Wireless Security Basics Tutorial

3.1 Wireless vs Wired Networks

Let's talk about wireless versus wired networks, before we talk about wireless security issues. Now there's some differences between wireless and wired, obviously, and these differences actually affect security. Wired networks actually use physically connected trans-media, typically fiber or copper wiring. So we know that there's a physical endpoint between a host and a switch for example. This is called physical containment and it's what helps keep wired networks secure. It's not the only thing but it's one thing that helps to keep them secure. The thing about wired networks is, is that if you're going to try to access those networks you typically have to connect to the devices themselves. Or tap the cable. Now, this is assuming a local area network, we're not talking about the Internet where you would have to come in to the network from the outside. You can do that, but that's out of the context of what we're discussing for the moment. For the moment, assume that we have a local area network, all physically connected with cable. It's very difficult to get into that network unless you connect to a box or unless you tap the cable. Physical containment helps us with that. Now wireless networks, on the other hand, are not restricted by physical media connections. You can roam around, you can move around with your host without having to worry about cumbersome cable. The problem with that though is, is it's easier to get in from a physical standpoint. You don't have to be physically near the network, you can be outside of a building for example or tuck away in a closet so a malicious person could get into a wireless network From a physical stand point a little bit easier than a wired network. But wireless networks offer a lot of advantages obviously greater mobility, they're fairly easy to setup and they use radio Microwaves and even infrared light is transmission media, no cables. Look ma, no wires. Wireless networks also allow devices to dynamically connect and disconnect from the network. It's possible to have your network so that a device that walks into the door can connect to the wireless network without much trouble at all. And they can move from wireless network to wireless network. As long as they're configured to do so. This lets you connect portable devices, such as PDAs, cellphones, tablets, and so forth. So it gives those traditional network services that we haven't had previously. To those devices. Now unfortunately because of that, this can impose greater security risks which we'll discuss a little bit later. But the physical containment aspect, and the mobility aspect of wireless and wired networks are one of the fundamental security issues that we'll talk about.

3.2 Wireless Security Issues

Now let's go ahead and get into some of the wireless security issues that affect wireless networks. Now we just talked about the differences in between wired and wireless networks in the terms of topology and physical containment and that leads to some security issues. Actually, at least to some of the fundamental security issues that wireless networks have. Now they do suffer from some of the same security issues as wired networks. Networks. And these are the typical things that we as security administrators have to protect against anyway, misuse, malicious users such as hackers, information leakage and exfiltration, and also Violations of the confidentiality of the network, data integrity, and network availability. So those are typical issues that will affect any network. But wireless also has its own typical security issues as well. These are additional risks because the wireless network is not physically contained or closed. And some cases, it's not even physically separated from the outside world. It's an open media because of the airwaves. Radio transmissions go all over the place. They don't just travel down one particular confined wire. So we don't have that. The traditional physical containment that we had on wired networks. With the wired network you can set a firewall on the edge and then a switch and put a security, a controls on the firewall on the switch. Protect the cable, restrict the area that people can access to get to the equipment and you have a pretty good containment there. You don't have that in wireless Unfortunately, even if there's a firewall on a wireless network, you're not behind that firewall. You're really all around the firewall, because that's where your media goes. So, it's possible to access a wireless network even from behind a firewall. Because there's nothing physically restricting you from sending radio waves from your host to that host. It is actually possible to connect directly to clients or other resources inside the network because of the way wireless is designed This is a great thing and a bad thing. It's designed for mobility, portability with devices, and to be able to connect seamlessly to the network, and this can also be a security issue. Often also we see a wireless network this could be used as an entry point into a wired network Org, even if some clients connect through the network, through a firewall, or through a switch. If there's a wireless network also connected, that could be used as a back door. If you can compromise the wireless network, you can get to the wired Wired network. Now that's why, because physical containment is unfortunately not great for a wireless network, that's why we actually turn to other measures to secure the network, to control how people access it and how they access the data. That's where transmission security comes in. If you can't effectively protect the physical aspects of the network, Then you actually have to protect the transmissions of the network. This is actually a good introduction to our discussions on encryption and access controls. And by access controls we're talking identification, authentication, authorization. An accounting and they played probably the largest role on securing a wireless network, encryption and authentication especially are to the biggest things you have to do to secure wireless network. And we have whole segments to talking about them, so I won't going to depth on them right now. But, for now you need to understand that transmission security is where it's all at with wireless networks.

