Wireless Network Security A self-instructional module Will Dressler Ryan Garcia Branden Hazlet ETEC 603 P. Leong February 2008
Wireless Network Security 1 Table of Contents Module Pre-test 2 Introduction. 3 Chapter 1: Securing Your Router Interface... 6 Review 6 Review Key and Explanations 6 Chapter 2: Wireless Encryption... 7 Review 7 Review Key and Explanations 7 Chapter 3: SSID Broadcast... 8 Review 10 Review Key and Explanations 11 Chapter 4: MAC Address Filtering... 12 Review 16 Review Key and Explanations 17 Module Post-test. 18
Wireless Network Security 2 Module Pre-test Please take this brief Pre-test so that we can assess your knowledge before you begin the module. 1. When a wireless router performs an SSID broadcast, what does it do? A. It sends out a code linked to a time signature for address resolution. B. It provides an interface console IP address for access via the web. C. It broadcasts the identification number of the machines network interface card physical address. D. It sends out a signal to identify itself by name and introduce its signal to computers in the area. 2. If you disable the SSID Broadcast from a wireless router, you have prevented. A. NIC s with unregistered MAC addresses from accessing your router. B. hackers from decoding your encryption passphrase. C. virus infected machines from accessing your registry keys. D. computers from automatically detecting the existence and name of your network signal. 3. What is the function of a MAC Address? A. It is a 12 character address used to allow other computers to find the location of your web page. B. It is unique and never changing address used for identification on a Network Interface Card. C. It is a code for encrypting a signal so that people without the appropriate passphrase can not decode your message. D. It is a network protocol used to resolve GPS coordinates into a Physical Address. 4. MAC Address Filtering is a wireless security strategy that uses A. a list of pre-approved computer identification numbers to block out any unapproved computers. B. a code for encrypting a signal so that people without the appropriate passphrase can not decode your message. C. a network protocol used to block machine coordinates that do not have the right registration on the domain. D. an electronic camouflage to hide wireless information among the radio waves and cell phone signals that otherwise would be filtered out.
Wireless Network Security 3 Introduction Two relevant trends are coinciding in the technology industry: cyber-crimes are on the rise and wireless routers are becoming dramatically more common as they continue to come down in price. The decrease in price of wireless routers has led to a proliferation of unsecured wireless networks in the homes and offices of people who don't understand wireless security concepts. While all brands of routers come with basic how-to instructions that allow the user to navigate the router management interface, the instructions do not explain the concepts behind the router options to create a layered approach to wireless security. In this module you will learn about the concepts underlying four different strategies of wireless security. These four strategies include: limiting router interface access, disabling SSID broadcast, MAC address filtering and wireless encryption. Taken alone, each of these components can provide some minimal protection to your wireless network, but when used in combination, they will provide substantial protection using layers of different defense strategies. Much as a home burglar looks for easy prey, such as homes that have open doors or windows, hackers look for unprotected or weakly protected networks to steal confidential information. Understanding how a layered approach to wireless security works can help you prevent unwanted access to your network and the possible theft of personal information. To introduce the concepts behind these four strategies we will continue with the more familiar metaphor of home security. Specifically, we will use a metaphor based on strategies for securing the most important documents in your home -- i.e. financial records, passports, birth certificates, memorabilia, etc.
Wireless Network Security 4 Obviously the first step to securing your documents within your home is simply to control access to your home shut and lock your doors and windows. This basic strategy of home security parallels wireless security in terms of limiting access to your wireless router interface, simply shut and lock the door to your router to prevent the easiest path of unwanted access. In this metaphor, your door key will be a unique and complex password for your router interface access. A second level of defense in our metaphor of securing your home documents would be hiding the documents, possibly even camouflaging them in a compartment behind a framed photograph or poster. In terms of wireless security the analogous strategy would be disabling SSID broadcast, a strategy that essentially hides the signal coming from your wireless router so that it is not as easily discovered by people searching for a connection. If someone were to find your network, as if they were to find your documents, they could easily access your information. However, just by hiding the signal through disabling the SSID broadcast you make your information a good bit harder to get to. Our third comparison of home document security and wireless security is based on secret codes. For your sensitive financial information, including account numbers and PIN number for ATM cards, you might want to confuse anyone who discovered these records by adding 5 to every number; for example if your PIN number was 4-2-1-1, you could record it in your records as 9-7-6-6. Thus even if someone found your records they still wouldn t know your PIN number unless they could figure out that the secret to decode the PIN number was to subtract 5 from the written information to get the correct information. The equivalent wireless security strategy is encryption, whereby information passed between a computer and the router is incomprehensible unless the computer knows the key for the secret code.
