Wireless Hardening

Loading...

来自 Google 的课程

IT Security: Defense against the digital dark arts

904 个评分

Google

IT Security: Defense against the digital dark arts

904 个评分

课程 5（共 5 门，Specialization Google IT Support Professional Certificate）

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: Authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: - how various encryption algorithms and techniques work and their benefits and limitations. - various authentication systems and types. - the difference between authentication and authorization. At the end of this course, you’ll be able to: - evaluate potential risks and recommend ways to reduce risk. - make recommendations on how best to secure a network. - help others to understand security concepts and protect themselves.

从本节课中

Securing Your Networks

In the fourth week of this course, we'll learn about secure network architecture. It's important to know how to implement security measures on a network environment, so we'll show you some of the best practices to protect an organization's network. We'll learn about some of the risks of wireless networks and how to mitigate them. We'll also cover ways to monitor network traffic and read packet captures. By the end of this module, you'll understand how VPNs, proxies and reverse proxies work; why 802.1X is a super important for network protection; understand why WPA/WPA2 is better than WEP; and know how to use tcpdump to capture and analyze packets on a network. That's a lot of information, but well worth it for an IT Support Specialist to understand!

WEP Encryption and Why You Shouldn't Use It8:35

Let's Get Rid of WEP! WPA/WPA214:18

Wireless Hardening3:07

Heather Social Engineering1:20

与讲师见面

Google

Now that we've covered the security options available for protecting wireless networks,

what do you think the most secure option would be?

In an ideal world,

we'd all be protecting our wireless networks using 802.1X with EAP-TLS.

It offers arguably the best security available,

assuming proper and secure handling of the PKI aspects of it.

But, this option also requires a ton of added complexity and overhead.

This is because it requires the use of

a radius server and an additional authentication back-end at a minimum.

If EAP-TLS is implemented,

then all the public key infrastructure components will also be necessary.

This adds even more complexity and management overhead.

Not only do you have to securely deploy PKI on the back-end for certificate management,

but a system must be in place to sign the client's certificates.

You also have to distribute them to

each client that would be authenticating to the network.

This is usually more overhead than many companies are willing to take on,

because of the security versus convenience trade-off involved.

If 802.1X is too complicated for a company,

the next best alternative would be WPA2 with AES/CCMP mode,.

But to protect against brute force or rainbow table attacks,

we should take some steps to raise the computational bar.

A long and complex passphrase that wouldn't be found in a dictionary would

increase the amount of time and resources an attacker would need to break the passphrase.

Changing the SSID to something uncommon and unique,

would also make rainbow tables attack less likely.

It would require an attacker to do the computations themselves,

increasing the time and resources required to pull off an attack.

When using a long and complex Wi-Fi password,

you might be tempted to use WPS to join clients to the network.

But we saw earlier that this might not be a good idea from a security perspective.

In practice, you won't see WPS enabled in an enterprise environment,

because it's a consumer-oriented technology.

If your company values security over convenience,

you should make sure that WPS isn't enabled on your APs.

Make sure this feature is disabled on your AP's Management Council.

You might want to also verify the feature is actually disabled using a tool like Wash,

which scans and enumerates a piece that have WPS enabled.

This independent verification is recommended,

since some router manufacturers don't allow you to disable it.

In some cases, disabling the feature through

the management console doesn't actually disable the feature.

Ready for another quiz? Don't worry,

it's just a practice one,

to help make sure you're getting all this wireless info wired into your brain.

探索我们的目录

免费加入并获得个性化推荐、更新和优惠。

Coursera 致力于普及全世界最好的教育，它与全球一流大学和机构合作提供在线课程。

© 2018 Coursera Inc. 保留所有权利。

通过 App Store 下载

通过 Google Play 获取