Securing A Wireless Home Network

advertisement
Securing
A
Wireless
Home Network
Simple home wired LAN
Simple home wireless LAN
Wireless LAN
Wireless base station has to signal its
existence so clients can connect (you laptop
or other devices)
Attackers of wireless LANs therefore need to
be kept out!
Types of attacks
Attack laptops and workstations on the
network
Steal information being transmitted over
your wireless network
Steal Internet access through your Internet
What Happens When Your
Laptop and Workstation are
Attacked?
Attacker attempts to steal data from hard
drives
Attacker attempts to damage the data on
the hard drives
Attacker plants malicious software to attack
other computers
Attacks can be traced to your computer,
not his or hers!
Attacks to steal Internet access
 Attacker’s computer joins your network, uses
your Internet gateway
 Attacker could be (for example):
–
–
–
–
Downloading copyrighted music files
Downloading child pornography
Broadcasting spam
These can be traced back to your Internet
connection
How easy is it to attack a wireless LAN?
Very easy
All an attacker needs is a laptop computer,
a wireless card and some software
A directional antenna will increase the
range over which the attacker can access
your network
Directional antenna can be made from a
Pringles potato chip can!
Attackers drive around with their
computers looking for open wireless
networks
Why is it so easy to invade a wireless LAN?
Ease of setup
Default settings allow even people with
limited technical skills to set up and run a
basic wireless network
Allows wireless users to use open, public
networks (usually for Internet access)
Ex. Such as the one at your local Starbucks
How do you keep attackers out of your home
wireless LAN?
Secure the network
Change the service set identifier (SSID)
of your base station
Change your base station’s password
Shut off your base station’s SSID
broadcast
Enable encryption (WPA or WPA2)
Changing your SSID
To access the LAN you need the
service set identifier (SSID) of your
base station
Changing the default SSID reduces
the chance the attacker will be able to
guess it (it may be called default,
Linksys ex.)
Works best with other security
measures
Change your password
 To access the LAN you need the base
station’s password
 Changing the default password (often
‘admin’ or ‘password’) drastically
reduces the chance the attacker will be
able get into your network
Close your network
 Shut off SSID broadcast
 Reduces chances that the attacker can see
your network at all
 Like parking your car in a closed garage
– If the thief can’t see it, he won’t know that it’s
available to steal
Enable wireless encryption
 Encrypt your network traffic
– This has to be done on the base station and all
access points, wireless adapters, etc.
• All devices use the same WPA or WPA2 keys
 WPA or WPA2 (Wi-Fi Protected Access)
• Don’t forget yours; write it down
WPA & WPA2-Personal
 Choose this option to protect your network with Wi-Fi Protected
Access.
 Choose Password and enter a password between 8 and 63
characters.
 Wireless client computers using WPA or WPA2 can join the
network.
Setting up wireless security
 Make security changes in all devices (routers,
access points, adapters, etc.) through a
wired link
– If you change a device setting through a wireless
link, you could lose the connection when you
apply the changes
– Set up devices in this order:
• Base station (Cable/DSL modem)
• Access points
– Test each device for connectivity before you install
it in its final location
Wireless security is not perfect
 However, many simple measures can
be taken to make the job harder
 Wireless LAN security is not perfect but
if you make it difficult enough, attackers
will pick other targets
Let’s Get to Work!
 Change Default Administrator
Passwords and Usernames
 Change the Default SSID
 Disable SSID Broadcast
 Turn on WPA Encryption
Default User Names and Passwords












Linksys Comcast
User Name: comcast Password: 1234
Linksys
User Name: [none] Password: admin
NetGear
User Name: admin Password: password
D-Link
User Name: admin Password: admin
Cisco
User Name: cisco Password: cisco
Apple Airport Extreme
User Name: [none] Password: admin
Download