Wireless Network Security 5 Our final security metaphor is the coup de grâce, in terms of home document security it might be considered a little home vault or safe that requires a fingerprint ID to open. No one would be able to access the documents unless their fingerprint was preapproved to open the safe. In terms of wireless security this metaphor represents MAC address filtering, essentially using a fingerprint from the computer to check against a preapproved list of computers allowed to access to the wireless router. Taken individually, each of these components provides some basic security, but taken together, the combination of each of these unique strategies adds up to a powerful multilayered security system which would prevent all but the most skilled and lucky burglar from infiltrating your information. If your documents are locked securely behind your doors and windows, hidden behind a picture on the wall, encoded in secret cryptography, and locked in a fingerprint accessed vault -- you might fairly say you have document security. Likewise a wireless router employing interface access limits, disabled SSID broadcasting, encryption and MAC address filtering can be considered fairly secure. In both cases there is no such thing as absolute security, but by correctly employing many different layered strategies your degree of total security is improved tremendously.
Wireless Network Security 6 Chapter 1: Securing Your Router Interface Review Review Key and Explanations. These Chapters are intentionally left blank. For the purposes of this assignment they have not yet been developed.
Wireless Network Security 7 Chapter 2: Wireless Encryption Review Review Key and Explanations. These Chapters are intentionally left blank. For the purposes of this assignment they have not yet been developed.
Wireless Network Security 8 Chapter 3: SSID Broadcast Chapter 3 has two skill sets for you to master: Section A. Identify the function of an SSID. Section B. Determine how disabling the SSID Broadcast can contribute to wireless security. Section A. Identify the function of an SSID Service Set Identifiers (SSIDs) are the Names of wireless routers. To have a computer talk to the router, the computer first must know that the router exists and then must know the name, SSID, of the router. To make it easy to connect to a wireless router, the router usually sends out a broadcast that is picked up by all wireless computers within range; this broadcast is essentially the router introducing itself, Hello, my name is (some SSID) and I m here to connect with you if you want. Initially, almost all routers come with the default SSID of the manufacturers name, i.e. Dlink, Linksys, Cisco, Netgear, 3Com, etc. Leaving the default name intact is a clue for any hacker that the network is not secure and it often can give them easy access to the default router interface username and password, which can be easily found from manufacturers websites. Example and Non-Example: If there are two wireless routers in a neighborhood, Router A and Router B, when a laptop scans for wireless signals, it will detect these two separate signals according to their SSID. For example, Router A may have the default factory name of Linksys, while Router B could have the name Gypsy Radio. In this case of Router A, Linksys, it still has the default SSID provided by the manufacturer. The SSID gives away the manufacturer of the router, which can be used to search the internet for the default administrator username and password. Router B, on the other hand, has a unique SSID, Gypsy Radio, which prevents hackers from knowing the manufacturer and the associated default password of the router. A hacker would more easily infiltrate Router A.
Wireless Network Security 9 Section B. Determine how disabling the SSID Broadcast can contribute to wireless security To refer back to our metaphor of securing your home documents, the second level of defense after closing your doors and windows, would be to hide your documents. For instance, you might hide them by them by putting them in a compartment that is camouflaged behind a framed photograph hung on the wall. In terms of wireless security the analogous strategy would be disabling SSID broadcast, a strategy that essentially hides the signal coming from your wireless router so that it is not as easily discovered by people searching for a connection. If someone were to find your network, as if they were to find your documents, they could easily access your information. However, just by hiding the signal by disabling the SSID broadcast you make your information a good bit harder to get to. If Disable the SSID broadcast is selected in the router interface, the router is prevented from sharing its name and availability. Therefore, most computers won t discover the existence of the router and wireless signal, much less connect to it. Example and Non-Example: There are two wireless routers in the room, Router X and Router Y. Both X and Y are internet connected and neither requires a password. The routers are configured exactly the same except for the SSID broadcast settings: Router X has SSID broadcast enabled, while Y has SSID broadcast disabled. When a laptop is turned on in the room, it will only detect one signal- Router X. The laptop will not detect a signal from Router Y because Router Y is not broadcasting its SSID. Router Y is essentially hidden from the laptop, therefore, Router Y is more secure because disabling its SSID broadcast has made it harder to find.
