Wireless Local Area Networks (LANs) have the ability to send and receive data over “infrared or radio frequency technology” without the need to be connected with an Ethernet cable (Hamid, 2002). The current wireless LAN standards are IEEE 802.11g (aka wireless G) and 802.11n (aka wireless N). Both of these have their own advantages – wireless G has been around longer than wireless N and thus more devices are compatible with wireless G, but wireless N is faster and has a greater transmission range (IEEE Computer Society, 2012). Wireless technologies are popular because they are easier to deploy and provide for more flexibility for where a device is used as they are not bound by the reach of a cord, etc. However, security behind wireless LANs tends to be overlooked, and it is critical that wireless network users abide by security best practices. It will be interesting to explore the various options users have to further enhance security using a standard Linksys router, Windows Firewall, open source intrusion detection systems and endpoint security, as well as recommended best practices.
Before we begin a detailed analysis of hardware or software specific security recommendations, an overview of basic wireless security issues should be valuable in understanding some of the concerns at hand. Van Lengen shared in his paper that wireless networks are being deployed virtually everywhere in today’s environment – mobile access after all is more convenient and generally easier to set up over wired networks. However, since attackers do not need physical access to wireless LANS, if vulnerabilities exist, it is very easy for them to cause harm (Van Lengen, 2005). Van Lengen recommending using a directory based authentication scheme such as Lightweight Directory Access Protocol (LDAP) to ensure only authorized users, as pre-defined in a “group” are allowed to use a network. The reason behind this is that MAC address authentication can easily be spoofed for easy access, so additional authentication methods should be used. Beyond the “defense in depth” approach, covered later in this paper, he also suggested a proper risk assessment be conducted before a wireless network is put in place. This way, assuming all issues found during the risk assessment have been reduced or mitigated, users and organization executives will have greater confidence of their network’s security ahead of time, versus proceeding with a backwards ‘deploy and patch’ approach (Van Lengen, 2005).
Van Lengen highlighted the importance of identifying the ‘5 W’s’ of network security. Questions should be raised such as “who or what are you trying to protect [the network] from?” (Van Lengen, 2005). All data and physical resources should be identified and costs associated with any downtime resulting from an attack or other network issue should be noted. He shared a formula the industry tends to use to calculate the impact of a risk, which is “risk = threat * vulnerability.” While we would like to mitigate all risks, realistically that is not possible. Many people in the industry actually suggest a near 100% is difficult in itself, with technology and software constantly changing which makes that a moving target. As such, Van Lengen noted we occasionally need to make compromises known as accepted risks, but a carefully planned risk discovery and elimination/reduction initiative can greatly enhance network security (Van Lengen, 2005).
Risk mitigation begins with a properly thought out and deployed security policies. These may include but not limited to an Acceptable Use Policy (AUP), ID badge policy/procedures and so on. The SANS Institute recommends these policies be clear and concise, abide by local, regional and federal laws and provide information on who to contact. Basically, you want to answer any common questions the end-user might have that would help ensure compliance – even to help them understand why they should follow the policy (Van Lengen, 2005). Bullet-proof security policies should be followed by a network and host system analysis (hardware and operating system), and then a full review of the various applications residing on host systems and their relationship with other systems on the network. Finally, proper logging and auditing capabilities should be enabled for the system/network administrator’s review (Neoh, 2003). Too much information is better than none, especially if one ever needs to trace activity from a specific user to support termination and possible litigation following an attack. On that note, HR should work with IT to ensure the global HR manual clearly spells out an allowance for the company to physically and electronically monitor/audit all activities conducted within their offices, network and on their loaned systems (i.e. corporate laptop, desktop system, tablet, etc.)
One of the most critical defense in depth tactics one can use is protecting your wireless router. Linksys routers, manufactured by Cisco Systems are popularly used in home networks and small businesses. They are relatively easy to setup and administer, with initial setup generally taking anywhere from five to ten minutes for someone with basic networking skills. What some people do not realize is that after they set up their routers, unauthorized users can piggyback or ‘steal’ Internet access if they do not password protect their wireless network connections. Worst yet, many users do not change the default router administration password from “admin” to another password, allowing others to take control over your router and cause havoc. While these scenarios are rare and can be resolved by resetting your router, it can easily be avoided by taking a few minutes to properly configure your router.
