password to WPA2 security 3. Change default login credentials for the access point 4. Turn off SSID broadcast 5. Enable MAC filtering 6. Lower the power level of the wireless signal 7. Physically secure the access point 8. Install an intrusion prevention system on the network 9. Implement a vulnerability assessment policy 10. Disallow bring your own device (BYOD) 11. Educate the agents on security. Each one, altogether, establishes a very secure company wireless network. Each objective is essential to a successful project. To carry out the objectives I will give a detailed, step-by-step explanation of how each one was fulfilled. First to configure any setting in the access point, you must first be connected to it and find out the IP address of it. To connect to it I got an Ethernet cable and plugged into one of the
Securing a Wireless Network Page 13 Ethernet ports on the back of the device. To discover the IP address, I opened the Start Menu of the computer, clicked on All Programs, then Accessories and finally clicked Command Prompt. Once Command Prompt was open, I typed ipconfig and looked for the section that reads Default Gateway, the address next to it is the IP address of the access point. Then I opened a web browser and typed in the IP address, recently discovered, in the address bar and pressed Enter. After the page loaded the login screen for the wireless access point was be displayed. Then I located the WAP's manual to find the default login. I entered the credentials and pressed Enter and access was allowed into the access point, and the settings menu was displayed. The next few steps will vary based on Model of the access point;however, the company's access point is a Motorola SBG6580. To change the SSID I clicked on Wireless, at the top of the menu, then selected Primary Network on the left, found Network Name (SSID), and entered the new name JustInCase. Then I chose the drop down menu for WPA2 security and selected enable. Afterwards I found the WPA Pre-Shared Key option and entered in the chosen password. To disable broadcasting of the SSID I chose enable from the drop down next to Closed Network. At the bottom of the screen I selected Apply to save and update the changes to the access point. After speaking with the office manager, it was decided that a Faraday was not necessary, so the next deliverable was to reduce the power level of the access point. The power level option is in the Basic menu under the Wireless option. I picked 50% on the drop down menu next to Output Power. Fifty percent power was able to reach around the office to all the computers without going outside of the office. The next step was to enter the allowed MACs on the access point. I selected the Access Control option from the menu on the left and clicked the allow option from the drop down menu next to MAC Restrict Mode. Selecting allow tells the access point to allow only the entered MAC addresses to connect to it and use the network. Now I entered the Mac addresses of each agents computer into the blank boxes next to MAC Addresses. To obtain the MACs of the agents computers, you must open Command Prompt on each one and type ipconfig
Securing a Wireless Network Page 14 /all, the address will be next to Physical Address; it is 12 characters separated by dashes. I selected Apply after all the MACs were entered. The last settings to configure inside the access point were the login credentials. I, as the administrator of the network, am the only one allowed who can access the wireless access point. To reconfigure them from the default I selected Status from the top menu and Security from the left menu. Here I changed the username and password and then hit Apply. Another software step is to install an intrusion prevention system. An intrusion system must be purchased, configured and installed, depending on the type purchased. For this network I was unable to purchase a software intrusion prevention system because it was not in the budget. All of the previous steps and procedures combine to satisfy the first goal of changing the software settings. The next goal of securing the wireless access point was physical. You do not want to allow just anyone to walk up and plug into the access point and attempt to change settings or monitor the network and steal information. With that said, I decided to place the WAP in a locked closet with only the network administrator allowed access and allowed to possess the key. That satisfied the second goal. As far as company security policies go, it was decided to have a yearly conference about wireless network security, create a no bring your own device rule, and do weekly vulnerability assessments. The yearly conference was held on site in the conference room and explained to employees not to give out their access password to the wireless network to anyone, and encouraged employees to inform the network administrator of any unauthorized devices around the office or in the building. The conference also included a question and answer portion for anyone not clear on what is required of them. The BYOD policy prohibits employees from bringing any outside devices that can capture information or access the internet, which includes: iPads, Nooks, or tablets of any sort, iPhones, Samsung phones, any smartphone or phone with a
Securing a Wireless Network Page 15 camera or a notepad, computer, laptop or access point. Not allowing outside devices helps keep the network secure by not having insecure, easily compromised devices and protects customer information and privacy. For the vulnerability assessments, the network administrator has to walk the office weekly and look for unauthorized or rogue access points and remove them if found. The yearly conference policy, BYOD policy and vulnerability assessment policy were documented, saved and backed up on the network for future use, revision and compliance. The previous statements combine to fulfill the third goal. This concludes the necessary steps taken to secure Necessary Evil's wireless network, which concludes the goals and objectives of the project. Project Deliverables The main deliverables for this project are the security policy documents, the secure wiring closet, and the list of secure wireless access point settings. The security documents explains what to do and not do with the log on credentials of the access point, what devices are allowed at the office, and the process for the vulnerability assessments. The secure wiring closet is locked and only accessible by the network administrator. The last deliverable, the list of settings, is the new SSID, new password, WPA2 authentication, MAC filtering, disabled SSID broadcast, adjusted power level, and new log in credentials. This concludes the deliverables of the project. Project Plan and Timelines
Securing a Wireless Network Page 16 Project Deliverable or Milestone Duration Actual Start Date Planned End Date Actual End Date Change SSID .5 day 01/04/16 01/04/16 01/04/16 Enable WPA2 .5 day 01/04/16 01/04/16 01/04/16 Disable SSID Broadcast .5 day 01/05/16 01/05/16 01/05/16 Reduce AP Power Level .5 day 01/05/16 01/05/16 01/05/16 Enable MAC Filtering 1 day 01/06/16 01/06/16 01/06/16 Change AP Credentials .5 day 01/07/16 01/07/16 01/07/16 Document Security Policies 1 day 01/08/16 01/08/16 01/08/16 * First Vulnerability Assessment 1 day 01/11/16 01/11/16 01/11/16 ** First Security Conference .5 day 01/12/16 01/12/16 01/13/16 * Milestone ** Last Milestone/Project Completed Each phase of the project, for the most part, met expected completion dates. The software settings were quite easy to implement and; therefore, were implemented on schedule. Documenting the security policies finished as expected as well, as it is basically a list of a few guidelines. The first vulnerability test went smoothly and as planned because it is just a simple walk-around of the office. The only aspect of the project that did not finish as projected was the first security conference. The security conference ran long because the employees had many more questions than foreseen and needed a lot of coaching. All in all, the project was a smooth process.