Wireless Network Security 10 Chapter 3: SSID Broadcast Review 1. Wireless routers send out signals to identify themselves and introduce their signal to computers in the area. What is this called? A. SSID Broadcast B. Interface Access Announcement C. WEP Encryption Key D. MAC Address Sharing 2. Wireless routers usually send out signals with their names and availability for connection to all computers in the area. If you configure a router to prevent this signal from going out, what have you done? A. Implemented WEP Encryption Keys B. Corrupted the Interface Access Announcement C. Disabled SSID Broadcast D. Disabled MAC Address Sharing
Wireless Network Security 11 Chapter 3: SSID Broadcast Review Key and Explanations 1. Wireless routers broadcast a signals to identify themselves and introduce their signal to computers in the area. What is this called? A. *SSID Broadcast Correct, the SSID Broadcast is a signal to identify the router and introduce its signal to computers in the area. B. Interface Access Announcement Incorrect, the interface is not a signal C. *. WEP Encryption Key Incorrect, encryption is coded signals. D. MAC Address Sharing Incorrect, MAC addresses identify the NIC, not the router. 2. Wireless routers usually send out signals with their names and availability for connection to all computers in the area. If you configure a router to prevent this signal from going out, what have you done? A. Implemented WEP Encryption Keys Incorrect, encryption is coded signals. B. Corrupted the Interface Access Announcement Incorrect, the interface is not a signal C. * Disabled SSID Broadcast Correct, if you prevent your router from sending out a signal with its name and availability for connection to all computers in the area then you have Disabled SSID Broadcast. D. Disabled MAC Address Sharing Incorrect, MAC addresses identify the NIC, not the router.
Wireless Network Security 12 Chapter 4: MAC Address Filtering Chapter 3 has two skill sets for you to master: Section A:. Identify the function of a Media Access Control (MAC) address on a Network Interface Card. Section B: Determine how MAC Address filtering can contribute to wireless security. Section A: Identify the function of a MAC address on a NIC A computer uses a network interface card (NIC) to get on the internet. Each NIC has a unique identification code called a Media Access Control (MAC) address. The MAC address is also sometimes called the Physical Address because it is physically hard coded into the Network Interface Card. This MAC address is used for identification in the same way people use fingerprints or Social Security Numbers, a unique identifier that is connected to you. The MAC address is actually written as 12 characters arranged in six sets of two, with each set of characters separated either by colons or hyphens. Because MAC addresses are unique, like a person s fingerprints, no two are the same across the world. And because they are located on the computer s NIC, including wireless NIC s, they provide an individual identification for each computer when it connects to a network. Example 1: In this example we see a picture of a Network Interface Card (NIC) that has been removed from a computer. Note that on the left side of the front of the card is a sticker that has the MAC Address -- six sets of two characters (00 60 94 55 3A 63) that uniquely identify this card and any computer that would use this card for a network connection. The important concept to note here is that the MAC address is coded into the NIC itself, and never changes, even if the card is removed from the computer.
Wireless Network Security 13 Example 2: Here is a screenshot that contains information about the NIC and the MAC address for a wireless NIC installed in a computer. The first highlighted line says Ethernet adapter Wireless Network Connection: which indicates that we are looking at data for the wireless NIC. In the second highlighted line, titled Physical Address: is where we see a 12-character sequence of six sets of 2 characters separated by hyphens; this is the MAC Address. The important thing to recognize from this example is that the MAC address is part of the NIC data for the network connection. Non-Examples: Note the line that says IP address in example 2 above. The IP address that a computer uses for communicating with the internet is different than the MAC Address in important ways. IP addresses are not always unique and in fact sometimes change dynamically such that a new address is assigned every time a computer connects to the network. This is different because MAC addresses are constant, they are always the same for the particular NIC they are coded into and always stay the same when the computer connects to the network day after day.