Most Linksys routers can be accessed by entering 192.168.1.1 in your web browser’s address bar. After you do this, you will be asked to enter a username and password. By default, there is no username, but you should enter “admin” in the password field. You can leave most of the default router settings as is (assuming you recently reset your router or setting up a new router). This overview assumes you are using a Linksys WRT54GL v1.0 device with the latest firmware (currently v4.30.16), although most Linksys home router interfaces are similar. After you log in, go to the “Wireless” tab and in the default “Basic Wireless Settings” sub tab, change your “Wireless Network Name (SSID)” to make it easier to locate your network. Next, you will want to select a “Security Mode” and WPA algorithm (WPA2 Personal with TKIP+AES is common). Your “WPA Shared Key” is your wireless Internet’s password – this should be at least eight characters in length, with a mix of upper and lowercase characters, numbers and special characters (i.e. !, @, etc.) It should also not be based on a dictionary word, or something someone could easily guess, like your last name, pet’s name, etc. Make sure you save your settings in each screen before moving on to the next. The final component behind basic router security is to go to the “Administration” tab and then the “Management” sub tab and change the “Router Password” (Cisco Systems, n.d.).
Regarding advanced router settings after configuring basic security for your router and wireless connection, if you want to add another layer of authentication, you can find the MAC addresses for all the devices you want to use your wireless network. After doing so, go to the “Wireless” tab and then select the “Wireless MAC Filter” sub tab. Enable the filter and then select “Permit only PCs listed to access the wireless network,” while entering the device MAC addresses through the “Edit MAC Filter List” window. If you do this, you may want to consider turning off the “Wireless SSID Broadcast” so your wireless network is hidden from the list of available networks among your neighbors (Cisco Systems, n.d.). The latter might actually be good to do in either case, to further enhance security, but might cause a slight delay trying to add new devices to your network. You will have to weigh any loss of convenience against increasing security and try to find a suitable ‘middle ground.’
If you are concerned about unauthorized devices using your network, you may want to go to the “Status” tab and select the “Local Network” sub tab. If you click on the “DHCP Clients Table” button, you can see all of the devices names, along with their MAC and IP addresses listed that currently interface with your router. If anything looks suspicious, you can always remove them via the “Delete” button. Sometimes when you first add your router, since the SSID might be labeled “linksys” and a neighbor having their wireless card connect automatically to their own router which might also be named “linksys”, you may find a few users unintentionally connected to your network. However, as mentioned, you can easily remove them here. Regarding other settings, you might want to browse through the “Administration” area. If you enable logs through the “Log” sub tab, you can track incoming and outgoing traffic. You can also check Linksys’ support web site to see if you have the latest firmware installed, and if not, install the latest firmware through the “Firmware Upgrade” sub tab. This is important because new firmware typically patches any security vulnerabilities that might make it easy for attackers to bypass router security measures. You may want to consider backing up your current configuration by going to the “Config Management” sub tab and then clicking on the “Backup” button (Cisco Systems, n.d.).
We just highlighted logging traffic – while the Linksys log is useful for determining which LAN IPs are interfacing with certain destination URLs/IPs and service/port numbers (Cisco Systems, n.d.), more often than not we want to see more information. A program called Wireshark can do just that. Once installed, the user would just need to select a capture interface and then start packet capturing within the Wireshark program (Lamping et al., 2013). The packet captures are then listed and one can then filter by protocol type for further analysis. Wireshark is great for finding out more about how your network is used, while allowing its users to open packets and explore what web sites a network user is visiting and many times, the content of those pages. In rare cases, an attacker might spoof one of your IPs, MAC addresses or other identifiers, so analyzing the content portion of packets captured in Wireshark is critical. For example, if you are a TD Bank customer and you start to see login activity from Bank of America (and no one else in your network is a customer of the latter), you can almost certainly be sure you have an intruder using your network. Since so many people with basic technical knowledge only look for the usual ‘red flags,’ intruders are becoming increasingly clever with the ways they can use a network undetected. In fact, some hackers might have exploited your network’s security long ago. On one side of the spectrum, they may have just been ‘riding’ your connection for free service which should have only a minimal impact – unless they used your connection for illegal activities. Or worst case, they may have been eavesdropping on your network activity for a very long time, collecting your access credentials and/or taking note of your day to day activities and network resources you use to cause maximum harm during a future attack. Whichever the case may be, it is important to try to detect this activity early on.