Securing a Wireless Network Page 17 Project Development Overall the project was quite successful. Necessary Evil now has a substantially stronger wireless network. Updating the Access Point settings went smoothly and on schedule. Locking the Access Point away was no issue at all. Also the security conference went over well; the insurance agents were very curious and eager to do their part to help keep the network safe and thus project company profits. Everything that could be done, within in budgetary limits, was done. Problems Encountered There were a few issues that occurred during the course of the project. Two very sound and very effective methods for protecting the network were not implemented due to budgetary constraints, the Faraday and the Intrusion Prevention System. The Faraday would of stopped the wireless signal from going beyond the company premises and thwarted outsiders chances of using it. Though a Faraday would be effective and helpful, it was not essential to have it. Simply lowering the power level of the Access Point was sufficient. Not having the Intrusion Prevention System installed is, however, cause for concern. The IPS would have filtered traffic on the network, alerted the administrator of any anomalies in network traffic, isolated unwelcome users, and done many more powerful security functions. Not having it on the network leaves a huge void to be filled. Reasons for Change Throughout the course of the project there were very minimal adjustments to the original proposal and desired goals and implementation of the project. The big change was axing the Intrusion Prevention System due to insufficient budgetary means, and the minor change was the first annual security conference running a day longer than expected. The prolonged conference, though it kept the agents from being productive a day longer, it was deemed necessary when
Securing a Wireless Network Page 18 compared to the long term effects of uniformed agents that pose extreme vulnerabilities to network security. Unanticipated Requirements There were no new requirements that popped up during the project. There were no additional software settings that the company wanted to see enabled. There was no added hardware that Necessary Evil desired. They were very satisfied with the Vulnerability Assessment procedure and the yearly Security Conference, and agreed with the Bring Your Own Device policy. Overall there were no unforeseen security requirements or necessary additions. Actual and Potential Effects The actual effects of the project are very good. Before the project the Access Point had all default settings and was sitting out in the open for anyone to plug into, the signal reached well beyond the office building, and the insurance agents were completely uneducated on good security practices. Prior to the project anyone with minimal knowledge and malicious intent would have had a field day with Necessary Evil's network. Now the Access Point's settings are very solid, the AP is securely locked away, the signal stays within the office, and the company can rely on their agents to keep information secure and avoid harming the network. Potential effects to be aware of are the long term security of the network. As it stands the network is secure from the minimal to moderately knowledge malicious user, but a very sound hacker could access and do damage to this network. The network is as secure as it can be physically and settings-wise, but the actual network traffic is at risk. The network is in dire need of Intrusion Prevention System, or at the very least a Firewall of any kind. One of those devices would help protect agents from going to malicious sites and being targeted by and malicious sites, keep unwanted traffic off the network, and only allow traffic to and from where necessary.
Securing a Wireless Network Page 19 A small insurance company like Necessary Evil is an unlikely target for a hack, but as it grows it really should consider making room in the budget for a device that monitors network traffic. Conclusions Overall, with the monetary means that were allocated to this project and considering Necessary Evil's prior network state, this was a very successful undertaking. With its new state the network is less susceptible to an attack that would cost valuable information or an attack that would take down the company's website. Losing confidential customer information can lead to law suits or loss of customers and the revenue they generate because they have loss trust in the company. Temporary website unavailability keeps customers from being able to log in to pay their bills or new customers to sign up, or even allowing potential customers to get quotes. The network is now fortified in every way currently possible and the company can feel confident that their network is secure for years to come.
Securing a Wireless Network Page 20 References AirTight Networks. (2006). Best Practices for Securing Your Enterprise Wireless Network. Retrieved from http://www.airtightnetworks.com/fileadmin/pdf/whitepaper/Best_Practices_for_Securing_Your _Enterprise_Wireless_LAN.pdf Dayal, G. (2006, August 23). How-To Faraday cages. Retrieved from http://www.computerworld.com/article/2547046/data-privacy/faraday-cages.html Geier, E. (2011, February 14). Upgrading Wi-Fi Security from WEP to WPA2. Retrieved from http://www.esecurityplanet.com/views/article.php/3924726/Upgrading-WiFi-Security- from-WEP-to-WPA2.htm Geier, E. (2015, June 15). Best Ways to Secure your Wireless Network. Retrieved from http://www.windowsnetworking.com/articles-tutorials/wireless-networking/best-ways- secure-your-wireless-network.html Home Depot. (n.d.). Rolled Cooper Mesh Sheet. Retrieved from http://www.homedepot.com/p/MD-Hobby-and-Craft-12-in-x-24-in-Rolled-Copper- Mesh-Sheet-57504/205833442?cm_mmc=Shopping%7cTHD%7cG%7c0%7cG-BASE- PLA%7c&gclid=CJ_18q2wnckCFQiqaQodxeoJdw&gclsrc=aw.ds Phifer, L. (2003, April). WLAN security: Best practices for wireless network security. Retrieved from http://searchsecurity.techtarget.com/WLAN-security-Best-practices-for-wireless- network-security
Securing a Wireless Network Page 21 Appendix A : Finding the IP Address
Securing a Wireless Network Page 22 Login Screen of Access Point
Securing a Wireless Network Page 23 Change SSID, Enable WPA2, Create Password, Disable Broadcast Apply Settings
Securing a Wireless Network Page 24
Securing a Wireless Network Page 25 Reduce Power Level
Securing a Wireless Network Page 26
Securing a Wireless Network Page 27 Find MAC Addresses Configure MAC Filtering
Securing a Wireless Network Page 28 Change Default Login of Access Point
Securing a Wireless Network Page 29 Appendix B: Security Policy Document This document is a compilation of security guidelines for Necessary Evil to follow to complete the fortification of its network. Calling it a guideline by no means, means it is optional. If these things are not followed it greatly weakens and puts the network at risk. This document states the bring your own device policy, the vulnerability assessment policy, and security conference policy. Bringing your own device to work is by no means permitted. If employees bring any device from home that is internet accessible it immediately introduces huge security holes to the network. If a device is brought it in it should be stored in a locker or confiscated until the employee's shift is over. Vulnerability assessments are done by walking the office premises and looking for any unauthorized devices or wireless access points. Rogue access points can sometimes be brought in by ignorant, harmless employees intending to have their own access to the network and not have to share bandwidth with other agents. The vulnerability assessments should be done weekly at a minimum, or more often at the discretion of the network administrator. Employees at Necessary Evil were very uninformed and ignorant to good security practices before this project was finished. Now that they are more knowledgeable and aware the employees should be reminded and retrained at times to keep them sharp. Yearly security conferences should do because the security tips they should follow are few and simple. Yearly conferences are also a good catch-all in case new employees have been hired on since the last
Securing a Wireless Network Page 30 conference. Employee security orientation training is advised as well for those new to sign on with the company. Overall this completes the security policy document. By following these rules the overall soundness of the network is complimented and complete along with the software and hardware settings.

