1 / 34

Wireless Security

Steven Senkus. Wireless Security. What is Wireless Networking?. Transmission of computer-readable data signal through radio waves to the Internet or another computer. Takes place at the physical layer (hardware). A Brief History.

Michelle
Download Presentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Steven Senkus Wireless Security

  2. What is Wireless Networking? • Transmission of computer-readable data signal through radio waves to the Internet or another computer. • Takes place at the physical layer (hardware)

  3. A Brief History • In 1985, the FCC authorized public use of Industrial, Scientific, and Medical bands (902 MHz - 5.85 GHz) • The IEEE later created the 802.11 Working Group to standardize wireless LAN communication. • The standard was approved and published in 1997. 802.11 uses 2.4 GHz or 5 GHz frequency bands. • Due to security demands, WEP (Wired Equivalent Privacy) was added to the 802.11 standard

  4. Wi-Fi Alliance • Formed in 1999; non-profit industry association that worked to unite 802.11 wireless transmission under one certification standard • Ensures interoperability between manufacturers by only allowing the Wi-Fi trademark for certified products.

  5. Wi-Fi Is Everywhere! • Corporations • Home Networks • Universities • Airports • Coffee Shops • Restaurants • Hotels • Libraries • etc.

  6. lower infrastructure costs share resources like printers and shared access to a centralized storage. Advantages of Wireless Networking • mobility • ease of adding devices/ network expansion • minimal cost • speed • ranges up to ~300m outdoors / ~70m indoors

  7. Multiple devices on a WLAN can slow Internet access Wireless transmissions are detectable; security is necessary for privacy and authentication Disadvantages of Wireless Networking • limited frequency • suspected health risks from radio communication • network size is determined by area of transmission • signal interference (cordless phones, other APs, walls)

  8. Dangers of an Unsecured WLAN • Free Internet access for anyone • Illegal activity can be traced back to your network • Wardriving • Intruder configuration of network, installation of malware / backdoors • Outsider access to shared resources (printers, computers) • Eavesdropping / Identity Theft

  9. World's largest known theft of credit card information • A St. Paul, MN Marshalls store (owned by TJX) cut corners on network maintenance, infrastructure, financial standards, and used WEP for Wi-Fi security. Hackers were able to intercept sensitive financial and customer data. • TJX claims to have lost 45.7 million credit/debit card numbers as well as personal information of an estimated 500,000 customers.

  10. WEP Security • WEP = “Wired Equivalent Privacy”; introduced in 1997 as part of the 802.11b standard. • Two types of authentication: Open System and Shared Key • Open System allows any station to connect and encrypts communication. • Shared Key encrypts and decrypts data sent between an access point (AP; router) and a station (computer with a wireless NIC) after a valid key is entered.

  11. WEP Authentication • 1. Station sends an Authentication frame to the AP. • 2. AP replies with a 128 byte random challenge text. • 3. Station encrypts this with the shared key and sends it • 4. AP decrypts challenge text. If it matches the original sent text, then the AP indicates successful authentication

  12. WEP Weaknesses • Wired Equivalency Privacy isn't. • The U.S. Government limited exportable cryptography; as a result, WEP secret keys were limited to 40 bits when first developed. • Researchers from the University of Maryland and Berkeley discovered weaknesses in WEP key reuse, weak message authentication, and traffic injection. • WEP's underlying RC4 algorithm was found to be insecure when multiple packets were analyzed • Encrypted packets are predictable and can be decrypted through statistical analysis

  13. WEP Weaknesses • FBI agents demonstrated that a WEP-secured network can be cracked in three minutes • Several detailed articles and YouTube videos explain the procedure step-by-step • Widely understood to be insecure and, as a result, use has been deprecated. However, WEP is still included with hardware for legacy compatibility. • WEP is the equivalent of a “No Trespassing Sign”

  14. WPA/WPA2 • In 2001, the IEEE addressed the problem by creating the 802.11i task force to address WEP insecurity. • This resulted in the creation of WPA (Wi-Fi Protected Access) and WPA2 after ratification of the 802.11i standard. • WPA encrypts information and ensures that the network security key has not been modified. • WPA-certified devices retain WEP support for legacy systems. • WPA's encryption key differs in every packet • All hardware certified for 802.11b, g, and n must implement WPA and WPA2.

  15. WPA/WPA2 • PSK = Personal Mode – designed for small networks • Network traffic is encrypted with a 256 bit key • Keys can be 8-63 ASCII characters or 64 hexadecimal digits • TKIP = Temporal Key Integrity Protocol – algorithm – used in WPA and an option in WPA2 – per-packet key mixing and a message integrity check • Bruteforce and dictionary attacks are made more difficult with an 8 character minimum passphrases.

