wireless network security

50 %
50 %
Information about wireless network security

Published on March 22, 2009

Author: pankaj_dec6

Source: authorstream.com

Wireless Security Basics : Wireless Security Basics A Discussion Motivator For Technology Coordinators of NWOCA Owner-Member Schools Vision Statement : December 9, 2004 2 Vision Statement In the future NWOCA member school districts will implement wireless network access points in a consistent, easily managed mode, and in a manner that protects network integrity for all NWOCA member school districts. Today’s Goals and Objectives : December 9, 2004 3 Today’s Goals and Objectives Achieve a basic understanding of terminology and related technologies Provide suggestions for short-term rudimentary security mechanisms that should be implemented for all wireless devices Today’s Goals and Objectives : December 9, 2004 4 Today’s Goals and Objectives Initiate a dialogue that leads to the development of a wireless security policy that is embraced by NWOCA and all its member school districts Today’s Situation : December 9, 2004 5 Today’s Situation Most district wireless access points are “wide open”, with no security mechanisms implemented Some “rogue” (not implemented or managed by the district technology staff or NWOCA) wireless access points exist in the network Today’s Situation : December 9, 2004 6 Today’s Situation Many NWOCA school districts are (unknowingly) providing unsecured wireless access in public areas outside of their buildings Most districts don’t understand the “hidden” costs of wireless total cost of ownership (TCO) [see next two slides] Wired vs. Wireless TCO : December 9, 2004 7 Wired vs. Wireless TCO Gartner Research (June 2004) Wired Lan Cost - $453/user/year Wireless LAN Cost - $1,026/user/year Mixed Wired and Wireless LAN Cost - $1,043/user/year Cost differential is primarily in personnel costs for administering wireless vs. wired networks Gartner Recommendations : December 9, 2004 8 Gartner Recommendations Wired LANs are more reliable, secure, and faster than their wireless counterparts Understand that wireless has a much higher TCO than wired LANs and assess whether the productivity gains or convenience outweigh the additional costs Today’s Situation : December 9, 2004 9 Today’s Situation Wireless access points are SNMP-managed gateways to the network, and (technically) are required to be under the management of NWOCA personnel per NWOCA’s network management policy adopted by the member school district boards of education Today’s Situation : December 9, 2004 10 Today’s Situation Unauthorized network usage represents a financial liability for the school district, with a penalty being the potential loss of E-Rate, ODE, and OSN technology funding; and/or criminal/civil liability under the Family Educational Rights to Privacy Act (FERPA) and HIPAA Today’s Situation : December 9, 2004 11 Today’s Situation A good security strategy is like an onion. It has to have multiple and varied layers to be any good. Security enforcement at each NWOCA district has a direct effect on the security of all other districts served by NWOCA … “weakest link” syndrome How Did We Get Here? : December 9, 2004 12 How Did We Get Here? Wireless access points can be easily, cheaply, and quickly implemented when overall network security and user authentication strategies are not taken into consideration Wireless access points are cheap and can be used to provide access to areas that would remain otherwise unserved Terminology/Definitions : December 9, 2004 13 Terminology/Definitions 802.11 ~ IEEE specification for over-the-air wireless networks 802.11i ~ Proposed specification for “next generation” WLAN security standards 802.1x ~ IEEE specification for port-based access control Terminology/Definitions : December 9, 2004 14 Terminology/Definitions AES ~ Advanced Encryption Standard EAP ~ Extensible Authentication Protocol FAST ~ Flexible Authentication via Secure Tunnel LAN ~ Local Area Network (Intra-Building) Terminology/Definitions : December 9, 2004 15 Terminology/Definitions LEAP ~ Lightweight Extensible Authentication Protocol MAC ~ Media Access Control MD5 ~ Message Digest Encryption Algorithm #5 MSCHAP ~ Microsoft Challenge-Handshake Authentication Protocol Terminology/Definitions : December 9, 2004 16 Terminology/Definitions PEAP ~ Protected Extensible Authentication Protocol PKI ~ Public Key Infrastructure RF ~ Radio Frequency SSID ~ Subsystem Identification TCO ~ Total Cost of Ownership Terminology/Definitions : December 9, 2004 17 Terminology/Definitions TLS ~ Transport Layer Security TTLS ~ Tunneled Transport Layer Security VPN ~ Virtual Private Network WAN ~ Wide Area Network (Inter-Building) WAP ~ Wireless Access Point Terminology/Definitions : December 9, 2004 18 Terminology/Definitions WEP ~ Wired Equivalent Privacy Wi-Fi ~Wireless Fidelity WLAN ~ Wireless Local Area Network WPA ~ Wi-Fi Protected Access WPA2 ~ Wi-Fi Protected Access using AES Available Options : December 9, 2004 19 Available Options Do nothing – ignore the issue Potentially catastrophic strategy Financial/civil liabilities for districts Network disruption potential Adopt a multi-strategy approach Try to eliminate or minimize financial/civil liabilities for districts Strengthen overall security within NWOCA’s network – “weakest link” syndrome Recommended Strategies : December 9, 2004 20 Recommended Strategies Education & Training Problem awareness and understanding is key to success Establish consensus for minimum agreed-upon wireless security measures to be implemented for all wireless implementations within NWOCA’s network Recommended Strategies : December 9, 2004 21 Recommended Strategies Convene a committee of technology coordinators and NWOCA personnel to develop and propose a comprehensive WLAN security policy for adoption and implementation for all NWOCA member school districts Strategy: Education : December 9, 2004 22 Strategy: Education This session What other educational/information sessions are needed by NWOCA member district coordinators? Strategy: Minimal Security Steps : December 9, 2004 23 Strategy: Minimal Security Steps Change default wireless access point administrative password Eliminate casual access to administrative functions of the wireless access point Change SSID away from vendor default Do not make the SSID “obvious”, and change it every school year if administratively feasible Strategy: Minimal Security Steps : December 9, 2004 24 Strategy: Minimal Security Steps Set SSID broadcast to “NO” Avoid broadcasting the name of your wireless network and making it easier for casual hackers to attempt unauthorized accesses Note: Some wireless access points do not support this feature. Should there be a “standard” for wireless access points in the NWOCA network? Strategy: Minimal Security Steps : December 9, 2004 25 Strategy: Minimal Security Steps Enable WEP Encryption If your volume of wireless devices permits, enable WEP encryption to provide a more secure transmission of data wirelessly. This is especially important if student data is being transmitted wirelessly. Strategy: Minimal Security Steps : December 9, 2004 26 Strategy: Minimal Security Steps Enable WEP Encryption Create WEP keys creatively using a mixture of nonsense words and numbers using the highest encryption level possible (128-bit) Change WEP keys each school year if administratively feasible Strategy: Minimal Security Steps : December 9, 2004 27 Strategy: Minimal Security Steps Enable MAC Filtering If your wireless device volume permits, enable MAC (Media Access Control) filtering. This creates an access control allowing only registered devices to access the wireless network. Can be spoofed, but it is like adding another lock on your front door. The more obstacles you present, the more likely hackers will try less secure organizations. Strategy: Minimal Security Steps : December 9, 2004 28 Strategy: Minimal Security Steps Ensure you own the “footprint” of all WLAN access points Test your wireless access points to determine whether they are providing coverage outside your facilities. If so, move them so that doesn’t occur, or install directional antennas to focus the footprint. Some access points have adjustable power levels to assist with this problem. Strategy: Minimal Security Steps : December 9, 2004 29 Strategy: Minimal Security Steps Install or enable a personal firewall on all laptops authorized to use a wireless interface, and lockdown visibility and changes to network control settings on those that have been authorized. Link open ports to specific IP addresses and ranges as needed Strategy: Minimal Security Steps : December 9, 2004 30 Strategy: Minimal Security Steps Educate district personnel that connecting unauthorized wireless access points to the school network is not permitted Strategy: Minimal Security Steps : December 9, 2004 31 Strategy: Minimal Security Steps Use Static IP Addressing for Wireless Clients Static IP addressing forces wireless clients to have a legitimate IP address before access to the network is granted. Static IP addressing forces hackers to know the network addressing scheme and manually allocate an address and gateway. Strategy: Optional Next Steps : December 9, 2004 32 Strategy: Optional Next Steps Cede management control of all wireless access points to NWOCA. Implement EAP, LEAP, or PEAP Have NWOCA redesign your district network to put all access points on mandatory VPN connections Security Policy Development : December 9, 2004 33 Security Policy Development Understanding the need Understanding the benefits Essential Components of a wireless policy Delegation of authority and responsibility Risk assessment Network segregation Security Policy Development : December 9, 2004 34 Security Policy Development Essential Components of a wireless policy (cont’d.) User authentication Confidentiality Availability Logging and Accounting Wireless Access Point Security Security Policy Development : December 9, 2004 35 Security Policy Development Essential Components of a wireless policy (cont’d.) Client-Based Security Firewall Anti-Virus Ad-Hoc Wireless Communications Wireless Scanning Education and Awareness Recommended Next Steps : December 9, 2004 36 Recommended Next Steps Can we agree on the mandatory implementation by all NWOCA member districts of the minimal steps outlined in this document? What should be the timeline for the implementation of the mandatory minimal steps? Recommended Next Steps : December 9, 2004 37 Recommended Next Steps Districts desiring to implement optional steps outlined in this document, or having questions regarding the minimal steps, should contact the NWOCA Network Services Group (mail_staff_hw@nwoca.org) Recommended Next Steps : December 9, 2004 38 Recommended Next Steps Convene a committee of district technology coordinators and NWOCA personnel to develop a wireless network security policy as outlined in this document. Volunteers? Timeframe? Wireless Security Basics : December 9, 2004 39 Wireless Security Basics Questions/Answers/Discussion Contact Information : December 9, 2004 40 Contact Information Duane Baker, Chief Technology Officer Northwest Ohio Computer Association 22-900 State Route 34 Archbold, Ohio 43502 Phone: (419) 267-5565 Ext. 2519 Email: baker@nwoca.org