Recommended

White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksAltaware, Inc.
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Zscaler
 
Secure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureSecure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureZscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?Zscaler
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 

Recommended

White paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksWhite paper - Building Secure Wireless Networks
White paper - Building Secure Wireless NetworksAltaware, Inc.
 
Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Virtualized Firewall: Is it the panacea to secure distributed enterprises?
Virtualized Firewall: Is it the panacea to secure distributed enterprises?Zscaler
 
Secure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureSecure access to applications on Microsoft Azure
Secure access to applications on Microsoft AzureZscaler
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Zscaler
 
Top 5 predictions webinar
Top 5 predictions webinarTop 5 predictions webinar
Top 5 predictions webinarZscaler
 
ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021ICT and Cybersecurity for Lawyers August 2021
ICT and Cybersecurity for Lawyers August 2021Doug Newdick
 
What Comes After VPN?
What Comes After VPN?What Comes After VPN?
What Comes After VPN?Zscaler
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedBeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedIvan Dwyer
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1Abe Arredondo
 
IoT-SecurityECC-v4
IoT-SecurityECC-v4IoT-SecurityECC-v4
IoT-SecurityECC-v4Abe Arredondo
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin ResumeAshwin Vijay
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions inIJNSA Journal
 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapIvan Dwyer
 
Spo2 r33
Spo2 r33Spo2 r33
Spo2 r33SelectedPresentations
 
MetaGeek Chanalyzer & inSSIDer Product Explanation.
MetaGeek Chanalyzer & inSSIDer Product Explanation. MetaGeek Chanalyzer & inSSIDer Product Explanation.
MetaGeek Chanalyzer & inSSIDer Product Explanation. MetaGeek
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year ProjectMOHAMMEDELALAM1
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 
Penguat transistor
Penguat transistorPenguat transistor
Penguat transistorUC Tidar
 
оценка качества интернет ресурсов
оценка качества интернет ресурсовоценка качества интернет ресурсов
оценка качества интернет ресурсовElenashulga
 

More Related Content

What's hot

GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedBeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedIvan Dwyer
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions inIJNSA Journal
 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapIvan Dwyer
 
MetaGeek Chanalyzer & inSSIDer Product Explanation.
MetaGeek Chanalyzer & inSSIDer Product Explanation. MetaGeek Chanalyzer & inSSIDer Product Explanation.
MetaGeek Chanalyzer & inSSIDer Product Explanation. MetaGeek
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoTMarian Marinov
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 

What's hot (20)

GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths BustedBeyondCorp Austin Meetup: BeyondCorp Myths Busted
BeyondCorp Austin Meetup: BeyondCorp Myths Busted
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1
 
IoT-SecurityECC-v4
IoT-SecurityECC-v4IoT-SecurityECC-v4
IoT-SecurityECC-v4
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin Resume
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
 
Evaluation of enhanced security solutions in
Evaluation of enhanced security solutions inEvaluation of enhanced security solutions in
Evaluation of enhanced security solutions in
 
BeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence GapBeyondCorp New York Meetup: Closing the Adherence Gap
BeyondCorp New York Meetup: Closing the Adherence Gap
 
Spo2 r33
Spo2 r33Spo2 r33
Spo2 r33
 
MetaGeek Chanalyzer & inSSIDer Product Explanation.
MetaGeek Chanalyzer & inSSIDer Product Explanation. MetaGeek Chanalyzer & inSSIDer Product Explanation.
MetaGeek Chanalyzer & inSSIDer Product Explanation.
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoT
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year Project
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile Devices
 

Viewers also liked

Penguat transistor
Penguat transistorPenguat transistor
Penguat transistorUC Tidar
 
оценка качества интернет ресурсов
оценка качества интернет ресурсовоценка качества интернет ресурсов
оценка качества интернет ресурсовElenashulga
 
topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015
topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015
topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015Michele Petrosky
 
Beatles Style Guide
Beatles Style GuideBeatles Style Guide
Beatles Style Guidefancywu
 
Forvaltning af it infrastruktur i et flerleverandør-setup
Forvaltning af it infrastruktur i et flerleverandør-setupForvaltning af it infrastruktur i et flerleverandør-setup
Forvaltning af it infrastruktur i et flerleverandør-setupKOMBIT
 

Viewers also liked (12)

Penguat transistor
Penguat transistorPenguat transistor
Penguat transistor
 
оценка качества интернет ресурсов
оценка качества интернет ресурсовоценка качества интернет ресурсов
оценка качества интернет ресурсов
 
garanti
garanti garanti
garanti
 
ISIS
ISISISIS
ISIS
 
Cuadro de entrega de boeta de información
Cuadro de entrega de boeta de informaciónCuadro de entrega de boeta de información
Cuadro de entrega de boeta de información
 
Virtual skill trainer
Virtual skill trainerVirtual skill trainer
Virtual skill trainer
 
Dengue
DengueDengue
Dengue
 
topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015
topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015
topresume-revision-2-resume-michele-l.-petrosky-sept-29-2015
 
