Chapter 11 - 04 - Discuss and Implement Wireless Network Security Measures - 03_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCRED
Tags
Related
- Chapter 11 - 01 - Understand Wireless Network Fundamentals - 04_ocred.pdf
- Combined Question Set - Past Paper PDF
- ITAPP-PRESENTATION-MIDTERM-2 PDF
- Computer Network Security and Attacks on Wireless Sensor Network, Hacking Issues PDF
- Computer Security Module 13, Saudi Electronic University 2011-1432 PDF
- Secure Networks Chapter 4-3 PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Wireless Network Security...
Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Selecting a Strong Wireless Encryption Mode Orxder of preference for O A strong wireless encryption mode choosing an encryption mode: should be selected for the wireless network 01 R 02 WPA2 Enterprise with RADIUS LINKSYS® A Division of Osco Systoms, Inc.. inc. ' Fumware Vervion: v 00.0 Fmware 03 WPAZ Entefpl'lse Wircloss G Broadband Router Wircless WRTBAG WRTSAG Wireless , Seculy pniciens puiciens hGamng 04 WPA2 PSK Vrolom Wrelom Socurty Securlty 1 Wrokm MAC Fller | secujvoe [Oiabied ] 7] 05 WPA Enterprise Disabled WPA Personal WPA Enterprise WPAZ Enterprize 06 WPA RADIUS WEP CiscoSrarimy CiscaSrarimg Save Setlings m 02 WEP Copyright © by EC-Council All Rights Reserved. Reproduction is Stricly Prohibited. Selecting a Strong Wireless Encryption Mode A strong wireless encryption mode should be used for keeping the wireless network safe from various types of attacks. There are various encryption modes that can be used for an organization’s wireless network. LINKSYS® A Division of Cisco Systems, Inc. Firmware Version: v8.00.0 Wireless-G Broadband Router WRT54G %. — F— Wireless - Access Applications Setup Wireless Security Restrictions & Gaming Administration | Basic Wireless Settings Basic Wireless Settings || WirelessSecurity Wireless Security || WiWi MAC MAC Fiter Fiter || Advanced Wireless Settings Wireless Security Securnity Mode: You may Secunity Security Mode: Disabled v | m f.r:'flwglAllE:l:flpW:; : f.':'flwglAllE:l:flp Disabled WPA2 Personal, WPA2 WPA Personal l '“p':m::mu '“’:’:;::D'u S, l "::' n::' WPA Enterprise use the same security mode in WPA2 Enterprise order i=fo commuricae. RADIUS WEP | Cisco SysTems Cancel Changes Figure 11.17: Selecting wireless encryption mode Module 11 Page 1465 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Order of preference for choosing an encryption mode 1. WPA3 WPA2 Enterprise with RADIUS Rl WPA2 Enterprise WPA2 PSK WPA Enterprise AU WPA Ll U 7. WEP Order of preference for choosing a Wi-Fi security method 1. WPA3 WPA2 + AES RN WPA + AES WPA + TKIP/AES e L LEE WPA + TKIP WEP A oN B Open Network (no security at all) Module 11 Page 1466 EG-Gotmeil Certified Cybersecurity Technician Copyright © by EG-Gommeil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Defending Against WPA Cracking Select a random passphrase that is not made up of dictionary words DP00000 Select a complex passphrase which contains a minimum of 20 characters and change the passphrase at regular intervals Use WPA3 /WAP2 encryption only Set the client settings properly (e.g., validate the server, specify the server address, do not prompt for new servers, etc.) Use a virtual private network (VPN) such as a remote access VPN, Extranet VPN, Intranet VPN, etc. Implement a network access control (NAC) or network access protection (NAP) solution for additional control over end-user connectivity R Defending Against WPA Cracking The only way to crack WPA is to sniff the password pairwise master key (PMK) associated with the “handshake” authentication process. If this password is extremely complicated, it might be almost impossible to crack. The following countermeasures can help a user to defeat WPA cracking attempts: Select a random passphrase that is not made up of dictionary words. Select a complex passphrase which contains a minimum of 20 characters and change the passphrase at regular intervals Use WPA3 /WAP2 encryption only Set the client settings properly (e.g., validate the server, specify the server address, do not prompt for new servers, etc.) Use a virtual private network (VPN) such as a remote access VPN, Extranet VPN, Intranet VPN, etc. Implement a network access control (NAC) or network access protection (NAP) solution for additional control over end-user connectivity Do not use words from the dictionary. Do not use words with numbers appended at the end. Do not use double words or simple letter substitution such as p@55wOrd. Do not use common sequences from your keyboard such as qwerty. Do not use common numerical sequences. Avoid using personal information in the key/password. Module 11 Page 1467 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security A WPA password should be constructed according to the following rules: = |t should have a random passphrase. = |t should have at least 12 characters in length. = |t should contain at least one uppercase letter. = |t should contain at least one lowercase letter. = |t should contain at least one special character such as @ or ! = |t should contain at least one number. Module 11 Page 1468 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security Detecting Rogue Access Points Wireless Scanning Wired Network Scanning smg: :mm:mfl ++» Performs a wireless network %+ Use network scanners such as %+ Use the SNMP to identify the IP scanning to detect the presence Nmap to identify APs on the devices attached to the wired of wireless APs in the vicinity network. This will help in network locating rogue devices on the % Discovery of an AP not listed in «+ Use the SNMP detection utilities wired network the wireless device inventory such as SolarWinds SNMP indicates the presence of a rogue scanner, Lansweeper SNMP AP «» Use wireless discovery tools such VA scanner, etc., to identify the SNMP-enabled devices on the network as inSSlIDer, NetSurveyor, NetStumbler, Vistumbler, Kismet, etc., to detect wireless networks JOR S 0) Note: To use SNMP polling, the SNMP service on all IP devices in the network should be enabled. Detecting Rogue Access Points A wireless AP is termed as a rogue AP when it is installed on a trusted network without authorization. An inside or outside attacker can install rogue APs on a trusted network for their malicious intent. Types of Rogue APs 1. Wireless router connected via a “trusted” interface 2. Wireless router connected via an “untrusted” interface 3. Installing a wireless card into a device that is already on a trusted LAN 4. Enabling wireless on a device that is already on a trusted LAN The methods mentioned below should be used for detecting wireless networks in the vicinity of the network and the detected wireless APs should be compared with the wireless device inventory for the environment. If an AP that is not listed in the inventory is found, it can generally be considered as a rogue AP. = Wireless scanning: It performs an active wireless network scanning to detect the presence of wireless APs in the vicinity. It helps in detecting unauthorized or hidden wireless APs that can be malicious. Discovery of an AP not listed in the wireless device inventory indicates the presence of a rogue AP. You can use wireless discovery tools such as inSSIDer, NetSurveyor, NetStumbler, Vistumbler, Kismet, etc., to detect wireless networks. * Wired network scanning: Wired network scannerssuch as Nmap are used for identifying a large number of devices on a network by sending specially crafted TCP Module 11 Page 1469 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Wireless Network Security packets to the device (Nmap-TCP fingerprinting). It helps locate rogue APs attached to a wired network. * Simple Network Management Protocol (SNMP) polling: Simple network management protocol (SNMP) polling is used for identifying the IP devices attached to a wired network. SNMP detection utilities such as SolarWinds SNMP Scanner, Lansweeper, etc., can be used for identifying SNMP enabled devices on the network. Note: To use SNMP polling, the SNMP service on all IP devices in the network should be enabled. Module 11 Page 1470 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.