Presentation on theme: "Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki."— Presentation transcript:
Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki
Wireless Look No Wires!
Wireless Attempt at communication using non- physical links. Examples Radio Waves Light Pulses Often used for networking, but can be used simply to eliminate wires for device to device communication.
Wireless LAN protocols
standard Wireless LAN networking Data Link layer specifications Components –Access point (a type of bridge) –Wireless Card –SSID
family b –11Mbs –2.4Ghz (same as common home devices) a –54Mbps –5Ghz (not as commonly used, however absorbed by walls, yielding less range possibly) g –54Mbs –2.4Ghz –Cards are generally backwards compatible and can serve as b or a n –Uses Multiple Input Multiple Output (MIMO) –100Mbs –2.4G or 5Ghz
Wireless Problems Easy to get access to airwaves, hard to restrict! Talk about the attacks next.
War driving –Wireless scanners –Netstumber (see next slide) Warchalking (2 slides) (more)
War chalking symbols
Man in the Middle Airsnarfing, put up a fake access point get people to connect with you.
Evesdropping and attaining non- authorized acess Evesdropping –Kismit –Air Snort – breaks WEP retrieves encryption keys (security+ exam reference airsnort, even thought its no longer developed) –aircrack-ng – breaks WEP and WPA-psk
Wireless Countermeasures Turn off SSID broadcasts (problems?) Enable MAC filtering (problems?) Use Encryption (well talk about this next) Use Enterprise Mode for authentication
Transmission encryption There are many different types of wireless encryption protocols WEP –Shared passwords (why is this bad?) –64/40 or 128/104 bit key –Uses RC4 –Easily crack able (due to key reuse) –Only option for b (more)
Transmission Encryption WPA PSK –Shared password –Uses TKIP normally RC4 with changing keys –Can use AES (not certified) 128 bit key WPA2 PSK –Uses AES (normally) 128 bit key –Can use TKIP RC4 with changing keys (more)
Transmission Encryption WPA or WPA2 in Enterprise Mode –Uses 802.1X authentication to have individual passwords for individual users RADIUS – what was radius again? i – the official IEEE wireless security spec, officially supports WPA2
Wireless Device to Device Communication
What is Bluetooth What is the purpose of Bluetooth, is it networking? Bluetooth Modes –Discovery Mode –Automatic Pairing
Bluetooth Attacks Bluejacking –Sending forged message to nearby bluetooth devices –Need to be close –Victim phone must be in discoverable mode Bluesnarfing –Copies information off of remote devices Bluebugging –More serious –Allows full use of phone –Allows one to make calls –Can eavesdrop on calls
Bluetooth Countermeasures Disable it if your not using it Disable auto-discovery Disable auto-pairing
Wireless Application Protocol – a protocol developed mainly to allow wireless devices (cell phones) access to the Internet. Requires a Gateway to translate WAP HTML (see visual) Uses WTLS to encrypt data (modified version of TLS) Uses HMAC for message authentication WAP GAP problem (see visual and explain) A lot of wireless devices dont need WAP anymore… why?
WAP GAP As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
Chapter 10 – Review Questions Q. What encryption protocol does WEP use Q. What 2 key lengths does WEP support Q. What encryption protocol does WPA2 use? Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security? Q. What does WAP use for security?
Chapter 10 – Review Questions Q. What is the WAP GAP Q. Define how to accomplish a MiM attack on a wireless network Q. What type of authentication concept would help against the attack above? Q. What is one way office users could use wireless to violate network security? Q. What is Bluetooth used for? Q. What is Bluesnarfing?
Wireless security Access control –Turn off SSID broadcasts (problems) –MAC filtering (problems) Encryption –Discussed later Authentication –Use Radius and 802.1X Isolation –VLANs over wireless