1 00:00:00,810 --> 00:00:02,660 Wireless access points. 2 00:00:02,660 --> 00:00:04,650 In addition to selecting the right encryption, 3 00:00:04,650 --> 00:00:05,880 it's also important to select 4 00:00:05,880 --> 00:00:07,800 the right placement and configuration 5 00:00:07,800 --> 00:00:09,310 of your wireless access points 6 00:00:09,310 --> 00:00:10,350 in order for you to achieve 7 00:00:10,350 --> 00:00:12,290 a good security posture. 8 00:00:12,290 --> 00:00:14,730 Most small office, home office wireless systems 9 00:00:14,730 --> 00:00:17,830 rely on a single-point to multi-point setup. 10 00:00:17,830 --> 00:00:19,720 This relies on having a single access point 11 00:00:19,720 --> 00:00:21,950 that services all of the wireless clients. 12 00:00:21,950 --> 00:00:23,750 For example, on this floor plan, 13 00:00:23,750 --> 00:00:26,020 you can see the strongest signal is the red spot, 14 00:00:26,020 --> 00:00:26,853 that's centered around 15 00:00:26,853 --> 00:00:28,490 a single wireless access point, 16 00:00:28,490 --> 00:00:30,450 and all of the other office cubicles 17 00:00:30,450 --> 00:00:32,000 are connecting back into it. 18 00:00:32,000 --> 00:00:33,170 In this next example, 19 00:00:33,170 --> 00:00:36,080 you can see a multi-point to multi-point system. 20 00:00:36,080 --> 00:00:37,900 This has multiple access points 21 00:00:37,900 --> 00:00:38,733 that are going to be used to 22 00:00:38,733 --> 00:00:41,550 provide the wireless network services in an ESS, 23 00:00:41,550 --> 00:00:43,800 or extended service set configuration. 24 00:00:43,800 --> 00:00:44,840 They're all going to work together 25 00:00:44,840 --> 00:00:47,040 to provide one common network 26 00:00:47,040 --> 00:00:49,470 that's supported by these multiple access points. 27 00:00:49,470 --> 00:00:51,260 Now, in both of the previous examples, 28 00:00:51,260 --> 00:00:52,900 the wireless access points are using 29 00:00:52,900 --> 00:00:54,620 an omnidirectional antenna. 30 00:00:54,620 --> 00:00:56,290 This means that the access point is going to 31 00:00:56,290 --> 00:00:57,880 radiate out its signal equally 32 00:00:57,880 --> 00:00:59,800 in every single direction. 33 00:00:59,800 --> 00:01:00,650 Now, this can be good 34 00:01:00,650 --> 00:01:01,780 from a coverage perspective, 35 00:01:01,780 --> 00:01:03,470 but it also is dangerous. 36 00:01:03,470 --> 00:01:04,530 You may want to control 37 00:01:04,530 --> 00:01:06,620 which direction the signal is actually radiated, 38 00:01:06,620 --> 00:01:07,453 and if you do, 39 00:01:07,453 --> 00:01:09,080 you can do that using a bidirectional 40 00:01:09,080 --> 00:01:10,940 or a unidirectional antenna. 41 00:01:10,940 --> 00:01:13,130 For example, in a unidirectional antenna, 42 00:01:13,130 --> 00:01:14,550 all of the transmission power is going to be 43 00:01:14,550 --> 00:01:16,680 focused at a single direction. 44 00:01:16,680 --> 00:01:17,680 This allows you to choose 45 00:01:17,680 --> 00:01:19,350 which areas receive the signals, 46 00:01:19,350 --> 00:01:20,720 and which ones don't. 47 00:01:20,720 --> 00:01:21,740 So, in this example, 48 00:01:21,740 --> 00:01:23,760 we're using a left-side focused antenna, 49 00:01:23,760 --> 00:01:25,100 and it only transmits out to 50 00:01:25,100 --> 00:01:27,100 computers on that side of the building, 51 00:01:27,100 --> 00:01:28,500 while the computers on the right 52 00:01:28,500 --> 00:01:30,350 are going to remain in an uncovered area 53 00:01:30,350 --> 00:01:32,010 and not get any signal. 54 00:01:32,010 --> 00:01:32,950 Now, we've talked about this 55 00:01:32,950 --> 00:01:34,910 back in our Network+ curriculum, as well, 56 00:01:34,910 --> 00:01:36,610 but from an operational standpoint, 57 00:01:36,610 --> 00:01:37,443 we're trying to 58 00:01:37,443 --> 00:01:39,010 increase the coverage to all areas 59 00:01:39,010 --> 00:01:40,570 when we're talking Network+. 