Tutorial 7 Wireless Networking and Security

1
Tutorial 7Wireless Networking and Security
2
Objectives

• Explore the history of wireless communication
• Learn about Wi-Fi and wireless mesh networks
• Investigate technologies used in personal area
  networks
• Learn about wireless wide area networks and WiMAX
• Investigate wireless devices and wireless
  business plans that let you access the Internet

3
Objectives

• Investigate security concerns of wireless
  networks
• Evaluate different wireless encryption methods
• Investigate security concerns of wireless devices
• Learn how to protect the data stored on a
  wireless device
• Learn about the different types of attacks on
  wireless devices
• Learn about the different types of attacks on
  Bluetooth devices

4
Evolution of Wireless Networks

• When you connect to your Internet service
  provider, youre creating a wired connection
• A wireless connection occurs when data is
  transferred to another location without the use
  of any wires
• In 1994, carriers created digital networks, or
  Personal Communication Service (PCS), where data
  was carried in bits at a rate of up to 144 Kbps

5
Evolution of Wireless Networks

• 1999 saw the introduction of the first wireless
  connections to the Internet
• Personal digital assistant (PDA) handheld
  computer that can send and receive wireless
  telephone and fax calls, act as a personal
  organizer, perform calculations, store notes, and
  download Web pages formatted for handheld devices
• The wireless Internet has expanded to include
  different hardware devices, networks, and other
  options

6
Evolution of Wireless Networks

• Cell phones were one of the first wireless
  connections to transfer a persons voice
• Text messaging occurs over second-generation
  wireless systems, or 2G wireless
• Short Message Service (SMS) lets you send text
  messages of up to 160 characters over a 2G
  wireless network to a wireless phone

7
Evolution of Wireless Networks

• Some handheld computers use Infrared technology
  to beam information from one source to another
  without the use of wired connections
• Over 60 major US markets have new 3G wireless
  systems (third-generation wireless) in places.
  Some European countries are building and
  licensing 3G wireless systems
• 3G wireless systems offer data transfer rates of
  up to 2 Mbps and constant connections
• Bandwidth and cost are two obstacles for getting
  3G wireless systems going in the United States

8
Evolution of Wireless Networks

• The conversion from 2G to 3G wireless requires
  the carriers to invest in technology to make the
  change
• Many carriers have transformed and upgraded their
  existing networks by creating 25G wireless
  systems
• There isnt a single network standard
• A wireless device is usually manufactured to work
  only on a single type of network, because
  different networks use different frequencies in
  the radio spectrum
• If you choose a wireless carrier with a 25G
  network, for example, you will not be able to
  receive a signal in an area with only a 2G or a
  3G network because your device operates on a
  different frequency

9
Evolution of Wireless Networks

• 35G wireless networks use a new network protocol
  called Universal Mobile Telephone Service (UMTS),
  which is an extension of the existing 3G network,
  to provide network connections of up to 10 Mbps
• Fourth-generation wireless networks (4G wireless)
• Also called 3G wireless and beyond networks
• 4G technology is expected to bring network
  connection speeds of up to 100 Mbps and deliver
  high quality audio and video to connected devices

10
Wireless Local Area Networking

• Wireless fidelity (Wi-Fi) trademarked name of
  the Wi-Fi Alliance (WFA) that specifies the
  interface between a wireless client and a base
  station or between two wireless clients
• Wireless local area network (WLAN) network in
  which devices use high frequency radio waves
  instead of wires to communicate
• Wi-Fi operates in the 24 GHz radio spectrum,
  which is the same spectrum used by cordless
  phones, garage door openers, microwave ovens, and
  other devices
• Because this spectrum is unlicensed, it is free
• 3G wireless spectrum needs to be licensed

11
Wireless Local Area Networking
12
Wireless Local Area Networking

• Three of the most widely used standards for WLANs
  are 802.11a, 802.11b, 802.11g, and 802.11n
• Transfer rate speed at which data is transmitted
  from an access point (or base station) to the
  wireless device
• Access point hardware device with one or more
  antennae that permits communication between wired
  and wireless networks so wireless clients can
  send and receive data
• Range physical distance between the access point
  and the wireless device

