{"id":179,"date":"2015-09-03T02:06:03","date_gmt":"2015-09-03T02:06:03","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=179"},"modified":"2015-09-06T20:13:34","modified_gmt":"2015-09-06T20:13:34","slug":"ccent-4-s01-e17-wireless-securing-and-implementing-wireless-networks","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=179","title":{"rendered":"CCENT 4 S01 E17 \u2013 Wireless: Securing and Implementing Wireless Networks"},"content":{"rendered":"<h3>Understanding the Dangers of Wireless Networks<\/h3>\n<ul>\n<li>Wardriving: Driving around an area looking for open networks.<\/li>\n<li>Hackers: People looking to steal information or simply perform malicious behavior.<\/li>\n<li>Employees: Companies that block Wi-Fi trying to create security, but employees create their own to enable wi-fi functionality.<\/li>\n<\/ul>\n<h3>Wireless Security<\/h3>\n<h4>Authentication<\/h4>\n<ul>\n<li>Require Username and Password<\/li>\n<li>May limit to specific devices<\/li>\n<li>May require device to present a authentication certificate<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h4>Encryption<\/h4>\n<ul>\n<li>Everything sent over the network will be encrypted and scrambled<\/li>\n<\/ul>\n<h4>Intrusion Prevention System (IPS)<\/h4>\n<ul>\n<li>Used to detect rogue wireless access systems<\/li>\n<li>Will shutdown switchport it is connected to and\/or<\/li>\n<li>Notify System Admin of the system.<\/li>\n<\/ul>\n<h3>Encryption and Authentication Combinations<\/h3>\n<p>Originally: Pre-shared Key WEP (bad)<\/p>\n<ul>\n<li>Key is created on WAP (Wireless Access Point) and shared with users (Like a password).<\/li>\n<li>Several known attacks to break through encryption keys.<\/li>\n<li>Ex-employees would retain key or entire company would need to &#8220;re-key&#8221; with personnel changes.<\/li>\n<li>Pre-shared keys should be rotated on a monthly basis.<\/li>\n<\/ul>\n<p>Evolution #1: Pre-shared Key WPA (WPA1)<\/p>\n<ul>\n<li>Interim solution that used existing hardware.<\/li>\n<li>Uses encryption TKIP &#8211; much better<\/li>\n<\/ul>\n<p>Evolution #2: WPA(1) and 802.1x Authentication<\/p>\n<ul>\n<li>802.1x is a standard for authenticating who you are.<\/li>\n<li>Device would pass USERNAME and PASSWORD to access point.<\/li>\n<li>Access Point would check these against a control server that would confirm or deny.<\/li>\n<li>Access Point and Device will then generate a set of encryption keys for the session.<\/li>\n<\/ul>\n<p>Evolution #3: WPA2 (802.11i) and 802.1x<\/p>\n<ul>\n<li>WPA2 became 802.11i standard<\/li>\n<li>Encryption method known as AES<\/li>\n<li>Can be combined with Authentication for perfect security.<\/li>\n<li>Still allows WPA1 PSK (Pre-shared Keys)<\/li>\n<\/ul>\n<h3>Understanding the Service Set Identifier (SSID )<\/h3>\n<p>The SSID:<\/p>\n<ul>\n<li>Uniquely identifies and separates wireless networks<\/li>\n<li>Essentially your Network Name<\/li>\n<\/ul>\n<p>When a Wireless Client is enabled:<\/p>\n<ol>\n<li>Client issues a probe: &#8220;Hey, who&#8217;s out there?&#8221;<\/li>\n<li>Access Point(s) respond with a beacon: &#8220;I&#8217;m here, my name is Public&#8221;<\/li>\n<li>Client associates with chosen SSID<\/li>\n<li>Access Point adds client MAC to Association Table<\/li>\n<\/ol>\n<h3>Correct Design of a WLAN<\/h3>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2015\/09\/waprepeater.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-180\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2015\/09\/waprepeater.png\" alt=\"waprepeater\" width=\"1096\" height=\"450\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2015\/09\/waprepeater.png 1096w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2015\/09\/waprepeater-300x123.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2015\/09\/waprepeater-1024x420.png 1024w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2015\/09\/waprepeater-150x62.png 150w\" sizes=\"auto, (max-width: 1096px) 100vw, 1096px\" \/><\/a><\/p>\n<ul>\n<li>RF Service areas should have 10% &#8211; 15% overlap.\u00a0 (Can use a sniffer program to tell you how strong a signal is.)<\/li>\n<li>Repeaters should have 50% overlap.\u00a0 (Will take an existing signal and &#8220;extend&#8221; it)<\/li>\n<li>Bordering Access Points should use different channels. (In example above from Left to Right: Channel 1, 6, 11)<\/li>\n<\/ul>\n<h3>Understanding the Terms<\/h3>\n<ul>\n<li>Basic Service Set (BSS): A single access point and its service (coverage) area.\u00a0 (Left example)<\/li>\n<li>Extended Service Set (ESS): Two or more BSS (Full Network above)<\/li>\n<li>Roaming: Client moves between BSS without dropping connection only possible with Extended Service Sets.<\/li>\n<\/ul>\n<h3>Setting Up a Wireless Network<\/h3>\n<ul>\n<li>Pretest switch port with laptop (DHCP, DNHS, etc.)<\/li>\n<li>Connect WAP (Wireless Access Point)<\/li>\n<li>Setup and test ssid with no security<\/li>\n<li>Add and test security (Pre-shared Key (WEP, WEP2))<\/li>\n<li>Add and test Authentication (802.1x) [Using Server with Usernames and Passwords]<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Understanding the Dangers of Wireless Networks Wardriving: Driving around an area looking for open networks. Hackers: People looking to steal information or simply perform malicious behavior. Employees: Companies that block Wi-Fi trying to create security, but employees create their own to enable wi-fi functionality. Wireless Security Authentication Require Username and Password May limit to specific ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=179\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,2,4],"tags":[],"class_list":["post-179","post","type-post","status-publish","format-standard","hentry","category-ccent","category-networking","category-wireless"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=179"}],"version-history":[{"count":4,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/179\/revisions"}],"predecessor-version":[{"id":186,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/179\/revisions\/186"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}