Securing networks

Unit objectives:
Secure wired networks
Secure wireless networks
Topic A
Topic A: Securing wired networks
Topic B: Securing wireless networks
Security issues
Built-in management interfaces
Firmware and OS weaknesses
Physical attacks
Overcoming weaknesses
Change default passwords
Enable MAC filtering
Assign static IP addresses
Disable unneeded features/ports
Apply updates regularly
Restrict physical access
Topic B
Topic A: Securing wired networks
Topic B: Securing wireless networks
Security risks
Devices can be lost or stolen
Session hijacking
Man-in-the-middle attacks
Rogue AP
WAP has no default security
Broadcasts make breaking in easy
IEEE and the Wi-Fi Alliance developed
standards for user authentication and
media access control
Additional risks
Detectable radio-frequency traffic
Data is passed in plain text form
Encryption isnt always strong
WEP
One-way authentication mechanism
One-way open broadcast client
connection
War driving
War chalking
Wireless access control
Administrative access
Physical security
User names and passwords
SSID settings
Changing defaults
Disabling SSID broadcast
Client access control
MAC address filtering
Static IP addresses
Authentication
802.1x authentication process
Transmission encryption
WEP
WPA/WPA2 Personal
WPA2
WPA/WPA2 Enterprise
RADIUS
802.11i
Additional WAP security
Isolation
AP isolation
Network isolation
Radio coverage
Antenna placement
Radio power levels
Maintenance
Firmware updates
Authorized client lists
Periodic site surveys
Unit summary
Secured wired networks
Secured wireless networks