Wireless LAN Types
- Infra Structure Mode
- Ad Hoc Network Mode
- Mixed Network Mode
Thread & Vulnerabilities
- Wireless traffic is easily captured
- Common WLAN Attacks: Rogue Access Point (AP)
- Less Common WLAN Attacks: Wired Network Intrusion
Basic Wireless Network Security
- Use a strong password
- Enabled MAC address filtering
- Enable network encryption
- Configure Wireless router to use static IP addresses
- Disable guest networks (If possible)
Define Access Requirements (who needs what & when)
If a guest access is banned, the policy must state this is that steps are being taken to prevent visitor intrusion
Include unique wireless scenarios such as employees at public hot spots and office visitor
Prohibit peer-to-peer (P2P) networking while permitting logged guest session through specific access points with limited:
- Destination (inside or outside the network)
- Session time
Other ways to secure a wireless network
Restrict access point placement within the network topology
Wireless applications required protected access to the intranet and/or Internet, and special firewall rules
Wireless access points should always sit outfit the firewall or within a demilitarized zone (DMZ). Using a DMZ can protect the WAN from Internet threats while protecting the wired intranet from WLAN threats.
Wireless traffic should be segregated so different polices can be applied
The role of a directory service is to store information about a computer network and offers features for retrieving and managing that information. Whether an organization consists of a single facility or has multiple locations, a directory service provides a centralized management tool for users and resources in all location.
Windows Active Directory is a directory service based on standards for defining, storing, and accessing directory service objects. Its hierarchical database enables administrators to organize users and network resources to reflect the organization of the environment in which it used:
- Hierarchical organization
- Centralized/distributed database
- Policy-base administration
Working with user accounts is one of the most important Active Directory administrative tasks. User accounts are the main link between real people and network resources, and are referred to as “domain user accounts.” User accounts have two main functions in Active Directory:
- Provide a method for user authentication to the network
- Provide detailed information about a user
The overview of the Active Directory Structure contains a physical and logical structure. The physical structure consists of sites and servers configuration as a domain control. An Active Directory site as nothing more than a physical location in which domain controllers communicate and replicate information regularly. Whereas, the logical structure of Active Directory makes it possible to the pattern the directory service’s looks and feel after the organization in which it runs. The Organizing components of Active Directory are composed of domains, forests, trees, and organization units.
A Group Policy Object (GPO) is a list of settings administrators use to configure user and Computer operating environments remotely. Group policies can specify security settings, deploy software, and configure a user’s desktop, among many other computer and network settings. They can be configured to affect an entire domain, a site, and, most commonly, users or computers in an OU. The GPO scope defines which objects a GPO affects. When Active Directory is installed, two GPOs are created and linked to two containers a default domain policy and default domain controllers policy.
These default policies don’t define any user-specific policies, they are designed to provide default security settings for all computers in the domain. You can view, create, and manage GPOs by using the Group Policy Management console (GPMC). Each GPO has two main nodes a computer and user configuration.
Microsoft: Active Directory Domain Services Overview
Techopedia explains Active Directory (AD)
A packet analyzer is a computer program that can intercept and log data traffic passing through a network. When data streams flow across a network a packet analyzer will capture each packet and decodes the packet’s raw data. Of the many open source network protocol analyzers the three most popular applications being used are Wireshark, Capsa, and Packetyzer.
Wireshark is a very popular free and open source network analyzer, and is cross platform. What makes this software application so popular to users is how easy it is for anyone to all view network traffic visible on any given network interface. Similar to tcpdump but with a graphical front end instead of command line interface, plus sorting and other advanced filtering options allowing the user to examine data more in-depth from a live network or saved packets in memory. What Wireshark cannot do is be used as a network detection system or for manipulating packets only to examining them.
Wireshark uses the application programming interface (API) pcap to capture packets, which comes from the libpcap code library for the C programming language on UNIX base system, winpcap for windows based machines. Libpcap was first developed at Lawrence Berkeley Laboratory to be used with tcpdump for low level packet capturing.
Another popular analyzer to use is Capsa which comes in a three different versions ranging in price from free to $995. This application does everything Wireshark does including real time packet capturing, constant network monitoring. But where this product does surpasses Wireshark is its advanced graphical interface that provides a clearer view of any network making the task of conducting packet level analysis and other network problems easier. What makes a tool for network administrators to use is that is costs $995 for the Enterprise edition and $695 for the Professional, which can be a hard for a starting IT budget but the free is a good way to first test before purchasing it. The Free version has a lot of the advanced features taken out and can only monitor ten IP addresses at once, and how a downtime of four hours before being able to be used again.
The last analyzer research was Packetyzer which is a very basic packet sniffer application based on the Ethereal project and provides a GUI for windows machines. This application was the same as Wireshark but did not have as nice of a graphical interface for packet capturing.
Of the three applications I researched I would recommend to any IT professional to use Wireshark as a starting to for their networking trouble shooting problems, because it is easy for anyone to use and can be use on any system for free. My second choice would be Capsa because in the event where is an network administer does encounter a more advanced network problem to look into many investing in Capsa if the problem require a more in-depth exam to find a solution.