Lecture presented by Chito N. Angeles at PAARL's Conference on the theme "The Power of Convergence: Technology and Connectivity in the 21st Century Library and Information Services" held on Nov. 11-13, 2009 at St Paul College, Pasig City
Securing the Use of Wireless Fidelity (WiFi) in Libraries
1. Securing the Use of Wireless
Fidelity (WiFi) in Libraries
Chito N. Angeles
“The Power of convergence: Technology and Connectivity in the 21st
Century Library and Information Services”
2. Wireless Telecommunications
Traditional Wireless Networks (TWNs)
Using mobile phones
Designed as a WAN technology
Supports voice and data communication
Fixed infrastructure
3. Wireless Telecommunications
Wireless Local Area Networks (WLANs)
“Wireless Ethernet” technology
e.g., laptops with wireless Ethernet
Enabled communication within LANs
Supports voice and data communication
Fixed infrastructure – using Wireless
“Access Points”
IEEE 802.11 standard as backbone
4. Wireless Telecommunications
Mobile Ad-hoc Networks (MANETs)
Mobile, “short-live” networks
Formed on “as-needed” (ad hoc) basis
e.g., mobile devices with Bluetooth
Operate in the absence of fixed
infrastructure
Nodes are free to move
5. What is WiFi?
Short for wireless fidelity, is the Wi-Fi
Alliance's name for a wireless standard,
or protocol, used for wireless
communication.
The Wi-Fi Alliance is a not-for-profit
organization that certifies the
interoperability of wireless devices built
around the IEEE 802.11 standard.
6. What is WiFi?
• Unlike many other wireless standards,
802.11 runs on "free" portions of the
radio spectrum (2.4GHz and 5GHz).
• Unlike cell phone communications, no
license is required to broadcast or
communicate using 802.11
8. Access Point (AP)
Consists of a radio transmitter and
receiver as well as an interface to a
wired network or directly to the
Internet.
Serves as a base station and a bridge
between the wireless network and a
larger Ethernet network or the Internet
(as in the case of wireless routers).
9. WiFi Hotspot
The term "hotspot" refers to the area or
physical location where an Access Point
is made accessible to users with Wi-Fi
enabled devices.
Typically found in coffee shops, airports,
hotels, malls, and increasingly, in
libraries.
10. What is IEEE 802.11?
A set of standards carrying out wireless
local area network (WLAN) computer
communication in the 2.4, 3.6 and 5GHz
radio frequency bands.
Produced and maintained by the Institute
of Electrical and Electronic Engineers
(IEEE).
11. Wireless Network Mode
802.11a (1999)
Transmits at 5 GHz and can move up to
54 megabits of data per second.
Also uses orthogonal frequency-division
multiplexing (OFDM), a more efficient
coding technique that splits radio signal
into several sub-signals before they reach
a receiver. This greatly reduces
interference.
12. Wireless Network Mode
802.11b (1999)
The slowest and least expensive
standard. For a while, its cost made it
popular, but now it's becoming less
common as faster standards become less
expensive.
Transmits in the 2.4 GHz frequency band
of the radio spectrum.
It can handle up to 11 megabits of data
per second.
13. Wireless Network Mode
802.11g (2003)
Transmits at 2.4 GHz like 802.11b, but it's
a lot faster.
It can handle up to 54 megabits of data
per second.
802.11g is faster because it uses the
same coding technique (OFDM) as
802.11a.
14. Wireless Network Mode
802.11n (2009)
The newest standard that is widely available.
This standard significantly improves speed and
range. For instance, although 802.11g
theoretically moves 54 megabits of data per
second, it only achieves real-world speeds of
about 24 megabits of data per second because
of network congestion. 802.11n, however,
reportedly can achieve speeds as high as 140
megabits per second.
15. Service Set Identifier (SSID)
Public name of a WLAN
All wireless devices on a WLAN must
employ the same SSID in order to
communicate with each other.
SSID is set on the Access Point and
broadcast to all wireless devices in range.
SSID is case sensitive; consists of a
sequence of alphanumeric characters;
has a maximum length of 32 characters.
17. Computer Security
The protection of personal or confidential
information and/or computer resources
from individual or organizations that
would willfully destroy or use said
information for malicious purposes.
18. WLAN Security Requirements
Authentication – control or limit access to
the network.
