Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J."— Presentation transcript:

1 Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J. Bernardini

2 Presentation Reference Material CWNA Certified Wireless Network Administration Official Study Guide, Fourth Edition, Tom Carpenter, Joel Barrett Chapter-09, pages 439-473 6/24/2015Wireless Networking J. Bernardini2

3 3 What is Information Security? Information Security: Task of guarding digital information Information must be protective - on the devices that store, manipulate, and transmit the information through products, people, and procedures. Information that must be protected are CIA Confidentiality – Only authorized parties can view information Integrity – Information is correct and unaltered Availability – Authorized parties must be able to access at all times

4 4 Layers of Security

5 5 Categories of Attackers Six categories of attackers: Hackers - Not malicious; expose security flaws, “ethical attackers” Crackers – Violates system security with malicious intent Script kiddies- Break into computers to create damage Spies – Hired to break in and steal information Employees- Unhappy employees that steal, damage and change information Cyber-terrorists- Steal, damage and change information for ideology or extreme beliefs

6 6 Challenges of Securing Information Trends influencing increasing difficultly in information security: – Speed of attacks – Sophistication of attacks – Faster detection of weaknesses Day zero attacks – Distributed attacks The “many against one” approach Impossible to stop attack by trying to identify and block source

7 7 Security Attackers Profiles

8 8 Security Organizations Many security organizations exist to provide security information, assistance, and training Computer Emergency Response Team Coordination Center (CERT/CC) Forum of Incident Response and Security Teams (FIRST) InfraGard Information Systems Security Association (ISSA) National Security Institute (NSI) SysAdmin, Audit, Network, Security (SANS) Institute

9 Common Attack Methods Eavesdropping Hijacking Man-in-the-middle Denial of Services (DoS) Management interface exploits Encryption cracking Authentication cracking MAC spoofing Peer-to-peer Social engineering 6/24/2015Wireless Networking J. Bernardini9

10 Eavesdropping Issues Definition: The interception and reading of messages and information by unintended recipients WLAN sends data through the open air Attacker can easily capture frames Attacker may not be able read frames Encryption of data reduces the ability to “read” When you access a network, be sure you have given the right to do so Wardriving is eavesdropping Laws are being enforce against eavesdropping 6/24/2015Wireless Networking J. Bernardini10

11 Eavesdropping Utilities CasualMalicious MacStumbler KisMac NetStumbler KisMet Easy Wi-Fi Radar WiFi Hopper OmniPeek Personal (free) AiroPeek Network Instruments Observer AirMagnet Laptop Analyzer Javvin CAPSA Wireshark (free) Comm View for Wi-Fi PC Comm View for Wi-Fi PocketPC 6/24/2015Wireless Networking J. Bernardini11

12 12 Man-in-the-Middle Attack Makes it seem that two computers are communicating with each other – Actually sending and receiving data with computer between them – Active or passive

13 SSID Filtering Disable SSID broadcast. By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join the wireless network. Change the default SSID. Wireless AP’s have a default SSID set by the factory. Linksys wireless products use Linksys. Change the network's SSID to something unique, and make sure it doesn't refer to the networking products, your company, department function, or location.

14 Hijacking and Man-in-the-middle Defined: An unauthorized user takes control of an authorized user’s WLAN connection Occurs at Layer1, Layer2 and Layer3 Hijacking Outline – Attacked starts own AP and captures traffic – Attacker configures his AP with victim SSID – Attacker send deauthentication frame with high-power RF – Victim reassociates with higher-power attacker AP – Attacker runs DHCP giving address to victim Attacker can try to steal data from victim Attacker can use second NIC to connect to original AP – Traffic between victim and original AP is captured by attacker – Complete Man-in –the-middle attack with capture of Layer1, Layer2 and Layer3 6/24/2015Wireless Networking J. Bernardini14

