Introduction to Cyber Security
Yüklə 1,12 Mb.
|
- Bu səhifədəki naviqasiya:
- Attacks
- Turn off your router when not in use
|
Change the default SSID: Although this will not prevent hackers breaking into a network, using a default SSID acts as an indication that the user is careless. So he may be an obvious target to explore further to see if he still uses the default passwords as well?
Attacks mitigated: War driving Restrict access by assigning static IP addresses and MAC filtering: Disable automatic IP assigning feature and use private static IPs to the legitimate devices you want to connect. This will help you in blocking unwanted devices from being connected to your network. Also, enable MAC filtering- router remembers MAC of each and every device connected to it and saves it as list. You can use this facility to restrict access. Only a set of trusted devices can be allowed to connect. However MAC spoofing is still possible but it raises an extra bar for your wireless network. Turn off your router when not in use: Last but not least, a little obvious, but it will save your network from all the attacks for that time period. 1.7.2.3 Wi-Fi in a Corporate/Enterprise Network Due to the nature of activity and criticality of information, it is very important that Corporate / Enterprise networks have a higher degree of security. The following are good to have: Defining an adequate organization wide Information Security policy & procedures for wireless network SSID‟s should not be associated with the organization, AP vendor or any other related information which would be easy to guess or associate with the current organization Enable WPA2 Enterprise encryption with RADIUS authentication and use of EAP protocol like EAP-TTLS, TLS etc. Implementation of PKI infrastructure. CA signed certificates to authenticate the server to client and vice versa Filtering of clients based on unique identifier like MAC Address Isolated „Guest‟ wireless network with no interface / connection to the corporate network Limiting the radius of Wi-Fi network by reducing the power output of the AP Allocating IP Address to the employee and guest machines only after successful authentication Periodically changing the keys & passwords Use of VPN while accessing corporate information from Public Wi-Fi network Client side utilities like DecaffeintIDcan help in detecting changes in ARP table and serve as common man‟s IDS to protect against attacks like „hole196‟ and DoS. Implementation of Wireless IDS. Wireless IDS is a new concept. The key features of Wireless IDS are: Prevention against Rogue AP‟s Detection & prevention against DoS attacks Assistance in locating the approximate physical location of the attacker Assistance in enforcing the Organization‟s Information Security policy on wireless networks Detection of use of scanning tools like Kismet & NetStumbler ACTVITYWhat are the precations one should take using a wi-fi network at public place? How to secure home network? How to secure enterprise network? Find more about the terms over inernet: IDS DOS Kismet NetStumbler Yüklə 1,12 Mb. Dostları ilə paylaş:
|