Confidentiality – prevent unauthorized
disclosure of data;
Data Integrity – ensure that packets have
not been modified in transit.
19. Access Point Authentication
Open authentication
Does not do any checks on the identify of
the station.
The AP Allows any station to join the
network.
Shared authentication
Based on the challenge-response system.
Stations share a secret key.
20. Security Problems, Risks, threats
Eavesdropping
Intercepting information that is
transmitted over the WLAN
The information intercepted can be read if
transmitted in the clear, or easily
deciphered if poor encryption is used.
21. Security Problems, Risks, threats
Traffic analysis
The attacker gains information by
monitoring wireless transmissions for
patterns of communication and data flow
between parties, and deciphers encrypted
traffic that has been captured.
Traffic analysis can result in the
compromise of sensitive information.
22. Security Problems, Risks, threats
Data Tampering
The information transmitted over the
WLAN can be deleted, replayed, or
modified by the attacker via man-in-the-
middle attack.
This can result in a loss of data integrity
and availability.
23. Security Problems, Risks, threats
Masquerading
The attacker gains unauthorized access to
the information and network resources
within the WLAN or other interconnected
network by impersonating an authorized
user.
24. Security Problems, Risks, threats
Denial of Service (DoS)
The attacker can jam the entire frequency
channel that is used for wireless data
transmission using a powerful signal
generator, microwave, or a massive
amount of broadcasted network traffic
from a rogue wireless device.
25. Security Problems, Risks, threats
Wireless Client Attacks
The attacker can potentially gain access to the
information shared or stored in the wireless
client when it is connected to an unprotected
Ad Hoc WLAN or an untrustworthy third-party
WLAN.
Additionally, the compromised wireless client
can potentially serve as a bridge to the internal
network, thus allowing a perpetrator to gain
access to or launch attacks against the internal
corporate network and its resources.
26. Security Problems, Risks, threats
Rogue Access Points
an unauthorized wireless AP within a wireless
network.
Once a rogue AP without a security feature has
been installed, an intruder can get unauthorized
access to the entire network.
Rogue APs usually use the same SSID as the
legitimate network it mimics.
A rogue AP can then accept traffic from wireless
clients to whom it appears as a valid
authenticator.
In this way, a rogue AP can seriously harm a
network.
27. Security Problems, Risks, threats
Man-in-the-middle Attack
a form of active eavesdropping in which
the attacker makes independent
connections with the victims and relays
messages between them, making them
believe that they are talking directly to
each other over a private connection
when in fact the entire conversation is
controlled by the attacker.
28. Security Problems, Risks, threats
Piggybacking
If you fail to secure your wireless
network, anyone with a wireless-enabled
computer within range of your wireless
access point can hop a free ride on the
internet over your wireless connection.
29. Security Problems, Risks, threats
Unauthorized Computer Access
An unsecured wireless network combined
with unsecured file sharing can spell
disaster.
Under these conditions, a malicious user
could access any directories and files you
have allowed for sharing.
30. Security Problems, Risks, threats
Evil Twin Attacks
Attacker gathers information about a public
access point, then sets up his or her own
system to impersonate the real access point.
The attacker will use a broadcast signal
stronger than the one generated by the real
access point.
Unsuspecting users will connect using the
stronger, bogus signal.
Because the victim is connecting to the internet
through the attacker’s system, it’s easy for the
attacker to use specialized tools to read any
data the victim sends over the internet.
31. Security Problems, Risks, threats
Wireless Sniffing
Many public access points are not secured, and
the traffic they carry is not encrypted.
This can put your sensitive communications or
transactions at risk.
Because your connection is being transmitted
“in the clear,” malicious users can use “sniffing”
tools to obtain sensitive information such as
passwords, bank account numbers, and credit
card numbers.
32. Security Problems, Risks, threats
War-Driving
Driving around a city searching for the
existence of Wireless LAN (802.11)
Networks.
It's locating and logging wireless access
points while in motion.
Often, this task is automated using
dedicated wardriving software and a GPS
Device.
33. WLAN Security: Myths
SSID Hiding
There’s no such thing as “SSID hiding”.
There are 4 other mechanisms that also
broadcast the SSID over the 2.4 or 5 GHz
spectrum.
Might cause problems for WiFi roaming
when a client jumps from AP to AP.
