Daily Archives: October 22, 2010

Tugas CCNA lab 7.3.5

Oleh : Irma Permata Sari/02842.08/Pendidikan Teknik Informatika UNP

Lab 7.3.5 Configuring Wireless Security

Objectives

  • Create a security plan for a home network.
  • Configure the wireless access point (AP) portion of a multi-function device using security best practices.

Background / Preparation

A well-planned security implementation is critical to the safety of a wireless network. This lab goes over the steps that must be taken to ensure the safety of the network using the following scenario. You have just purchased a Linksys WRT300N wireless router, and you want to set up a small network in your

home. You selected this router because the IEEE 802.11n specification claims that it has 12 times the speed of an 802.11g and 4 times the range. Because the 802.11n uses 2.4 GHz, it is backward compatible with both the 802.11b and 802.11g and uses MIMO (multiple-in, multiple-out) technology.

You should enable security mechanisms before connecting your multi-function device to the Internet or any wired network. You should also change the default values provided, because they are well-known values that are easily obtainable on the Internet. The following resources are required:

  • Windows-based computer
  • Linksys WRT300N
  • Straight-through Ethernet cable

Step 1: Plan the security for your home network

  1. List at least six security best practices that you should implement to secure your multi-function device and wireless network.Jawaban:1) Change default values for the SSID, usernames and passwords,2) Disable broadcast SSID, 3) Configure MAC Address Filtering, 4) Configure encryption using WEP or WPA, 5) Configure authentication ,6) Configure traffic filtering
  2. Describe what the security risk is for each item. Jawaban: 1) Passwords are changed to prevent neighbors or other people from logging in to your router. 2) SSID should be changed to a unique name. 3) SSID broadcasting is disabled so that the SSID name is not broadcasted to others in range of your network. 4) Encryption and authentication prevents hackers from gaining access to the network and intercepting messages. 5) MAC filtering keeps unwanted computers from associating with the AP

Step 2: Connect a computer to the multi-function device and log in to the web-based utility

  1. Connect your computer (Ethernet NIC) to the multi-function device (port 1 on the Linksys WRT300N) by using a straight-through cable.
  2. The default IP address of the Linksys WRT300N is 192.168.1.1, and the default subnet mask is 255.255.255.0. The computer and Linksys device must be on the same network to communicate with each other. Change the IP address of the computer to 192.168.1.2, and verify that the subnet mask is 255.255.255.0. Enter the internal address of the Linksys device (192.168.1.1) as the default gateway. Do this by clicking, Start > Control Panel > Network Connections. Right click on the wireless connection and choose Properties. Select the Internet Protocol (TCP/IP) and enter the addresses as shown below.
  3. Open a web browser, such as Internet Explorer, Netscape, or Firefox and enter the default IP address of the Linksys device (192.168.1.1) into the address field and press Enter.
  4. A screen appears, requesting your user name and password.
  5. Leave the User name field blank and enter admin for the password. It is the default password on the Linksys device. Click OK. Remember that passwords are case-sensitive.
  6. As you make the necessary changes on the Linksys device, click Save Settings on each screen to save the changes or click Cancel Changes to keep the default settings.

 

Step 4: Change the Linksys device password

  1. The initial screen displayed is the Setup > Basic Setup screen.
  2. Click the Administration tab. The Management tab is selected by default.
  3. Type in a new password for the Linksys device, and then confirm the password. The new password must not be more than 32 characters and must not include any spaces. The password is required to access the Linksys device web-based utility and Setup Wizard.
  4. The Web Utility Access via Wireless option is enabled by default. You may want to disable this feature to further increase security.
  5. Click the Save Settings button to save the information. NOTE: If you forget your password, you can reset the Linksys device to the factory defaults by pressing the RESET button for 5 seconds and then releasing it. The default password is admin.

Step 5: Configure the wireless security settings

  1. Click the Wireless tab. The Basic Wireless Settings tab is selected by default. The Network Name is the SSID shared among all devices on your network. It must be identical for all devices in the wireless network. It is case-sensitive and must not be more than 32 characters.
  2. Change the SSID from the default of linksys to a unique name. Record the name you have chosen: Student Dependant
  3. Leave the Radio Band set to Auto. This allows your network to use all 802.11n, g, and b devices.
  4. For SSID Broadcast, select the Disabled button to disable the SSID broadcast. Wireless clients survey the area for networks to associate with and will detect the SSID broadcast sent by the Linksys device. For added security, do not broadcast the SSID.
  5. Save your settings before going to the next screen.

