wireless news
DESCRIPTION
Wireless News. Wireless News. China blacklists 102 wireless services accused 102 companies in the country's wireless-services industry of illegal behavior If the companies have not corrected themselves within a set period, they will have their licenses revoked. Wireless News. - PowerPoint PPT PresentationTRANSCRIPT
Wireless NewsWireless News
22
Wireless NewsWireless News
China blacklists 102 wireless servicesChina blacklists 102 wireless services• accused 102 companies in the country's accused 102 companies in the country's
wireless-services industry of illegal wireless-services industry of illegal behaviorbehavior
• If the companies have not corrected If the companies have not corrected themselves within a set period, they will themselves within a set period, they will have their licenses revoked have their licenses revoked
33
Wireless NewsWireless News
Malaysia scraps wireless-broadband Malaysia scraps wireless-broadband license tenderlicense tender• On Tuesday, they cancelled on a tender On Tuesday, they cancelled on a tender
for their first wireless broadband license for their first wireless broadband license • Setback in the country's ambitions to Setback in the country's ambitions to
become a leader in mobile high-speed become a leader in mobile high-speed Internet access by the end of 2006 Internet access by the end of 2006
44
Wireless NewsWireless News
55
Wireless NewsWireless News
66
Wireless NewsWireless News
CWNA Guide to Wireless LANs, CWNA Guide to Wireless LANs, Second EditionSecond Edition
Chapter EightChapter Eight
Wireless LAN Security and Wireless LAN Security and VulnerabilitiesVulnerabilities
88
ObjectivesObjectives
Define information securityDefine information security Explain the basic security protections Explain the basic security protections
for IEEE 802.11 WLANsfor IEEE 802.11 WLANs List the vulnerabilities of the IEEE List the vulnerabilities of the IEEE
802.11 standard802.11 standard Describe the types of wireless Describe the types of wireless
attacks that can be launched against attacks that can be launched against a wireless networka wireless network
99
Security Principles: What is Security Principles: What is Information Security?Information Security?
Information security: Information security: Task of Task of guarding digital informationguarding digital information• Ensures protective measures properly Ensures protective measures properly
implementedimplemented• Protects Protects confidentiality, integrity,confidentiality, integrity, and and
availabilityavailability ( (CIACIA) on the devices that ) on the devices that store, manipulate, and transmit the store, manipulate, and transmit the information through products, people, information through products, people, and proceduresand procedures
1010
Security Principles: What is Security Principles: What is Information Security? Information Security?
Figure 8-1: Information security components
1111
Security Principles: Challenges Security Principles: Challenges of Securing Informationof Securing Information
Trends influencing increasing difficultly in Trends influencing increasing difficultly in information security:information security:• Speed of attacksSpeed of attacks• Sophistication of attacksSophistication of attacks• Faster detection of weaknessesFaster detection of weaknesses
Day zero attacksDay zero attacks
• Distributed attacksDistributed attacks The “many against one” approach The “many against one” approach Impossible to stop attack by trying to identify and block Impossible to stop attack by trying to identify and block
sourcesource
1212
Security Principles: Categories Security Principles: Categories of Attackersof Attackers
Six categories of attackers:Six categories of attackers:• HackersHackers
Not malicious; expose security flawsNot malicious; expose security flaws
• CrackersCrackers• Script kiddiesScript kiddies• SpiesSpies• EmployeesEmployees• CyberterroristsCyberterrorists
1313
Security Principles: Categories Security Principles: Categories of Attackers (continued)of Attackers (continued)
Table 8-1: Attacker profiles
1414
Security Principles: Security Security Principles: Security OrganizationsOrganizations
Many security organizations exist to Many security organizations exist to provide security information, assistance, provide security information, assistance, and trainingand training• Computer Emergency Response Team Computer Emergency Response Team
Coordination Center (CERT/CC)Coordination Center (CERT/CC)• Forum of Incident Response and Security Forum of Incident Response and Security
Teams (FIRST)Teams (FIRST)• InfraGardInfraGard• Information Systems Security Association Information Systems Security Association