Suspicious activity in Wireshark is sometimes difficult to discover with the large amount of packets listed, but with proper filters and analysis applied (perhaps while comparing the list of approved devices configured in your router), it is relatively easy to find any unauthorized devices that may have bypassed router security. It is even possible to view unauthorized activity from malware installed on one of your own devices (Lamping et al., 2013). Surprisingly, the latter is becoming more common if endpoint protection is not installed on every device. You may find for example spyware (a form of malware) is transmitting your web browsing activity to another server, with network activity logs providing ample evidence of such activity. This provides a perfect Segway to our next topic of how we can block software programs from sending or receiving data.
Whenever someone brings up firewalls to a less technical user, they might think of complex systems that block access to web sites. On the contrary, firewalls are very simple if we consider how they operate at the high level – they merely block (or allow) incoming and outgoing connections from a wireless LAN device to the Internet. Enabling a firewall is crucial, as another safeguard to have in place, in case other security implementations fail in an attack. An analogy I like to use with firewalls is that if someone breaks in to a gated community, a home’s security system may prevent them from going any further. With most modern versions of Microsoft Windows, a program called Windows Firewall is integrated with the OS. The firewall blocks inbound connections and allows outbound connections by default – unless a rule specifies otherwise (Microsoft Corporation, 2009).
To make sure Windows Firewall is turned on, in your Start menu’s search, type “Windows Firewall with Advanced Security” and then click on the program when it shows up in the results. In the “Overview” section, you should see it enabled – if not, you can enable it via the “Windows Firewall Properties” link. On the left side of the Windows Firewall interface, you should see two links: “Inbound Rules” and “Outbound Rules.” If you click on each one, you can see all of the programs or ports allowed or otherwise prevented from operating. You may have hundreds of rules configured, but you can easily filter rules via the right side “Actions” area in the program’s interface. New rules can be configured through the same area by clicking on the “New Rule…” link. You should also consider reviewing basic profile settings via the “Windows Firewall properties” link mentioned earlier. The “Domain Profile” is usually the default firewall behavior if you connect to a domain on your network. The “Private Profile” settings should be similar as if you do not connect to a network domain, you usually operate on the “Private Profile.” “Public Profile” settings should reflect how you want to further refine allow/deny rules whenever you use your wireless enabled device on public networks. On the latter, your rules should be generally stronger if your domain and private profile settings are a bit loose, allowing little to no discrimination against allowed or denied traffic. In the “IPsec Settings” tab, you can configure security key exchange settings if certain networks will not allow devices to connect with them, without an appropriate key. This area is also useful for requiring encryption and certain authentication schemes. Windows Firewall’s “Monitoring” area is useful to see which networks and profile are active, see which connections are being blocked or allowed, etc. (Microsoft Corporation, 2009). Microsoft’s product works great if there are not any other standalone or embedded firewall products installed on the system (i.e. Kaspersky Anti-Virus), because they can cause process conflicts. As a result, most endpoint security programs automatically turn off Windows Firewall upon installation, so you would need to apply the same basic concepts learned above with the respective vendor’s firewall (Kaspersky Laba, 2012).