3.3 Encryption

Over the next two sessions, we're going to talk about the two major things you can do to secure your wireless networks. We've already talked about the differences between wireless and wired networks, and how physical containment is actually a security measure that can help protect wired networks. Unfortunately wireless does not have this protection. There's no physical containment, airways travel all over the place so they can be easily intercepted. So, what do we do to mitigate that risk? Well, there are two major things we do, encryption and authentication. Now, we're going to briefly discuss each. And then we're going to lay it on, go into some of the more depth on the protocols that are used to provide encryption and authentication to wireless networks. Now encryption protects data transmitted and received and it keeps them from being intercepted and accessed. Now, when we say intercepted, the data could still be intercepted, but encryption would render it unreadable. In other words, it would be meaningless text to whoever gets it. So it protects confidentiality of the data. It can also protect integrity of the data because if the data has been changed or modified Either intentionally or unintentionally due to interference or something like that, then the data can't be read because the encryption will be thwarted. It won't be compromised but encryption will not allow it to be read if it's been modified. So it also protects integrity. Now, the standards that we discussed so far, the 802.11a, b, g and n standards are really transmission standards. And they don't include encryption methods or mechanisms by themselves. As a matter of fact, the first wireless networks that came out didn't have any encryption or protection at all. Encryption was not introduced until the 802.11b standard came out. And what happened is something called the Wired Equivalent Privacy protocol, or WEP, was implemented in 802.11b. And it basically provided the level of protection that its name suggests. It It was equivalent to wired networks, that was it's hope. It provided some level of encryption. And while we won't go into the depths of WEP right now, we'll talk about them in their own section. Suffice it to say that WEP was not very good. It protected for a short amount of time, but it was also easily broken after a short amount of time. And this is really due to the fact that it was poorly implemented. It uses RSA Algorithms, which are strong algorithms, but it was poorly implemented in the implementation of web. It did provide a small degree of protection, however, for a short time. Now, WPA and WPA2 were later introduced into 802.11 standards. And they provide a higher degree of protection for data. They also allow other mechanisms such as authentication to come into play. And again we'll talk about that a little bit later. We should point out that encryption is not to be confused with authentication although the two are used together to secure a connection. We typically do not have one without the other. So they work together.

3.4 Authentication

Now we've discussed encryption. Now turn our attention to other major thing you need to be doing secure wireless networks, and that's authentication. Authentication is the process of verifying the identity of a user or another device or even a process, zone entity. Now authentication doesnt happen first its actually the second step in a multi step process The first thing that happens, is a user, for example, submits their identity. That's identification. This may be in the form of a user name or password, or smart card, or token. In any case, they submit their identity to the system to be authenticated. Now authentication actually is the process of verifying what the person submitted during the identification process. They verify the credentials that were submitted. And they confirm that the user in fact really is who they say that they are. That's authentication. So that's the second step of the process, and authentication is verification. And there are several ways we can do this in wireless networks and in wired networks and some of them are similar. After authentication happens, just because you're allowed to join the network does not mean you're allowed to do anything on it. That's for authorization comes in and we'll discuss that later on the course, Authorization allows an authenticated individual Or entity to access resources given that they have the right permissions, rights, and privileges and so forth. Now authentication, as I said, is implemented in wireless networks using a wide variety of several different protocols. Now there's a couple of ways we can do this authentication thing and this is where you get into a little bit of theory. And security purists may argue this point back and forth amongst themselves So let's define what true authentication is. True authentication positively verifies the identify of a user, a device, or a process or service. In other words, I can trace an action back to one single individual or single device or so forth. I'm absolutely convinced, 100% sure that is the identity of the person that's accessing the network. Now there's a little bit of authentication that goes on sometimes, typically in home networks and small business networks. And it really is not true authentication, but we might call it basic authentication. Authentication. Not this authentication doesn't positively, 100% verify user device but it serves only to tell whether or not an entity has a recognized password that they're using. Let me give you an example, when you're using WEP for example, you would put in the WEP key. Okay, now you assume that whoever has the WEP key is automatically authorized to join the network. So their authenticated in a sort, because you're authenticating the fact that they have the WEP key and that they can join. But you really don't know who that person is, you don't know what device they're using. You assume the any device or any person that has WEP key can join. So if someone gets that key that shouldn't have it and they join, the system "authenticates them" but you don't know really their identity, you don't know who they are, you don't know if they're even authorize to join the The network. So that could be considered authentication by some but it's not a really true authentication. It's a really basic form. So just wanting to point that out. Give you a little bit of security theory there so that you can understand what the differences are. And why later on we'll see why true authentication is better. Obviously for wireless networks. Now as I said web implements this basic form of authentication. Typically using password or pass phrase. And its configured on both the hosts. And again you that if the host know that key that pass phrase then it's automatically allowed to join the network. Now WPA and WPA2 can also implement this basic form of authentication as well. In fact, this is called WPA Personal, so if you see that in a list of options on your wireless router, that's what that means, it's basically a shared key. Now WPA and WPA2 also allow for true verified authentication and this is through WPA Enterprise. Typically, this involves some additional security mechanisms or additional infrastructure, things like smart cards, certificates, That may talk to an Active Directory domain, for example. You typically won't see this in a home or small business environment. You'll see it in a middle sized environment or a very large enterprise. So you would use a smart card or a digital certificate to authenticate yourself to the network. And then that would be compared against an Active Directory database, for example. And that will be where true authentication comes in. The data base would confirm that you are who you say you are and you are authorized and allowed to join the network and access resources. So that's the difference and that's it could be implemented. And again we'll discuss some of this a little bit later. This is just basically the time where we tell you what this is and define for you. Now there's several authentication protocols that work with the wireless network to provide. Services such as actual authentication, verified authentication. And some examples that we'll cover a little bit later include EAP, the extensible authentication protocol, PEAP, and also the 802.1X framework. That's an open protocol that allows you to use different authentication methods. And we'll talk about those and how they work with wireless networks. A little bit later on in the course.

