Network Devices

MicroCourse
Time
3 hours 9 minutes
Difficulty
Advanced
CEU/CPE
5

Video Description

We further break down Wireless Access Points, look at their encryption types, how they give address so the network. You'll learn the significance of antenna placement, what a "side survey" is, when it's used and why, what a captive portal is, the various types of encryption there are for Wireless Access Points, their differences, and where TCP and IP function. Now we will be discussing security issues related to wireless networking. With wireless networks the most important thing here is our wireless access point. The wireless access point is a device with which we gain access to the network wirelessly, access to the internet or access to the network wirelessly, usually a device we have to set up on the facility to put the signals in the air. The first thing to consider is the antenna placement. Where do we place the antenna? We have to give considerations for physical security. You don't want to put your antenna where somebody could just walk in, grab the antenna and walk away. You want to have physical security for your antenna. You also want to ensure that all users of that antenna have good signal coverage. So you must do what we call a site survey. You carry out a site survey to determine the best position possible such that all your users have very good access and signal strength. Then you have to give consideration to the default parameters that ship with the access point. Parameters like the SSID. The Service Set Identifier. This could be in many cases just the product name itself. You want to change that. You also want to change the default ID and the password with which the router is managed. You want to change all these because if you leave those, somebody scanning the environment to see available networks could simply learn the name of the device and check out online the default parameters for such a device. You want to change your SSID, you want to change the account name, you want to change the password. When you change the SSID, it is also good practice you don't have to give it your name so someone does not know it's for you to specifically target you. Some random names and numbers could be used. Our SSID; that is the Service Set Identifier. A name to identify your service. When you're searching for available networks, best practice is to prevent some other people scanning and determining your SSID. In many cases by default it's enabled. We could disable the broadcast. You could disable the broadcast such that somebody scanning to see available networks do not see your SSID. If you want to increase the spread of your signals or reduce the spread of your signals, then you have to alter your power level controls. The power level controls increase or reduce the spread the signals. So you could increase it to increase the range your signals can travel or you would reduce the power level controls to reduce the spread of the signals. You also could determine that you will need to do access control for your access point. Then we do MAC filtering. The ability to limit access to the access point based on the MAC address. The MAC address is a unique set of numbers for every device that can connect to your wireless access point or a network. You could enable MAC filtering based on the MAC address of the device to prohibit or limit what devices have access to your wireless access point. When users attempt to connect to your wireless access point, they could also have captive portals. This is where an interface could be built through the browser where they must identify themselves, provide their credentials, their usernames and ID and password before they're able to have access to the network. We call this captive portals. Encryption for our wireless access point is also very important. We have several types of encryption. We have WEP, WPA and WPA2. WEP is the weakest form of encryption. It is not advised these days to have WEP. It can easily be cracked. WEP is vulnerable to the IV attack where it keeps the credentials constant so they can easily be cracked. Rather we would prefer to do WPA and WPA depends on TKIP. The temporal key integrity protocol. However some people have been able to compromise that so we move over to WPA2. WPA2 depends on CCMP. Till date, this is the strongest form of encryption we have so if your devices can support either WPA or WPA2, it is better to have these than it is to have WEP. Whatever you do you must ensure you have some form of encryption on your access point. Otherwise your access point could be used to launch attacks on the internet or to upload prohibited material on the internet.

Video Transcription

00:04
Now we will be discussing security issues related to a wireless networking with wireless networks.
00:11
The most important thing here is our wireless access point.
00:15
The wireless access point
00:17
is a device with which we get access to the network wirelessly
00:22
access to the Internet or access to the network wirelessly. Usually a device we have set up on the facility
00:30
toe put the signals in the air.
00:33
So the first thing to consider is the antenna placement. Where do we place the antenna?
00:39
We have to give considerations for physical security. You don't want to put your antenna where somebody could just walk in, grab the antenna and walk away. So you want to have physical security for your antenna. You also want to ensure that all users off that antenna have
00:56
good signal coverage. So you must do what we call a side survey.
01:00
You carry out a side survey to determine the best position possible, such that all your users have very good access of signal strength.
01:10
Then you have to give consideration to the default parameters that
01:15
sheep with the access point
01:19
parameters like the s s i d. The savvy said I'd end the fire this will be This could be in many cases. Does a product name itself.
01:26
You want to change that?
01:29
You also want to change the default I d on the password with which their outer is managed. You want to change all this because if you leave those somebody scanning the environment to see available networks could simply learn the name off the device
01:47
and check out online the default parameters for that. Such a device. So you want to change your S s i d You want to change their count Me? You want to change the password
01:57
when you change the SS idea, it is also good practice. Don't don't. You don't have to give it your name so someone does not know it's for you. Tow specifically target you
02:08
Some random names or numbers could be used.
02:13
I want SS I d. That is the service set. Identify
02:17
in name, toe. Identify your servants When you're searching for available networks, best practice is to prevent some other people scanning on determining your S s I d. In many cases by default, it's enabled so we could disable the broadcast.
02:35
You could disable the broadcast such that somebody is scanning to see available networks. Do not see us S i. D.
02:44
If you want to increase the spread of your signals or reduce the spread of your signals, then you have to alter your power level. Controls
02:53
the pilot controls increase or reduce the spread of the signals so you would increase it to increase the range your signals can travel. Or you would reduce the power level controls to reduce the spread of the signals.
03:07
You also could determine that you will need to do
03:10
access control for your access point. Then we do mark filtering
03:15
the ability to limit access to the access point based on the mark address.
03:22
The Mark address is a unique set of numbers
03:24
for every device that can connect to your wireless access point or a network
03:31
so you could enable Mark feel tree based on the mark. Address off the device toe, prohibit or limit what devices have access to your wireless access point
03:44
When users attempt tow, connect to your wireless access point. They could also have captive portals.
03:51
This is where on Interferes will be through the browser where they most identify themselves, provide their credentials, their username and idea and password before they ableto have access to the network we call these captive portals.
04:06
Encryption for our wireless access point is also very important.
04:12
We have several times of encryption. We have the beauty p w p a condom. You Pierre too.
04:17
W e p is the weakest form of encryption. It is not advised these days tohave w e p it can easily be cracked. W E p is vulnerable toe the ivy attack
04:30
where it keeps constant. It gives the credentials constant so they can easily be cracked. Rather, we will prefer to do W p a on W p a depends on t k i p
04:46
w p a depends on t k i p
04:51
the temporal key integrity protocol. However, some people have been ableto compromise that so we moved over to W p A to W. Pierre to depends on CCMP
05:04
till date. This is the strongest form of encryption we have. So if your devices could support either w p a or W p A to it is better to have these *** it. Ease tohave w e p.
05:19
Whatever you do, you must ensure you have some form of encryption on your access point. Otherwise your access point could be used to launch attacks on the Net on the Internet or toe upload prohibited material on the Internet.

Up Next

Network Devices

They are components used to connect computers or other electronic devices together so that they can share files or resources like printers or fax machines

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor
Instructor