Disabling Unused Connections

Study Notes
Wireless Access Security
Disabling Unused Connections
As with any service or device, if a wireless adapter is not being
used, it is best to disable it or turn the device off, just to protect
against the connection being misused. Most notebooks have a
button or Fn key shortcut to turn off the wireless adapter.
Alternatively, you can use the adapter's configuration software, or
just disable the device through Device Manager or CMOS Setup.
Follow this rule for any type of unused connection: IrDA,
Bluetooth, wired LAN, and so on.
Stress the importance of
disabling unused
connections and services.
e
It is also vital to periodically survey the site to detect rogue APs
("white hat" war driving). If connected to a LAN without security, an
unauthorized AP creates a very welcoming backdoor through which
to attack the network. A rogue AP could also be used to capture
user log in attempts.
www.youtube.com/watch?v
=bHg7qwbFcT0
Sa
m
pl
A rogue AP masquerading as a legitimate one is called an
"Evil Twin" or sometimes "Wiphishing". An evil twin might
just have a similar name (SSID) to the legitimate one or
the attacker might use some DoS technique to overcome
the legitimate AP. This attack will not succeed if
authentication security is enabled on the AP (unless the
attacker also knows the details of the authentication
method).
One solution is to ensure the use of 802.1X security so that APs
and clients must perform mutual authentication. There are also
various scanners and monitoring systems designed to detect rogue
APs, including NetStumbler and Kismet.
Jamming (Interference)
As mentioned above, a wireless network can be disrupted by
interference from other radio sources. These are often unintentional
but it is also possible for an attacker to purposefully jam an access
point. This might be done simply to disrupt services or to position
an "evil twin" AP on the network with the hope of stealing data.
www.youtube.com/watch?v
=q7VM-h-1VBw
A Wi-Fi jamming attack can be performed by setting up an AP with
a stronger signal. Wi-Fi jamming devices are also widely available
(though they are often illegal to use and sometimes to sell). Such
devices can be very small but the attacker still needs to gain fairly
close access to the wireless network.
No part of these notes may be reproduced in any form, electronic or printed, without the written permission
of a director of gtslearning International Limited. If you suspect that these notes have been unlawfully copied,
please telephone +44 (0)207 887 7999 or email [email protected]
Page 295
Module 4 / Unit 5
CompTIA Security+ Certification Support Skills (2011 Objectives)
The only ways to defeat a jamming attack are either to locate the
offending radio source and disable it or to boost the signal from the
legitimate equipment. AP's for home and small business use are
not often configurable but the more advanced wireless access
points, such as Cisco's Aironet series, support configurable power
level controls 129. Enterprise models usually also support RF sweep
scanning for rogue APs.
Bluetooth
www.youtube.com/watch?v
=eyR2LofIKKI
e
pl
Bluetooth PCMCIA card in a
notebook computer
As a radio-based technology, Bluetooth does not require line of
sight. It is quoted to work at distances of up to 10 meters (30 feet)
for Class 2 devices or 1 meter (3 feet) for Class 3 devices.
Bluetooth is limited to speeds of about 1 Mbps 130.
m
Bluetooth vulnerabilities are
mostly derived from
research projects rather
than actual threat sources
but the risk is likely to
increase.
Devised by Ericsson Mobile
Communication, Bluetooth is a shortrange 2.4 GHz FHSS radio-based
wireless communications system to be
found on an increasing number of
devices, such as cell phones and
laptops. It is used to implement
peripheral device connectivity in a
Personal Area Network (PAN).
Sa
Bluetooth devices have their own security issues, summarized
below:
■
Device discovery - a device can be put into discoverable mode
meaning that it will connect to any other Bluetooth devices
nearby. Unfortunately, even a device in non-discoverable mode
is quite easy to detect.
129
Simply increasing power output is not always reliable. As you increase power, you
also increase the chance of the signal bouncing, causing more interference, especially
if there are multiple APs. Also, the client radio power levels should match those of the
AP or they may be able to receive signals but not transmit back so power levels are
best set to autonegotiate. You should also be aware of legal restrictions on power
output - these vary from country-to-country.
130
Devices supporting the Bluetooth 2.0 (Enhanced Data Rate [EDR]) standard have a
maximum transfer rate of 3 Mbps. There are also Class 1 devices that work at a range
of 100m but these are restricted to industrial applications.
Page 296
No part of these notes may be reproduced in any form, electronic or printed, without the written permission
of a director of gtslearning International Limited. If you suspect that these notes have been unlawfully copied,
please telephone +44 (0)207 887 7999 or email [email protected]
`