Add a comment

Related presentations

Related pages

Wireless security - Wikipedia, the free encyclopedia

Wireless security is the prevention of unauthorized ... Wireless Intrusion Prevention Systems can be used to provide wireless LAN security in this network ...
Read more

Wireless Network Security Solutions | Dell Software

Take advantage of high-speed wireless and next-generation firewall security in a single, cost-effective solution. Dell SonicWALL Wireless Network Security ...
Read more

Wireless Network Security - SonicWall

Dell SonicWALL Wireless Network Security solutions combine high-performance IEEE 802.11ac wireless technology with industry-leading next-generation firewalls.
Read more

10 Wireless Home Network Security Tips

When setting up and maintaining Wi-Fi home networks, consider these tips for maximizing the security of the computers and data on these networks.
Read more

Wireless Network Security (WLAN) Solutions | SonicWALL

SonicWALL's Wireless Network Security solutions combine 802.11ac wireless with comprehensive security of next-gen firewalls in a single pane of glass.
Read more

Wireless Network Security - Free downloads and reviews ...

wireless network security free download - Zamzom Wireless Network Tool, SterJo Wireless Network Scanner, Atheros AR5006X Wireless Network Adapter, and many ...
Read more

Securing Your Wireless Network | Consumer Information

Securing Your Wireless Network. Related Items. ... Use the same basic computer security practices that you would for any computer connected to the internet.
Read more

Wireless Network Security Buch portofrei bei Weltbild.de

Bücher bei Weltbild: Jetzt Wireless Network Security versandkostenfrei online kaufen & per Rechnung bezahlen bei Weltbild, Ihrem Bücher-Spezialisten!
Read more

Wireless and Network Security Integration Solution Overview

The Cisco Unified Wireless Network features a comprehensive architecture of security tools and technologies to secure the WLAN environment, clients, and ...
Read more