Download - Wireless Awareness
![Page 1: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/1.jpg)
WIRELESS AWARENESSPREPARED FOR: CAMIS GROUP07/2012
![Page 2: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/2.jpg)
BIOGRAPHYClint Lentner, MCSE, MCITP: EA
• Netgain Datacenter Deployment Specialist• Designing technical solutions around a wide variety of
applications--from complex enterprise to simple and specialty--in order to provide a seamless end-user experience.
Actively engaged in developing the local IT community through free education opportunities to build networking and enhance technical abilities.
• Specialties• Active Directory, Windows Server, Security and Task
Automation
![Page 3: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/3.jpg)
NETGAIN• National eHealth solutions provider• Provide complete IT infrastructure solutions in hosted or on-
site environments.• Design solutions to deliver standards compliant security, five
nine’s availability and the flexibility to meet the changing needs of healthcare organizations.
• Simplify the healthcare IT environment while improving efficiencies and increasing security.
![Page 4: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/4.jpg)
INTRODUCTION
![Page 5: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/5.jpg)
WIRELESS AWARENESS: INTRODUCTIONWireless Communication:
• Defined as “the transfer of information between two or more points that are not physically connected.”
802.11:• Set of standards created and maintained by the IEEE
LAN/MAN Standards Committee (IEEE 802) for implementing Wireless Local Area Network (WLAN) computer communication in the 2.4, 3.6 and 5 GHz frequency bands.
• These standards provide the basis for wireless network products using the Wi-Fi brand name.
![Page 6: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/6.jpg)
WIRELESS AWARENESS: INTRODUCTIONWi-Fi Alliance:
• Founded by six companies: 3Com, Aironet, Intersil, Lucent Technologies, Nokia and Symbol Technologies in 1999 to promote wireless LAN standard of 802.11
• Wi-Fi vs. IEEE 802.11, 802.11, or WLAN
• Commonly mistaken for “Wireless Fidelity”, Wi-Fi is a nonsensical word.
![Page 7: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/7.jpg)
WIRELESS AWARENESS: 802.11 MODES OF OPERATION
Ad-Hoc Mode• Defined by 802.11 as Independent Basic Service Set (IBSS)• Clients communicate directly with other IBSS clients within
transmission range, creating a peer-to-peer network.
![Page 8: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/8.jpg)
WIRELESS AWARENESS: 802.11 MODES OF OPERATIONInfrastructure Mode
• Defined by 802.11 as Basic Service Set (BSS)• Clients communicate with a central station, or access point
(AP), which acts as an Ethernet bridge onto another network.
![Page 9: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/9.jpg)
WIRELESS AWARENESS: DEMO
http://www.nirsoft.net/utils/wireless_network_view.html
![Page 10: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/10.jpg)
WIRELESS AWARENESS: INTRODUCTION
![Page 11: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/11.jpg)
WIRELESS AWARENESS: INTRODUCTION
![Page 12: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/12.jpg)
WIRELESS AWARENESS: INTRODUCTION
![Page 13: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/13.jpg)
IMPLIED TRUST
![Page 14: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/14.jpg)
WIRELESS AWARENESS: IMPLIED TRUST
![Page 15: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/15.jpg)
WIRELESS AWARENESS: IMPLIED TRUSTWireless users are very trusting
• Users need access to the Internet• Users tend to assume wireless is safe.• Wi-Fi is magic! Turn on the device, select your Wi-Fi network,
maybe enter a password, and you’re done!• Users are unknowingly trusting…
• The Access Point is safe• The Access Point is who it says it is• Other users on that Access Point are safe• The Network beyond the Access Point is safe• Wi-Fi enabled devices are safe
![Page 16: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/16.jpg)
WIRELESS AWARENESS: IMPLIED TRUST
All roads to the Internet are safe.. Right?
