wireless insecurity. wireless 802.11a works on 5 ghz 802.11b,g,n works on 2.4 ghz access points and...
TRANSCRIPT
![Page 1: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/1.jpg)
Wireless Insecurity
![Page 2: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/2.jpg)
Wireless
• 802.11a works on 5 Ghz
• 802.11b,g,n works on 2.4 Ghz
• Access points and wireless cards are used.
• Protocol can be either in the clear or encrypted.
• Wired Equivalent Privacy (WEP) provides poor security
![Page 3: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/3.jpg)
Scenario
AttackerUser
Access Point
PhysicalSecurity
![Page 4: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/4.jpg)
![Page 5: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/5.jpg)
AttackerUser
Access Point
Typical Configuration
PCMCIA Wireless NIC
USB Wireless NIC
ISA/PCI Wireless NIC
Corporate Resources
![Page 6: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/6.jpg)
Wireless Equivalence Protocol
• RC4 Crypto algorithm
• 64, 128 bit encryption
• 24 bit Initialization Vector
• Compromised in under 24 hours– Even faster now!!!
• No key management (key update)New
![Page 7: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/7.jpg)
Configuring Wireless
Service Set Identifier (SSID)
Key
![Page 8: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/8.jpg)
Steps for attack
• Surveying (Wardriving/Warwalking)
• Identification (Warchalking)
• Crypto-analysis(Cracking)
• Penetration
• Exploitation
![Page 9: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/9.jpg)
Wardriving Tools
• Laptop or PDA with Wireless Card– Prism Wireless Card for promiscuous
monitoring– Antenna– GPS– Netstumbler– Kismet– Wireshark
GPS
Antenna
![Page 10: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/10.jpg)
PDA with wireless card and Ministumbler Goal is to identify
Access Points and SSIDs
![Page 11: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/11.jpg)
![Page 12: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/12.jpg)
Warchalking
Identifying wireless sites is a new trophy sport for some.
![Page 13: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/13.jpg)
Note Access Points are Identified
![Page 14: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/14.jpg)
Warchalking as a Social Activity
![Page 15: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/15.jpg)
WEP Cracking
• Capture the packets of an Access Point for a Day using Ethereal.
• Pass through WEP Crack (Shareware)
• Will identify the key in under an hour.
• WEP crypto will be defeated (including 128 bit)
Nobody uses WEP anymore right?
![Page 16: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/16.jpg)
WPA2
• TKIP
• AES
• WPA2-PSK can be cracked with PSK under 21 characters
Use LONG pass phrases for Wireless
Everyonehastherighttolife,libertyand security
![Page 17: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/17.jpg)
Bypassing Access Points with MAC Access Control
• Some Access Points require MACs to authenticate access.
• MACs can be discovered and forged
• Using linux – ifconfig hw eth0 11:11:11:11:11
![Page 18: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/18.jpg)
Other tools• AirSnort
– AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
• AirJAM– Jams Access Point– denial of service attack
![Page 19: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/19.jpg)
• Aircrack-ng and WEPLab
are 802.11 WEP key crackers implementing the Fluhrer - Mantin - Shamir (FMS) attack, and the KoreK approach.
• CoWPAtty (Dictionary attack tool)
![Page 20: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/20.jpg)
Penetration
• Access the network
• Take/Alter Data
• Use backdoor (Wi-Fi) or Front Door (cable)
• GO TO JAIL – Criminal Code
![Page 21: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/21.jpg)
Improvements
• Wi-Fi Protected Access
• WPA2 (802.11i)
• Implementation of Temporal Key Interchange Protocol
• Extensible Authentication Protocol
![Page 22: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/22.jpg)
Other safeguards
• RADIUS Access control
• VPN based on Certificates
• Intrusion Prevention System
• Intrusion Detection System
![Page 23: Wireless Insecurity. Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz Access points and wireless cards are used. Protocol can be either in](https://reader030.vdocument.in/reader030/viewer/2022032523/56649d745503460f94a54227/html5/thumbnails/23.jpg)
What is the point?
• Vulnerabilities are discovered
• Vulnerabilities get fixed
• New vulnerabilities appear
• You must re-assess safeguards