(ISSA)(ISSA)• National Security Institute (NSI)National Security Institute (NSI)• SysAdmin, Audit, Network, Security (SANS) SysAdmin, Audit, Network, Security (SANS)
InstituteInstitute
1515
Basic IEEE 802.11 Security Basic IEEE 802.11 Security ProtectionsProtections
Data transmitted by a WLAN could be Data transmitted by a WLAN could be intercepted and viewed by an attackerintercepted and viewed by an attacker• Important that basic wireless security Important that basic wireless security
protections be built into WLANsprotections be built into WLANs Three categories of WLAN protections:Three categories of WLAN protections:
• Access controlAccess control• Wired equivalent privacy (WEP)Wired equivalent privacy (WEP)• AuthenticationAuthentication
Some protections specified by IEEE, while Some protections specified by IEEE, while others left to vendorsothers left to vendors
1616
Access ControlAccess Control
Intended to guard Intended to guard availability availability of informationof information Wireless access control:Wireless access control: Limit user’s Limit user’s
admission to APadmission to AP• FilteringFiltering
Media Access Control (MAC) address Media Access Control (MAC) address filtering:filtering: Based on a node’s unique MAC Based on a node’s unique MAC addressaddress
Figure 8-2: MAC address
1717
Access ControlAccess Control
Figure 8-4: MAC address filtering
1818
Access ControlAccess Control
MAC address filtering considered to MAC address filtering considered to be a basic means of controlling be a basic means of controlling accessaccess• Requires pre-approved authenticationRequires pre-approved authentication• Difficult to provide temporary access for Difficult to provide temporary access for
“guest” devices“guest” devices
1919
Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
Guard the confidentiality of Guard the confidentiality of informationinformation• Ensure only authorized parties can view itEnsure only authorized parties can view it
Used in IEEE 802.11 to encrypt Used in IEEE 802.11 to encrypt wireless transmissionswireless transmissions• ““Scrambling”Scrambling”
2020
WEP: CryptographyWEP: Cryptography Cryptography:Cryptography: Science of transforming Science of transforming
information so that it is secure while being information so that it is secure while being transmitted or storedtransmitted or stored• scrambles” datascrambles” data
Encryption: Encryption: Transforming Transforming plaintextplaintext to to ciphertextciphertext
Decryption:Decryption: Transforming Transforming ciphertextciphertext to to plaintextplaintext
Cipher:Cipher: An encryption algorithm An encryption algorithm• Given a Given a keykey that is used to encrypt and that is used to encrypt and
decrypt messagesdecrypt messages• Weak keys: Weak keys: Keys that are easily discovered Keys that are easily discovered
2121
WEP: CryptographyWEP: Cryptography
Figure 8-5: Cryptography
2222
WEP: ImplementationWEP: Implementation
IEEE 802.11 cryptography objectives:IEEE 802.11 cryptography objectives:• EfficientEfficient• ExportableExportable• OptionalOptional• Reasonably strongReasonably strong• Self-synchronizingSelf-synchronizing
WEP relies on secret key “shared” WEP relies on secret key “shared” between a wireless device and the APbetween a wireless device and the AP• Same key installed on device and APSame key installed on device and AP• Private key cryptography Private key cryptography or or symmetric symmetric
encryptionencryption
2323
WEP: ImplementationWEP: Implementation
Figure 8-6: Symmetric encryption
2424
WEP: ImplementationWEP: Implementation WEP shared secret keys must be at least WEP shared secret keys must be at least
40 bits40 bits• Most vendors use 104 bitsMost vendors use 104 bits
Options for creating WEP keys:Options for creating WEP keys:• 40-bit WEP shared secret key (5 ASCII 40-bit WEP shared secret key (5 ASCII
characters or 10 hexadecimal characters)characters or 10 hexadecimal characters)• 104-bit WEP shared secret key (13 ASCII 104-bit WEP shared secret key (13 ASCII
characters or 16 hexadecimal characters)characters or 16 hexadecimal characters)• Passphrase (16 ASCII characters)Passphrase (16 ASCII characters)
APs and wireless devices can store up to APs and wireless devices can store up to four shared secret keysfour shared secret keys• Default keyDefault key used for all encryption used for all encryption
2525
WEP: ImplementationWEP: Implementation
Figure 8-8: Default WEP keys
2626
WEP: ImplementationWEP: Implementation
Figure 8-9: WEP encryption process
2727
WEP: ImplementationWEP: Implementation
