Wireless Security Deployment: A Case Study of Risk Mitigation

Verified

Added on 2023/06/11

AI Summary

This case study addresses the wireless security vulnerabilities of Rare Vintage Auto Parts Ltd, focusing on risk identification, analysis, and the deployment of appropriate countermeasures. The study identifies weaknesses such as weak encryption, lack of intrusion detection systems, and inadequate network segmentation. It proposes solutions including the implementation of Cisco 2500 Series Wireless Controllers APs, AES and WPA2 encryption, VLANs for network segmentation, and BYOD security policies. The document outlines hardware and software recommendations, along with detailed steps for implementation and policy guidelines for wireless use, aiming to enhance the overall security posture of the company's network. Desklib provides access to a wide range of study tools and solved assignments to assist students.

Running Header: WIRELESS SECURITY
Name
Institution
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WIRELESS SECURITY 2
Abstract
In the contemporary network architecture, enterprise wireless networks are considered a
vital component. They are required to provide connectivity and to support mobile devices where
wired links are cost prohibitive and practical. Nonetheless, the missing physical control of the
medium requires extra precautionary measures to control access to wireless systems. A number
of books and papers exhibit the issue and the dangers, however, do not furnish a completely
secure alternative with illustrations. The 802.11 standard for remote systems offers
authentication and encryption like WPA. However, in an enterprise domain, these controls must
be executed in a manageable and scalable approach. This paper gives a hands-on manual for
implementation of a secure wireless system in an enterprise environment and which will offer a
case of an evaluated secure solution.
Table of Contents

WIRELESS SECURITY 3
Abstract............................................................................................................................................2
Introduction......................................................................................................................................4
Preliminary Description...................................................................................................................5
Risk Identification & Analysis........................................................................................................5
WLAN Risks...........................................................................................................................5
Critical Network Risks and analysis................................................................................................7
Hardware......................................................................................................................................9
16Dbi Omni-directional antennae’s.........................................................................................9
Cisco 1200 Series APs...........................................................................................................10
Netgear WG602.....................................................................................................................11
Appropriate Countermeasures to Reduce Risk..............................................................................12
Selection of Appropriate Hardware And Software To Deploy Selected Countermeasures And
Outcomes.......................................................................................................................................13
Implementation..........................................................................................................................14
Setup..........................................................................................................................................18
Policy and Guideline for Wireless Use......................................................................................22

WIRELESS SECURITY 4
Policy Scope..........................................................................................................................22
Restriction of the Policy........................................................................................................22
Proper and Appropriate use...................................................................................................23
Regulatory Measures.............................................................................................................23
Acceptance of Regulations and Policies................................................................................24
Conclusion.....................................................................................................................................24
References......................................................................................................................................26
Introduction
The current network installation poses a very big security threat to the users and the
company. According to the scenario, some of these security lapses can be attributed to the former
IT administrator who was violently evicted out of the company. As according, the skills and the
competence that an IT administrator should have was in a position to address most of these
network vulnerability. This paper will address all the security issues associated with the current
network by defining and employing a new network from both hardware and software perspective
to address the current vulnerability exposed in the network in terms of software used and
networking hardware.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WIRELESS SECURITY 5
This paper is not intended to give a literature review but the practical and a possible
implementation of a network that marches a contemporary IT security system.
Preliminary Description
The wireless security network installation for Rare Vintage Auto Parts Ltd intends to
enhance and address the security challenges posed by the existing. Since the eviction of the IT
administrator, the Rare Vintage Auto Parts Ltd has decided to evaluate their network wireless
infrastructure to aid the increasing need for security operations for the company following the
high rates of cybercrime leading to high losses of data and revenues. Financing will be a
necessity to implement the proposed network, which should be both lineated and address all the
security vulnerability seen in the current network.
Risk Identification & Analysis
Both the hardware and software have chosen possess a great security threat to the system
used to run the company. This section will classify the vulnerability in terms of software and
hardware used in an analytic way.
WLAN Risks
The threats are chances of risks to obtaining benefits from errors or vulnerability, which
are reasons for damages and\or losses to resources or group of resources, affecting the company
indirectly or directly as it, is in the case study of Rare Vintage Auto Parts Ltd. Risks examination
is a compelling tool in WLAN risk administration. With this, a great security approach can be
inferred and executed to protect the WLAN against conceivable exploits. On-going screening

