Wireless Hotspot Security

Slides:



Advertisements
Similar presentations
Home Wireless Security David Mitchell 12/11/2007.
Advertisements

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Chapter 9 Connecting to and Setting up a Network
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
DVG-N5402SP.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.
1 Configuring Linksys Wireless Router Prof. Valencia Community College.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
 2009 AirTight Networks. Financial Districts Wireless Vulnerability Study A study conducted by AirTight Networks, Inc.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Dainis Krakops’ Wireless Network MOTOROLA SURFboard SB5101 CABLE MODEM Enables cable operators to provide broadband Internet connection for my LAN devices.
Securing a Wireless Network
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Laptops, Notebooks, & Tablets, Oh My! Kathleen Hamby M.S. CBPA Governors State University.
Wireless Networks This section Contain : 1) Wireless Basics. 2) Bluetooth. 3) Wi-Fi. 4) Wi-Fi Equipment. 5)Wi-Fi Setup.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
1. Insert the Resource CD into your CD-ROM drive, click Start and choose Run. In the field that appears, enter F:\XXX\Setup.exe (if “F” is the letter of.
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Understanding Wireless Networking. WiFi Technology WiFi began as a way to extend home and small office network access without installing more cable. As.
Copyright Security-Assessment.com 2005 Wireless Security by Nick von Dadelszen.
Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.
PRESENTATION ON WI-FI TECHNOLOGY
Attacking Automatic Wireless Network Selection Dino A. Dai Zovi and Shane A. Macaulay
David Abarca, Instructor Del Mar College Computer Corner Wireless Network Access Control.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
Securing A Wireless Home Network. Simple home wired LAN.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.
Chapter 1-4 Home Networking. Introduction Setting up a home network is probably one of the first networks that the student sets up. This is an exciting.
Securing a Wireless Home Network BY: ARGA PRIBADI.
Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.
Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Install, configure, and deploy a SOHO wireless/wired router using appropriate settings. Objective.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
 Two wireless gateways for home use that I choose are : - Linksys Wireless-G ADSL Home Gateway WAG354G - WAG160N Wireless-N ADSL2+ Gateway  The wireless.
Instructor Materials Chapter 6 Building a Home Network
WEP & WPA Mandy Kershishnik.
Securing A Wireless Network
Presentation transcript:

Wireless Hotspot Security and Client Attacks Almerindo Graziano a.graziano@silensec.com www.silensec.com

The Menu :-)‏ The WiFi Explosion Common misconceptions Wireless hotspots attacks Wireless Client Attacks Rogue Access Points WEP Insecurity WPA Security General recommendations

About Silensec IT Governance ISO 27001 Implementation Gap Analysis Risk Management Penetration Testing Web apps, Systems, Networks Security Training BSI ISO 27001, BS25999 SANS Wireless Security, Hacking Techniques

Common Misconceptions We do not use/allow wireless networks Our network is secure We use firewalls We use VPN Nobody would attack us

Mobile Phones Explosion Over 100 mobile phone handsets with wi-fi capability (June 2007)‏ 213 million Wi-Fi chipsets shipped worldwide in 2007 (32% growth)‏ 20%of the total chipset market by 2009 Dual-mode phones in 2008 Bypass mobile operator Skype mobile phones

Wifi in Everything! Digital Camera Mobile TVs Presentation Projectors Stereos CCTV Cameras Swipe cards systems Medical monitoring equipment Portable digital players

Wireless Networks are Everywhere

Terminology Station (STA)‏ Access Point (AP)‏ Infrastructure Mode Laptop, PDA, mobile phone Access Point (AP)‏ Connect STAs to the main network Infrastructure Mode Most common (home and corporate)‏ Ad-Hoc Mode Connecting STAs without an AP Ad-Hoc Mode Infrastructure Mode

Terminology (2)‏ WEP (Wired Equivalent Privacy)‏ WEP Key (64, 128, 256, 512 bits)‏ WEP+ Dynamic WEP WPA and WPA2 (Wireless Protected Access)‏ Passphrase (8-63 characters)‏

Wireless Hotspots Provide public access to the Internet through wireless networks Public does NOT mean FREE Often located in airports, train stations, libraries, hotels, coffee bars Designed to be easy to use Find the network Click and connect Authenticate and you are in!