  16. WPA2 • Interoperability ensured by EAP (Extensible Authentication Protocol) in Wi-Fi Alliance certification programs. • EAP is used to validate the identity of network devices. • WPA2 was designed to work with RADIUS servers to allow administration, auditing, and logging (username and login required) • WPA2-Enterprise is not practical for small networks due to server authentication. • Uses the AES-CCMP algorithm instead of the flawed RC4

  17. WPA Weaknesses • WPA/WPA2-PSK: The “four-way handshake” packets sent over EAPoL (during client association) can be sniffed and cracked. • WPA/WPA2-PSK: Only as strong as the password chosen • Greater encryption equals greater packet size = more processing power and network bandwidth required • WPA uses the same encryption technology as WEP (RC4) • WPA is vulnerable to DoS attacks • All devices communicating with WPA must have WPA software.

  18. Other Methods of Securing Wireless Networks • VPN – (Virtual Private Network) • Firewalls • MAC (Media Access Control) Filtering – create a table of authorized client MAC addresses and only allow those clients access to the wireless network • RADIUS Authentication and Authorization • Kerberos • RF Shielding

  19. Wireless Tools and Techniques • Most are Linux based software programs • Not all uses are malicious; useful for network auditing • Configuration can be painful! • Widely available and legal • Free and modifiable (open source)

  20. MITM (“Man in the Middle”) attacks: ARP poisoning DNS redirection Session Hijacking DHCP spoofing Wireless Tools and Techniques • War driving • Sniffing • Jamming • Spoofing (MAC address and IP address)

  21. Netstumbler • WLAN detection • Works with Windows • Can be used with a GPS receiver

  22. Kismet • WLAN detector (can detect hidden APs) • Packet sniffer • Intrusion detection

  23. Wireshark

  24. Aircrack-ng

  25. Driftnet • Listens to network traffic and picks up images from TCP traffic

  26. Ettercap • MiTM attack suite • Active eavesdropping on several protocols • Network traffic interception • Password capturing • DNS redirection • Sniffing

  27. Backtrack

  28. Rogue Access Point • An access point that mimics a known access point to trick users and computers into connecting. Traffic can be monitored and directed • Also called Wiphishing, as fake websites can be generated to lure users into giving away their credentials

  29. Wireless Security Tips • Change router password from default • Set router transmission power or physical location • Use wired connections for AP configuration • Disable SSID visibility and beacons (broadcasting) • Use a firewall • Use HTTPS and TLS • Use WPA2

  30. Wireless Security Tips • Use a long and arbitrary password combination consisting of numbers, letters, special characters (if available) • For WEP, define all 4 keys and rotate them at regular intervals • Disable DHCP and assign static IP addresses • MAC address filtering • Turn off file sharing for stations connected to a wireless LAN

  31. Sources • http://en.wikipedia.org/wiki/Wi-Fi • http://www.wi-fi.org/knowledge_center/kc-macfiltering • http://kb.netgear.com/app/answers/detail/a_id/1105 • http://codedrunk.blogspot.com/2008/01/breaking-wep-encryption-easy-way.html • http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack.html • http://electronics.howstuffworks.com/how-to-tech/how-to-detect-stealing-wifi[1-5].htm • http://en.wikipedia.org/wiki/WPA-PSK • http://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack • http://www.smallnetbuilder.com/wireless/wireless-features/24251-thefedscanownyourlantoo • http://openmaniak.com/ettercap.php • http://www.brighthub.com/computing/smb-security/articles/17766.aspx • http://www.brighthub.com/computing/smb-security/articles/17869.aspx • http://techdir.rutgers.edu/wireless.html • http://en.wikipedia.org/wiki/Wireless_security • http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm

  32. Sources • http://windows.microsoft.com/en-US/windows-vista/What-are-the-different-wireless-network-security-methods • http://www.wi-fi.org/files/kc_4_Preventing%20Evil%20Twins-Wiphishing%20QandA.pdf • http://www.oreillynet.com/pub/a/wireless/2002/04/19/security.html • http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy • http://www.acm.org/crossroads/xrds9-4/wlan_abc.html • http://en.wikipedia.org/wiki/RC4_(cipher) • http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html • http://www.dummies.com/how-to/content/understanding-wep-weaknesses.html • http://connect-connect.blogspot.com/2007/09/wireless-security-insight-into-wep.html • http://www.bestsecuritytips.com/news+article.storyid+226.htm • http://www.differencebetween.net/technology/difference-between-wpa-and-wpa2/

  33. Questions?

More Related