LESSON 1.

98-367
98-367Security
SecurityFundamentals
Fundamentals

Understand Wireless Security

 LESSON 1.4

98-367 Security Fundamentals

Lesson Overview
How do you secure a wireless network?

In this lesson, you will learn:

 Concepts related to securing a wireless network
 Problems that can arise without security
 LESSON 1.4

98-367 Security Fundamentals

Anticipatory Set
 Open the Network Places on your computer and record the
properties of each connection.
 LESSON 1.4

98-367 Security Fundamentals

Guiding Questions
1. What is the status of each connection?

2. Is the Windows® firewall turned on? Off?

3. What processes run during a “repair”?

 LESSON 1.4

98-367 Security Fundamentals

Wireless Technologies
Wired Equivalent Privacy (WEP)

 The WEP encryption standard has been compromised and is considered

unsafe.
 WEP is an encryption algorithm system included as part of the 802.11
standard, developed by the Institute of Electrical and Electronics
Engineers as a security measure to protect wireless LANs from casual
eavesdropping. WEP uses a shared secret key to encrypt packets before
transmission between wireless LAN devices and monitors packets in
transit to detect attempts at modification. WEP offers both 40-bit and
128-bit hardware-based encryption options.
 LESSON 1.4

98-367 Security Fundamentals

Wireless Technologies – WiFi

 The technology is designed to work with existing Wi-Fi products that

have been enabled with WEP (i.e., as a software upgrade to existing
hardware), but the technology includes two improvements over WEP:
 Improved data encryption through the temporal key integrity protocol
(TKIP). TKIP scrambles the keys using a hashing algorithm and, by
adding an integrity-checking feature, ensures that the keys haven’t been
tampered with.
 User authentication, which is generally missing in WEP, through the
extensible authentication protocol (EAP). WEP regulates access to a
wireless network based on a computer’s hardware-specific MAC
address, which is relatively simple to be sniffed out and stolen. EAP is
built on a more secure public key encryption system to ensure that only
authorized network users can access the network.
 LESSON 1.4

98-367 Security Fundamentals

Wireless Technologies
Service Set Identifier (SSID)
 A 32-character unique identifier attached to the header of packets sent
over a WLAN that acts as a password when a mobile device tries to
connect to the BSS (the communicating stations, or nodes, on a
wireless LAN).
 The SSID differentiates one WLAN from another, so all access points
and all devices attempting to connect to a specific WLAN must use the
same SSID. A device will not be permitted to join the BSS unless it can
provide the unique SSID.
 Because an SSID can be sniffed in plain text from a packet it does not
supply any security to the network. An SSID is also referred to as a
network name because essentially it is a name that identifies a wireless
network.
 LESSON 1.4

98-367 Security Fundamentals

Class Activity
Can you find and identify a rogue (unauthorized) Wi-Fi access
point? What tools would you use? Recommend?
 LESSON 1.4

98-367 Security Fundamentals

Lesson Review

 Who can change the level of encryption on a wireless access point?

 What is the highest level of wireless security?
 What is the advantage of changing the SSID?