5802.11 standard Wireless LAN networking Data Link layer specifications ComponentsAccess point (a type of bridge)Wireless CardSSID
6family802.11b11Mbs2.4Ghz (same as common home devices)802.11a54Mbps5Ghz (not as commonly used, however absorbed by walls, yielding less range possibly)802.11g54Mbs2.4GhzCards are generally backwards compatible and can serve as b or a802.11nUses Multiple Input Multiple Output (MIMO)100Mbs2.4G or 5Ghz
7Wireless Problems Easy to get access to airwaves, hard to restrict! Talk about the attacks next.
12Man in the MiddleAirsnarfing, put up a fake access point get people to connect with you.
13Evesdropping and attaining non-authorized acess KismitAir Snort – breaks WEP retrieves encryption keys (security+ exam reference airsnort, even thought it’s no longer developed)aircrack-ng – breaks WEP and WPA-psk
14Wireless Countermeasures Turn off SSID broadcasts (problems?)Enable MAC filtering (problems?)Use Encryption (we’ll talk about this next)Use Enterprise Mode for authentication
15Transmission encryption There are many different types of wireless encryption protocolsWEPShared passwords (why is this bad?)64/40 or 128/104 bit keyUses RC4Easily crack able (due to key reuse)Only option for b(more)
16Transmission Encryption WPA PSKShared passwordUses TKIP normallyRC4 with changing keysCan use AES (not certified)128 bit keyWPA2 PSKUses AES (normally)Can use TKIP(more)
17Transmission Encryption WPA or WPA2 in Enterprise ModeUses 802.1X authentication to have individual passwords for individual usersRADIUS – what was radius again?802.11i – the official IEEE wireless security spec, officially supports WPA2
20Bluetooth What is Bluetooth What is the purpose of Bluetooth, is it networking?Bluetooth ModesDiscovery ModeAutomatic Pairing
21Bluetooth Attacks Bluejacking Bluesnarfing Bluebugging Sending forged message to nearby bluetooth devicesNeed to be closeVictim phone must be in “discoverable” modeBluesnarfingCopies information off of remote devicesBluebuggingMore seriousAllows full use of phoneAllows one to make callsCan eavesdrop on calls
22Bluetooth Countermeasures Disable it if your not using itDisable auto-discoveryDisable auto-pairing
24WAPWireless Application Protocol – a protocol developed mainly to allow wireless devices (cell phones) access to the Internet.Requires a Gateway to translate WAP <-> HTML (see visual)Uses WTLS to encrypt data (modified version of TLS)Uses HMAC for message authenticationWAP GAP problem (see visual and explain)A lot of wireless devices don’t need WAP anymore… why?
26WAP GAPAs the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
27Chapter 10 – Review Questions Q. What encryption protocol does WEP useQ. What 2 key lengths does WEP supportQ. What encryption protocol does WPA2 use?Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security?Q. What does WAP use for security?
28Chapter 10 – Review Questions Q. What is the WAP GAPQ. Define how to accomplish a MiM attack on a wireless networkQ. What type of authentication concept would help against the attack above?Q. What is one way office users could use wireless to violate network security?Q. What is Bluetooth used for?Q. What is Bluesnarfing?
29Wireless security Access control Encryption Authentication Isolation Turn off SSID broadcasts (problems)MAC filtering (problems)EncryptionDiscussed laterAuthenticationUse Radius and 802.1XIsolationVLANs over wireless