13
Wireless Local Area Networking

• Wi-Fi usually refers to the 802.11b standard
  which is the specification on which most Wi-Fi
  devices operate
• Dual band access point makes it possible to
  connect devices configured for two different
  Wi-Fi standards to the same access point
• Multiple band access point makes it possible to
  connect any wireless device to the same access
  point
• Wi-Fi is often used as an alternative in an
  office building or other area in which you might
  find a traditional wired local area network. It
  can be used where wiring cannot be installed

14
Wireless Local Area Networking

• Notebook computers and other wireless devices
  must have Wi-Fi compatible hardware installed in
  them to send and receive data with the network
• Once you have a network interface card or other
  Wi-Fi compatible device, you can connect to the
  WLAN via that device, provided that it is
  physically within the area covered by the network
• If you position enough access points within the
  appropriate range of each other, the WLAN can
  grow to cover an entire office complex or
  geographic area

15
Wireless Mesh Networks

• Wireless mesh network commonly used to extend
  the reach of Wi-Fi hotspots to an enterprise,
  such as a university campus, hotel, airport
  terminal, convention center, sports arena, or a
  large office building
• A wireless mesh network is a series of wireless
  nodes
• More effective and efficient at covering large
  areas with wireless connections because each node
  is wirelessly connected to the network

16
Wireless Mesh Networks
17
Personal Area Networking

• Personal area networking refers to the wireless
  network that you use to connect personal devices
  to each other
• There are two major types of personal area
  networks
• Infrared
• Bluetooth

18
Infrared Technology

• Infrared Data Association (IrDA) group dedicated
  to developing low-cost, high-speed wireless
  connectivity solutions
• Using infrared technology, you can wirelessly
  beam information from one device to another
  compatible device using Infrared light waves
• This technology is used with PDAs, notebook
  computers, printers, phones, and other peripheral
  devices
• A disadvantage is the lack of software products
  that can handle the transfer The devices and the
  software that runs them must be compatible with
  each other

19
Bluetooth

• Bluetooth technology that provides short-range
  radio links between personal computers, handheld
  devices, wireless phones, headsets, printers, and
  other electronic devices
• For devices without chipsets that enable them to
  receive Bluetooth radio waves, you can purchase
  an adapter to enable use with other Bluetooth
  devices
• Bluetooth doesnt need an access point for
  communication devices communicate with each
  other automatically
• Bluetooth isnt really owned by any specific
  manufacturer or group

20
Bluetooth
21
Bluetooth

• Using Bluetooth technology, you can synchronize
  and share data between as many as eight Bluetooth
  compatible devices within the specified range at
  a rate of up to 3 Mbps
• A collection of devices connected via Bluetooth
  technology is called a piconet. A piconet can
  connect two to eight devices at a time
• You can use Bluetooth-enabled devices to transfer
  files, listen to music playing on a computer
  through a headset, print documents, or connect
  your notebook computer to the Internet using a
  wireless phone that is in your desk drawer or
  briefcase

22
Comparing Wi-Fi Standards with Bluetooth
23
Wireless Wide Area Networking

• Wireless device connections let you access the
  Internet on a PDA, wireless phone, or notebook
  computer from anywhere in the world without a
  wired connection
• WLAN provides a wireless connection to a network,
  but devices must be within the stated boundary of
  the WLAN
• In 25G and 3G wireless systems, wireless wide
  area networking (WWAN) makes it possible to
  access the Internet from anywhere within the
  boundaries of the wireless network to which you
  are connected

24
Metropolitan Area Networking WiMAX

• WiMAX (Worldwide Interoperability for Microwave
  Access) uses 802.16 wireless network standard
  being developed for use in metropolitan areas
• Metropolitan area network (MAN) provides
  wireless broadband Internet access via radio
  signals in the 2 to 11 GHz and 10 to 66 GHz radio
  spectrum, with a range of up to 31 miles and
  speeds of up to 70 Mbps
• When multiple WiMAX towers are connected to each
  other, WiMAX has the potential to solve some of
  the geographical and speed limitations of wired
  networks and other wireless networks, including
  Wi-Fi

25
Metropolitan Area Networking WiMAX

• WiMAX provides broadband Internet connections at
  the same speed as DSL and cable, through wireless
  radio connections
• WiMAX works by connecting a WiMAX tower to an ISP
  that provides the Internet service
• The WiMAX towers are connected to each other via
  radio signals
• WiMAX transmitters send the signal to homes and
  businesses that have WiMAX receivers
• Transmitters can be located up to 31 miles from
  the towers
• Businesses can plug the WiMAX receiver into their
  existing local area networks to provide
  high-speed Internet access to all of their
  connected devices