The SANS Institute, an organization charged with providing insight into industry best practices for networking and infrastructure security highlighted the important role of Intrusion Detection Systems (IDS) in many of their papers. In fact, they even went as far as to suggest IDS are “arguably the best tool” because they complement firewalls and other network security policies/procedures well (SANS Institute, 2005). IDS has the same goal as firewalls in that they block unauthorized traffic, but functions differently as you will learn later in this paper. SANS Institute highlighted there are two types of IDS: a network-based IDS (NIDS) and a host-based IDS (HIDS). Basically, a NIDS evaluates activity across an entire network and reports this data back to a central admin server. HIDS’s only evaluate a single system, which may be your primary laptop or desktop system, server or other system in your network infrastructure.
Host-based IDS’s are great if you want more information on users accessing and launching specific processes, programs and other activities – they also function well on systems that receive encrypted data and on “switched networks.” HIDS obviously do not perform well if you want to view activity across an entire network or port settings to other platforms such as migrating from Windows to Linux (SANS Institute, 2005). In contrast to HIDS, network-based IDS’s are designed in a way that its agents can reside on virtually any operating system and are typically easier to manage. However, they struggle with analyzing encrypted data and in situations where network traffic is switched, unless they are configured appropriately (SANS Institute, 2005).
OSSEC is a popular open source IDS designed to operate as a HIDS. OSSEC has a centralized server (aka admin or management server) and pulls data from a system’s OSSEC agent and other sources such as logs. The server not only collects this information, but maintains configuration for its agent and “file integrity checking databases” (Trend Micro, n.d.). Although OSSEC does not require an agent to run on a system (it can run as an agentless install if you do not have the correct privileges to install an agent), most of the time an agent is installed to follow industry best practices – even though we are analyzing a single system. An agent can be installed on VMware instances and can review logs from “firewalls, switches and routers” (Trend Micro, n.d.) These agents use a small amount of system resources by design and simply push data to the admin server for processing. Once the data is pushed to the admin server, normal activity is simply logged, but if any abnormal or suspicious activity is noted, alerts are generated and any automated responses go into effect. As mentioned earlier, most of the settings an agent uses are inherited from the admin server. These settings are also locked from being edited, unless the admin server allows the end user to edit some or all settings locally, typically requiring a password. This is a security feature that prevents malware from interfering with the agent. In a worst case situation, if an agent has been compromised by malware, it could be programmed to report normal activity during an attack. Due to the heavy reliance on valid agent reporting, the person responsible for monitoring activity through an HIDS could very well not know their system was being attacked (Trend Micro, n.d.) To use an analogy, this would be similar to an intruder breaking into an organization’s physical location, modifying their network cameras to replay ‘normal’ activity or present a static image and the security guard would not be aware of any unauthorized personnel being present. That is of course there were no redundant security systems in place, such as invisible laser beams that would break and cause an alert if someone walked past them and so on. To reflect on earlier discussions, redundant measures such as firewalls and other systems could help provide a more robust detection system.
Snort is another open source IDS designed to function as a NIDS. It has some intelligence built into the program to help detect suspicious activity according to default rules, or rules you/your network administrator specifies, and then automatically blocks access. It also serves as a nice monitoring tool a Network Operations Center (NOC) Analyst (and/or IT team) can review for additional redundancy to help flag any unauthorized activity (The Snort Projecta, 2013). The program itself may not come across as user friendly with it being command line driven, but if you install add-ons advertised on the Snort web site, you can install a GUI of your choosing. The GUIs are designed to streamline Snort configuration and network monitoring. For example, BASE (Base Analysis and Security Engine) is a popular Snort GUI, but requires configuring a web server (The Snort Projectb, n.d.) Once configured, BASE will allow you to review alerts in real time and if you deem any of them suspicious, you can act accordingly by manually adjusting firewall rules, uninstalling programs, removing viruses/malware, etc. Optionally, as mentioned earlier, you can configure IDS rules based on certain patterns that can perform defensive actions for you. Snort is a valuable tool to have in your security arsenal, if you want to consider immediate action done if you or someone else cannot be on site to respond to alerts.
