Chapter3 Wireless how safe it is NOT! By: Brett Hoff.

Slides:

Advertisements

Similar presentations

Overview How to crack WEP and WPA

Advertisements

Home Wireless Security David Mitchell 12/11/2007.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.

Wireless Cracking By: Christopher Zacky.

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Wireless Insecurity.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Attacks. Set up the APs Computer IP: Subnet Mask: Router IP address: –

MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University

CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.

Wireless Networking.

Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.

Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

1. Insert the Resource CD into your CD-ROM drive, click Start and choose Run. In the field that appears, enter F:\XXX\Setup.exe (if “F” is the letter of.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Wireless Encryption: WEP and cracking it. Eric Shea.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

Wireless Networking & Security Greg Stabler Spencer Smith.

David Abarca, Instructor Del Mar College Computer Corner Wireless Network Access Control.

.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.

The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.

Wireless Security on the Philippine Setting. Introduction: WHOAMI What’s this all about?

Distributed WPA Cracking CSCI Distributed Systems Spring 2011 University of Colorado Rodney Beede Ryan Kroiss Arpit Sud

Solving the Security Risks of WLAN Tuukka Karvonen

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

Chapter2 Effective Network Security By: Brett Hoff.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Understand Wireless Security LESSON Security Fundamentals.

Module 48 (Wireless Hacking)

Re-evaluating the WPA2 Security Protocol

Wireless Technologies

Wireless Protocols WEP, WPA & WPA2.

Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00

WEP & WPA Mandy Kershishnik.

Securing A Wireless Network

Security and Wireless LANs

Wireless Hacking.

Wireless Security Ian Bodley.

Advanced Penetration testing

Breaking into Wi-Fi Networks

Applying known techniques to WEP Keys Tim Newsham

Security Issues with Wireless Protocols

By: Anthony Gervasi & Adam Dickinson

Presentation transcript:

Chapter3 Wireless how safe it is NOT! By: Brett Hoff

Overview Chapter 3 of 8 chapter 1 Firewalls introduction. chapter 2 Effective Network Security chapter 3 Wireless how safe it is NOT! chapter 4 Logs not just for camp fires chapter 5 Tracing down your problem chapter 6 Tracing down your problem II chapter 7 How/who/when/why chapter 8 Overview

My Disclaimer Some of the things discussed in this Presentation fall out of the normal methods. These ideas presented herein are set as a guide and by no means the end all of security.... The suggestions in this presentation will not keep you 100% safe secure! The old saying is Locks are to keep honest people honest.

Overview! We are going to talk about securing your wireless connection today. And about what is out there and what is being used! We are going to show emphasis on what is not working!

Encryption do we need it? I hear people talking all the time about encryption. Unfortunately it is about how it is a pain to setup or they don't think they need it. Or the confusion over what they need. Of course we all know that yes we do need it. But do you know which one is the most secure?

Types of Encryption WEP WPA PSK –Pre Share Key WPA Radius WPA2 PSK only WPA2 Radius only WPA2 PSK mixed WPA Radius mixed

WEP Wired Equivalent Privacy Any WEP key can be cracked with readily available software in two minutes or less. This is the most readily used encryption. The only thing more used is no encryption! WEP uses either 64 or 128 bit encryption.

Determining if someone is using WEP For this you will need kismet and Ethereal You will also need to understand how these tools work. If not it will be quick to learn. Start up Kismet near your target AP and let it run for awhile. After getting a good stream of data go ahead and stop Kismet. Next start up Ethereal and open the Kismet.

Determining if someone is using WEP cont..dump file. Select a data packet from the top pane and choose a Tag Interpretation field from the second pane. If in the third pane you find an ASCII “P....” this indicates WPA is in use. Otherwise it will be WEP.

Determining if someone is using WEP 3 Notes here Kismet alone will tell you that the AP's are using WEP but the.dump file does not lie. With a little work with Kismet and Ethereal you can determine if WEP or WPA is being used. The Latest Version of Kismet will now tell you if it is WPA or WEP!

A few things Alright a few things. First and for most I am not going to show you how to hack somebodies box. This will give you the framework and you can easily find the tools for use on your own network on the backtrac cd found at.