When encrypted frame arrives at When encrypted frame arrives at destination:destination:• Receiving device separates IV from ciphertext Receiving device separates IV from ciphertext • Combines IV with appropriate secret key Combines IV with appropriate secret key
Create a Create a keystreamkeystream
• Keystream used to extract text and ICVKeystream used to extract text and ICV• Text run through CRC Text run through CRC
Ensure ICVs match and nothing lost in transmissionEnsure ICVs match and nothing lost in transmission Generating keystream using the PRNG is Generating keystream using the PRNG is
based on the based on the RC4 cipher algorithmRC4 cipher algorithm• Stream CipherStream Cipher
2828
WEP: ImplementationWEP: Implementation
Figure 8-10: Stream cipher
2929
AuthenticationAuthentication
IEEE 802.11 authentication:IEEE 802.11 authentication: Process in Process in which AP accepts or rejects a wireless which AP accepts or rejects a wireless devicedevice
Open system authentication: Open system authentication: • Wireless device sends association request Wireless device sends association request
frame to APframe to AP Carries info about supported data rates and service Carries info about supported data rates and service
set identifier (SSID)set identifier (SSID)
• AP compares received SSID with the network AP compares received SSID with the network SSIDSSID
If they match, wireless device authenticatedIf they match, wireless device authenticated
3030
AuthenticationAuthentication
Shared key authentication:Shared key authentication: Uses Uses WEP keysWEP keys• AP sends the wireless device the AP sends the wireless device the
challenge textchallenge text• Wireless device encrypts challenge text Wireless device encrypts challenge text
with its WEP key and returns it to the APwith its WEP key and returns it to the AP• AP decrypts returned result and AP decrypts returned result and
compares to original challenge textcompares to original challenge text If they match, device accepted into networkIf they match, device accepted into network
3131
Vulnerabilities of IEEE 802.11 Vulnerabilities of IEEE 802.11 SecuritySecurity
IEEE 802.11 standard’s security IEEE 802.11 standard’s security mechanisms for wireless networks mechanisms for wireless networks have fallen short of their goalhave fallen short of their goal
Vulnerabilities exist in:Vulnerabilities exist in:• AuthenticationAuthentication• Address filteringAddress filtering• WEP WEP
3232
Open System Authentication Open System Authentication VulnerabilitiesVulnerabilities
Inherently weakInherently weak• Based only on match of SSIDsBased only on match of SSIDs• SSID beaconed from AP during passive SSID beaconed from AP during passive
scanningscanning Easy to discoverEasy to discover
Vulnerabilities:Vulnerabilities:• Beaconing SSID is default mode in all APsBeaconing SSID is default mode in all APs• Not all APs allow beaconing to be turned offNot all APs allow beaconing to be turned off
Or manufacturer recommends against itOr manufacturer recommends against it
• SSID initially transmitted in plaintext SSID initially transmitted in plaintext (unencrypted)(unencrypted)
3333
Open System Authentication Open System Authentication VulnerabilitiesVulnerabilities
Vulnerabilities (continued):Vulnerabilities (continued):• If an attacker cannot capture an initial If an attacker cannot capture an initial
negotiation process, can force one to occurnegotiation process, can force one to occur• SSID can be retrieved from an authenticated SSID can be retrieved from an authenticated
devicedevice• Many users do not change default SSIDMany users do not change default SSID
Several wireless tools freely available that Several wireless tools freely available that allow users with no advanced knowledge allow users with no advanced knowledge of wireless networks to capture SSIDsof wireless networks to capture SSIDs
3434
Open System Authentication Open System Authentication VulnerabilitiesVulnerabilities
Figure 8-12: Forcing the renegotiation process
3535
Shared Secret Key Shared Secret Key Authentication VulnerabilitiesAuthentication Vulnerabilities
Attackers can view key on an approved Attackers can view key on an approved wireless device (i.e., steal it), and then use wireless device (i.e., steal it), and then use on own wireless deviceson own wireless devices
Brute force attack:Brute force attack: Attacker attempts to Attacker attempts to create every possible key combination create every possible key combination until correct key founduntil correct key found
Dictionary attack: Dictionary attack: Takes each word from Takes each word from a dictionary and encodes it in same way as a dictionary and encodes it in same way as passphrasepassphrase• Compare encoded dictionary words against Compare encoded dictionary words against