WIRELESS SECURITY 6
and occasional testing would then be able to be utilized to check that a deployed WLAN meets
characterized goals. Vulnerabilities found in the process are at that point (re)analyzed in order to
refine the policies as well as apply fixes. The iterative procedure is delineated in the diagram
below.
It's critical to comprehend the attacks that may influence a system. In any case, it ought to
be noticed that a few attacks are more outlandish or more harming than others are. All the more
additionally, it ought to be noticed that it is not useful or conceivable to shield any system
against every conceivable attack. A more practical objective is to decrease related hazard to an
adequate level. Dangers are put into a point of view by distinguishing one's own WLAN's
vulnerabilities the likelihood that hacker will misuse them - and the business impact would
happen.
The accompanying points\steps are essential for performing risk evaluation.
 Characterize business needs
 File who should be authorized to access WLAN.

WIRELESS SECURITY 7
 Ascertain clients or groups allowed to utilize 802.11 at the workplace, out and about.
 Regulate assets came to over remote
 Which applications, databases, and offers must be opened to remote clients, and at the
point when?
 Subsequent, measure new business dangers caused by including a remote.
 What data do those administrations and databases contain?
 Contemplate information that lives on remote stations and streams over remote
connections
 For every benefit, assess the probability of bargain and the potential cost to business,
utilizing quantifiable measurements like downtime, recuperation costs, and so on.
Critical Network Risks and analysis
The current company network lacks control of all wireless enable-networking devices
connected to the network. The initial phase in securing wireless systems is to distinguish and
control every remote device linked to the system. Wireless gadgets connected with to system
ought to have a documented business case and proprietor. The gadget configuration must match
the endorsed company security profile. Gadgets that do not meet the configuration and
documentation prerequisites ought to be denied access to the system. It is difficult to secure the
obscure. A decent and current system diagram is an unquestionable requirement to help in
controlling computing environment. The control change is required to guarantee that no obscure
changes happen that may endanger the network security.
For a big organization like Rare Vintage Auto Parts ought to have an IDS (intrusion
detection system), to have the capacity to identify of any attack scheme against their system

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WIRELESS SECURITY 8
which it lacks in the existing network infrastructure. WIDS (wireless intrusion detection) aids to
recognize rogue wireless gadgets identify successful compromises and attempts. Traffic ought to
be observed as it goes through the wired system. WIDS will screen and alarm on compromises
and attacks, however, it is an identification framework, not a counteractive action framework.
Detection framework enables the exploits to occur and cautions to help in minimizing the time
that the hacker is in the system. Without dynamic checking and rapid response, WIDS, similar to
every other detection frameworks, begin to lose their value. Guarantee that before executing
WIDS gross cost of proprietorship is well accounted for. The physical equipment is a little
segment of the cost of implementation.
Rare Vintage Auto Parts Ltd utilizes WEP, which is easy to breach making it insecure.
Instructional exercises are promptly accessible on the web to guide the attacker through the way
toward overcoming WEP security. AES (Advanced Encryption Standard) and WPA2 (Wi-Fi
Protected Access 2) ought to be utilized for all wireless network.
The current system needs separations and segregation of trust levels aids to secure the
business environment. VLANs (Virtual Local Area Networks) are utilized to fragment one
physical network into numerous virtual systems. VLANs minimizes inside a fragment. BYOD
(Bring to Your Own Device) or other untrusted gadgets ought to exist on a different VLAN.
BYOD as another approach permits business partners, employee and different clients to use an
individual acquired gadget to run an enterprise application and access information. Commonly, it
comprises tablets and smartphone; however, the network may likewise be utilized for PCs. Web
traffic from this VLAN ought to experience a similar border security gadgets as a corporate
traffic. they should be filtering in an enterprise access in order to consider it as untrusted. BYOD