A robust endpoint security solution should never go overlooked in any network environment. In fact, many enterprise security policies mandate all systems, including Mac and Windows operating systems have endpoint protection installed, prior to connecting with a network. Based on the author’s experience, some organizations, such as Southern New Hampshire University require users to allow a small scan utility to detect approved anti-virus/malware programs before they can use the network. Even if a user already has endpoint protection installed, such as Iolo’s System Mechanic Pro, if it is not on the organization’s list of approved endpoint protection solutions, they will still be required to install an approved product before connecting. Luckily, to help support controlled endpoint protection usage (among a list of approved products) and ensure every user has anti-virus installed there are free solutions such as “AVG AntiVirus Free” which provide suitable protection (AVG Technologies, 2013). Endpoint security solutions such as Kaspersky Endpoint Security are designed for enterprise use because they can remotely manage endpoint security on all end-user machines that have the appropriate agent installed. IT administrators can push new policies and tasks out to these users that update their client’s keys, remotely update the client and agent as required, force database updates, schedule automatic full disk virus scans and so on. They can even lock down specific settings on the client side that prevent the end users from shutting down the firewall for example or stopping a virus scan. On the other hand, they can allow the user to apply their own settings in some areas, such as whitelisting specific ports for certain groups of users (i.e. application developers) and allow them to manually update virus definitions before an automatic update. Kaspersky’s solution prohibits users from uninstalling the agent and client by prompting them to enter a password when they initialize the uninstall window through the OS uninstall wizard (Kaspersky Labb, 2012).
Endpoint protection should be installed on as many systems as possible. Typically, IT managers will only require this get installed on workstations, but that obviously only protects a portion of the entire network infrastructure. If Kaspersky’s solution (or an equivalent) was also installed on VMware instances, email and file servers, and other systems, your infrastructure would be able to ward off a higher number of attacks (Van Lengen, 2005). However, at times, you may want to do a cost/benefit analysis to determine if installing endpoint protection is necessary, such as on test or QA systems. One would have to consider factors such as the cost of a license, cost of IT to deploy and impact of different types of attacks on a temporary or test system to determine whether it would be worthwhile installing on those machines.
Beyond the LAN security tactics presented here – all of which can certainly help safeguard your wireless network, you may want to consider penetration testing (aka pen testing). So called ‘white hat’ hacking principles are beyond the scope of this paper, but introducing the topic is important enough to mention to increase awareness. It is highly recommended you/your team and even a third party security consultant attempt to break through your security implementations to test against vulnerabilities. After all, that is really the only way you can truly test the strength of your defenses. To use another analogy, you can build the greatest castle in the world, only to find its door can easily be rammed through with minimal difficulty. Sometimes what others would consider simple security measures such as (in this case) having the door made of steel, as opposed to cheap wood can be easily overlooked. Converted to our scenario, weak wireless router passwords can easily be compromised using brute force password crackers such as Reaver. Remember that routers (and firewalls) are the gateway to networks.
Reaver is an open source WPA password cracker. The author of a popular Reaver tutorial indicated it took him only 2.5 hours for him to crack his own network password, although it can take as long as 4-10 hours depending on your computing resources and the strength of the password (Pash, 2012). Using the utility is very easy as one only needs to burn an ISO to a blank DVD, run a Linux Live DVD instance and then type a short list of commands to start the crack process. Pash indicated Reaver cannot bypass password encryption for all home routers, but indicated home routers are normally very easy to hack (Pash, 2012). The author of this paper attempted to crack his own Linksys router, but thankfully, the crack tool could not break the password. If you follow the router security recommendations presented earlier, inclusive of using a complex password, you would have greater assurance that others will not be able to easily bypass your network security and cause harm using freely available tools.
Unfortunately, attacks are not limited to just brute force password cracking. They can also include port scanning tools and utilities designed to assess application and operating system vulnerabilities. Once an attacker understands which ports are available and what specific software holes exist on a system, they can easily exploit those weaknesses to cause harm. Pen testing usually involves running these tools to discover vulnerabilities before hackers find them (Northcutt et al., 2006). According to Northcutt et al., Nmap is used to get a fairly accurate sense of what kind of operating system a system is using. It can also let the person running the vulnerability assessment know all ports that are open (they recommend letting the program detect all available ports). Another program called Nessus takes a closer look at specific vulnerabilities detected with the system’s operating system and applications installed. These vulnerabilities are typically targeted by hackers as a way to gain access around other security implementations (Northcutt et al., 2006).