15 Windows Client Vulnerabilities and Solutions By default Windows send out probe requests for “preferred networks” Wireless Network tab properties establishes what networks and the order -Scans for SSID in list If it can not find “preferred network” will continue to scan A rogue AP has heard the SSID scan list and configures as one of the unsecured SSIDs Vitim Windows client connects to rogue AP Solutions – Keep WLAN card powered off – Remove unsecured SSIDs from list after using – Disable Windows client and use a more secure third-party client (Cisco LEAP) 6/24/2015Wireless Networking J. Bernardini15

16 Denial of Service Attack (DoS) Definition: An attack that results in the inability of a user or system to access needed resources Layer1 Attack-RF jamming – High level RF signal generator “drowns-out” APs in area Unintentional DoS – interference from microwave, wireless phone Layer2 Attack – Spoofs AP and generates management frames – Rogue AP spoofs AP MAC address – Rogue generate deauthentication or disassociation frame – Client STA disassociates – Rogue continues to send deauthentication or disassociation frame 6/24/2015Wireless Networking J. Bernardini16

17 Other DoS Attacks Empty Data Floods – Install two or three wireless adapter in laptop – Generate continuous maximum size frames – Position close to victim STA for stronger signal – Tie-up RF spectrum -preventing connect to legitimate Aps Other Attacks – Association Floods – Authentication Floods – Unauthorized AP left on Solution – Use spectrum analyzer to track down location of interference – Scan for SSIDs and zero-in on signal 6/24/2015Wireless Networking J. Bernardini17

18 Management Interface Exploits Web-based Interface exploit – Attacked captures traffic and determines IP network with scanning utility – Varies address and finds AP gateway address (example 192.168.1.1, 10.10.10.1 …) – Tries passwords if necessary – Changes AP configurations – Turns off all MAC access except attacker's – a form of DoS Solutions – Strong AP password – Disable web-interface – Secure telnet and SSH – Use strong WPA-PSK or WPA2-PSK 6/24/2015Wireless Networking J. Bernardini18

19 Encryption Cracking Weak Key Cracking – Attacker captures 100 MB of data – Process captured with “cracking tool” – Obtain WEP key in seconds – Weak keys and initialization vectors are very vulnerable Solution – Use strong encryption – WPA2 and AES – IEEE 802.11i – EAP-Cisco LEAP More Information in Chapter-10 6/24/2015Wireless Networking J. Bernardini19

20 20 Wired Equivalent Privacy (WEP) Guard the Confidentiality of CIA – Ensure only authorized parties can view it Used in IEEE 802.11 to encrypt wireless transmissions – “Scrambling Cryptography: Science of transforming information so that it is secure while being transmitted or stored – scrambles” data Encryption: Transforming plaintext to ciphertext Decryption: Transforming ciphertext to plaintext Cipher: An encryption algorithm – Given a key that is used to encrypt and decrypt messages – Weak keys: Keys that are easily discovered

21 21 WEP Cryptography

22 22 WEP Implementation IEEE 802.11 cryptography objectives: – Efficient – Exportable – Optional – Reasonably strong – Self-synchronizing WEP relies on secret key “shared” between a wireless device and the AP Same key installed on device and AP A form of Private key cryptography or symmetric encryption

23 23 WEP Characteristics WEP shared secret keys must be at least 40 bits – Most vendors use 104 bits Options for creating WEP keys: – 40-bit WEP shared secret key (5 ASCII characters or 10 hexadecimal characters) – 104-bit WEP shared secret key (13 ASCII characters or 16 hexadecimal characters) – Passphrase (16 ASCII characters) APs and wireless devices can store up to four shared secret keys – Default key one of the four stored keys – Default key used for all encryption – Default key can be different for AP and client

24 24 WEP Keys - Key order must be the same for all devices - Default Keys can be different for each device