60 00:01:40,570 --> 00:01:42,420 Now, from a security perspective, though, 61 00:01:42,420 --> 00:01:43,780 we may actually want to limit 62 00:01:43,780 --> 00:01:44,960 the area of coverage. 63 00:01:44,960 --> 00:01:46,780 Let's look at our heat map once more. 64 00:01:46,780 --> 00:01:47,613 Here, you can see 65 00:01:47,613 --> 00:01:49,223 an extended service set configuration 66 00:01:49,223 --> 00:01:51,090 with two access points. 67 00:01:51,090 --> 00:01:52,200 Each of those access points 68 00:01:52,200 --> 00:01:53,920 has omnidirectional antennas. 69 00:01:53,920 --> 00:01:55,080 This is giving us good, 70 00:01:55,080 --> 00:01:57,250 adequate coverage around the office base, 71 00:01:57,250 --> 00:01:58,900 as you can see inside the floor plan. 72 00:01:58,900 --> 00:02:00,730 So, our network technician for Network+ 73 00:02:00,730 --> 00:02:02,210 did a good job here. 74 00:02:02,210 --> 00:02:03,230 Now, for this office, 75 00:02:03,230 --> 00:02:04,390 each cubicle also has 76 00:02:04,390 --> 00:02:05,930 a wired physical connection, 77 00:02:05,930 --> 00:02:07,460 but the access point there is just to 78 00:02:07,460 --> 00:02:08,930 provide the employees access 79 00:02:08,930 --> 00:02:09,763 while they're sitting at 80 00:02:09,763 --> 00:02:11,040 those conference tables in the middle, 81 00:02:11,040 --> 00:02:11,960 or if they're walking around 82 00:02:11,960 --> 00:02:13,280 using their cellphones. 83 00:02:13,280 --> 00:02:14,510 Now, all of this is great, 84 00:02:14,510 --> 00:02:15,550 and there's good coverage, 85 00:02:15,550 --> 00:02:17,830 meaning that it's meeting our operational needs. 86 00:02:17,830 --> 00:02:19,030 But, you'll also notice 87 00:02:19,030 --> 00:02:20,540 that orange and yellow area, 88 00:02:20,540 --> 00:02:21,780 which represents the medium 89 00:02:21,780 --> 00:02:23,590 and lower-signal areas that are radiating 90 00:02:23,590 --> 00:02:25,430 outside the walls of the building. 91 00:02:25,430 --> 00:02:26,630 If I was an attacker, 92 00:02:26,630 --> 00:02:28,590 I could park my car in that yellow area, 93 00:02:28,590 --> 00:02:30,270 because that's part of my parking lot, 94 00:02:30,270 --> 00:02:31,630 and I can pull up my laptop 95 00:02:31,630 --> 00:02:33,150 and connect to the wireless network. 96 00:02:33,150 --> 00:02:34,750 So, this becomes a security risk 97 00:02:34,750 --> 00:02:35,680 for the organization, 98 00:02:35,680 --> 00:02:36,980 and as a security analyst, 99 00:02:36,980 --> 00:02:38,050 it's our job to figure out 100 00:02:38,050 --> 00:02:39,730 exactly where the signal is, 101 00:02:39,730 --> 00:02:40,960 where it's radiating to, 102 00:02:40,960 --> 00:02:42,270 and prevent it from radiating 103 00:02:42,270 --> 00:02:43,720 outside of our building. 104 00:02:43,720 --> 00:02:45,460 Another area is if you're in a strip mall, 105 00:02:45,460 --> 00:02:47,250 or you have offices right next door to you. 106 00:02:47,250 --> 00:02:48,720 If it's radiating through the wall, 107 00:02:48,720 --> 00:02:49,660 people in that office 108 00:02:49,660 --> 00:02:51,270 can gain access to your network. 109 00:02:51,270 --> 00:02:53,090 Again, this is something you need to worry about 110 00:02:53,090 --> 00:02:54,800 as a security practitioner. 111 00:02:54,800 --> 00:02:56,690 So, to prevent this bleed over, 112 00:02:56,690 --> 00:02:58,370 you're going to use directional antennas 113 00:02:58,370 --> 00:03:00,820 to emanate only out into controlled patterns. 114 00:03:00,820 --> 00:03:01,820 You can also turn down 115 00:03:01,820 --> 00:03:03,670 the power level that you're radiating at 116 00:03:03,670 --> 00:03:05,350 to minimize the distance being covered 117 00:03:05,350 --> 00:03:06,480 by your wireless signal, 118 00:03:06,480 --> 00:03:08,300 and keep it inside your building. 