![Page 17: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/17.jpg)
VULNERABILITIESUNDERSTANDING WI-FI
![Page 18: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/18.jpg)
WIRELESS AWARENESS: UNDERSTANDING WI-FI• Eavesdropping/Traffic Analysis• Data Mining• Masquerading Clients/Access Points• Promiscuous Access Points• Man-in-the-Middle• Compromising Security• Message Injection, Deletion, and Interception• Session Hijacking• Denial-of-Service
![Page 19: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/19.jpg)
WIRELESS AWARENESS: UNDERSTANDING WI-FI
Authentication and Association• Network Discovery• Authentication• Association
![Page 20: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/20.jpg)
NETWORK DISCOVERY
![Page 21: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/21.jpg)
WIRELESS AWARENESS: NETWORK DISCOVERYBeacons
• Broadcast by Access Points, advertising various properties:
• Encryption type• Service Set IDentifier (SSID)• Transmission Rate, etc…
• Clients continually scan\listen for beacons to determine which access points are available.
Probes• Broadcast by clients, searching for Access Points
and their properties. Similar to information contained in beacons.
• Broadcast by clients, searching for a specific Access Point SSID
![Page 22: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/22.jpg)
WIRELESS AWARENESS: DEMO
http://www.wireshark.org
![Page 23: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/23.jpg)
802.11 NETWORK DISCOVERY: METHOD 1
AP: Broadcasts Beacons
• SSID: Linksys• BSSID: 08-86-3b-
1c-be-ef• Encryption: WPA2• Authentication:
PSK• Transfer Rate: 54
Mbps
Client: Listens for beacon and generates list of available APs
![Page 24: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/24.jpg)
802.11 NETWORK DISCOVERY: METHOD 2
Client: Broadcasts Probe for any available AP
AP: Sends probe response
• SSID: Linksys• BSSID: 08-86-3b-1c-be-
ef• Encryption: WPA2• Authentication: PSK• Transfer Rate: 54 Mbps
![Page 25: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/25.jpg)
802.11 NETWORK DISCOVERY: METHOD 3
Client: Broadcasts Probe for SSID “LinkSys”
AP: Sends probe response if SSID = “Linksys”
• SSID: Linksys• BSSID: 08-86-3b-1c-be-ef• Encryption: WPA2• Authentication: PSK• Transfer Rate: 54 Mbps
![Page 26: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/26.jpg)
DATA MINING
![Page 27: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/27.jpg)
WIRELESS AWARENESS: DATA MININGWi-Fi Client
• Basic Service Set Identification (BSSID)• Make/Model
• SSID• Encryption/Authentication
Wi-Fi Access Point• Basic Service Set Identification (BSSID)
• Make/Model• SSID• Encryption/Authentication
![Page 28: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/28.jpg)
WIRELESS AWARENESS: DEMO
http://aircrack-ng.org
![Page 29: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/29.jpg)
WIRELESS AWARENESS: DATA MININGWindows wireless probe issues
• Prior to XP SP3, connecting to an AP with a hidden SSID via Wireless Zero Configuration (WZC) had to be set to “automatically reconnect”, as there was no way to manually connect.
Affected Versions• Windows XP, pre Service Pack 3• Windows Server® 2003, pre Service Pack 2
Technet Article• http://technet.microsoft.com/en-us/library/bb726942.aspx
Other Wi-Fi enabled devices• This isn’t just a Microsoft problem
![Page 30: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/30.jpg)
WIRELESS AWARENESS: DATA MINING
Pre-SP3 SP3/Vista/Win7
![Page 31: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/31.jpg)
WIRELESS AWARENESS: DATA MININGHow can this data be used?Access Point
• BSSID/SSID• Geolocation Mapping with GPS (WarDriving)
• WIGLE.net• Wi-Fi Triangulation
• Skyhook, Placelabs, Navizon• Encryption/Authentication Type
• Identify easy targets for free Wi-Fi, or malicious intent• Open, WEP, or WPA/WPA2 with a common SSID
• BSSID/Transfer Rate, Etc…• Statistical Usage Analysis
![Page 32: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/32.jpg)
WIRELESS AWARENESS: DEMO
http://wigle.net
![Page 33: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/33.jpg)
WIRELESS AWARENESS: DATA MININGHow can this data be used?Client
• SSID• Establish profile of locations via Geolocation Mapping
• BSSID• Wi-Fi probe tracking
![Page 34: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/34.jpg)
WIRELESS AWARENESS: DATA MININGWhy Do I Care?
• Cellular carriers/smartphone vendors already track users 24/7
• Cell tower triangulation• GPS
• Users grant apps access to location services• Users enable GPS and keep it enabled without
understanding consequences• Stalking produces similar results• Analyzing/Tracking Wi-Fi beacons requires zero user
interaction and is completely available to anyone who wishes to “listen”
![Page 35: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/35.jpg)
WIRELESS AWARENESS: DATA MININGSecurity in Layers
• Do you…• Have a front door? Close your front door? • Lock your front door? Reinforce your front door?