25 25 Open System Authentication Vulnerabilities Inherently weak – Based only on match of SSIDs – SSID beaconed from AP during passive scanning Easy to discover Vulnerabilities: – Beaconing SSID is default mode in all APs – Not all APs allow beaconing to be turned off Or manufacturer recommends against it – SSID initially transmitted in plaintext (unencrypted) Vulnerabilities -If an attacker cannot capture an initial negotiation process, can force one to occur – SSID can be retrieved from an authenticated device – Many users do not change default SSID Several wireless tools freely available that allow users with no advanced knowledge of wireless networks to capture SSIDs

26 Peer-to-Peer Attacks Definition: Peer-to-Peer attack occurs when on STA attacks another STA that is associated with same AP Intension is generally data theft Installation of backdoors and other software Laptops are particularly vulnerable IBSS networks vulnerable (ad hoc) Hot spot networks can be a serious problem Solutions: – Public Secure Packet Forwarding (PSPF) applications – STA to STA communication disallowed – Microsoft file sharing disabled 6/24/2015Wireless Networking J. Bernardini26

27 Social Engineering Definition: Technique of persuading people to give you something that they should not give you – Organization Information – Data – Passwords and passphases – Keys Targets – Help Desk – On-site contractors – Employees Solutions – Do not only depend upon technology – Train personal regularly 6/24/2015Wireless Networking J. Bernardini27

28 MAC Address Filtering and Spoofing Most Access point offer some form of MAC Filtering. – MAC Access Lists – Advanced MAC Filtering Lists WLAN administrator must configure a list or set of rules for clients that will be allowed or not allowed to join the network.

29 MAC Access Filtering Proxim AP-600b

30 MAC Address Filtering Access Points Wired LAN Wired Clients 1 2 Database Server Wireless Clients AP-1 AP-2 MAC Address 00022D9DE44E MAC Address 001122C5AF3B

31 MAC Address Filtering Access Points 1 Database Server AP-1 MAC Address 00022D9DE44E MAC Address 001122C5AF3B Wireless Client Mask: F = Look 0 = Ignore (Logical Anding) AP-600b Wired MAC Adr. = 001122C5AF3B Wired Mask = FFFFFFFFFFFF Wireless MAC Adr. = 00022D9DE44E Wireless Mask = FFFFFFFFFFFF Filtering = Blocking

32 MAC Address Filtering Access Points 1 Database Server AP-1 MAC Address 00022D9DE44E MAC Address 001122C5AF3B Wireless Client AP-600b

33 Circumventing MAC Filters MAC addresses are sent in the clear in the frame header! User/attacker can change their MAC address via software and then spoof or more accurately impersonate or masquerade under the address. Evade/Hide Network Presence Bypass Access Control Lists Authenticated User Impersonation

34 34 Access Control Security Intended to guard one of the CIA’s – Availability of information Wireless access control: Limit user’s access to AP – by Filtering MAC addresses Media Access Control (MAC) address filtering: Based on a node’s unique MAC address Can be defeated by Spoofing a MAC address

35 35 Access Control Filtering MAC address filtering considered to be a basic means of controlling access – Requires pre-approved authentication – Difficult to provide temporary access for “guest” devices

36 MAC Spoofing

37 Security Solutions 802.1X Authentication MIC Message Integrity Checking TKIP Temporal Key Integrity Protocol Cipher and Authentication Negotiation Key Management AES Advanced Encryption Standard WPA / WPA2 Wi-Fi Protected Access 802.11i

38 Remember CIA and AAA CIA Confidentiality- Keep things private Integrity – Data must be consistant and accurate Availability – The right data to the right users AAA Authentication –”Who are You?” Authorization – “What do you want?” Accounting – “What have you done?” Bottom Line – Users are responsible for protecting there accounts and their data 6/24/2015Wireless Networking J. Bernardini38

Download ppt "Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J."

Similar presentations

Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wireless Networking Wireless Vulnerabilities and Attacks Module-13 Jerry Bernardini Community College of Rhode Island 6/26/20151Wireless Networking J.

Wireless Networking Wireless Vulnerabilities and Attacks Module-13 Jerry Bernardini Community College of Rhode Island 6/26/20151Wireless Networking J.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Similar presentations

Ads by Google