Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidential and Proprietary Capturing Air: Tools and Methods to Make Wireless Assessments a Breeze Leo Walsh, GSNA Professional Jefferson Wells.

Published byRaymond Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "Confidential and Proprietary Capturing Air: Tools and Methods to Make Wireless Assessments a Breeze Leo Walsh, GSNA Professional Jefferson Wells."— Presentation transcript:

1 Confidential and Proprietary Capturing Air: Tools and Methods to Make Wireless Assessments a Breeze Leo Walsh, GSNA Professional Jefferson Wells

2 Confidential and Proprietary Topics Auditing Mindset Wireless Basics Wireless Security Issues Typical Wireless Architectures Auditing Wireless Networks

3 Confidential and Proprietary Why are you here? You might be required to do a wireless audit. You want to learn more about wireless security. You would like to learn how to secure your home wireless router. You hope the presenter will show you how to hack into your neighbor’s wireless router. Your company is paying for your lunch at the Hereford house.

4 Confidential and Proprietary Auditing Mindset – Common Ground Independent Cooperative Appraisal Assurance Enemy Team Mate Auditing is measuring Answers the question, “How do you know?”

5 Confidential and Proprietary Auditing Mindset – Working with IT IT thinks they are: “Just Fine” “The Experts” “Overworked” “Secure” Auditors think IT is: “Insecure” “Stubborn” “Aloof” “Arrogant”

6 Confidential and Proprietary Auditing Mindset – Working with IT Obtain Wireless information up front –SSID –Network Architecture Wireless Device Configurations and Model #’s IP Addresses Internet Connectivity Corporate Network Connectivity –Risk Mitigation Techniques –Remote Management –Logging and Monitoring Procedures –Authentication and Encryption Methods

7 Confidential and Proprietary Wireless Basics – Terms Access Point –An access point connects multiple wireless devices much like a hub or switch. Most wireless routers are access points End Point –An end point connects to an access point or another end point. Computers are the most common end points.

8 Confidential and Proprietary Wireless Basics – Terms Open Network –An open network can be accessed by any end point. The data transmitted on the open network is not encrypted and can be read by anyone with a wireless device. When using an open network users are very susceptible to attack and information leakage. If required to use an open network immediately connect to a VPN or use only SSL sites. The Jefferson Wells VPN does not encrypt HTTP traffic for web sites on the Internet.

9 Confidential and Proprietary Wireless Basics – Terms WEP Encrypted Network –WEP stands for Wired Equivalent Privacy. It was designed to provide the same level of privacy a user could expect when connecting to a LAN. The wireless traffic on a WEP network is encrypted using an inferior encryption scheme. It is easy for potential attackers to obtain the encryption key and decrypt WEP traffic.

10 Confidential and Proprietary Wireless Basics – Terms WPA Encrypted Network –WPA stands for WiFi Protected Access. WPA is far superior to WEP. Traffic on a WPA wireless network is encrypted using a simple password. It is difficult (but not impossible) to guess this password and decrypt WPA traffic. WPA replaced WEP in 2003.

11 Confidential and Proprietary Wireless Basics – Terms SSID –SSID stands for service set identifier which is used to identify that a particular packet is assigned to the network associated with that SSID.

12 Confidential and Proprietary Wireless Basics – Terms BSS –BSS stands for basic service set. It is composed of at least 2 devices with the AP acting as the master control. ESS –ESS stands for extended service set. It is a set of one or more interconnected BSS’s with the same SSID.

13 Confidential and Proprietary Wireless Basics – Terms WLAN –WLAN stands for Wireless Local Area Network Wi-Fi –Wi-Fi is a brand name owned by the Wi-Fi Alliance, a group of independent companies that have agreed upon certain standards in order to ensure interoperability

14 Confidential and Proprietary Wireless Basics – Terms 802.11 –802.11 is the generic IEEE standard for WLAN communication. The number is followed by a letter (like a, b or g) to describe a specific standard. 802.1x –802.1x is the IEEE standard for network access control (authentication). It is frequently confused with 802.11 standards. 802.1x standards are frequently used in WLAN implementations.

15 Confidential and Proprietary Wireless Basics – Terms Radio Frequency (RF) –RF is the rate of oscillation of a radio wave. 802.11 applies to the frequencies of 5 GHz and 2.4 GHz, which are both public sector bands. Signal Strength –The signal strength of a RF devices is measured in watts. The higher the strength the larger the distance covered by the RF device. Modern AP’s range from 32 mW to 200 mW.