Çınar
ÇınarÇınar
Çınar
 
Beatles Style Guide
Beatles Style GuideBeatles Style Guide
Beatles Style Guide
 
Innovative lesson plan
Innovative lesson planInnovative lesson plan
Innovative lesson plan
 
Forvaltning af it infrastruktur i et flerleverandør-setup
Forvaltning af it infrastruktur i et flerleverandør-setupForvaltning af it infrastruktur i et flerleverandør-setup
Forvaltning af it infrastruktur i et flerleverandør-setup
 

Similar to SecuringAWirelessNetwork_Capstone

10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips10 Wireless Home Network Security Tips
10 Wireless Home Network Security TipsPECB
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationCARMEN ALCIVAR
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityShane Glenn
 
Wireless securit1
Wireless securit1Wireless securit1
Wireless securit1KowsalyaS12
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-ITIdan Hershkovich
 
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksEvaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksIJNSA Journal
 
Byod+ +bring+your+own+device
Byod+ +bring+your+own+device Byod+ +bring+your+own+device
Byod+ +bring+your+own+device J
 
CS155 Computer And Network Security.docx
CS155 Computer And Network Security.docxCS155 Computer And Network Security.docx
CS155 Computer And Network Security.docxwrite31
 
Part 1You have been recently hired as a network security analyst.docx
Part 1You have been recently hired as a network security analyst.docxPart 1You have been recently hired as a network security analyst.docx
Part 1You have been recently hired as a network security analyst.docxdanhaley45372
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityIOSR Journals
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesWill Kelly
 

Similar to SecuringAWirelessNetwork_Capstone (20)

10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips10 Wireless Home Network Security Tips
10 Wireless Home Network Security Tips
 
Final Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docxFinal Project – Incident Response Exercise SAMPLE.docx
Final Project – Incident Response Exercise SAMPLE.docx
 
Networking Expertise
Networking ExpertiseNetworking Expertise
Networking Expertise
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
Another proposal
Another proposalAnother proposal
Another proposal
 
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN Implementation
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
 
Wireless securit1
Wireless securit1Wireless securit1
Wireless securit1
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT
 
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksEvaluation of Enhanced Security Solutions in 802.11-Based Networks
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
Byod+ +bring+your+own+device
Byod+ +bring+your+own+device Byod+ +bring+your+own+device
Byod+ +bring+your+own+device
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
CS155 Computer And Network Security.docx
CS155 Computer And Network Security.docxCS155 Computer And Network Security.docx
CS155 Computer And Network Security.docx
 
Part 1You have been recently hired as a network security analyst.docx
Part 1You have been recently hired as a network security analyst.docxPart 1You have been recently hired as a network security analyst.docx
Part 1You have been recently hired as a network security analyst.docx
 
Latest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless SecurityLatest Developments in WirelessNetworking and Wireless Security
Latest Developments in WirelessNetworking and Wireless Security
 
Instituting_Wi-Fi_Policies
Instituting_Wi-Fi_PoliciesInstituting_Wi-Fi_Policies
Instituting_Wi-Fi_Policies
 