119 00:03:08,300 --> 00:03:10,020 Also, it's important to understand 120 00:03:10,020 --> 00:03:11,470 what type of wireless access point 121 00:03:11,470 --> 00:03:12,710 you're actually using. 122 00:03:12,710 --> 00:03:14,170 Is it a B, a G, 123 00:03:14,170 --> 00:03:15,800 an N, or an AC? 124 00:03:15,800 --> 00:03:18,050 Because each of those uses a different frequency 125 00:03:18,050 --> 00:03:19,360 that's being transmitted. 126 00:03:19,360 --> 00:03:21,160 If you're using wireless B or G, 127 00:03:21,160 --> 00:03:23,270 or some early versions of wireless N, 128 00:03:23,270 --> 00:03:25,750 then you're transmitting at 2.4 gigahertz. 129 00:03:25,750 --> 00:03:27,810 If you're using wireless A, AC, 130 00:03:27,810 --> 00:03:29,710 or the newer wireless N devices, 131 00:03:29,710 --> 00:03:31,680 you're transmitting at 5 gigahertz. 132 00:03:31,680 --> 00:03:32,730 So, what does that really mean 133 00:03:32,730 --> 00:03:34,240 when we talk about the frequency? 134 00:03:34,240 --> 00:03:36,280 Well, if you have a 5-gigahertz frequency, 135 00:03:36,280 --> 00:03:38,550 that means there's a shorter wavelength being used, 136 00:03:38,550 --> 00:03:40,230 and because of that shorter wavelength, 137 00:03:40,230 --> 00:03:41,240 the signal is actually going to 138 00:03:41,240 --> 00:03:43,000 travel a shorter distance, 139 00:03:43,000 --> 00:03:44,810 so, if you've a smaller number, 140 00:03:44,810 --> 00:03:46,040 2.4 gigahertz, 141 00:03:46,040 --> 00:03:48,000 that gives you a longer wavelength, 142 00:03:48,000 --> 00:03:49,930 which means it can travel further distances 143 00:03:49,930 --> 00:03:51,450 before it breaks down. 144 00:03:51,450 --> 00:03:52,900 2.4 gigahertz, therefore, 145 00:03:52,900 --> 00:03:55,090 is more prone to leak through a wall 146 00:03:55,090 --> 00:03:56,950 than a shorter 5-gigahertz signal 147 00:03:56,950 --> 00:03:58,660 due to the way that radio frequencies 148 00:03:58,660 --> 00:04:00,710 propagate across the air and across 149 00:04:00,710 --> 00:04:02,740 the physical construction of the walls. 150 00:04:02,740 --> 00:04:03,730 Another reason it's important 151 00:04:03,730 --> 00:04:05,240 to understand what signals you're using 152 00:04:05,240 --> 00:04:06,430 is to help you identify if 153 00:04:06,430 --> 00:04:07,760 there's any signals that cause 154 00:04:07,760 --> 00:04:09,390 interference in your area. 155 00:04:09,390 --> 00:04:10,940 For example, you might be getting 156 00:04:10,940 --> 00:04:12,070 bumped offline a lot, 157 00:04:12,070 --> 00:04:13,930 and causing a denial of services condition 158 00:04:13,930 --> 00:04:16,470 if someone is using 2.4 gigahertz 159 00:04:16,470 --> 00:04:18,330 cellphones or cordless phones 160 00:04:18,330 --> 00:04:19,720 in an area where you have 161 00:04:19,720 --> 00:04:21,670 your 2.4 gigahertz network. 162 00:04:21,670 --> 00:04:23,110 So, understanding your conditions 163 00:04:23,110 --> 00:04:24,850 is going to be important to making sure that 164 00:04:24,850 --> 00:04:27,480 your network is staying up and secure. 165 00:04:27,480 --> 00:04:28,530 So, how do you determine 166 00:04:28,530 --> 00:04:30,370 what signals are around your office 167 00:04:30,370 --> 00:04:32,770 that may be causing jamming or interference? 168 00:04:32,770 --> 00:04:33,970 Well, you can do this by 169 00:04:33,970 --> 00:04:35,760 conducting a wireless site survey, 170 00:04:35,760 --> 00:04:37,450 using a tool like Netstumbler, 171 00:04:37,450 --> 00:04:39,640 or you can pull out a spectrum analyzer. 