 

Step 6: Configure encryption and authentication

  1. Choose the Wireless Security tab on the Wireless screen.
  2. This router supports four types of security mode settings:
  • WEP (Wired Equivalent Privacy)
  • WPA (Wi-Fi Protected Access) Personal, which uses a pre-shared key (PSK)
  • WPA Enterprise, which uses Remote Access Dial In User Service (RADIUS)
  • RADIUS
  1. Select WPA Personal Security Mode.
  2. On the next screen, choose an Encryption algorithm.

To secure a network, use the highest level of encryption possible within the Selected Security mode. The following Security Modes and Encryption levels are listed from least secure (WEP) to most secure (WPA2 with AES)

  • WEP
  • WPA
  • TKIP (Temporal Key Integrity Protocol)
  • AES (Advanced Encryption System)
  • WPA2
  • TKIP
  • AES

AES is only supported by newer devices that contain a co-processor. To ensure compatibility with all devices, select TKIP.

  1. For authentication, enter a pre-shared key between 8 and 63 characters. This key is shared by the Linksys device and all connected devices.
  2. Choose a key renewal period between 600 and 7200 seconds. The renewal period is how often the Linksys device changes the encryption key.
  3. Save your settings before exiting the screen.

 

Step 7: Configure MAC address filtering

  1. Choose the Wireless MAC Filter tab on the Wireless screen.
  2. MAC address filtering allows only selected wireless client MAC addresses to have access to your network. Select the radio button to Permit PCs listed below to access the wireless network. Click the Wireless Client List button to display a list of all wireless client computers on your network.
  3. The next screen allows you to identify which MAC addresses can have access to the wireless network. Click the Save to MAC Address Filter List check box for any client device you want to add, and then click the Add button. Any wireless clients, other than those in the list will be prevented from accessing your wireless network. Save your settings before exiting the screen.

Step 8: Reflection

  1. Which feature that you configured on the Linksys WRT300N makes you feel the most secure and why? Answers will vary. The MAC address filter is a very restrictive method of controlling access. Jawaban: MAC address filtering uses the MAC address to identify which devices are allowed to connect to the wireless network. When a wireless client attempts to connect, or associate, with an AP it will send MAC address information. If MAC filtering is enabled, the wireless router or AP will look up its MAC address a preconfigured list. Only devices whose MAC addresses have been prerecorded in the router’s database will be allowed to connect.
  2. Make a list of other items that could be done to make your network even more secure. Answers include configure MAC/IP filtering to control which type of traffic is allowed to flow on the network; disable unneeded services (Telnet, HTTP, TFTP, and so on). Jawaban:

Tugas CCNA lab 7.2.6

Oleh: Irma Permata Sar/02842.08/Pendidikan Teknik Informatika UNP

Lab 7.2.6 Configuring a Wireless Client

Objective

  • • Install and configure a driver for a wireless USB NIC for a wireless client computer.
  • • Determine the version of the driver installed and check the Internet for updates.

Background / Preparation

 

In this lab you will install a driver for a wireless USB NIC in a computer. The driver is a type of software that controls the wireless NIC. The driver comes on a CD with the NIC or can be downloaded from the Internet. Many manufacturers require that the driver is installed before the adapter is connected. The procedure described in this lab is for a Linksys USB 802.11g wireless NIC, but is similar to others. You should always follow the procedure recommended by the wireless NIC manufacturer. The following resources are required:

  • Windows XP-based computer with an available USB port
  • Wireless USB NIC and associated driver
  • Administrator rights to install the driver
  • Linksys WRT300N with wireless access configured from previous lab

Step 1: Install the wireless NIC driver

  1. Insert the CD that contains the wireless NIC driver into the CD/DVD drive and install the driver according to the manufacturer recommendations. Most USB devices require that the driver be installed before the device is physically attached.
  2. Who is the manufacturer of the wireless NIC?  Answer will be hardware dependent.Jawaban: WLAN IEEE 802.11 g oleh Linksys
  3. Describe how you installed the wireless NIC driver. Answer will be student dependent Jawban:
  1. a. Mode Infrastruktur
    1. 1. Konfigurasi Access Point( Wireless Adapter dan Instalasi Access Point)
    2. 2. Konfigurasi Client
    3. 3. konfigurasi USB Wireless Adapter( Instalasi Usb Wireless Adapter, Koneksi ke Access Point Pada Linksys Network Monitor, danKoneksi ke Access Point Pada Windows)
  2. b. Mode Ad-Hoc
    1. 1. Aktifkan Wireless adapter masing – masing komputer yang akan dihubungkan dengan jaringan
    2. 2. Klik kanan pada icon Network Wireless Connection pada taskbar, lalu pilih View Available Wireless Networks,
      1. 3. Klik Change the order preferred Network maka akan muncul.
      2. 4. Klik Add pada kolom Preferred Network, lalu ketikkan Nama Network yang akan digunakan pada kolom Network Name. contoh nama SSID Broadcasternya adalah Ad Hoc.
        1. 5. Klik Ok
      3. 6. Klik refresh Network list maka akan muncul koneksi Ad-Hoc dengan nama SSID Ad Hoc.
      4. 7. Kemudian pilihlah opsi Change advance setting maka Klik 2 kali pada opsi internet protoco(TCP/IP) maka akan muncul gambar selanjutnya.
      5. 8. Kemudian setting pada masing masing komputer dengan IP address yang berbeda dengan aturan 192.168.1.xxx dengan xxx adalah sesuai angka yang diharapkan dalam range 1s/d 254. misal (192.168.1.65)
      6. 9. tentukan Subnet mask-nya dengan 255.255.255.0 untuk membentuk jaringan lokal. Kosongkan gateawaynya
      7. 10. klik ok untuk verifikasi.
      8. 11. Tes koneksi dengan command PING pada command prompt,bila terhubung maka komputer komputer tersebut siap berkomunikasi dalam jaringan Ad-Hoc secara Pear to pear.