SecuringAWirelessNetwork_Capstone

  • 1. Securing a Wireless Network Page 1 IT Capstone Written Project Cover Sheet Capstone Project Name: Securing a Company Wireless Network Student Name: Cecil Sellars Degree Program: Bachelor of Science, IT – Security Emphasis Student Mentor Name: Omoni Bazunu Signature Block Student's Signature: Cecil Sellars 01/16/16 Mentor's Signature:
  • 2. Securing a Wireless Network Page 2 Capstone Project Waiver/Release Statement Acknowledgment It is the policy of Western Governors University (“WGU”) that student Capstone projects should not be based upon, and should not include, any proprietary or classified information or material belonging to your employer or any other organization (“Restricted Information”) without appropriate authorization. Please confirm (by signing below) that you will complete (and upload into TaskStream) the IT Capstone Waiver Release form (verbiage is available in Appendix 2 of this document) indicating that your project does not include any restricted content. If you have included restricted content, please confirm that, in addition to the IT Capstone Waiver Release form, you will upload a suitable release letter giving you permission to use restricted information (A sample release letter is available in Appendix 3 of this document). Cecil Sellars 000385291 01/16/2016 Student’s Ink or Electronic Signature Date
  • 3. Securing a Wireless Network Page 3 Table of Contents Capstone Project Summary.........................................................................................................4 Review of Other Work ...............................................................................................................5 Project Rationale.........................................................................................................................7 Systems Analysis and Methodology...........................................................................................8 Goals and Objectives.................................................................................................................11 Project Deliverables..................................................................................................................15 Project Plan and Timelines........................................................................................................15 Project Development.................................................................................................................17 References.................................................................................................................................20 Appendix A :.............................................................................................................................21 Appendix B:..............................................................................................................................29
  • 4. Securing a Wireless Network Page 4 Capstone Project Summary This project is a securing of a wireless network inside and out and everywhere possible. The project locks down the Wireless Access Point, physically and internally, and shores up all other holes in the wireless network's security. All and all the project was a success. Necessary Evil now has a very resilient wireless network. Re-configuring the Access Point settings went off without a hiccup. Physically securing the Access Point was simple. The security conference went better than expected. The new security policy document is very sound and took no time at all. Every aspect of the project kept to schedule, except the security conference that ran one day long. Everything that could be done, within the budget, was done. I researched the work of others that secure wireless networks on a regular basis and took the methods they use in their own networks, and the networks of their clients, and used them to secure Necessary Evil's network. From changing the SSID like AirTight, to using WPA2 like Geier, to locking away the Access Point like Geier, to doing vulnerability assessments like Phifer and her company, all these methods and best practices were paramount to the success of this project. This project was commissioned for a small insurance company, Necessary Evil. As an insurance company they have a multitude of personal customer information and that information must be safeguarded. Customers offer up social security numbers, addresses, phone numbers, driver's license numbers, and birthdays, to name a few. That information is highly sensitive and highly sought after by those with malicious intent. The company's insurance agents work in a big open office with many cubicles where they use computers and VoIP phones to handles claims and customer contact. The agents connect to the internet through a wireless access point, which is a target for malicious users looking to steal valuable customer information, and also internet service mooching outsiders. The wireless access point was in an unsecured state configured with default settings and just sitting out in the open. As such, the wireless access point, WAP or AP, and
  • 5. Securing a Wireless Network Page 5 wireless network had to be secured. The previous state of the wireless network was a huge liability. The agents also were bringing their own unsecured devices to work and had limited knowledge of sound security practices. To lock down Necessary Evil's network I developed a whole new security plan, from software settings to hardware protections to a new security policy document. To fix Necessary Evil's current vulnerable network I adjusted the default settings of the WAP which made it more secure, as well as educated the employees on some common security practices. I will also disallowed agents bringing their own devices to work. Overall the network was very vulnerable and I will made it secure through these methods. Review of Other Work To backup my previous knowledge and planned practices for securing Necessary Evil's wireless network, I researched industry best practices and methods used in other companies' own networks to keep them secure. I found it is emphasized to change the default SSID, “Change the Manufacturer’s Default SSID to a ‘Secure’ SSID ” (AirTight Networks, 2006). AirTight stated that every manufacturer of Wireless Access Points publishes their manuals online for all to see and all to know the default SSID. AirTight explained that the first thing in securing a wireless network is changing the SSID from default. AirTight expressed that their old SSID was admin and is now changed to something less easy to guess. I concurred with AirTight Networks, changing the SSID makes the access point more secure. This solution was a key part of a more secure configured Access Point. Having a default SSID (Network Name) or weak one means anyone can find out the name and have half of what they need to login to the access point. Not to mention if the password is also default, the access point is a sitting duck. So something as simple as changing the SSID can make a big difference. I followed AirTight's security principles and made sure Necessary Evil's SSID was changed.
  • 6. Securing a Wireless Network Page 6 It is also imperative to enable the very strong authentication, WPA2 security. “WEP security can easily be cracked. That’s why you should use Wi-Fi Protected Access 2 (WPA2) to protect your wireless network” (Geier, 2011). Geier explained the old standards of authentication were very weak; WEP isn't much better than no authentication because when entering the key with WEP it shows up in plain-text. WPA was an improvement, but not as good as WPA2. WPA2 is a very advanced, many bit authentication protocol. A fully loaded super computer could take weeks, months or years trying to figure out the password if WPA2 is enabled; so, having a strong password and protecting it is a great way to strengthen your defense. Geier emphasized using WPA2 in every wireless network is a must, and uses it in all networks that he configures. Enabling WPA2 authentication makes the password to the AP very hard to guess; so, imploring Geier's advice, it was enabled. I nearly forgot about this very important piece to fortifying the software settings before doing the research, and now, thanks to Geier, the network is more secure. Physically securing the wireless access point is also ideal. Physically securing the network was the second piece of the development of a new security plan for Necessary Evil. “Think about the physical security of your network and facility as well. You can have the best encryption setup and change the password every hour, for instance, but still become hacked via other means. One way is by someone gaining physical access to your wireless router or an access point and then quickly performing a factory restore using the restore button on the device” (Geier, 2015). Having all the most secure settings in the world are all for naught if your access point is just sitting out in the open. Geier's own company keeps their Access Point in a wiring closet with key-card access, with a CCTV surveillance camera pointed at the entry and one in the closet to monitor any changes to the network. Having physical access to the Access Point gives one a lot of power and control. Physically securing the access point prevents just anyone walking