172 00:04:39,640 --> 00:04:40,473 This will allow you to see 173 00:04:40,473 --> 00:04:41,650 what frequencies are in use 174 00:04:41,650 --> 00:04:42,740 and how strong they are 175 00:04:42,740 --> 00:04:43,573 to see if they're having 176 00:04:43,573 --> 00:04:44,900 an effect on your network. 177 00:04:44,900 --> 00:04:46,370 Now, most wireless access points 178 00:04:46,370 --> 00:04:48,130 do have some built-in security features 179 00:04:48,130 --> 00:04:49,700 that you can configure, as well. 180 00:04:49,700 --> 00:04:51,620 This includes things like a basic firewall 181 00:04:51,620 --> 00:04:53,280 with stateful packet inspection, 182 00:04:53,280 --> 00:04:54,360 MAC filtering, 183 00:04:54,360 --> 00:04:55,460 different levels of encryption 184 00:04:55,460 --> 00:04:56,670 that we've already talked about, 185 00:04:56,670 --> 00:04:59,700 and the ability to disable your SSID broadcast. 186 00:04:59,700 --> 00:05:01,470 Some more advanced wireless access points, 187 00:05:01,470 --> 00:05:04,810 though, also feature access point isolation. 188 00:05:04,810 --> 00:05:06,250 Access point isolation creates 189 00:05:06,250 --> 00:05:08,490 a network segmentation between each client 190 00:05:08,490 --> 00:05:10,040 that's connecting to the access point, 191 00:05:10,040 --> 00:05:11,630 and it prevents them from communicating with 192 00:05:11,630 --> 00:05:12,680 any other client 193 00:05:12,680 --> 00:05:14,420 and only allows them direct access 194 00:05:14,420 --> 00:05:17,010 to the network's resources or the Internet. 195 00:05:17,010 --> 00:05:17,843 As you can see, 196 00:05:17,843 --> 00:05:19,470 there are a lot of ways to help increase 197 00:05:19,470 --> 00:05:21,180 the security of your wireless networks, 198 00:05:21,180 --> 00:05:22,160 but I still recommend that 199 00:05:22,160 --> 00:05:24,420 you avoid wireless, whenever possible. 200 00:05:24,420 --> 00:05:26,350 In fact, when I built my house, 201 00:05:26,350 --> 00:05:29,090 we had two CAT5E network jacks installed in 202 00:05:29,090 --> 00:05:30,770 every single room of the house. 203 00:05:30,770 --> 00:05:32,710 This means that we don't have any computers, 204 00:05:32,710 --> 00:05:34,550 TV, or video game consoles 205 00:05:34,550 --> 00:05:35,770 that are using a wireless network 206 00:05:35,770 --> 00:05:37,130 inside the home. 207 00:05:37,130 --> 00:05:39,880 But, I do still have a few wireless access points 208 00:05:39,880 --> 00:05:41,020 in my home network, 209 00:05:41,020 --> 00:05:42,480 because some devices don't have 210 00:05:42,480 --> 00:05:43,780 a wired network capability. 211 00:05:43,780 --> 00:05:45,140 You think about your tablets, 212 00:05:45,140 --> 00:05:46,630 or your mobile phones, 213 00:05:46,630 --> 00:05:48,190 or your Nintendo Switches, right? 214 00:05:48,190 --> 00:05:49,700 These don't have a way to plug in 215 00:05:49,700 --> 00:05:50,750 to the wired network, 216 00:05:50,750 --> 00:05:51,830 so, they have to use wireless 217 00:05:51,830 --> 00:05:53,040 to connect to the Internet. 218 00:05:53,040 --> 00:05:54,730 Also, when my friends come over, 219 00:05:54,730 --> 00:05:55,563 they want to be able to 220 00:05:55,563 --> 00:05:56,410 connect to the wireless network 221 00:05:56,410 --> 00:05:58,140 and get out to the Internet too. 222 00:05:58,140 --> 00:05:59,280 Now, to make sure I keep 223 00:05:59,280 --> 00:06:00,700 my home network secure, though, 224 00:06:00,700 --> 00:06:03,090 I actually isolated off this wireless network 225 00:06:03,090 --> 00:06:04,660 away from my main network, 226 00:06:04,660 --> 00:06:06,890 and it only has access directly to the Internet. 227 00:06:06,890 --> 00:06:07,930 This prevents anyone from 228 00:06:07,930 --> 00:06:09,240 using that wireless network 229 00:06:09,240 --> 00:06:10,340 as a back door method of 230 00:06:10,340 --> 00:06:11,873 getting into my wired network.