Wireless Network Security 14 Section B: Determine how MAC Address Filtering Can Contribute to Wireless Security To begin our discussion of MAC address filtering let us refer back to our metaphor in terms of home document security. MAC address filtering could be said to be analogous to a little home vault or safe that requires a fingerprint ID to open. No one would be able to access the documents unless their fingerprint was preapproved to open the safe. In terms of wireless security this metaphor represents MAC address filtering, essentially using a fingerprint from the computer to check against a preapproved list of computers allowed to access to the wireless router. MAC address filtering is a way of coding into the router a limited list of computers that are allowed to talk to the router. Every network interface card (NIC), whether it is a wireless or a wired connection card, has a MAC Address. The MAC address is a totally unique character set for every individual NIC, so it can therefore be used to identify individual machines that connect to the network. MAC address filtering is a way of blocking all machines from attaching to the router except for the ones that are specifically allowed by previously entering them into the router s list of pre-approved MAC Addresses. It s like having a bouncer at a nightclub who only lets in people whose name is on a list. This is a strong way to keep unwanted computers from connecting to the router, but it can also be tedious to update when new computers or guests want to connect to the wireless network. Example: Router MAF has MAC address filtering enabled so only computers whose MAC addresses have been approved and entered into the interface by the router administrator will be able to connect to Router MAF. Even if a hacker discovers the router s SSID and Encryption key, she will have a much more difficult time connecting
Wireless Network Security 15 with Router MAF, because her computer will not be in the preapproved list that MAC address filtering allows into the router. Non-Example: Router X does not have MAC address filtering enabled. If a hacker discovers the router s SSID and Encryption key he will be able to connect with Router X.
Wireless Network Security 16 Chapter 4: Review 1. The unique identification number that never changes on a Network Interface Card is called the: A. Internet Protocol (IP) Address B. Media Access Control (MAC) address C. Serial Number (S/N) D. Special Security Number (SSN) 2. If you restrict access to your wireless network based on the unique identification number on the connecting computers Network Interface Card (NIC), what security strategy are you using? A. WEP Encryption Key B. Interface Access Pass Code C. SSID Number Blocking D. MAC Address Filtering
Wireless Network Security 17 Chapter 4: MAC Address Filtering Review Key and Explanations 1. The unique identification number that never changes on a Network Interface Card is called the: A. Internet Protocol (IP) Address - Incorrect. IP addresses do change. B. Media Access Control (MAC) address - Correct, the MAC Address is a unique identification number that never changes on a Network Interface Card. C. Serial Number (S/N) - Incorrect. The serial number refers to the make and model of the NIC. D. Special Security Number (SSN) - Incorrect. This is a fictional item. 2. If you restrict access to your wireless network based on the unique identification number on the connecting computers Network Interface Card (NIC), what security strategy are you using? A. WEP Encryption Key Camouflage Incorrect, encryption keys are for decoding signals. B. Interface Access Code Filtering Incorrect, the interface is not on the NIC. C. SSID Broadcast Interrupt Incorrect, the SSID is not on the NIC. D. MAC Address Filtering Correct, MAC Address Filtering restricts access to your wireless network based on the unique identification number on the connecting computers Network Interface Card (NIC),
Wireless Network Security 18 Module Post-test Please take this brief Post-test so that we can assess what you have learned from this module. 1. The function of an SSID broadcast can best be described as A. sending out a signal to identify the computer by name and introduce its signal to computers in the area. B. providing an interface console IP address for access via the web. C. sending out the identification number of the machines network interface card physical address. D. sending out a code linked to a time signature for address resolution. 2. If you do not disable the SSID Broadcast from a wireless router, you will allow. A. NIC s with unregistered MAC addresses from accessing your router. B. hackers from decoding your encryption passphrase. C. computers from automatically detecting the existence and name of your network signal D.. virus infected machines from accessing your registry keys. 3. The function of a MAC address can best be described as? A. a 12 character address used to allow other computers to find the location of your web page. B..a code for encrypting a signal so that people without the appropriate passphrase can not decode your message. C. a unique and never changing address used for identification on a Network Interface Card D. a network protocol used to resolve GPS coordinates into a Physical Address. 4. Which of the following best describes MAC address filtering? A.. an electronic camouflage to hide wireless information among the radio waves and cell phone signals that otherwise would be filtered out. B. a code for encrypting a signal so that people without the appropriate passphrase can not decode your message. C. a network protocol used to block machine coordinates that do not have the right registration on the domain. D. a list of pre-approved computer identification numbers to block out any unapproved computers