16 Confidential and Proprietary Wireless Security Issues Radio waves can penetrate walls and be reflected unintentionally Signal leakage is a common occurrence Can’t detect someone listening to your signal Distance is determined by antenna quality – both AP and EP Poor encryption Poor authentication Devices can be very small

17 Confidential and Proprietary Wireless Security Issues – Location Keep in mind what is physically near the AP –Parking lot –Park –Deli / Coffee House –Other buildings or offices Keep in mind what is physically distant from the AP –Mountain / Hill –Tall building

18 Confidential and Proprietary Wireless Security Issues – WEP WEP uses a very poorly implemented encryption scheme (RC4) The WEP key is easy to guess using freely available tools WEP has been proven to be obsolete (incredibly worthless) since 2001 Original version used only a 40 bit key which was changed to a 104 bit key Active attacks can dramatically reduce the amount of time required to obtain the key for cracking purposes

19 Confidential and Proprietary Wireless Security Issues – WEP Myths New WEP implementations – WEP+, WEP2, Dynamic WEP – fixed the problem It takes a very long time to obtain enough information to crack the encryption key Using 128 bit WEP is safe Certain WEP keys are unbreakable

20 Confidential and Proprietary Wireless Security Issues – Cracking WEP Simple process Very well described on the Internet Freely available tools and drivers New tool requires very few packets Can be done from long distances

21 Confidential and Proprietary Wireless Security Issues – Cracking WEP – Active Attack 1.Obtain hardware and software to support WEP cracking 2.Place wireless device within range of WEP network to capture traffic 3.Use tool to force end point to disconnect from network 4.Listen for special packet on reconnect 5.Replay packet until enough information is gathered 6.Run tool to obtain WEP key 7.Decrypt all WEP traffic

22 Confidential and Proprietary Wireless Security Issues – Cracking WEP – Passive Attack 1.Obtain hardware and software to support WEP cracking 2.Place wireless device within range of WEP network to capture traffic 3.Listen for enough packets to obtain key 4.Run tool to obtain WEP key 5.Decrypt all WEP traffic

23 Confidential and Proprietary Typical Wireless Architectures Open on public network Closed on public network Filtered on public network Closed on corporate network Closed and segregated on corporate network

24 Confidential and Proprietary Typical Wireless Architectures - Open on Public Network

25 Confidential and Proprietary Typical Wireless Architectures - Closed on Public Network

26 Confidential and Proprietary Typical Wireless Architectures - Filtered on Public Network

27 Confidential and Proprietary Typical Wireless Architectures - Closed on Corporate Network

28 Confidential and Proprietary Typical Wireless Architectures - Closed and segregated on corporate network

29 Confidential and Proprietary Auditing Wireless Networks – High Risk First Start with assessing the highest/most common risks first –Misconfiguration –Poor encryption –Unapproved devices –Bad implementation

30 Confidential and Proprietary Auditing Wireless Networks – Tools Free tools to get the job done: –Network Stumbler www.netstumbler.com –Aircrack-ng Suite www.aircrack-ng.org –BackTrack v2.0 Live CD www.remote-exploit.org/backtrack.html

31 Confidential and Proprietary Auditing Wireless Networks – Hardware Check your chipset –Not all chipsets support injection –May have to download a tool to determine –Good info at: http://www.aircrack-ng.org/doku.php?id=compatible_cards Check driver support for OS and application Atheros chipset best supported with drivers for Windows and Linux Consider an antenna or GPS

32 Confidential and Proprietary Auditing Wireless Networks – NetStumbler Windows only Monitors signal strength Lists SSID, MAC addresses, etc Can be used to monitor and log wireless activity Can be used to detect wireless devices –Locate device in list then monitor –Roam around using signal strength as “hot” or “cold” indication

33 Confidential and Proprietary Auditing Wireless Networks – NetStumbler

34 Confidential and Proprietary Auditing Wireless Networks – NetStumbler

35 Confidential and Proprietary Auditing Wireless Networks – NetStumbler

36 Confidential and Proprietary Auditing Wireless Networks – Aircrack-ng Suite Set of wireless tools mostly designed to crack encryption Windows and Linux (although some tools are Linux only) Contains a packet sniffer, packet injector, capture file decoder, tunnel interface and multiple crackers Used to list SSID’s in range Prove that WEP is too weak to use in any scenario

37 Confidential and Proprietary Auditing Wireless Networks – Aircrack-ng Suite

38 Confidential and Proprietary Auditing Wireless Networks – Aircrack-ng Suite

39 Confidential and Proprietary Auditing Wireless Networks – Aircrack-ng Suite

40 Confidential and Proprietary Auditing Wireless Networks – Aircrack-ng Suite

41 Confidential and Proprietary Auditing Wireless Networks – Steps 1.Obtain wireless network information from IT Configuration and Models Architecture SSID Encryption and Authentication Mitigation Logging and Monitoring Administration 2.Confirm information obtained using manual review of configuration files and wireless tools 3.Provide results and possible recommendations back to IT for comment 4.Provide final report to management

42 Confidential and Proprietary Auditing Wireless Networks – Questions to ask What type of encryption are we using? Is there any 802.1x authentication configured for the WLAN? Are connections to the WLAN logged? Is important data transmitted over our wireless networks? What security parameters or configurations are in place? What is our SSID? What is our WPA or WEP key and how is it protected?

43 Confidential and Proprietary Auditing Wireless Networks – Questions? Any Questions?

Download ppt "Confidential and Proprietary Capturing Air: Tools and Methods to Make Wireless Assessments a Breeze Leo Walsh, GSNA Professional Jefferson Wells."

Similar presentations

SEMINAR ON Wi-Fi.

SEMINAR ON Wi-Fi.
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
Wireless Insecurity.

Wireless Insecurity.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.

Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.

Similar presentations

Ads by Google