3.5 SSID Broadcasting

Over the next couple of sessions, we're going to be discussing some very low levels of security. In fact, we may call those legacy security methods that we still see being used today. And they're of limited value but we'll talk about them and how they're implemented in more modern networks. The first one is SSID or SSID broadcasting. Now the SSID is the Service Set Identifier. And this is the wireless network name that is associated with the wireless access point. SSID is configured on the wireless access point and it broadcasts out it's network name. So whoever joins that network is part of that that network, the SSID. Now, typically on most wireless access points. this is broadcast by default. And what it's designed to do is designed to allow clients to see the network When they searched for wireless networks so they can easily join it. Okay it makes sense it's there for a user's convenience. However it's not necessarily good for security. At least in the older days it probably wasn't. In the old days and I'm talking about the days of 802.11 b and web, web wasn't a very effective. So you used additional security measures such as ssid hiding To hide the wireless network from casual observers. In other words, people who drove around looking for wireless networks would look for networks that were broadcasting their SSID. Now what you would do is, you would stop this broadcasting. You would turn that off on the access point. And that would stop that broadcast out. Now this was of limited effectiveness because what you would see, if you had the right tools, you'd still see a wireless network out there, you just wouldn't see its name. So really it didn't do too much for security. It was security through obscurity which is Been proven to never be effective, really. And it also added the inconvenience of having to tell users specifically what SSID they needed to manually input into their computers. And understand that back then wireless wasn't a widely used technology and new users That used wireless really didn't know how to configure it properly. So it added an extra layer of inconvenience to the user and an extra layer of work for the administrator. And it really wasn't all that effective wireless devices can still detect the network most of the time. So it's a legacy security measure that we added on to compensate for other weaknesses but even it's still wasn't that great. So all we did was hide it or not broadcast it. Now again made it difficult for non-techincal authorized users to connect to the network and it made it a little bit harder for administrators. But it didn't really do anything to deter a determined, technically oriented attacker. If the attacker had the right tools, such as NetStumbler, for example, an older wireless scanning tool. Or even some versions of Windows might still detect the network. They just might not give you the SSID. So you really just didn't know which network you were connecting to, was really all it amounted to. And the attacker may still try to connect to that network to see what they could get out of it. So I have to tell you it's a marginally useful method of security. It wasn't really secure at all. These days you still see some of the old hands in this game. Turning off SSID broadcasting. And that's okay. I mean it doesn't do anything for you, but it probably doesn't do anything to hurt you, either. Because you probably still want to configure all these parameters for the user yourself, if you're a technically minded user. What a lot of people do also is change their SSID name so it doesn't easily trace them back to the individuals using it. In other words If you had a wireless network called Jones, you could probably guess that it belong to Mister and Miss Jones in the neighborhood. So a lot of people change their SSID to something obscure like a series of numbers. Or a weird name or something like that. Some people may even change it, the SSID broadcasting, to something like Donotaccessthisnetwork. So there's all kinds of cute little things you can do. And again, they're marginally useful, very limited effectiveness. So it's really comes down these days to a personal choice. Because there are more advanced better ways to secure your network. And you can make it to the point where ssid broadcasting really doesn't matter whether you do it or not