encrypted frameencrypted frame
3636
Shared Secret Key Shared Secret Key Authentication VulnerabilitiesAuthentication Vulnerabilities
AP sends challenge text in plaintextAP sends challenge text in plaintext• Attacker can capture challenge text and Attacker can capture challenge text and
device’s response (encrypted text and IV) device’s response (encrypted text and IV) Mathematically derive keystreamMathematically derive keystream
3737
Shared Secret Key Shared Secret Key Authentication VulnerabilitiesAuthentication Vulnerabilities
Table 8-2: Authentication attacks
3838
Address Filtering VulnerabilitiesAddress Filtering Vulnerabilities
Table 8-3: MAC address attacks
3939
WEP VulnerabilitiesWEP Vulnerabilities
Uses 40 or 104 bit keysUses 40 or 104 bit keys• Shorter keys easier to crackShorter keys easier to crack
WEP implementation violates cardinal rule WEP implementation violates cardinal rule of cryptographyof cryptography• Creates detectable pattern for attackersCreates detectable pattern for attackers• APs end up repeating IVsAPs end up repeating IVs
Collision:Collision: Two packets derived from same Two packets derived from same IVIV• Attacker can use info from collisions to initiate Attacker can use info from collisions to initiate
a a keystream attackkeystream attack
4040
WEP VulnerabilitiesWEP Vulnerabilities
Figure 8-13: XOR operations
4141
WEP Vulnerabilities (continued)WEP Vulnerabilities (continued)
Figure 8-14: Capturing packets
4242
WEP Vulnerabilities (continued)WEP Vulnerabilities (continued)
PRNG does not create true random number PRNG does not create true random number • PseudorandomPseudorandom• First 256 bytes of the RC4 cipher can be determined by First 256 bytes of the RC4 cipher can be determined by
bytes in the key itselfbytes in the key itself
Table 8-4: WEP attacks
4343
Other Wireless Attacks: Man-in-Other Wireless Attacks: Man-in-the-Middle Attackthe-Middle Attack
Makes it seem that two computers are Makes it seem that two computers are communicating with each othercommunicating with each other• Actually sending and receiving data with Actually sending and receiving data with
computer between themcomputer between them• Active or passiveActive or passive
Figure 8-15: Intercepting transmissions
4444
Other Wireless Attacks: Man-in-Other Wireless Attacks: Man-in-the-Middle Attackthe-Middle Attack
Figure 8-16: Wireless man-in-the-middle attack
4545
Other Wireless Attacks: Denial Other Wireless Attacks: Denial of Service (DoS) Attackof Service (DoS) Attack
Standard DoS attack attempts to make a Standard DoS attack attempts to make a server or other network device unavailable server or other network device unavailable by flooding it with requestsby flooding it with requests• Attacking computers programmed to request, Attacking computers programmed to request,
but not respondbut not respond Wireless DoS attacks are different:Wireless DoS attacks are different:
• Jamming: Jamming: Prevents wireless devices from Prevents wireless devices from transmittingtransmitting
• Forcing a device to continually dissociate and Forcing a device to continually dissociate and re-associate with APre-associate with AP
4646
SummarySummary
Information security protects the Information security protects the confidentiality, integrity, and availability of confidentiality, integrity, and availability of information on the devices that store, information on the devices that store, manipulate, and transmit the information manipulate, and transmit the information through products, people, and proceduresthrough products, people, and procedures
Significant challenges in keeping wireless Significant challenges in keeping wireless networks and devices securenetworks and devices secure
Six categories of attackers: Hackers, Six categories of attackers: Hackers, crackers, script kiddies, computer spies, crackers, script kiddies, computer spies, employees, and cyberterroristsemployees, and cyberterrorists
4747
SummarySummary
Three categories of default wireless Three categories of default wireless protection: access control, wired protection: access control, wired equivalent privacy (WEP), and equivalent privacy (WEP), and authenticationauthentication
Significant security vulnerabilities exist in Significant security vulnerabilities exist in the IEEE 802.11 security mechanismsthe IEEE 802.11 security mechanisms
Man-in-the-middle attacks and denial of Man-in-the-middle attacks and denial of service attacks (DoS) can be used to service attacks (DoS) can be used to attack wireless networksattack wireless networks