Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Wireless LAN

Published byJonathan Barton Modified over 10 years ago

Similar presentations

Presentation on theme: "Securing the Wireless LAN"— Presentation transcript:

1 Securing the Wireless LAN
George Ou Network Systems Architect Contributing editor – ZDNet

2 Contents Introduction Relative risks of Wireless LANs
Six dumbest ways to secure a WLAN Tools of the wireless LAN hacker The best ways to secure the WLAN SOHO WLAN implementations Enterprise WLAN implementations

3 Introduction Wireless security is a huge headache in IT
Wireless security widely misunderstood Wireless security is everyone’s problem even if you don’t “think” you have a WLAN Banning WLANs often result in “improvised” home grown solutions Wireless LANs can be secured Wireless security applicable elsewhere in IT

4 Relative risks of Wireless LANs
Wireless security is NOT an oxymoron Less dangerous than having an Internet connection direct or indirect Attacks from the Internet can come from anywhere on the entire globe Web/FTP/Mail/DNS Servers Back doors R00TK1T5 that can dial home Attacks on Wireless LANs are limited to a couple of kilometers

5 Six dumbest ways to secure a WLAN Overview
MAC “authentication” SSID “hiding” LEAP authentication Disabling DHCP Antenna placement and signal suppression Switch to a or Bluetooth Wireless LANs ______________________________________ Dishonorable mention: WEP Original article on

6 Six dumbest ways to secure a WLAN MAC “authentication”
Use of the word “authentication” is laughable All that’s happening is MAC address filtering MAC addresses are transmitted in clear text Extremely easy to capture Extremely easy to clone and defeat Extremely difficult to manage MAC filtering

7 Six dumbest ways to secure a WLAN MAC spoofing

8 Six dumbest ways to secure a WLAN SSID “hiding”
No such thing as “hiding” an SSID All that’s happening is Access Point beacon suppression Four other SSID broadcasts not suppressed Probe requests Probe responses Association requests Re-association requests SSIDs must be transmitted in clear text or else cannot function

9 Six dumbest ways to secure a WLAN LEAP authentication
Cisco LEAP authentication is extremely weak LEAP successor EAP-FAST not much better Cisco dominates Enterprise WLAN market Significant percentage of Cisco shops use LEAP but have started to migrate to EAP-TLS LEAP and EAP-FAST are free on client side Only Cisco can sell LEAP and EAP-FAST on Access Points Cisco APs support all open authentication standards like EAP-TLS and PEAP

10 Six dumbest ways to secure a WLAN Disabling DHCP
Disabling DHCP and forcing the use of Static IP addresses is another common myth IP schemes are easy to figure out since the IP addresses are sent over the air in clear text Takes less than a minute to figure out an IP scheme and statically enter an IP address

11 Six dumbest ways to secure a WLAN Antenna placement and signal suppression
Antenna placement and signal suppression does nothing to encrypt data The hacker’s antenna is bigger than your’s Directional high-gain antennas can pick up a weak signal from several kilometers away Lowering the signal hurts legitimate users a lot more than it hurts the hackers Wi-Fi paint or wall paper not 100% leak proof and very expensive to implement

12 Six dumbest ways to secure a WLAN Switch to 802
Six dumbest ways to secure a WLAN Switch to a or Bluetooth wireless LANs 802.11a is a transport mechanism similar to b or g 802.11a has nothing to do with security Pray that the hacker doesn’t have 5 GHz a capable equipment Bluetooth is more of a wireless USB alternative Can be used for wireless networking but not designed as an a or b/g replacement

13 Six dumbest ways to secure a WLAN Dishonorable mention: WEP
WEP barely missed the six dumbest list because it can still hold up for a couple of minutes Hacker named “KoreK” releases new WEP analysis tool in August 2004 WEP coupled with 802.1x and EAP key rotation (AKA DWEP) is considered broken Packet injection techniques lowers WEP cracking times to minutes Article: Next generation WEP cracking tools

14 Tools of the wireless LAN hacker Overview
Software Auditor CD Kismet ASLEAP Void11, Aireplay, Airedump, and Aircrack Hardware Cheap and compatible cardbus adapters Omni directional high-gain antennas Directional high-gain antennas Off the shelf Laptop computer

15 Tools of the wireless LAN hacker Auditor CD
Bootable Linux CD with every security auditing tool under the sun Everything needed to penetrate most wireless LAN and more Mentioned as a favorite of the FBI Relatively easy to use

16 Tools of the wireless LAN hacker Kismet
Kismet is a Linux wireless LAN audit tool Can see “hidden” SSIDs Can see MAC addresses Can see IP schemes Can capture raw packet GUI version lays everything out

17 Tools of the wireless LAN hacker ASLEAP
ASLEAP cracks Cisco LEAP authentication Exploits weak MSCHAPv2 authentication Uses pre-computed indexed hash tables Checks 45 million passwords a second Upgraded to support PPTP VPN cracking

18 Tools of the wireless LAN hacker Void11, Aireplay, Airedump, and Aircrack
New set of tools makes WEP cracking hundreds of times faster Void11 forces users to re-authenticate Aireplay monitors re-auth session for ARP and then plays back the ARP request to trigger responses from legitimate computers Airedump captures all of the raw packets Aircrack only needs 200,000 packets instead of 10,000,000 packets from previous tools