26
Metropolitan Area Networking WiMAX
27
Metropolitan Area Networking WiMAX

• VoIP (Voice over Internet Protocol) converts
  audio signals to digital packets so that you can
  use a broadband wired or wireless Internet
  connection to make local and long distance
  telephone calls
• Because WiMAX can support many types of data
  transmissions, it is also used for VoIP
• Most experts predict that all new desktop and
  notebook computers and wireless devices will
  eventually have built-in 802.16 cards

28
Using Wireless Devicesto Access the Internet

• The technology and standards that dictate what
  you can accomplish with a wireless device change
  on a daily basis
• New standards emerge, new hardware is created,
  and new ways of connectivity arrive
• Select a wireless solution that has the locations
  in which the technology will be used in its
  network coverage area and that supports the
  features you plan to use

29
Security Concerns for Wireless Networks

• The following list of threats are common to all
  wireless networks
• Attacks that prevent the use of a device or
  decrease the networks bandwidth
• Intercepting information sent over a wireless
  network
• Hacking into a wireless device to gain entry to
  its data or functions
• Stealing the identity of an access point to gain
  access to its connected users devices
• Viruses, spyware, and other security threats sent
  in the form of files
• Using information entered by the user into a
  wireless device to steal logins and other
  sensitive information

30
Wireless Encryption Methods

• Encryption process of coding information so that
  it is not readable by devices or people who do
  not have the secret key used to return the
  information back to its original, readable state
• By default, most wireless networks are unsecured
• Many home and small business networks are never
  secured and are vulnerable to various kinds of
  attacks
• There are many wireless encryption methods that
  provide different levels of protection for
  wireless networks

31
Wired Equivalent Privacy

• Wired Equivalent Privacy (WEP) security protocol
  for wireless LANs (using Wi-Fi) that works by
  encrypting data sent over the network
• When WEP is enabled, it encrypts the data sent
  over the network with a 64-bit or 128-bit key,
  that is entered by the user
• Network key also called a passphrase
• The encryption slows down the network somewhat
  because of the time it takes to encrypt and
  decrypt the messages

32
Wired Equivalent Privacy
33
Wired Equivalent Privacy

• Depending on the equipment used and how much time
  and money a hacker has, it can take a very long
  time to decipher an intercepted message encrypted
  with a 64-bit key, and even longer to decipher an
  intercepted message encrypted with a 128-bit key
• Another vulnerability of WEP encryption is the
  fact that the key used to encrypt the data you
  are sending is sent over the network prior to the
  actual data being encrypted, and this same key is
  used to encrypt every data packet

34
Wi-Fi Protected Access

• Wi-Fi Protected Access (WPA) standard developed
  by the Wi-Fi Alliance in 2003 to address some of
  the inherent weaknesses in WEP
• WPA uses a preshared key to encrypt data
• Individual packets are encrypted with different
  keys
• One drawback is that all devices in the network
  need to use WPA

35
MAC Address Filtering

• Each manufacturer of network interface cards adds
  a unique number, called a Media Access Control
  address (MAC Address)
• Usually printed on the card
• Designate the devices that you want to allow to
  connect to the network
• If you enable MAC address filtering for a
  wireless router or access point, then it will
  only accept connections from the devices with the
  MAC addresses that you entered

36
Disabling SSID Broadcast

• When a wireless router or access point sends out
  its signal, it also broadcasts its service set
  identifier (SSID) as a way of identifying the
  networks name
• Most manufacturers of wireless routers and access
  points use the manufacturer name or the word
  default as the default SSID
• For public wireless networks, sending out the
  SSID is necessary

37
Disabling SSID Broadcast

• For home networks, sending out the SSID is not
  necessary, because you already know the networks
  name
• Disabling the SSID broadcast of the network makes
  the network invisible to roaming devices
• If you change the default name of the wireless
  router or access point, you also prevent unknown
  users from detecting
• Wardriving driving through a neighborhood with a
  wireless-enabled notebook computer with the goal
  of locating houses and businesses that have
  wireless networks in order to gain access to them
  your network

