Presentation is loading. Please wait.

Presentation is loading. Please wait.

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

Published byCody Parks Modified over 8 years ago

Similar presentations

Presentation on theme: "CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities."— Presentation transcript:

1 CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities

2 Objectives Define information security Explain the basic security protections for IEEE 802.11 WLANs List the vulnerabilities of the IEEE 802.11 standard Describe the types of wireless attacks that can be launched against a wireless network

3 Security Principles: What is Information Security? Information security: Task of guarding digital information –Ensures protective measures properly implemented –Protects confidentiality, integrity, and availability (CIA) on the devices that store, manipulate, and transmit the information through products, people, and procedures

4 Security Principles: What is Information Security? (continued) Information security components

5 Security Principles: Challenges of Securing Information Trends influencing increasing difficultly in information security: –Speed of attacks –Sophistication of attacks –Faster detection of weaknesses Day zero attacks –Distributed attacks The “many against one” approach Impossible to stop attack by trying to identify and block source

6 Security Principles: Categories of Attackers Six categories of attackers: –Hackers Not malicious; expose security flaws –Crackers –Script kiddies –Spies –Employees –Cyberterrorists

7 Security Principles: Categories of Attackers (continued) Attacker profiles

8 Security Principles: Security Organizations Many security organizations exist to provide security information, assistance, and training –Computer Emergency Response Team Coordination Center (CERT/CC) –Forum of Incident Response and Security Teams (FIRST) –InfraGard –Information Systems Security Association (ISSA) –National Security Institute (NSI) –SysAdmin, Audit, Network, Security (SANS) Institute

9 Basic IEEE 802.11 Security Protections Data transmitted by a WLAN could be intercepted and viewed by an attacker –Important that basic wireless security protections be built into WLANs Three categories of WLAN protections: –Access control –Wired equivalent privacy (WEP) –Authentication Some protections specified by IEEE, while others left to vendors

10 Access Control Intended to guard availability of information Wireless access control: Limit user’s admission to AP –Filtering Media Access Control (MAC) address filtering: Based on a node’s unique MAC address MAC address

11 Access Control (continued) MAC address filtering

12 Access Control (continued) MAC address filtering considered to be a basic means of controlling access –Requires pre-approved authentication –Difficult to provide temporary access for “guest” devices

13 Wired Equivalent Privacy (WEP) Guard the confidentiality of information –Ensure only authorized parties can view it Used in IEEE 802.11 to encrypt wireless transmissions –“Scrambling”

14 WEP: Cryptography Cryptography: Science of transforming information so that it is secure while being transmitted or stored –scrambles” data Encryption: Transforming plaintext to ciphertext Decryption: Transforming ciphertext to plaintext Cipher: An encryption algorithm –Given a key that is used to encrypt and decrypt messages –Weak keys: Keys that are easily discovered

15 WEP: Cryptography (continued) Cryptography

16 WEP: Implementation IEEE 802.11 cryptography objectives: –Efficient –Exportable –Optional –Reasonably strong –Self-synchronizing WEP relies on secret key “shared” between a wireless device and the AP –Same key installed on device and AP –Private key cryptography or symmetric encryption

17 WEP: Implementation (continued) Symmetric encryption

18 WEP: Implementation (continued) WEP shared secret keys must be at least 40 bits –Most vendors use 104 bits Options for creating WEP keys: –40-bit WEP shared secret key (5 ASCII characters or 10 hexadecimal characters) –104-bit WEP shared secret key (13 ASCII characters or 16 hexadecimal characters) –Passphrase (16 ASCII characters) APs and wireless devices can store up to four shared secret keys –Default key used for all encryption

19 WEP: Implementation (continued) Default WEP keys

20 WEP: Implementation (continued) WEP encryption process

21 WEP: Implementation (continued) When encrypted frame arrives at destination: –Receiving device separates IV from ciphertext –Combines IV with appropriate secret key Create a keystream –Keystream used to extract text and ICV –Text run through CRC Ensure ICVs match and nothing lost in transmission Generating keystream using the PRNG is based on the RC4 cipher algorithm –Stream Cipher