  • 7. Securing a Wireless Network Page 7 up to it, plugging into and changing settings; so, in agreement with Geier, the AP was locked away. Necessary Evil did not have the means to afford a key card access door, but putting away the WAP in a closet with lock in key was sufficient. Another firm practice is to do vulnerability assessments. Vulnerability assessments are done by occasionally walking the premises looking for any unauthorized wireless devices or access points, and if discovered, removing them. “Discovery tools should be used during site surveys and periodically thereafter to detect rogue APs and unauthorized peer-to-peer connections” (Phifer, 2003). Phifer's company does weekly assessments of their facilities and encourages all to do the same, or more frequently if you have the means. Detecting malicious access points and unauthorized connections is paramount to security. Rogue access points can be used to trick ignorant users into to connecting to them, and then allow their data to be monitored and stolen. I followed Phifer's advice and the practice of her company, and did and will continue to do frequent inspections to discover those threats. This solid security practice is a good compliment to locking away the access point, and, thanks to Phifer, this practice has greatly helped the ultimate goal of strengthening the network. Those are just a few industry standards and daily practices for securing wireless networks. As such, I used these methods as well as several others to secure Necessary Evil's network. Project Rationale Starting out, Necessary Evil's wireless network had many security deficiencies that needed patching. Those vulnerabilities were cause for action and cause for this project.
  • 8. Securing a Wireless Network Page 8 The access point had default settings. Those settings were a huge security risk. Anyone can go online and find the default login credentials for Necessary Evil's model of access point and use them to login and do as they please with the wireless network. Employees had no knowledge of basic security practices. The agents were susceptible to being tricked into giving out the Wi-Fi SSID and password over the phone or in an email to some one posing as a superior or network technician. The agents needed to be trained about suspicious activity and taught not to give out that information no matter what. To top it off, the company had no policy that prohibited outside devices. Allowing outside devices creates numerous network vulnerabilities. Chances are employees will bring in a laptop that has no firewall or anti-virus software and can corrupt other computers in the office and the wireless network. Employees might also get the idea to bring in their own access point to get better bandwidth to their computer, instead of sharing the current AP with the other agents, which most likely would have default settings and become a target. Also rogue employees might try to steal important customer information to sell, and this had to be avoided by prohibiting cell phones and other capture capable devices. All in all, bring your own device (BYOD) is a big problem and had to be avoided. All combined, there were lot of huge holes in the company network that need to be filled. Because of the company's previous wireless network state and employee threats, I implemented all suggested solutions, and helped secure Necessary Evil's network inside and out. Systems Analysis and Methodology First and foremost I had to change some of the basic settings on the access point to better secure it. The first thing to change was the default SSID, which is the name of the network that the insurance agents connect to. The SSID is typically set to admin or the name of the access
  • 9. Securing a Wireless Network Page 9 point manufacturer, like Netgear, by default. I will had the name changed to JustInCase, which is not as obvious and has case variation, making it more secure. I also changed the default login credentials of the access point; the admin username and password are typically set to admin and password out of the box. Anyone who has the login credentials for the access point can login and make changes, which can be very detrimental. To change those you simply plug an ethernet cord into the port on the wireless access point, open a web browser and type in your access point's IP address. Once I logged in and began adjusting the settings of the AP, I also adjusted a few other settings. Not only did I update the SSID and login credentials, I also set a password that users will use to connect to the AP. The strongest security setting for an AP password is WPA2, so that is what was set. The password to be chosen had to be a strong password as well. Strong passwords consist of letters, numbers, special characters and a least one change in case. Although not typical, I also turned off SSID broadcast, which means that users won't automatically see the name of the network when looking through a list of available networks to connect to on their devices. Shutting of SSID broadcast prevents outsiders from even realizing your network is there if they are sitting outside your building trying to connect to your network. To still allow the insurance agents to connect to the network after the SSID broadcast is shut off, I manually entered the settings into their computers and saved them for future connections. To prevent unauthorized devices from connecting to the AP, I enabled the setting for MAC filtering. This setting allows only those computers with hardware addresses entered into the MAC address list on the access point to connect to it. So, even if somehow and unauthorized person was able to guess the SSID and password, they still would not be allowed to connect.
  • 10. Securing a Wireless Network Page 10 The next order of business was to physically protect the AP. If a malicious user can walk right up to the access point and plug into it, all those security settings are useless. One suggested way to secure the wireless access point is to lock it in a closet behind a key card entry access door with security cameras monitoring who goes in and out of the closet. Also you can put it in the ceiling, which puts it “out of sight, out of mind” and hard to access, and allows the best signal distribution throughout the office (AirTight Networks, 2006). A reduction in the power level of the AP is also necessary to prevent the wireless signal from going outside the office. “A very effective, but more extreme, way to do this would be to secure the building itself by making it act as a Faraday cage, shielding the radio frequency waves used by Wi-Fi” (Dayal, 2006). If the signal extends from the office it can be seen and intercepted by outside users who may not have good intentions. Some outsiders may have bad intentions, other may just want to piggyback on your network, which could cause slow downs and is stealing. A Faraday is created using copper mesh throughout the walls of the building to keep signal from escaping, it also prevents signals from coming in, such as cell phone signal. One can buy copper mesh at Home Depot for four dollars and fifty cents per square foot (Home Depot, n.d.). Necessary Evil's office space is 3000 square foot, making it a cost of $13,500 to insulate. This cost was too great, so simply reducing the power signal of the wireless access point, so it doesn't extend beyond the office, was sufficient. I wanted to configure an intrusion prevention system as well on the network, which monitors the network and would alert me and isolate any unauthorized device on it. Also, I recommended doing weekly vulnerability assessments of the property. To top everything off, one of the best things that can be done for security is educate the users. Users can be a big hazard; they can be tricked into giving out the Wi-Fi password, or bring
  • 11. Securing a Wireless Network Page 11 unauthorized devices into the office. So a yearly security meeting with the insurance agents and an entry security meeting with new employees was advised. During the meeting it is important to inform the employees to not give the AP password out to anyone, not over the phone or email, no matter who it is. Also it should be company policy to not allow outside devices into the work space, including cell phones and computers of any sort. Employee cell phones should be locked away in company lockers before entering the office for their shifts. This concludes the steps necessary to protect Necessary Evil's wireless network. The methodology that was used to guide this project is Analysis, Design, Development, Implementation, and Evaluation (ADDIE). The Analysis part showed a need for major changes in the security of the wireless network, and determined what all the company wants to implement. The Design portion included a list of all the network and company security needs. The Development process entailed writing up a document that lists all the necessary settings for the wireless access point, creating and formally documenting a company security policy, and creating a blueprint for the Faraday if one is required. The Implementation step was simply carried out by invoking the new AP settings, writing up the new security document and hosting the security conference. The Evaluation step will be placed on the shoulders of Necessary Evil's current network administrator. If there are any complications or concern, the administrator can contact me. Goals and Objectives There were three main goals for this project. The first was to change the software settings of the wireless network. The first goal was achieved easily by logging in to the access point and changing the settings. The second goal, physically protect the hardware, was met with the help of a lockable closet. The third goal was to educate the insurance agents on security and