Cracking WEP There are 2 ways to attack this subject. 1. sniffing for weak IV Fluhrer, Mantin, and Shamir found out that during normal operation about 9,000 of the possible 16 million IV's could be considered weak. And if enough of these weak IV's could be collected then you determine the key. Good news it takes between 1,500 and 5,000 weak before the crack is successful

Cracking WEP cont. After the weak IV's are collected then they are fed back into a key scheduling algorithm. Collecting enough weak IV's can take weeks even months, But there is a solution. Re injecting ARP packets back at the AP. We will talk more about this after finishing our review of cracking WEP.

Cracking WEP cont. 2. sniffing for unique IV This also requires a large number of packets but not nearly the amount required by weak IV's collection. This is called a chopping attack. Chopping the last byte off the packet and manipulating it to get the key.

Speeding up packet generation To speed up the process of gathering weak or unique IV's you can re inject a captured ARP to the target AP. The response will generate traffic and and increase the speed of which packets are captured.

Collecting ARP packets It could take some time to grab a good ARP packet for re injection. There are several scenarios where ARP packets are transmitted. One such is during authentication process. You need to send a deauthentication frame to the AP knocking the client off the network and reacquiring authentication and you have a captured ARP packet.

WPA-PSK Pre Share Key Wi-Fi Protected Access This was built to fill in the shortcomings of WEP. It has grater encryption capability and can be used with pre shared key PSK or with Radius server. When using with PSK you should use with a pass phrase of at least 21 characters to 54 for secure use. This encryption is prone to dictionary attack.

WPA Radius This is thought to be the most secure and both WPA and WPA2 have no know flaws in this setup. But require the setup of a radius server or PF-Auth server to use and falls beyond the scope of this presentation.

Cracking WPA-PSK It is actually easier to crack WPA-PSK than WEP. All you have to do is capture a four way handshake. (four-way Extensible Authentication Handshake) You can wait for an Authentication or force one by sending a deauthentication frame to the AP. After you have captured this one packet you can take it and run and crack it later with a dictionary attack.

Cracking WPA-PSK cont. To insure success on this type of attack the pass phrase should be less than 21 characters. And you should have a good word list to use. These are easily downloaded from the Web.

Cracking WPA2 psk Someone brought it up to me that WPA2 was not crackable like WPA was due to the added level of encryption, But build a better mouse trap and someone will build a better mouse. A tool called CoWPAtty now has WPA2 capabilities This now makes it another one down. Both WPA-psk and WPA2-psk are both still considered secure if you have a pass phrase of at least 21 characters.

Cracking WPA2 psk cont. Maximum protection with either WPA-psk or WPA2-psk come from using a pass phrase of 54 random letters or 39 random ASCII characters. This will give you true 256 bit encryption with WPA.

WPA radius and WPA2 radius Presently these are both considered safe and have no known flaws that I could find listed any where. These working by setting up a Authentication server for verifying the users on the network. It is a trick setting up such a network and such is mostly used by large corporations.

The worst wireless security! Mac Filtering: some one came with the idea to only allow your list of mac addresses on your AP. In theory it makes since and sound good. But in reality every time you authenticate with the AP you are giving up your mac address. It takes seconds to cut and paste the mac address into your computer essentially stealing your ID!

The worst wireless security! cont. SSID hiding: ok people there is no such thing! All you are doing is hiding it from your self! It is broadcast for 4 mechanisms ; probe requests, probe responses, association requests, and re-association requests. Essentially, you are talking about hiding 1 of 5 SSID broadcast mechanisms. Kismet sees them all.

The worst wireless security! cont. Disable DHCP: This one is actually listed on several wireless security websites. Come on guys even a newbie can figure out a Network Topography and set there IP/Netmask to match the needed layout.

The worst wireless security! cont. Antenna placement: Put your antenna in the middle of your building and turn down the power. Who here thinks that will work? Hackers will always have a better and bigger antenna :} Placement should be used for best coverage with minimum interference.

Wrap up Well I hope that helps you better understand wireless security. It is not all bad there is such a thing as secure wireless but like any other type of security it takes work. If anybody has any notes on any of my presentations I would be happy to look at them for inclusion into the presentation and give you credit for your contribution.