Hidden SSID also makes WLAN less user-
friendly.
34. WLAN Security: Myths
MAC Filtering
The MAC address is just a 12-digit long
HEX number that can be viewed in clear
text with a sniffer.
Once the MAC address is seen in the
clear, it takes about 10 seconds to cut &
paste a legitimate MAC address in to the
wireless Ethernet adapter settings and the
whole scheme is defeated (“spoofing”).
35. WLAN Security: Myths
Disabling DHCP (routers)
DHCP allows the automatic assignment of
IP addresses and other configurations.
Disabling DHCP has zero security value
and is just a waste of time.
It would take a hacker about 10 seconds
to figure out the IP scheme of any
network and simply assign their own IP
address.
36. WLAN Security: Myths
Antenna Placement
Putting Access Points in the center of the
building and putting them at minimal power.
Antenna placement does nothing to deter
hackers. Remember, the hacker will always
have a bigger antenna than you which can
home in on you from a mile away.
Making a wireless LAN so weak only serves to
make the wireless LAN useless.
Antenna placement and power output should be
designed for maximum coverage and minimum
interference. It should never be used as a
security mechanism.
37. Best Practices
Securing your WiFi Access Point / Router
Change the SSID of your product
Change the Default Password
For network administrators, periodically
survey your site using a tool like
“NetStumbler” to see if any “rogue”
access points pop up.
Don’t buy access points or NICs that only
support 64-bit WEP.
38. Best Practices
Securing your WiFi Access Point / Router
Disable remote administration. Use this
feature only if it lets you define a specific
IP address or limited range of addresses
that will be able to access the router.
Unless you absolutely need this capability,
it's best to keep it turned off.
39. Best Practices
Choose a good password
Avoid dictionary words or other well-
known sequences.
Use a combination of alphanumeric
characters, upper and lower case letters
and special symbols.
Use long passwords
40. Best Practices
Use file-sharing with caution
If you don’t need to share directories and
files over your network, you should
disable file sharing on your computers.
Keep Your Access Point Software Patched
and Up to Date
Check the manufacturer’s web site
regularly for any updates or patches for
your device’s software.
41. Best Practices
Enable firewall on each computer and the
router.
Turn-off networks during extended
periods of non-use.
The ultimate in wireless security
measures, shutting down your network
will most certainly prevent outside
hackers from breaking in.
42. Best Practices
When using public WiFi, avoid:
online banking
online shopping
sending email
typing passwords or credit card numbers
43. Security Measures / Best Practices
Other Technologies that can be implemented
to secure wireless networks:
Antivirus software
Intrusion and detection systems
Vulnerability assessment Tools
Web Access Control (WAC)
Wireless firewall gateways
Personal firewalls
Content Filtering (spam filter, proxy, OpenDNS)
Hard Drive encryption (e.g., TrueCrypt)
44. Advanced Wireless Security
Enable WiFi Protected Access (WPA) instead of
Wired Equivalency Privacy (WEP)
WEP encryption has well known weaknesses
that make it relatively easy for a determined
user with the right equipment to crack the
encryption and access the wireless network.
WPA provides much better protection and is
also easier to use, since your password
characters aren't limited to 0-9 and A-Z as they
are with WEP.
45. Advanced Wireless Security
Wireless Gateway
Provides secure authentication
All access is via Secure Socket Layer
(SSL) secured Web interface
Sample software
Connect Manager
Dolphin
46. Advanced Wireless Security
Use End-to-End Encryption
Means that the whole conversation is
encrypted, from your PC to the service
you’re talking to.
Examples:
Secure Socket Layering (SSL) – provides
private communication/conversation with
web servers.
Secure SHell (SSH) – allows remote login
to another computer
47. Advanced Wireless Security
Implement Virtual LAN (VLAN)
VLAN refers to a group of logically
networked devices on one or more LANs
that are configured so that they can
communicate as if they were attached to
the same wire, when in fact they are
located on a number of different LAN
segments.
49. Advanced Wireless Security
Use Virtual Private Network (VPN)
technology
All traffic goes through a single encrypted
connection.
50. Advanced Wireless Security
Using Remote Authentication Dial In User
Service (RADIUS)
a networking protocol that provides
centralized Authentication, Authorization,
and Accounting management for
computers to connect and use a network
service.