Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Now that we've covered network hardware, software and protocols, we must introduce and discuss wireless environments. We also discuss in great detail troubleshooting security related issues related to wireless networking. For this lesson, we look at Wireless Access Points, what they are and how they work, and other factors such as the interfaces between encryption, secure IDs, what a signal spread is. Now we'll be discussing section 1.5 of the security plus syllabus. This question has given a scenario troubleshoot security issues related to wireless networking. We want to troubleshoot security related issues as they relate to wireless networking. When we implement the wireless network, we usually put in place a wireless access point. The wireless access point is the point of the device at which users can gain access to the network wirelessly. It puts the signals on the network in the air so devices can connect to the network by picking up these signals. One of the first things we do is antenna placement. Where do we put the antenna such that there is a good signal spread to all the devices on the network? We also want to consider the location of the antenna to limit access to it physically so someone doesn't take it and walk off with the network. We have to do a site survey, where we do a site survey. We have 2 types of site survey. We have something called a formal site survey and an informal site survey. In those site surveys, what we do is you temporarily mount the access point and then you test from all the devices to see the signal strength. If you are not happy with the signal strength, you move the access point around the room. Moving the access point around and then you continuously test again to see. In certain instances the very fabric of your environment could mitigate signal spread. You could have your cubicles and your infrastructure interfering with your signals. When you're happy with the position of the antenna because it's able to give good signal strength to all the machines, then you permanently mount the antenna. You must do a site survey. Otherwise some people will suffer poor signal all the time while some people also enjoy very good signals. The first thing we do when we place our access point in the network, also to limit physical access to the routers or the access point. The default SSID, admin password and admin ID. These devices, when they ship to you, will ship with the manufacturer's defaults. Best practice is that we change them, change these items. Your SSID is the service Set Identifier. In many cases it will just ship with model number and the name of the device, say links is blah, blah, blah, links is 425 or Sony 123. Anybody checking on google can tell, If they see the default name, possibly what the admin ID and password is, and that way they know how to compromise your device so best practice, change the SSID to read a name that has nothing to describe you so people don't scan your available ID and tell "Oh this network is for this person. Let's focus the attack on that person. You change the admin ID as well, make it some name only you know and change the password. In many cases the admin ID for default would just be Admin, the password: password. Users can easily get into it. Best practices is that we remove those configuration settings. We also have the SSID, the Service Set Identifier is set to "broadcast" so that when you search for available networks, you can see what network is available. You can see your network as well but as you can see, so can other people. They see your network is available. "Okay let me attack this network" so people can choose and pick what they want to attack because they can see it. Some people would say, as a form of security, you disable SSID broadcast. Now your service is there but it's not syncing anymore. Only people that know your service is there can attempt to connect to it. That way if they want to connect to the system, they will still connect to the network. The system will then prompt them. What is my SSID? What network do you want me to connect to? So at that point they have to state the SSID. The SSID will get the request and "Okay, yes. I see want to connect to me, what is the password?" The user will put in the password, then they gain access. The user must know that the access point exists before they attempt to make a connection. Once they've made a connection they can always have that connection in place but the beautiful thing is the SSID is not set to broadcast anymore. Anyone just randomly scouting for SSID presence out there cannot detect. It is just one layer of security. However some malicious people would know how to compromise that. They wait for a system to make a request at which point they know that a system is out there with the SSID of such. Best practice is that we should also always use passwords on our access points unless the access point is for the public place like a library, at the airport, at the metro, at the restaurants; you can leave it open but for private use or for organizational use, best practice is that we put a password in place. If you have no password on your access point, anybody, everybody, somebody will use your access point possibly for malicious purposes and when the police come knocking or the FBI come knocking, they're knocking on your door. Best practice, protect your access point with a password. If you leave your access point open, some people will want to upload child porn to the internet, they will use your access point as a launching