22 WEP: Implementation (continued) Stream cipher

23 Authentication IEEE 802.11 authentication: Process in which AP accepts or rejects a wireless device Open system authentication: –Wireless device sends association request frame to AP Carries info about supported data rates and service set identifier (SSID) –AP compares received SSID with the network SSID If they match, wireless device authenticated

24 Authentication (continued) Shared key authentication: Uses WEP keys –AP sends the wireless device the challenge text –Wireless device encrypts challenge text with its WEP key and returns it to the AP –AP decrypts returned result and compares to original challenge text If they match, device accepted into network

25 Vulnerabilities of IEEE 802.11 Security IEEE 802.11 standard’s security mechanisms for wireless networks have fallen short of their goal Vulnerabilities exist in: –Authentication –Address filtering –WEP

26 Open System Authentication Vulnerabilities Inherently weak –Based only on match of SSIDs –SSID beaconed from AP during passive scanning Easy to discover Vulnerabilities: –Beaconing SSID is default mode in all APs –Not all APs allow beaconing to be turned off Or manufacturer recommends against it –SSID initially transmitted in plaintext (unencrypted)

27 Open System Authentication Vulnerabilities (continued) Vulnerabilities (continued): –If an attacker cannot capture an initial negotiation process, can force one to occur –SSID can be retrieved from an authenticated device –Many users do not change default SSID Several wireless tools freely available that allow users with no advanced knowledge of wireless networks to capture SSIDs

28 Open System Authentication Vulnerabilities (continued) Forcing the renegotiation process

29 Shared Secret Key Authentication Vulnerabilities Attackers can view key on an approved wireless device (i.e., steal it), and then use on own wireless devices Brute force attack: Attacker attempts to create every possible key combination until correct key found Dictionary attack: Takes each word from a dictionary and encodes it in same way as passphrase –Compare encoded dictionary words against encrypted frame

30 Shared Secret Key Authentication Vulnerabilities (continued) AP sends challenge text in plaintext –Attacker can capture challenge text and device’s response (encrypted text and IV) Mathematically derive keystream

31 Shared Secret Key Authentication Vulnerabilities (continued) Table 8-2: Authentication attacks

32 Address Filtering Vulnerabilities MAC address attacks

33 WEP Vulnerabilities Uses 40 or 104 bit keys –Shorter keys easier to crack WEP implementation violates cardinal rule of cryptography –Creates detectable pattern for attackers –APs end up repeating IVs Collision: Two packets derived from same IV –Attacker can use info from collisions to initiate a keystream attack

34 WEP Vulnerabilities (continued) 8-13: XOR operations

35 WEP Vulnerabilities (continued) 8-14: Capturing packets

36 WEP Vulnerabilities (continued) PRNG does not create true random number –Pseudorandom –First 256 bytes of the RC4 cipher can be determined by bytes in the key itself WEP attacks

37 Other Wireless Attacks: Man-in-the- Middle Attack Makes it seem that two computers are communicating with each other –Actually sending and receiving data with computer between them –Active or passive Intercepting transmissions

38 Other Wireless Attacks: Man-in-the- Middle Attack (continued) Wireless man-in-the-middle attack

39 Other Wireless Attacks: Denial of Service (DoS) Attack Standard DoS attack attempts to make a server or other network device unavailable by flooding it with requests –Attacking computers programmed to request, but not respond Wireless DoS attacks are different: –Jamming: Prevents wireless devices from transmitting –Forcing a device to continually dissociate and re- associate with AP

Download ppt "CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities."

Similar presentations

CWSP Guide to Wireless Security

CWSP Guide to Wireless Security
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray.

The Dangers of Mitigating Security Design Flaws: A Wireless Case Study Nick Petroni Jr., William Arbaugh University of Maryland Presented by: Abe Murray.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J.

Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J.

Similar presentations

Ads by Google