  • 12. Securing a Wireless Network Page 12 create company wide security policy documents. The third goal was fulfilled through a company- wide training conference and the creation of a security guide document in Microsoft Word. The objectives that achieve the goals, and the project, are the following eleven key points: 1. Create a new SSID and password 2. Set the password to WPA2 security 3. Change default login credentials for the access point 4. Turn off SSID broadcast 5. Enable MAC filtering 6. Lower the power level of the wireless signal 7. Physically secure the access point 8. Install an intrusion prevention system on the network 9. Implement a vulnerability assessment policy 10. Disallow bring your own device (BYOD) 11. Educate the agents on security. Each one, altogether, establishes a very secure company wireless network. Each objective is essential to a successful project. To carry out the objectives I will give a detailed, step-by-step explanation of how each one was fulfilled. First to configure any setting in the access point, you must first be connected to it and find out the IP address of it. To connect to it I got an Ethernet cable and plugged into one of the
  • 13. Securing a Wireless Network Page 13 Ethernet ports on the back of the device. To discover the IP address, I opened the Start Menu of the computer, clicked on All Programs, then Accessories and finally clicked Command Prompt. Once Command Prompt was open, I typed ipconfig and looked for the section that reads Default Gateway, the address next to it is the IP address of the access point. Then I opened a web browser and typed in the IP address, recently discovered, in the address bar and pressed Enter. After the page loaded the login screen for the wireless access point was be displayed. Then I located the WAP's manual to find the default login. I entered the credentials and pressed Enter and access was allowed into the access point, and the settings menu was displayed. The next few steps will vary based on Model of the access point;however, the company's access point is a Motorola SBG6580. To change the SSID I clicked on Wireless, at the top of the menu, then selected Primary Network on the left, found Network Name (SSID), and entered the new name JustInCase. Then I chose the drop down menu for WPA2 security and selected enable. Afterwards I found the WPA Pre-Shared Key option and entered in the chosen password. To disable broadcasting of the SSID I chose enable from the drop down next to Closed Network. At the bottom of the screen I selected Apply to save and update the changes to the access point. After speaking with the office manager, it was decided that a Faraday was not necessary, so the next deliverable was to reduce the power level of the access point. The power level option is in the Basic menu under the Wireless option. I picked 50% on the drop down menu next to Output Power. Fifty percent power was able to reach around the office to all the computers without going outside of the office. The next step was to enter the allowed MACs on the access point. I selected the Access Control option from the menu on the left and clicked the allow option from the drop down menu next to MAC Restrict Mode. Selecting allow tells the access point to allow only the entered MAC addresses to connect to it and use the network. Now I entered the Mac addresses of each agents computer into the blank boxes next to MAC Addresses. To obtain the MACs of the agents computers, you must open Command Prompt on each one and type ipconfig
  • 14. Securing a Wireless Network Page 14 /all, the address will be next to Physical Address; it is 12 characters separated by dashes. I selected Apply after all the MACs were entered. The last settings to configure inside the access point were the login credentials. I, as the administrator of the network, am the only one allowed who can access the wireless access point. To reconfigure them from the default I selected Status from the top menu and Security from the left menu. Here I changed the username and password and then hit Apply. Another software step is to install an intrusion prevention system. An intrusion system must be purchased, configured and installed, depending on the type purchased. For this network I was unable to purchase a software intrusion prevention system because it was not in the budget. All of the previous steps and procedures combine to satisfy the first goal of changing the software settings. The next goal of securing the wireless access point was physical. You do not want to allow just anyone to walk up and plug into the access point and attempt to change settings or monitor the network and steal information. With that said, I decided to place the WAP in a locked closet with only the network administrator allowed access and allowed to possess the key. That satisfied the second goal. As far as company security policies go, it was decided to have a yearly conference about wireless network security, create a no bring your own device rule, and do weekly vulnerability assessments. The yearly conference was held on site in the conference room and explained to employees not to give out their access password to the wireless network to anyone, and encouraged employees to inform the network administrator of any unauthorized devices around the office or in the building. The conference also included a question and answer portion for anyone not clear on what is required of them. The BYOD policy prohibits employees from bringing any outside devices that can capture information or access the internet, which includes: iPads, Nooks, or tablets of any sort, iPhones, Samsung phones, any smartphone or phone with a
  • 15. Securing a Wireless Network Page 15 camera or a notepad, computer, laptop or access point. Not allowing outside devices helps keep the network secure by not having insecure, easily compromised devices and protects customer information and privacy. For the vulnerability assessments, the network administrator has to walk the office weekly and look for unauthorized or rogue access points and remove them if found. The yearly conference policy, BYOD policy and vulnerability assessment policy were documented, saved and backed up on the network for future use, revision and compliance. The previous statements combine to fulfill the third goal. This concludes the necessary steps taken to secure Necessary Evil's wireless network, which concludes the goals and objectives of the project. Project Deliverables The main deliverables for this project are the security policy documents, the secure wiring closet, and the list of secure wireless access point settings. The security documents explains what to do and not do with the log on credentials of the access point, what devices are allowed at the office, and the process for the vulnerability assessments. The secure wiring closet is locked and only accessible by the network administrator. The last deliverable, the list of settings, is the new SSID, new password, WPA2 authentication, MAC filtering, disabled SSID broadcast, adjusted power level, and new log in credentials. This concludes the deliverables of the project. Project Plan and Timelines
  • 16. Securing a Wireless Network Page 16 Project Deliverable or Milestone Duration Actual Start Date Planned End Date Actual End Date Change SSID .5 day 01/04/16 01/04/16 01/04/16 Enable WPA2 .5 day 01/04/16 01/04/16 01/04/16 Disable SSID Broadcast .5 day 01/05/16 01/05/16 01/05/16 Reduce AP Power Level .5 day 01/05/16 01/05/16 01/05/16 Enable MAC Filtering 1 day 01/06/16 01/06/16 01/06/16 Change AP Credentials .5 day 01/07/16 01/07/16 01/07/16 Document Security Policies 1 day 01/08/16 01/08/16 01/08/16 * First Vulnerability Assessment 1 day 01/11/16 01/11/16 01/11/16 ** First Security Conference .5 day 01/12/16 01/12/16 01/13/16 * Milestone ** Last Milestone/Project Completed Each phase of the project, for the most part, met expected completion dates. The software settings were quite easy to implement and; therefore, were implemented on schedule. Documenting the security policies finished as expected as well, as it is basically a list of a few guidelines. The first vulnerability test went smoothly and as planned because it is just a simple walk-around of the office. The only aspect of the project that did not finish as projected was the first security conference. The security conference ran long because the employees had many more questions than foreseen and needed a lot of coaching. All in all, the project was a smooth process.
