- 2.4.1 Wireless Networking
- 2.4.2 Basic Wireless Security
- 2.4.3 Encryption (WEP, WPA, WPA2)
- 2.4.4 Wireless Authentication
- 2.4.5 Wireless Signal Propagation
- 2.4.6 Wireless Network Equipment
2.4.1 Wireless Networking
WiFi standards are required so that any wireless device can connect to any wireless network around the world.
WiFi uses transmitters and receivers in place of cables and connectors.
WAPs (Wireless Access Points) connect wireless networks to wired networks.
- 802.11 (1997) 2Mbps
- 802.11b (1999) 11 Mbps
- 802.11g (2003) 22 Mbps
- 802.11n (2009) 600 Mbps
- 802.11ac (2014) 1 Gbps+
- 802.11ax (2019) 3.5 Gbps+
EXAM TIP: WiFi signals travel over open airways and can be picked up by anyone with a suitable antenna and receiver.
2.4.2 Basic Wireless Security
HIDE SSID – Wireless networks generally broadcast their Service Set Identifier (SSID – network name). You can stop it from broadcasting. This isn’t foolproof but it does help as anyone scanning for networks wont see your network.
MAC Filtering – only allow specific MAC addresses to connect to your network. this isn’t a great option though for 2 reasons:
1. its time consuming to keep this up to date
2. Skilled attackers can spoof their MAC address to bypass filtering.
VPN’s – when using a public network (Airport, MacDonald’s etc…) it might be wise to connect to a VPN and tunnel your traffic though that. That way, if someone is eavesdropping they cant see what you are doing.
2.4.3 Encryption (WEP, WPA, WPA2)
This also got covered in section 1.3. Go here for more notes on this: https://www.spktechfit.com/?p=122#138_Wireless_Attacks
2.4.4 Wireless Authentication
This is the most basic approach to authentication. Users need a password to join the network. 8-13 ASCII characters are converted to a 256-bit encryption key using PBKDF2 (Password Based Key Derivation Function).
NOTE: in the video he said that this will be discussed more in the encryption section of the course.
Limitations of PSK:
- Changing the key is a tremendous burden for users. Particularly if it is a large organisation and users have a number of devices.
- Identifying users or revoking users access is impossible. EG: if a person leaves the company you can’t prevent them form accessing the network if they have the pre shared key.
This uses a username and password to authenticate using the RADIUS protocol. This uses EAP (Extensible Authentication Protocol).
There are 3 versions of EAP:
- Lightweight EAP (LEAP): this was created by CISCO and relies on the MS-CHAP protocol. this is not a secure approach to authentication and should not be used.
- EAP: Broad framework with many variants, some secure and some not. EG: EAP-TLS (EAP Transport Layer Security) is secure as it uses TLS to protect authentication sessions. EAP-TTLS uses Tunnelled TLS(TTLS) to protect authentication sessions. EAP-FAST (Flexible Authentication via Secure Tunnelling) uses a secure CISCO protocol. On the other hand, the EAP-MD5 protocol is not secure.
- Protected EAP (PEAP): This takes EAP and protects it inside a tunnel in an encrypted TLS session.
2.4.5 Wireless Signal Propagation
Building materials, placement of aerials, wireless power can all effect the propagation of signals.
there are 2 basic categories of antennas:
- Omnidirectional – these send a signal in all directions in a donut style pattern
- Directional – these direct all of the power from an access point in a single direction. This greatly increases the range of the network. An example of using this is when creating a point to point network between two buildings.
This is an 802.11ac feature that “steers” a network signal in the direction of client devices. It is like virtual directional antenna that can shift as needed based on where the clients are located.
Manipulating power levels modifies wireless signal range.
2.4.6 Wireless Network Equipment
Fat APs: these contain all of the hardware and software needed to operate a wireless network
Thin APs: these rely upon wireless controllers for configuration and to serve as the “brains” of the network
Wireless Controllers: these manage configurations, optimise performance and reduce interference of Access Points
These can be used to search for rogue networks in an organisation and to test security of those networks. Aircrack-NG is a tool that can be used for testing wireless security.