19 Tools of the wireless LAN hacker Hardware: Cheap and compatible cardbus adapters
Prism 2/3 based b adapters PrismGT based b/g adapters Atheros based a/b/g adapters All typically around $40 to $70 USD All compatible with Linux cracking tools

20 Tools of the wireless LAN hacker Omni directional high-gain antennas
Typically 7 to 9 dB gain General purpose surveying and war driving Can be used to create evil twin access point Less than $100 USD

21 Tools of the wireless LAN hacker Directional high-gain antennas
Used to aim and focus in on victim Picks up weak signals many kilometers away Around $100 USD

22 Tools of the wireless LAN hacker Off the shelf Laptops
Any Laptop or PC can be used for hacking New Laptops with good cracking speed are as low as $400 USD Wireless hacking is NOT cost prohibitive!

23 The best ways to secure the WLAN Overview
Good cryptography allows secure communications over unsecured medium Follow best practice cryptographic principles Strong authentication Strong encryption WPA and WPA2 standards

24 The best ways to secure the WLAN Strong authentication background
Strong authentication is often overlooked Well established secure authentication methods all use SSL or TLS tunnels TLS is the successor of SSL SSL has been used for nearly a decade in E-Commerce SSL or TLS requires Digital Certificates Digital Certificates usually involves some form of PKI and Certificate management

25 The best ways to secure the WLAN Strong authentication in Wireless LANs
Wireless LANs typically use 802.1x and EAP Common standard EAP types are EAP-TLS, EAP-TTLS and PEAP LEAP and EAP-FAST are not standard EAP-TLS requires server and client certificates EAP-TTLS and PEAP only require client-side certificates EAP-TTLS created by Funk and Certicom PEAP created by Microsoft, Cisco and RSA Details on EAP types at:

26 The best ways to secure the WLAN Strong authentication and RADIUS servers
EAP authentication requires RADIUS support in Access Point and one or more RADIUS servers Microsoft Windows 2003 Server has fully functional RADIUS component called IAS Supports EAP-TLS and PEAP Windows 2000 only supports EAP-TLS Easily integrates in to NT domains or Active Directory Funk software makes Steelbelted and Odyssey Open source FreeRadius supports broad range of EAP types

27 The best ways to secure the WLAN Strong encryption
Encryption is well understood No known methods of breaking good encryption DES encryption has never been crypto-analyzed in nearly 30 years and must be brute forced 3DES still considered solid but slow AES is the official successor to DES and is solid at 128, 192, or 256 bits

28 The best ways to secure the WLAN Strong encryption in Wireless LANs
RC4 encryption is known to be weak WEP uses a form of RC4 encryption Dynamic WEP makes WEP cracking harder TKIP is a rewritten WEP algorithm No known methods against TKIP yet but some theoretical attacks are on the horizon AES encryption mandated in the newest Wireless LAN standards is rock solid

29 The best ways to secure the WLAN WPA and WPA2 standards
WPA used a trimmed down version of i WPA2 uses the ratified i standard WPA and WPA2 certified EAP types EAP-TLS (first certified EAP type) EAP-TTLS PEAPv0/EAP-MSCHAPv2 (Commonly known as PEAP) PEAPv1/EAP-GTC EAP-SIM WPA requires TKIP capability with AES optional WPA2 requires both TKIP and AES capability Details on EAP types at:

30 SOHO WLAN implementations
Minimum encryption should be TKIP Run AES encryption if possible EAP authentication usually not feasible for Small offices and home offices SOHO WLANs usually rely on WPA-PSK PSK (pre-shared keys) are easier than WEP with 26 HEX digits PSK must be at least 8 alphanumeric random characters Zyxel offers Access Points with PEAP RADIUS built-in

31 Enterprise WLAN implementations WPA and WPA2 standards
Minimum encryption should be TKIP Run AES encryption if possible EAP-TLS authentication recommended PEAP or EAP-TTLS authentication at a minimum

32 Enterprise WLAN implementations Wireless Switches
Wireless LAN switches manage large numbers of Access Points Much easier to manage Wireless switch makers Symbol Cisco Airespace Aruba

33 Enterprise WLAN implementations Advanced security implementations
Multiple Virtual SSID and VLAN support VLAN assignment based on group membership Guest Wireless LANs that are isolated Mitigating WEP security risks for WEP only devices using Firewall or Router ACLs (Access Control Lists) Can be done with single device such as the Cisco 851W which is a Firewall, Router, Managed Switch, and Access Point all-in-one

Download ppt "Securing the Wireless LAN"

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Security+ All-In-One Edition Chapter 10 – Wireless Security

Security+ All-In-One Edition Chapter 10 – Wireless Security
Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Network Security.

Network Security.
A Journey into Wireless JD Chaves. 2 Introduction Wireless Wireless a. Types a. Types b. Which one to use b. Which one to use c. Security Types c. Security.

A Journey into Wireless JD Chaves. 2 Introduction Wireless Wireless a. Types a. Types b. Which one to use b. Which one to use c. Security Types c. Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
Home Wireless Security David Mitchell 12/11/2007.

Home Wireless Security David Mitchell 12/11/2007.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Similar presentations

Ads by Google