path. Terabytes, useless materials going on the internet. If the police come knocking, they're knocking on your door, they're taking you away. Well, it might take you a few days to explain "Oh I didn't do it" but consider what could happen to your name in the community. You could be labelled so many things that you're not. You could lose goodwill in the community. We have something called wall driving. Wall driving is when you have people within a vehicle with wireless equipment, driving around the neighborhood, detecting wireless networks. With the use of mobile devices, they're able to drive around the neighborhood detecting wireless networks. Your SSID is broadcasting, is singing to everybody that cares to listen. "I am available connect to me, I am available connect to me". These people are driving around the neighborhood. They are detecting all these networks. When they detect the networks, they could then plan to attack the networks later. Detecting wireless networks by driving around the neighborhood is said to be wall driving. Having found these networks, they could decide to put chop marks maybe on the fence or the pavements or the building. This is to help them identify, "Okay we have a network here, it is secured. We have another network there. It is weak but secured. We have a network here, it is strong but possibly unsecured." By doing that, they are wall chocking so that they know where they have access to networks, what networks are strong, what networks are weak and what networks are secure or unsecure. When you do that, you are said to be wall chocking. At our wireless access point, it is also possible to implement some access control. We could implement access control on our wireless access point using the mark addresses of the devices that connect. We can limit access to the access point based on the mark addresses, and when we do this, we are said to be mark filtering. We can have all the wireless access point. The firewall within the wireless access point, we can populate the "allow" list the mark addresses of specific devices we need to connect. We could also populate the "do not allow" list with devices we don't want to connect. That way, the wireless access point will always implement access control only letting those devices that are stated in and blocking devices that are specifically stated as well. If we limit access based on mark addresses, we are said to be doing access control. The mark address is a 42 bit address you leave to each device that can connect to a network. On our wireless access point, best practice is also that we do encryption. We need to do encryption to guarantee confidentiality and integrity of the data being sent in and out of our networks. How can we do this? We have WEP. WEP used to be the alias form of encryption we had for our wireless access point. However WEP depends on RC4, and this was easily compromised because RC4 was very largely dependent on a very small set of keys. The problem with that is when you encrypt messages, you run out of keys and you start to repeat keys and every time you repeat keys, the malicious persons can then start to see that there is a pattern in your sequence of use of keys and it was very easy for malicious persons to crack this because he was using limited number of keys to make its encryption. With WEP cracked, we moved to WPA. WPA use TKIP; the temporal key integrity protocol. This was put in place to address the problems with WEP but some people found a way to compromise WEP. In a short time WEP was compromised. We went back to the drawing board and we came up with WPA2. WPA2 uses CCMPand to date, this is the strongest form of encryption we can have on our wireless access point. Best practice today, please do not set WEP. It is very weak and can easily be cracked. At best you should have WPA or WPA2. If your devices cannot support WPA2, you could then use WPA but even then, those have been compromised, so the best for which we have encryption is WPA2.WPA2 relies on CCMP. It is possible that sometimes you are trying to connect 2 devices or 2 buildings wirelessly. In this scenario, you are pushing the wireless signals from one building to another using antennas. May be the antenna is such that the signals do not get to the next antenna. What do you do to push the signals further? You could increase the power level controls. By increasing the power level controls, you push your signals. You can increase the spread of your signals. It would also be that the signals are going too far. To reduce the spread of the signals, you decrease the power level controls. Where the question say, what do you do to alter your signals spread? You could have to increase or decrease the power level controls and when we look at all of these collectively, we are able to implement effective wireless networks. We must do antenna placement, we do site survey. Your default parameters you change them to only things that are known by yourself, your SSID you could disable as a layer of security. Disabling your SSID does not mean it is bullet proof. It is just an extra layer of security. You should also use passwords and wall driving can be prevented by disabling your SSID. If you disable your SSID somebody attempting a wall driving attempt cannot see your SSID because it is no longer syncing. It is not broadcasting. You could also do mark filtering to limit what devices can connect and your encryption based practice should be WPA 2 which depends on CCMP. To increase or decrease your signal spread you increase or decrease your power level controls and this is it for section 1.5