Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

RFID - Kenneth M. Chipps Ph.D. Web Site Home Page

advertisement 
Wireless Network Security
Lab
Last Update 2011.06.01
1.0.0
Copyright 2011 Kenneth M. Chipps Ph.D.
www.chipps.com
1
Method Used
• This lab will be done in Packet Tracer 5.2
or later
• Start Packet Tracer
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
2
Create the Lab Network
• Create this network in it
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
3
Create the Lab Network
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
4
Create the Lab Network
• The connections to the Server-PT devices
from the Access Point switch ports are
straight-through cables
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
5
Configure the Access Point
• Click on the Linksys WRT300N Wireless
Access Point
– Open the GUI tab and ensure that DHCP is
set to Automatic Configuration
• Leave the Access Point’s IP address at the
default value of 192.168.0.1/24
• Enable the DHCP Server and leave the Start
IP Address as 192.168.0.100
• Set the maximum number of DHCP clients to
4
6
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
Configure the Wireless Client
• Open the Physical tab of the PC-PT
computer and turn the power off
• Remove the Ethernet module and replace
it with the Linksys WMP-300N wireless
module
• Turn the power back on
• After a few seconds you should have a
wireless connection to the access point
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
7
Enable WEP
• The original security method used in
wireless LANs was WEP
• Let’s see how it is enabled
• On the WRT-300N access point select the
Config tab
– Change the SSID to
• CCNP
– Enable WEP Authentication
• Use 1234567890 as the WEP key value
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
8
Enable WEP
• On the PC using the Wireless Settings
• Change the SSID to
• CCNP
• Enable WEP Authentication
• Use 1234567890 as the WEP key value
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
9
Configure the Web Server
• On the Web Server
• Open the Desktop tab
• Click the IP configuration icon
• Change the static settings of the Web Server as
follows
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
10
Configure the Web Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
11
Configure the Web Server
• Open the Config tab disable all service
except for HTTP and HTTPS
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
12
Configure the Web Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
13
Check Connectivity
• Open the wireless host’s Web Browser
and verify that you can access the web
server using the IP address 192.168.0.11
• If you are successful, your browser page
should look this
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
14
Check Connectivity
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
15
Enable WPA with TKIP
• WEP was replaced by WPA using TKIP
• Let’s see how WPA works
• On the wireless access point, enable
WPA-PSK authentication
• Set the Data Encryption type to TKIP
• Use the PassPhase abcd1234
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
16
Enable WPA with TKIP
• On the wireless host, enable WPA-PSK
authentication
• Use the PassPhase abcd1234
• Ensure that the Data Encryption type is set
to TKIP
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
17
Check Connectivity
• After the wireless connection between the
access point and the wireless host is
resumed
• Verify connectivity by pinging the web
server at 192.168.0.11
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
18
Enable WPA with AES
• TKIP was soon replaced in WPA by AES
• Let’s see how this change is made
• On the wireless access point, enable
WPA-PSK authentication
• Set the Data Encryption type to AES
• Use the PassPhase abcd1234
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
19
Enable WPA with AES
• On the wireless host, enable WPA-PSK
authentication
• Ensure that the Data Encryption type is set
to AES
• Use the PassPhase abcd1234
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
20
Check Connectivity
• After the wireless connection between the
access point and the wireless host is
resumed
• Verify connectivity by pinging the web
server at 192.168.0.11
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
21
Enable WPA2
• There are two versions of WPA2
– WPA2-PSK
– WPA2-Enterprise
• We have just seen WPA-PSK enabled
above at all it is is WPA with TKIP
replaced by AES
• In other words PSK or pre-shared key
• As in WEP and WPA, WPA-PSK is just a
password based system
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
22
Enable WPA2
• As is true of any password based system,
the password can be lost
• This requires all the devices be changed
• A better solution is to use a RADIUS
server to enable WPA2-Enterprise
• Let’s see how this is done
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
23
Configure the RADIUS Server
• Open the Desktop tab on the RADIUS
Server and click the IP configuration icon
• Change the static settings of the RADIUS
Server as follows
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
24
Configure the RADIUS Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
25
Configure the RADIUS Server
• Open the Config tab
– Disable all services except AAA
• Click on the AAA service
– Turn the AAA service on and leave the
RADIUS port set to 1645
– Add a RADIUS client Linksys Access Point
with an IP address of 192.168.0.1 and a
secret key ccnp1234
– Add a user student with a password cisco
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
26
Configure the RADIUS Server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
27
Configure the Access Point
• On the access point
– Change the Authentication type to WPA2
– Configure the RADIUS server IP address as
192.168.0.10
– Set the Shared Secret key to ccnp1234
– Set the Data Encryption Type to AES
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
28
Configure the Access Point
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
29
Configure the Wireless Client
• On the Wireless Client
– Change the Authentication Type to WPA2
Change the Data Encryption Type to AES
– Enter the User ID
• student
– Enter the password
• cisco
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
30
Check Connectivity
• You should now have connectivity
between the wireless host and the access
point
• Verify this by connecting to the web server
from the browser on the wireless host
• If you do not have connectivity to the web
server, double-check all of your settings
on access point, wireless host, and
RADIUS server
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
31
Source
• Most of this lab is stolen from John
Morgan, but its ok, he said I could
Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com
32
Related documents
Link State Routing Protocols - Kenneth M. Chipps Ph.D. Web Site
Link State Routing Protocols - Kenneth M. Chipps Ph.D. Web Site
Preliminary Discussion - Kenneth M. Chipps Ph.D. Web Site Home
Preliminary Discussion - Kenneth M. Chipps Ph.D. Web Site Home
The Relationship of the Protocol Stack to the Operating System
The Relationship of the Protocol Stack to the Operating System
Last Minute Risk Assessment– Looking out for #1
Last Minute Risk Assessment– Looking out for #1
Enterprise Systems - Kenneth M. Chipps Ph.D. Web Site Home Page
Enterprise Systems - Kenneth M. Chipps Ph.D. Web Site Home Page
Decision Making - chipps.com - Kenneth M. Chipps Ph.D. Web Site
Decision Making - chipps.com - Kenneth M. Chipps Ph.D. Web Site
Download
advertisement