WIRELESS SECURITY 9
security can be tended to by having IT give comprehensive security prerequisites to each sort of
individual gadget that is utilized as a part of the work environment and associated with the
corporate system. For instance, IT might expect gadgets to have passwords, preclude particular
sorts of uses from being installed on the gadget or require all information on the gadget to be
encoded. Other BYOD security arrangement initiatives may incorporate constraining activities
that staffs are permitted to perform on these gadgets at work and intermittent IT reviews to
guarantee the gadget is in consistency with the organization's BYOD security strategy.
The current network has no firewall and VPN which makes it vulnerable. Nonetheless,
setting up VPN links with go through proxy servers, firewalls, and routers keep on pushing most
of the network administrators to the edge of giving in to the emergence of network cloud. In this
manner, using VPN servers to makes the network work in a coordinated way with other system
defense structure.
Hardware
16Dbi Omni-directional antennae’s
Generally, correspondence within WSNs (wireless sensor networks) is done utilizing
omnidirectional receiving wires, which communicate radio signal consistently in all directions.
The Omnidirectional antennas are small, economical and easy to deploy, however, they
experience the ill effects of poor spatial reuse, high collisions and decreased vitality effectiveness
and are defenseless to security attacks. An important case of omnidirectional antennas is a
straightforward dipole, having the radiation pattern delineated in the figure below.

WIRELESS SECURITY 10
Figure 1
Omni-directional antennae’s are prone to Passive Eavesdropping in which the malicious nodes
detect the information by listening to the message transmission in the broadcasting wireless
medium. The malicious hubs detect the data by listening to the message transmission in the
broadcast medium. Regular WSNs commonly comprise hubs equipped with omnidirectional
receivers, which transmit radio signals consistently in all directions. Thus the best solution for
this is using Cisco 2504 Wireless controllers and thirty 802.11G/N Fixed Unified Access Points
with Internal Antenna which is more secure as the is no systems that are 100% secure.
Cisco 1200 Series APs
Cisco 1200 series Aps supports both the 802.11g and 802.11b clients concurrently. The
performance provided by 802.11g is equivalent to that of 802.11a WLAN standards that work in
the 5-GHz band, which also offers regressive compatibility with legacy 802.11b 11-Mbps
standard. However, this series is vulnerable to a number of attacks namely:-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

WIRELESS SECURITY 11
 Aironet APs enables attackers remotely via IAPP cause a radio-interface input-queue
hang (denial of service).
 Numerous TCP implementation consisting of PAWS (Protection Against Wrapped
Sequence Numbers) which have timestamps enabled option allows attackers remotely
cause connection loss (denial of service) by means of a spoof packet with a big timer
value, which makes the host dispose of the later packet since they give off an impression
of being extremely old.
 Cisco 1200 series APs, while working in LWAPP (Lightweight Access Point Protocol)
mode and controlled by 4400 and 2000 Airespace WLAN series controllers enable
attackers to remotely to send decoded traffic to a secure system utilizing frames with the
MAC address of a validated end host.
Cisco 2500 Series Wireless Controllers APs would be more secure than the Cisco 1200
Series APs. The proposed network will utilize the Cisco 2500 Series Wireless Controllers APs.
Administrator and network control access is via RADIUS. Authentication of passwords and
usernames happens against the backend database prior allowing access. In the case of added
security, debilitate any unwanted wireless network. For instance, if all gadgets utilize 802.11n
and 802.11g debilitate 802.11b and 802.11a. The virtual passage IP address must be the same for
all controllers in a versatility group.
Netgear WG602
The firmware of Netgear WG602 is 1.5.67 this firmware has a vulnerability that can
enable an attacker to remotely gain access to the computers utilizing administrative privileges.
This exploit exists in both WLAN and LAN web interfaces while verifying a user of a particular

WIRELESS SECURITY 12
computer. The computer comprises undocumented administrative account with a known
password and username credentials. This account cannot be erased. A hacker can access
administrative privileges through either the WLAN or LAN interface utilizing the credentials.
Appropriate Countermeasures to Reduce Risk
The first step in securing wireless will involve Defense in Depth. Every layer of security
will be used to slow down the ant attack; as one of the measure incorporation and utilization of
Wi-Fi Protected Access 2 (WPA2) security, installing WIDS (Wireless Intrusion Detection
Systems), actively monitoring and scanning for rogue gadgets. Comprehending the types of
threats' guides in choosing the best possible layers of protection to apply will determine how
deployment will happen.
Utilizing several levels of defense to make it hard for attacker's task hard and more
complex, which is a method that is employed by military Defense in Depth mechanism. These
same countermeasures should be utilized to ensure resources in the enterprise. NSA (National
Security Agency) suggests a balance between the security ability and performance, cost, and
operational contemplations. According to the NSA People, Operations and Technology are the
three essential components of Information Assurance the new intends to use the approach as one
of its countermeasures. This is well depicted in the figure below.