Physical security of your organization’s network hardware assets should also never be overlooked. For example, is your wireless access point (WAP) located next to a water sprinkler system? If so, what happens if a fire drill somehow activates this? The WAPs and any other equipment in the affected area(s) is/are likely to be damaged beyond repair. Redundancy should be considered for the worst case scenario, even if the risk (such as the one expressed here) is low – especially if the outcome could result with a long recovery period and significant downtime. Spares should always be on hand if redundant devices cannot be mounted elsewhere in your work area in advance. Incidents are not only limited to natural disaster or human error – they can also be caused by theft and employees, contractors, visitors and intruders wishing to vandalize property. In one of your organization’s policies, you should include verbiage that requires IT to secure critical network infrastructure by ensuring they are properly bolted down/secured and perhaps affix RFID tags that trigger an alarm if someone tries to take it out of the office. A simple inventory system can also help ensure all network components are accounted for (and functioning) during a regular audit. If you really want to be careful about protecting your network’s equipment, you can even integrate a simple badge swipe system that prevents access to closed areas such as a server room and prevents others from lock-picking doors to key areas within your network (and environment as a whole).
Wireless LAN security is a broad topic and entire books have been written on the subject, but the scope of this paper is designed to highlight some basic best practices and tools you can use to best protect your network. These recommendations are not designed to be a ‘cure all’ for securing your wireless network, but it should help provide a solid platform for securing your data and devices from harm – both from within your network/organization and outside. While securing wireless networks is obviously very important, end users should also be cognizant of the data they work with on a day to day basis. According to Gordon, 73% of all data leaks concern customer data, followed by “confidential information, health records and intellectual property,” respectively (Gordon, 2007). In other words, securing hardware, operating systems, applications and data in itself is only one aspect of security – users also need to abide by written policy and apply common sense and due diligence in their daily activities.
While we evaluated electronic and physical security measures, another important proactive security measure is backing up your data. This includes backing up your wireless router settings, firewall configuration and IDS settings and application files. Any logs or other audit trails should be isolated/locked down as well so they cannot be compromised. This also helps collect all of this information in one central location for automatic backups. As you likely recall from numerous ‘horror stories,’ too many people push off backing up their data due to a perception that a hard drive failure or corrupt data is unlikely to happen. When such failures do happen, it is likely too late to react or they cannot recover all of the data they would like. A simple automatic backup tool you can find online can easily copy all your network infrastructure configuration data and log/audit files to another resources in case this happens to you. Doing this will significantly reduce the amount of time required to restore your network’s defenses after an attack, while minimizing any downtime.
Wireless LAN security is one of those topics that might cause some of the less technical users to pass off as being something only advanced users can do something about. But, in order to achieve as close to a 100% secure score as possible, all users within the network need to treat this topic as a team effort. For example, one should never ask if they can turn off their Kaspersky endpoint protection because it makes their computer’s performance drop when it scans. Instead, they should ask what they can do to minimize the impact of such scans on their performance. The answer to that might be IT programming an exception for the user to scan their system at another time, or whitelist approved applications and/or processes. It could even mean whitelisting certain file system locations, which may benefit developers who constantly build to certain hard drive locations throughout the day. IT departments can train users how they can best assist with enhancing wireless LAN security through webinars, newsletters, trainings and other methods. Home users can learn more about basic network security practices by watching YouTube presentations and tutorials, even reading a vendor’s user manual. These days, user manuals are commonly provided in PDF format, which makes finding answers to common questions fast using the built-in keyword search tool. Less technical users should never get discouraged finding solutions to their security concerns – there are hundreds, if not thousands of free network security forums designed to help home users and even novice network professionals/students become more acquainted with their specific networking environment and protect their infrastructure.
