EDTECH 552, lab 5

Lab 5 assignment check list o o 5.9 Q 5.9.1 Q 5.9.2

EDTECH 552, lab 5

5.1 Configuring Wireless Network Objectives Create a security plan for a home or small business network. Configure the wireless access point (AP) portion of a multi-function device using security best practices.

Background/Preparation A well-planned security implementation is critical to the safety of a wireless network. This lab reviews the steps that you must take to ensure the safety of the network using the following scenario. You have just purchased a Linksys WRT300N wireless router, and you want to set up a small network in your home. You selected this router because the IEEE 802.11n specification claims that it has 12 times the speed of an 802.11g and 4 times the range. Because the 802.11n uses 2.4 GHz, it is backward compatible with both the 802.11b and 802.11g and uses multiple-in, multipleout (MIMO) technology. You should enable security mechanisms before connecting your multi-function device to the Internet or any wired network. You should also change the default values provided because they are well-known values that are easily obtainable on the Internet. The following resources are required: Windows-based computer A Linksys Router and a Straight-through Ethernet cable or Packet Tracer Simulator

If you dont have a wireless router at home, please read the 5.2 instruction to create a simple wireless environment in packet tracer.

Overview The following video provides an overview of the administration interface of Linksys wireless router. http://edtech2.boisestate.edu/hungj/edtech552/template/video/wireless/wireles s.html

EDTECH 552, lab 5

5.2 Set up a Wireless Environment in Packet Tracer If you have a wireless router for this assignment, please skip this section. Step 1. Open packet tracer

EDTECH 552, lab 5

Step 2.
1. 2.

Choose Wireless Devices Choose Linksys WRT 300N

EDTECH 552, lab 5

Step 3.
1. 2. 3.

Drag wireless router onto work area Choose end devices Choose generic PC

EDTECH 552, lab 5

Step 4.
1.

Drag PC onto work area and double click on PC

EDTECH 552, lab 5

Step 5.
1. 2. 3.

(You can see the screen below when you double click on the PC) Switch off power Drag off NIC (Just drag it outside the computer) Replace with Linksys-WMP300N (Replace NIC with wireless NIC)

EDTECH 552, lab 5

Step 6.
1. 2.

The NIC has been replaced to wireless NIC Switch on the computer

EDTECH 552, lab 5

Step 7.
1. 2. 3. 4.

Click on desktop tab You can set your IP configuration here You can run command prompt (such as ping, tracert, ) here. You can open a web browser to set up wireless router settings. Please read task2 instruction for details.

EDTECH 552, lab 5

5.3 Connect a Computer to the Wireless Router Log in to the Administration Interface. Step 1. Connect your computer (Ethernet NIC) to the multi-function device (port 1 on the Linksys WRT300N) by using a straight-through cable. Step 2. (In most cases, you can skip this step because the wireless router will assign an 192.168.1.XXX IP to each of connected devices). The default IP address of the Linksys WRT300N is 192.168.1.1, and the default subnet mask is 255.255.255.0. The computer and Linksys device must be on the same network to communicate with each other. Change the IP address of the computer to 192.168.1.2, and verify that the subnet mask is 255.255.255.0. Enter the internal address of the Linksys device (192.168.1.1) as the default gateway. Do this by clicking Start > Control Panel > Network Connections. Right-click the wireless connection and choose Properties. Select the Internet Protocol (TCP/IP) and enter the addresses, as shown below.

EDTECH 552, lab 5

Step 3. Open a web browser, such as Internet Explorer, Netscape, or Firefox and enter the IP address of the Linksys device (192.168.1.1 if reset to defaults) into the address field and press Enter. A screen appears, requesting your username and password, as shown below:

Step 4. Enter admin for the Username and enter admin for the password. It is the default password on the Linksys device. Click OK. Remember that passwords are case sensitive. NOTE: As you make the necessary changes on the Linksys device, click Save Settings on each screen to save the changes or click Cancel Changes to keep the default settings

EDTECH 552, lab 5

5.4 Change the Linksys Device Password Once authenticated, the initial screen displayed is the Setup > Basic Setup screen, as shown below.

Step 1. Click the Administration tab. The Management tab is selected by default. Step 2. Enter a new password for the Linksys device, and then confirm the password. The new password must not be more than 32 characters and must not include any spaces. The password is required to access the Linksys device web-based utility and setup wizard. Be sure to record the password you used. Step 3. The Web Utility Access via Wireless option is enabled by default, as shown below. This option should be disabled or configured only to accept connections through secure protocols if security is of concern.

EDTECH 552, lab 5

Step 4. Click the Save Settings button to save the information. NOTE: If you forget your password, you can reset the Linksys device to the factory defaults by pressing the Reset button for 5 seconds and then releasing it. The default password is admin.

