NETW360 Week 6 iLab

Evaluating Security-Related WLAN Problems

In this lab, three scenarios are presented as examples of how WLAN security is addressed from different aspects: signal spillage, security standards, and rogue access points. Students are expected to fully understand each scenario, correctly identify the problem(s), and sufficiently justify their recommendations.

Scenario I: Signal Spillage

Signal spillage refers to the reach of Wi-Fi signals that is beyond the perimeter of an intended coverage area. Signals spilling outside the perimeter could be received and potentially be interpreted by outsiders. Given the reciprocal nature of antennas, a high-gain directional antenna can also be used to “amplify” weak Wi-Fi signals on the edge of the perimeter. Although the signal coverage area and physical boundary of a location may not be matched perfectly, signal spillage should be limited to reduce security risks.

 

Refer to the site survey diagram below. The Wi-Fi signal coverage area overlays with the second-floor physical layout of a campus building. The coverage area is color-coded with the descending signal strength from green, light green, yellow, to orange.

1. Compare the physical boundary of the building to the signal coverage area. Name a couple of locations where the incidents of signal spillage occur (e.g., the northwest corner)?
2. Assume the external antennas being used are all omni-directional with an antenna gain of 2.14 dBi. Given all other conditions remain the same, how would relocating some of the access points to a different part of the floor help reduce the amount of signal spilling outside of the building?
3. Given all other conditions remain the same, how would replacing some of these antennas help reduce the amount of signal spilling outside of the building? What type of antennas would you recommend?
4. Given all other conditions remain the same, how would adjusting the power level of some access points help reduce the amount of signal spilling outside the building? What undesirable outcome, from the signal coverage perspective, will likely be caused by such isolated adjustments?
5. Research a couple of other methods that could help reduce signal spilling outside of a building.

Scenario II: WLAN Security Standards

In addition to securing the perimeter of a network, encrypting the information itself has always been an important component of the security paradigm. This works well for data applications on a WLAN, as you will realize after evaluating Scenario II.

 

On a Voice over Wi-Fi (VoWiFi) network, however, encryption could pose a negative impact, such as choppy voice and echo problems, on delay-sensitive voice traffic. This is mainly due to 1) the extra encryption/decryption latency and 2) the overhead to Wi-Fi frames (e.g., extra 8 bytes from the WEP/RC4 encryption, extra 20 bytes from the WPA/RC4 encryption, and extra 16 bytes from the WPA2/AES encryption). Encryption, when being applied to real-time traffic, needs to be carefully considered.

 

Assume that the “Monitor” WLAN as shown below is assigned to a sales department. On a daily basis, sales data, including the credit card/check payment details, are transmitted on the network.

 

1. Refer to the diagram above. Is the network, as well as the information transmitted on the network, protected from eavesdropping?
2. Among the typical security standards, such as WEP, WPA personal, WPA enterprise, WPA2 personal, and WPA2 enterprise, which one is best suited for the intended use of the “Monitor” network as described in this scenario?
3. Justify your recommendation in the previous question.

 

Scenario III: Rogue Access Points

Many wireless attacks, for example, man-in-the-middle and Denial-of-Service (DoS), start with a rogue access point. Enterprise WLAN controllers typically have the built-in capability of identifying and even quarantining access points that are not under its management. At times, a WLAN professional is also expected to physically locate and remove the rogue device.

 

The process of locating a rogue device requires a WLAN tool that measures the received signal strength from the targeted device. An external directional antenna, as compared to the typical omni-directional antennas, could speed up the process by zeroing in the direction of the targeted device.

 

Refer to the outcome of a recent wireless network sweep as shown below. As part of the security policy, all SSIDs used on this office network should start with “NETW”.

 

 

1. Refer to the screenshot. What’s the name of the identified rogue access point?
2. Given the inSSIDer software installed on a laptop, how would one go about physically locating this rogue access point?