 

Step 2: Install the wireless NIC

  1. When prompted, connect the USB NIC cable to an available USB port. Click Next to continue.

 

Step 3: Attach to the wireless network

  1. Most wireless NIC adapters have client software to control the NIC. The software shows any wireless networks that are discovered. Select the SSID of the wireless network that you configured on the AP in a previous lab.
  2. Which SSID are you using? Answer is student/network. Jawaban: linksys
  3. If the wireless NIC did not connect to the wireless network, perform the appropriate troubleshooting.
  4. What is the signal strength for the wireless NIC? Answer is hardware dependent. Jawaban: linksys
  5. Did the wireless NIC see any other wireless networks in the area? Why or why not? Answer is lab dependent and on how many students are in the lab at once. Jawaban ya. Karena dikampus saya banyakk sinyal wireless yg aktif
  6. Show your active wireless connection to a fellow student or the lab assistant.
  7. What is another name for a wireless host? Jawaban: Elektronika1, Elektronika 2, Linksys e57, Elektro UNP.
  8. Is it better to use the client software from the wireless NIC manufacturer or let Windows XP control. Jawaban: ya.
  9. The wireless NIC? It is better to use client software to control the wireless NIC. Jawaban: ya karena cukup mudah dikonfigurasi.

Step 4: Determine the NIC driver version

  1. Hardware manufacturers continually update drivers. The driver that ships with a NIC or other piece of hardware is frequently not the most current.

 

  1. To check the driver version for the NIC you installed, click Start, select Control Panel and then Network Connections. Right-click on the wireless connection and select Properties. Click the Configure button for the NIC and then the Driver tab. What is the name and version of the driver you installed? Answer is hardware dependent. Jawaban: Linksys version 2.9.8.335

Step 5: Determine if the NIC driver is the most current

  1. Search the NIC manufacturer web site for drivers that support the wireless NIC you installed. Are there more current ones available? Very possibly. Jawaban: ya.
  2. What is the most current one listed? Answer is hardware dependent
  3. If there is a more current driver, how would you apply it? Download the driver to a known location on the hard drive and use the Update Driver option from the network connection properties screen. Jawaban: tidak mendonloadnya karena dapat membuat ke aslian dari software yang sedang dipakai/terinstal terdeteksi dan akan menyebabkan software yang telah terinstal jadi tidak optimal kerjanya.

Step 6: Verify connectivity

  1. Once you have installed the NIC, it is time to verify connectivity with the Linksys WRT300N.
  2. Open a web browser such as Windows Internet Explorer or Mozilla Firefox.
  3. In the address line type http://192.168.1.1, which is the default setting on the AP.
  4. In the Connect to 192.168.1.1 dialog box, leave the username text box empty, and type admin in the password text box. Leave the Remember my password checkbox unchecked. Click OK.
  5. If you receive the Linksys Setup screen, you have established connectivity with the AP. If you do not establish connectivity, you will have to troubleshoot the connection by checking to ensure the devices are turned on and the IP addresses on all devices are correct. Which IP address should be configured on the wireless NIC?Answer should be an IP address in the 192.168.1.0/24 network

Step 7: Reflection

  1. Do you think the process of setting up a wireless network at a food store or book store is any different from what you just did? Why or why not?. Answer will be student dependent, but they should see that it is no different. Jawaban: tidak. Bias saja sama jika menggunakan software yang sama. Pada dasarnya setiap software wireless yang beredar dipasaran itu sama saja hanya interfacenya saja yang sedikit berbeda.
  2. Do you think the AP model that you are using would be sufficient for the food store in your neighborhood? Why or why not? Answer is student’s own opinion. Jawaban: ya. No IPnya harus lah spesifik, tidak boleh sama.