Some people might be concerned about being too ‘paranoid’ when it comes to securing their network infrastructure, but the reality is one can never do ‘too much’ to safeguard valuable information and your general privacy from prying eyes. As Kurose and Ross highlighted, 802.11 has “a number of serious security flaws” which can be easily exploited with freely available programs (Kurose & Ross, 2013, p. 726). This means router passwords can easily be compromised with so-called password crackers (such as Reaver), so we need to monitor network activity and follow the other recommendations presented in this paper to determine whether a network has been compromised. The risk of your network realizing a security breach significantly increases in large communities and more so in public/shared networks. As the saying goes: it is better to be safe than sorry when it comes to protecting your network. Proactive defense will be your best bet to keep attackers away.
AVG Technologies. (2013). AVG AntiVirus Free 2013. Retrieved from http://free.avg.com/us-en/homepage
Cisco Systems, Inc. (n.d.) WRT54GL wireless-G broadband router user guide. Retrieved from http://downloads.linksys.com/downloads/userguide/1224638971110/WRT54GL_V11_UG_C-Web,0.pdf
Gordon, P. (2007, Oct. 15). Data leakage – Threats and mitigation. Retrieved from http://www.sans.org/reading-room/whitepapers/awareness/data-leakage-threats-mitigation-1931
Hamid, R.A. (2002). Wireless LAN: Security issues and solutions. Retrieved from http://www.sans.org/reading_room/whitepapers/wireless/wireless-lan-security-issues-solutions_1009
IEEE Computer Society. (2012, March 29). Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. Retrieved from http://standards.ieee.org/getieee802/download/802.11-2012.pdf
Kaspersky Laba. (2012, Aug. 24). How Kaspersky Lab products version 6.0/7.0/2009/2010/2011 work with third party firewalls. Retrieved from http://support.kaspersky.com/710
Kaspersky Labb. (2012, Dec. 10). Kaspersky Endpoint Security 10 for Windows: Administrator’s Guide. Retrieved from http://docs.kaspersky-labs.com/english/kes10.0_wksfswin_en.pdf
Kurose, J. F., & Ross, K. W. (2013). Computer networking: A top-down approach (6th ed.).
Boston, MA: Pearson.
Lamping, U., Sharpe, R., & Warnicke, E. (2013). Wireshark user’s guide for Wireshark 1.11. Retrieved from http://www.wireshark.org/download/docs/user-guide-us.pdf
Microsoft Corporation. (2009, Dec.) Introduction to Windows Firewall with advanced security. Retrieved from http://www.microsoft.com/en-us/download/confirmation.aspx?id=19192
Neoh, D. (2003, Dec. 12). Corporate wireless LAN: Know the risks and best practices to mitigate them. Retrieved from https://www.sans.org/reading-room/whitepapers/wireless/corporate-wireless-lan-risks-practices-mitigate-1350
Northcutt, S., Shenk, J., Shackleford, D., Rosenberg T., Siles R., & Mancini, S. (2006, June). Penetration testing: Assessing your overall security before attackers do. Retrieved from http://www.sans.org/reading-room/analysts-program/PenetrationTesting-June06
Pash, A. (2012, Jan. 9). How to crack a Wi-Fi network’s WPA password with Reaver. Retrieved from http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
SANS Institute. (2005). Host- vs. network-based Intrusion Detection Systems. Retrieved from http://www.giac.org/paper/gsec/1377/host-vs-network-based-intrusion-detection-systems/102574
The Snort Projecta. (2013, May 29). Snort user’s manual 2.9.5. Retrieved from http://s3.amazonaws.com/snort-org/www/assets/166/snort_manual.pdf
The Snort Projectb. (n.d.) Snort additional downloads: Add-ons & other cool projects. Retrieved from http://www.snort.org/snort-downloads/additional-downloads/
Trend Micro. (n.d.) OSSEC: How it works. Retrieved from http://www.ossec.net/?page_id=169
Van Lengen, A. (2005). Wireless LAN security concerns. Retrieved from http://www.giac.org/paper/gsec/1969/wireless-lan-security-concerns/103426