  • 17. Securing a Wireless Network Page 17 Project Development Overall the project was quite successful. Necessary Evil now has a substantially stronger wireless network. Updating the Access Point settings went smoothly and on schedule. Locking the Access Point away was no issue at all. Also the security conference went over well; the insurance agents were very curious and eager to do their part to help keep the network safe and thus project company profits. Everything that could be done, within in budgetary limits, was done. Problems Encountered There were a few issues that occurred during the course of the project. Two very sound and very effective methods for protecting the network were not implemented due to budgetary constraints, the Faraday and the Intrusion Prevention System. The Faraday would of stopped the wireless signal from going beyond the company premises and thwarted outsiders chances of using it. Though a Faraday would be effective and helpful, it was not essential to have it. Simply lowering the power level of the Access Point was sufficient. Not having the Intrusion Prevention System installed is, however, cause for concern. The IPS would have filtered traffic on the network, alerted the administrator of any anomalies in network traffic, isolated unwelcome users, and done many more powerful security functions. Not having it on the network leaves a huge void to be filled. Reasons for Change Throughout the course of the project there were very minimal adjustments to the original proposal and desired goals and implementation of the project. The big change was axing the Intrusion Prevention System due to insufficient budgetary means, and the minor change was the first annual security conference running a day longer than expected. The prolonged conference, though it kept the agents from being productive a day longer, it was deemed necessary when
  • 18. Securing a Wireless Network Page 18 compared to the long term effects of uniformed agents that pose extreme vulnerabilities to network security. Unanticipated Requirements There were no new requirements that popped up during the project. There were no additional software settings that the company wanted to see enabled. There was no added hardware that Necessary Evil desired. They were very satisfied with the Vulnerability Assessment procedure and the yearly Security Conference, and agreed with the Bring Your Own Device policy. Overall there were no unforeseen security requirements or necessary additions. Actual and Potential Effects The actual effects of the project are very good. Before the project the Access Point had all default settings and was sitting out in the open for anyone to plug into, the signal reached well beyond the office building, and the insurance agents were completely uneducated on good security practices. Prior to the project anyone with minimal knowledge and malicious intent would have had a field day with Necessary Evil's network. Now the Access Point's settings are very solid, the AP is securely locked away, the signal stays within the office, and the company can rely on their agents to keep information secure and avoid harming the network. Potential effects to be aware of are the long term security of the network. As it stands the network is secure from the minimal to moderately knowledge malicious user, but a very sound hacker could access and do damage to this network. The network is as secure as it can be physically and settings-wise, but the actual network traffic is at risk. The network is in dire need of Intrusion Prevention System, or at the very least a Firewall of any kind. One of those devices would help protect agents from going to malicious sites and being targeted by and malicious sites, keep unwanted traffic off the network, and only allow traffic to and from where necessary.
  • 19. Securing a Wireless Network Page 19 A small insurance company like Necessary Evil is an unlikely target for a hack, but as it grows it really should consider making room in the budget for a device that monitors network traffic. Conclusions Overall, with the monetary means that were allocated to this project and considering Necessary Evil's prior network state, this was a very successful undertaking. With its new state the network is less susceptible to an attack that would cost valuable information or an attack that would take down the company's website. Losing confidential customer information can lead to law suits or loss of customers and the revenue they generate because they have loss trust in the company. Temporary website unavailability keeps customers from being able to log in to pay their bills or new customers to sign up, or even allowing potential customers to get quotes. The network is now fortified in every way currently possible and the company can feel confident that their network is secure for years to come.
  • 20. Securing a Wireless Network Page 20 References AirTight Networks. (2006). Best Practices for Securing Your Enterprise Wireless Network. Retrieved from http://www.airtightnetworks.com/fileadmin/pdf/whitepaper/Best_Practices_for_Securing_Your _Enterprise_Wireless_LAN.pdf Dayal, G. (2006, August 23). How-To Faraday cages. Retrieved from http://www.computerworld.com/article/2547046/data-privacy/faraday-cages.html Geier, E. (2011, February 14). Upgrading Wi-Fi Security from WEP to WPA2. Retrieved from http://www.esecurityplanet.com/views/article.php/3924726/Upgrading-WiFi-Security- from-WEP-to-WPA2.htm Geier, E. (2015, June 15). Best Ways to Secure your Wireless Network. Retrieved from http://www.windowsnetworking.com/articles-tutorials/wireless-networking/best-ways- secure-your-wireless-network.html Home Depot. (n.d.). Rolled Cooper Mesh Sheet. Retrieved from http://www.homedepot.com/p/MD-Hobby-and-Craft-12-in-x-24-in-Rolled-Copper- Mesh-Sheet-57504/205833442?cm_mmc=Shopping%7cTHD%7cG%7c0%7cG-BASE- PLA%7c&gclid=CJ_18q2wnckCFQiqaQodxeoJdw&gclsrc=aw.ds Phifer, L. (2003, April). WLAN security: Best practices for wireless network security. Retrieved from http://searchsecurity.techtarget.com/WLAN-security-Best-practices-for-wireless- network-security
  • 21. Securing a Wireless Network Page 21 Appendix A : Finding the IP Address
  • 22. Securing a Wireless Network Page 22 Login Screen of Access Point
  • 23. Securing a Wireless Network Page 23 Change SSID, Enable WPA2, Create Password, Disable Broadcast Apply Settings
  • 24. Securing a Wireless Network Page 24
  • 25. Securing a Wireless Network Page 25 Reduce Power Level
  • 26. Securing a Wireless Network Page 26
  • 27. Securing a Wireless Network Page 27 Find MAC Addresses Configure MAC Filtering
  • 28. Securing a Wireless Network Page 28 Change Default Login of Access Point
  • 29. Securing a Wireless Network Page 29 Appendix B: Security Policy Document This document is a compilation of security guidelines for Necessary Evil to follow to complete the fortification of its network. Calling it a guideline by no means, means it is optional. If these things are not followed it greatly weakens and puts the network at risk. This document states the bring your own device policy, the vulnerability assessment policy, and security conference policy. Bringing your own device to work is by no means permitted. If employees bring any device from home that is internet accessible it immediately introduces huge security holes to the network. If a device is brought it in it should be stored in a locker or confiscated until the employee's shift is over. Vulnerability assessments are done by walking the office premises and looking for any unauthorized devices or wireless access points. Rogue access points can sometimes be brought in by ignorant, harmless employees intending to have their own access to the network and not have to share bandwidth with other agents. The vulnerability assessments should be done weekly at a minimum, or more often at the discretion of the network administrator. Employees at Necessary Evil were very uninformed and ignorant to good security practices before this project was finished. Now that they are more knowledgeable and aware the employees should be reminded and retrained at times to keep them sharp. Yearly security conferences should do because the security tips they should follow are few and simple. Yearly conferences are also a good catch-all in case new employees have been hired on since the last
  • 30. Securing a Wireless Network Page 30 conference. Employee security orientation training is advised as well for those new to sign on with the company. Overall this completes the security policy document. By following these rules the overall soundness of the network is complimented and complete along with the software and hardware settings.