38
Changing the Default Login

• When you install a wireless router or access
  point for the first time, the device is
  configured with a default user name and password
• Use your computer to access the devices settings
  and configure it to work as desired
• One of the most serious mistakes that home users
  make when installing a wireless network is the
  failure to change the default login for the
  device
• If you havent implemented any other security,
  your wireless network is visible and easy to
  access

39
Security Checklist for Installing a Wireless
Router or Access Point
40
Security Concerns for Wireless Devices

• The most basic security concern for the owner of
  a wireless device is theft or loss
• If you have a PDA or other device that also
  stores data such as passwords that you use to
  connect to online banking or your Internet
  connection, you might be losing much more than
  the device itself

41
Protecting the Data on a Wireless Device

• A wireless device is vulnerable to certain kinds
  of attacks to the data it stores
• Over-the-shoulder attacks unauthorized person
  uses his or her physical proximity to your device
  to attempt to get your login information,
  passwords, or other sensitive data while you are
  working
• Most security experts advise against activities
  such as online banking, checking email, and
  online shopping in public places

42
Protecting the Data on a Wireless Device

• Opt for a wired Ethernet connection whenever
  possible
• Connecting to the Internet with a wired
  connection eliminates the wireless threats to
  your device
• Setting a password on your device is another way
  to protect it

43
Evil Twin Attacks

• In an evil twin attack, also sometimes called a
  café latte attack because the attack often occurs
  at coffeehouses, a hacker gathers information
  about an access point and then uses that
  information to set up his own computer to use the
  real access points signal to impersonate the
  access point
• As customers use their devices to pick up and
  connect to the access point, they are unaware
  that they are actually connecting to the hackers
  computer

44
Evil Twin Attacks

• When you use one of the many free public hotspots
  for wireless computing, the data you send over
  the network is not usually encrypted or secure
• This data is subject to hackers using sniffer
  programs to illegally monitor activity on the
  wireless network

45
Security Concerns for Bluetooth Devices

• The usual range of a Bluetooth device is about 10
  to 30 feet, and up to 300 feet
• This range makes it possible for you to use a
  wireless headset with a cell phone or to print
  documents without the need for a cable
• Three security problems common to Bluetooth
  devices are bluejacking, bluesnarfing, and
  bluebugging

46
Security Concerns for Bluetooth Devices

• Bluejacking bluejacker sends an anonymous
  message displayed as a text message to a
  Bluetooth device in an attempt to surprise the
  owner, express a comment or opinion, or contact
  the owner to make a social connection
• Mostly harmless because the victims device is
  not breached it is only sent a message
• To protect a Bluetooth device from a bluejacking
  attack, you can disable the devices Bluetooth
  feature so that its signal is invisible (also
  called undiscoverable mode) to other users

47
Security Concerns for Bluetooth Devices

• Bluesnarfing hacker with special software is
  able to detect the signal from a Bluetooth device
  and gain access to its data without the owners
  knowledge
• More serious security problem
• After gaining access, the hacker is able to
  access data stored on the device, such as the
  contact list or calendar, connect to the
  Internet, listen in on phone calls, and send
  email messages from the victims device
• To protect a Bluetooth device from a bluesnarfing
  attack, you can set the device to undiscoverable
  mode
• Newer Bluetooth devices are not subject to
  bluesnarfing attacks because this vulnerability
  has been fixed

48
Security Concerns for Bluetooth Devices

• Bluebugging hacker gains access to the device
  and all of its functions without the owners
  consent
• Worst of the security threats to Bluetooth
  devices
• Bluebugging attack lets the hacker use the device
  to make phone calls, access data, and use the
  Internet
• Some hackers set up phone numbers with per-minute
  charges to the caller and use bluebugging to dial
  those numbers while the device is in range

49
Security Concerns for Bluetooth Devices

• Most manufacturers of Bluetooth devices have
  released patches to fix the security flaw that
  makes bluebugging possible
• Bluesnarfing and bluebugging can only occur
  within the range of the Bluetooth device and on
  older devices and those not updated with the
  latest security patches
• Both of these attacks are less likely when the
  Bluetooth device is undiscoverable to other users

50
Summary

• Different types if wireless networks, wireless
  network standards, and wireless devices
• Different types of security threats and solutions
  for wireless networks and wireless devices
• Wireless network and wireless device protection
  from security threats