3.6 MAC Address Filtering

The second legacy security measure that we'll talk about is MAC address filtering. Now let me explain a little bit about what the MAC address is first before we go into that. This is the media access control, or MAC address that is located on the network card itself, both wired and wireless network cards. It's what we call burned into the card, it's actually inside of a chip. So it can't be changed physically. Now this is a 12-digit or 48-bit hexadecimal number that's assigned again to all wireless and wired network cards produced. The first half of this number gives you the indicator of who manufactured the card and the second is a unique number. So theoretically, this number is unique to all wireless and wired cards in the world, only one should have your particular number. We also call this the hardware address. And again, what it does is uniquely identifies the network device. So if you have a computer with a network card in it it uniquely identifies that device. All right, now what MAC address filtering is, means that we go to the wireless access point. And there's a table there. And later on I'll show you how to configure this when we talk about configuring Wireless access points. But there's a table there and what you would do is you would fill in that table with Mac addresses that you either want to block or allow. And you can do this both ways. If you only want to allow certain Mac addresses You put only those in. And you check the little box. And everything else is blocked. So that's called default deny by the way. Only if you are allowed by exception, everything else is blocked. The other way you could do this is to only allow or only block certain ones, and allow everything else. And that's the default allow configuration. Now let me tell you why you'd use either one of those. If ony certain MAC addresses are allowed, that means that maybe you would include only the MAC addresses that are let's say belong to the computers that you know of in your family in your house. That may be five or six you know given tablets, given Laptops, couple computers, and so forth. So you would only allow those, and lock everything else, so that would theoretically prevent any other MAC address from connecting to your wireless network. Makes sense. The other way you would do it, if only certain ones are blocked, that might be a case where you really don't care who joins the network, maybe you have a lot of people coming into your house or small business Frequently so they join the network and lead the network and it would be impossible to keep adding addresses in practical rather to keep adding addresses. But maybe a no that the neighbors kid down the block keeps trying to access your network. So you might specifically block that persons MAC address. So you would try to block only unauthorized ones. People who have been annoying you by trying to connect illegally. Now obviously that would be kind of impossible to keep up with two because you don't know everyone who's trying to connect to you illegally. The other thing about that is that's really default allow and it allows anyone to connect. So, as you can see, either way, this is a problematic thing to keep up with. It makes sense in theory, and it can be helpful in practice as well. Now, the problem with all of this is that this can be very troublesome. You set this on the wireless access point, and every time a new MAC. Joins the network. You might have to go and change the table. Every time you think that someone is trying to attack your network, you might have to go change the table. So this could become a real pain. Especially when wireless clients change very often. Okay? If you have a small business in particular, where a lot of people come and go. Or family members come and go, and you're constantly updating that table, and that can be troublesome. The other thing about this, from a security perspective, is this legacy security measure can be of very limited effectiveness, and here's why. It's actually easy to spoof a MAC address, and basically, when I say spoof, through software It's easy to make the computer broadcast out a different Mac address than the one it really has. So you can actually use this technique to impersonate another computer. So let's say you've only allowed five or six computers. Someone can sniff your network. Determine a Mac address and spoof one of those allowed MAC addresses and get on your network. So it's really not an effective security measure. This is very easy to do with only a little bit of knowledge on both the Windows and in Linux client. Very easy to do. Now does this mean that this security measure is of limited value? Well, sure, but when you combine it with other security measures such as authentication and encryption it might be of some limited value. It probably wouldn't be good enough by itself. So I wouldn't rely on MAC address filtering by itself. To protect your network. But it could mean extra added layer of protection when you're securing your wireless access point. So that's MAC address filtering. And I'll show you how to do that when we actually look at configuring a wireless access point. It's actually very easy to do.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Phone Number*
Job Title*