Hotspot Example: T-Mobile Secure Connection

Hotspot Example: T-Mobile (2)‏ Enter Credentials

Hotspot Security Risks Information disclosure Most information is not encrypted and may be captured easily Identity theft Fraud and financial loss Compromise your computer Expose personal info (contacts)‏ Catch a virus Back in the workplace Expose even more personal info Spread the virus

Wireless Isolation Commonly used by hotspots Most modern AP support it too Traffic between hotspot clients not allowed Protect hotspot clients from possible malicious clients And anyway you have your firewall.. What about non-connected clients?

DEMO

Wireless Client Attacks

Windows Preferred Network List (PNL)‏ Includes networks created by the user Networks are also added when we connect to a new network (hotspot)‏ Connection can be automatic or manual

Windows Preferred Network List (PNL)‏ Will always connect to the networks higher on the list.. even is already connected to another network! even if that network is more secure AP with stronger power are preferred User is not notified of AP switch!

Dangerous Connections.. Newly networks are added to the PNL If new network is in range windows may connect to it

Rogue Access Points More powerful signal Karma-based

Power Rogue Access Point Windows wireless configuration AP chosen based on position in the PNL signal power tmobile tmobile

Power Rogue Access Points DEMO

Client Attacks with Karma Powerful tool Responds to any probe request Comes with DHCP, DNS, Web server Exploits clients which broadcast SSIDs with no security...hotspots

Judicious Karma

KARMA DEMO

Wifizoo Gathers information passively No connection required Cookies Passwords from FTP,POP3 etc.. ..and lots more

Wifizoo at Work.. DEMO

Wireless Hacking in the Skies.. Just relax and enjoy the flight Watch a film on your laptop ...while you are being hacked... But don't you worry, there will be no interruption to your film entertainment

arking Mode Found by Simple Nomad If DHCP fails to provide an IP address, interfaces with Link- Local configurations will auto- assign an address in the 169.254.0.0/16 range Link-Local is on by default on all interfaces on all Windows platforms, including wireless interfaces Scan for available networks (ANL)‏ Parking Mode Try available PNL networks Try PNL networks Any Ad-Hoc network in PNL? No Connect to Non-Preferred Nets? No Yes Yes Connect to 1st Ad-Hoc network in PNL Connect to available networks (ANL)‏ Keep looking for preferred networks Set Random SSID and go in infrastruture mode

Windows Wireless Client Update Hotfix described in KB917021 Non-broadcast networks Allows to set a network as non-broadcast by setting “Connect even if the network is not broadcasting” WAC only sends probe requests for non-broadcast networks Preferred broadcast networks in the PNL are not advertised Parking behaviour Security configuration is passed onto the wireless adapter driver, using the most secure encryption method that the wireless network adapter supports (including random encryption key)‏ Ad-hoc Manual connection WAC doesn't probe ad-hoc SSID contained in the PNL

Windows Wireless Client Update (ctd.)‏ Not included in SP2 Many clients have not installed it Parking mode is driver-dependant Most driver still use no security You can still override secure default settings

Vista Wireless VISTA allows to define non-broadcast wireless networks Listed as Unnamed Network WAC will try to connect to wireless networks in the order they are listed in the PNL, whether they are broadcast or not Support ad-hoc using WPA2-PSK Strong passphrase selection

Hotspot Security Tips Doublecheck the name and presence of an official Hotspot network where the service is provided Remember that the majority of Hotspots do not ensure data confidentiality Always look out for a padlock and https sign on the hotspot login page Do NOT implicitly trust advertised “Free Public WiFi”

WEP WEP IS DEAD You MUST NOT use it Equivalent to no security (almost)‏ Aircrak-ptw < 1 minute

WPA and WPA2 WPA Stronger security, maintaining hardware compatibility Even stronger security Need new hardware

WPA Personal/WPA-PSK Both WPA and WPA2 can be used with a passphrase (8-63 character)‏ Weak passphrases offer WEP-like protection..NONE Use a strong password generator (free https://www.grc.com/passwords.htm

Wireless Security Tips – At Home Change default values IP addresses Admin passwords Adjust the power output of your access point if possible Use MAC address filtering Change the default SSID Enable WPA/WPA2 Use a strong passphrase (20+ char) Set AP configuration to HTTPS if possible

Wireless Security Tips – On the move Switch off your wireless card if not needed Do no connect automatically to wireless networks (nothing comes free)‏ Change your personal firewall settings to not trust the local network Be on your guard

General Wireless Security Tips Download and instal MS wireless update Uncheck automatic connection to unprotected networks Keep your computers patched all the time Remember that hotspot networks are not secure

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.