EDTECH 552, lab 5

5.5 Configure the Wireless Security Settings Step 1. Click the Wireless tab, as shown beloe. The Basic Wireless Settings tab is selected by default. The Network Name is the SSID shared among all devices on your network. It must be identical for all devices in the wireless network. It is case sensitive and must not be more than 32 characters.

Step 2. Verify the SSID in use. If the SSID is set to the default value of linksys, change it to a unique name. Record the name you have chosen: Step 3. Leave the Radio Band set to Auto. This setting allows your network to use all 802.11n, g, and b devices. Step 4. For SSID Broadcast, click the Disabled button to disable the SSID broadcast. Wireless clients survey the area for networks to associate with and will detect the SSID broadcast sent by the Linksys device. For added security, do not broadcast the SSID. Please note that there are utilities and techniques to discover the SSID even if it is not broadcast. This should be used in conjunction with other security measures.

EDTECH 552, lab 5

Step 5. Save your settings before going to the next task.

EDTECH 552, lab 5

5.6 Configure Encryption and Authentication

Step 1. Click the Wireless Security tab on the Wireless screen. This router supports four types of security mode settings: Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Personal, which uses a pre-shared key (PSK) WPA2 Personal WPA Enterprise, which uses Remote Access Dial-In User Service (RADIUS) WPA2 Enterprise RADIUS

WPA is based on a draft version of IEEE 802.11i and offers a subset of the features finally contained in the approved version. WPA2 is based on the approved version of IEE802.11i and offers improved performance and many advanced features. Step 2. Select WPA Personal in the Security Mode drop-down menu, as shown below.

EDTECH 552, lab 5

Step 3. On the next screen, as shown below, choose an encryption algorithm.

To secure a network, use the highest level of encryption possible within the Selected Security mode. The following security modes and encryption levels are listed from least secure (WEP) to most secure (WPA2 with AES): WEP WPA, including Temporal Key Integrity Protocol (TKIP) and Advanced Encryption System (AES) WPA2, including TKIP and AES

AES is supported only by newer devices that contain a co-processor. To ensure compatibility with all devices, select TKIP. Step 4. For authentication, enter a pre-shared key between 8 and 63 characters. This key is shared by the Linksys device and all connected devices. Record the preshared key that you used. Step 5. Choose a key renewal period between 600 and 7200 seconds. The renewal period is how often the Linksys device changes the encryption key. The shorter the key renewal period the more secure the connection. Unfortunately, shorter key renewal periods also increase the network overhead.

Step 6.

EDTECH 552, lab 5

Save your settings before exiting the screen.

EDTECH 552, lab 5

5.7 Configure MAC Address Filtering

Step 1. Click the Wireless MAC Filter tab on the Wireless screen. Step 2. MAC address filtering allows only selected wireless client MAC addresses to have access to your network. Select the Permit PCs listed below to access the wireless network radio button. Click the Wireless Client List button to display a list of all wireless client computers on your network, as shown below:

Step 3. The next screen, as shown below, allows you to identify which MAC addresses can have access to the wireless network. Check the Save to MAC Address Filter List check box for any client device you want to add, and then click the Add button. Any wireless clients, other than those in the list, will be prevented from accessing your wireless network. Save your settings before exiting the screen.

EDTECH 552, lab 5

EDTECH 552, lab 5

5.8 How to crack WEP and WPA passwords using BackTrack. Hacking Techniques: http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/M ateti-WirelessHacks.htm I hesitate to teach you how to crack WEP and WPA encryption. If you are interested in this topic, please check the information below: Step 1. Search ebay to find a wireless adapter which supports BT5 (BackTrack 5) Step 2. Watch the tutorials below: WEP: http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-weppassword-with-backtrack WPA: http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpapassword-with-reaver 5.9 Reflection

**Please post your reflection on assignment 5 forum too**

Q 5.9.1: List at least three security best practices that you should implement to secure your multi-function device and wireless network. In order to secure my wireless network, I would begin by disabling the broadcast of the SSID of my WLAN. By doing that, someone would have to know the SSID rather than just come in range of it. Secondly, I would implement WPA-2 security, which would require a passkey in order to access my network. Finally, if there were only a small amount of devices that required use of my network, I would then implement MAC filtering so that only devices approved by me to begin with could access my network. Q 5.9.2: In these security settings, which feature that you configured on the Linksys WRT300N makes you feel the most secure and why? I think that the MAC filtering makes me feel most secure. While I do not have this enabled (yet), MAC filtering allows access to my network, because I told the wireless router that one particular device was allowed. I feel that it would be possible for my SSID and the passkey to be passed around to various people. For example, if I

EDTECH 552, lab 5

allowed someone access for one reason or another, then they could pass that information on to someone else that I did not allow in order to access my network. However, with MAC filtering enabled, even if someone knew my SSID and the passkey, their MAC address would not be included on my filtering list and therefore not able to access my network.