• Do you…• Have windows? Close your windows?• Lock your windows? Reinforce your windows?
• Do you…• Have locks? Use your locks? • Have reinforced locks? Keep your keys secured?
![Page 36: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/36.jpg)
WIRELESS AWARENESS: UNDERSTANDING WI-FI• Eavesdropping/Traffic Analysis• Data Mining• Masquerading Clients/Access Points• Promiscuous Access Points• Man-in-the-Middle• Compromising Security• Message Injection, Deletion, and Interception• Session Hijacking• Denial-of-Service
![Page 37: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/37.jpg)
MiTM(Man in The Middle)
![Page 38: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/38.jpg)
WIRELESS AWARENESS: MAN IN THE MIDDLEMan-in-the-middle Attack
• “A form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.”
![Page 39: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/39.jpg)
WIRELESS AWARENESS: MAN IN THE MIDDLE
![Page 40: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/40.jpg)
WIRELESS AWARENESS: MAN IN THE MIDDLEMitM Attacks:
• Collecting clear-text communications• Email• Chat• …Anything not encrypted
• Collecting Usernames/Passwords• Session-Jacking• Manipulating the Internet experience
• Redirection to fake/malicious websites• Manipulated webpage results• Manipulated certificate/SSL requests
• Anything else you can think of—you are the router.
![Page 41: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/41.jpg)
802.11 NETWORK DISCOVERY: METHOD 3
Client: Broadcasts Probe for SSID “LinkSys”
AP: Sends probe response if SSID = “Linksys”
• SSID: Linksys• BSSID: 08-86-3b-1c-be-ef• Encryption: WPA2• Authentication: PSK• Transfer Rate: 54 Mbps
![Page 42: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/42.jpg)
WIRELESS AWARENESS: DEMO
http://aircrack-ng.org
![Page 43: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/43.jpg)
WIRELESS AWARENESS: MAN IN THE MIDDLEAnyone can do it…
• Hak5, a popular hacking community, assisted in developing and selling a small, battery-powered wireless router which acts as a inconspicuous, promiscuous access point.
• Built-in penetration tools makes this device a serious threat to any Wi-Fi environment
• Extremely popular, very easy to use.• Only $99.95!...or make your own for around half.
![Page 44: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/44.jpg)
WIRELESS AWARENESS: MAN IN THE MIDDLE
![Page 45: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/45.jpg)
WIRELESS AWARENESS: MAN IN THE MIDDLE
https://www.youtube.com/watch?v=yr5upPHqhlA
![Page 46: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/46.jpg)
MITIGATION
![Page 47: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/47.jpg)
WIRELESS AWARENESS: MITIGATIONUser Awareness
• Consequences of connecting to public Wi-Fi• Consequences of configuring “auto-connect”• Discourage use of sensitive information sites via Wi-Fi if possible• Disable Wi-Fi when not in use
Wi-Fi Configuration• Manually connect to APs with hidden SSIDs• Require same authentication/encryption type for reconnecting to APs
(software specific)• Prevent users from accessing open APs (Solutions?? Anyone??)• Whitelist acceptable APs (via Windows GPO)• Obfuscate SSID names• Utilize cellular wireless communication if possible• Utilize VPNs to secure Wi-Fi sessions.
![Page 48: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/48.jpg)
WIRELESS AWARENESS: MITIGATIONAdministrator Awareness
• Understanding why Wi-Fi vulnerabilities pose a REAL risk:• Malicious tools are relatively easy to acquire and setup• Targets are very easy to acquire• Attackers are difficult to track• Attacks are difficult to detect, especially when targeting
non-technical users• Wi-Fi enabled devices can be anything• Because Wi-Fi is popular!
• Educating\Reeducating Users• Eliminate Wi-Fi apathy! Don’t implicitly trust Wi-Fi!
Vulnerabilities are a real threat!
![Page 49: Wireless Awareness](https://reader035.vdocument.in/reader035/viewer/2022062501/56816781550346895ddc8db3/html5/thumbnails/49.jpg)
THANK YOU!
http://centralmnit.com