1. WIRELESS NETWORK SECURITY

2. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack

3. AD-HOC networks

4. WAR DRIVING Searching for Wi-Fi by person in moving vehicle

5. MAN-IN-THE-MIDDLE Hotspots have little security Entices computers to log into soft Access Point Hacker connects to real AP – offers steady flow of traffic Hacker sniffs the traffic Forces you to loose connection + reconnect within the hackers AP.

6. CAFFE LATTE ATTACK Targets the Windows wireless stack Possible to obtain the WEP key from a remote client Sends flood of encrypted ARP requests Attacker can obtain the WEP key within minutes

7. Wireless Intrusion Prevention System (WIPS) Robust way to counteract wireless security risks PCI Security Standard Council published guidelines for large organizations

8. WEP: Wired Equivalent Privacy 1999 Secret Keys [Codes to Encrypt Data] Secondary Goal : Control Network Access

9. WEP 64,128, 256 bit key 24 bits used for Initialization Vector Each packet includes integrity check

10. Stream Ciphers RC4 is a stream cipher Expands a key into an infinite pseudo-random keystream

11. What about IVs? RC4 keystream should not be reused. Use initialization vector to generate different keystream for each packet by augmenting the key IV reuse(24 bits)=>16.7 million variations Same shared key in both directions Encryption is vulnerable to collision-based attacks.

12. Linear Checksum Encrypted CRC-32 used as integrity check Fine for random errors, but not deliberate ones CRC is linear Can maliciously flip bits in the packet Can replay modified packets!

13. WEP Problem #1: No Limit on using the same IV Value more than once.This makes the encryption vulnerable to collision- based attacks. Problem #2 The IV is only 24 bits, there are only 16.7 million possible variations.

14. WEP Problem: #3: Master Keys are used directly, when they should be used to generate other temporary keys. Problem #4: Users don’t change their keys very often on most networks, giving attackers ample time to try various techniques.

15. 802.11i TKIP [Temporal Key Integrity Protocol] AES is a cryptographic algorithm - new hardware may be required 802.1X: used for authentication

16. 802.1X Keeps the network port disconnected until authentication is complete. The port is either made available or the user is denied access to the network.

17. WPA: Wifi Protected Access Subset of 802.11i Master keys are never directly used. Better key management. Impressive message integrity checking.

18. WPA: Wifi Protected Access Advantages: IV length has increased to 48 bits, over 500 trillion possible key combinations IVs better protected through the use of TKIP sequence counter, helping to prevents reuse of IV keys.

19. WPA: Wifi Protected Access Master keys are never directly used Better key management Impressive message integrity checking.

20. 802.11i WPA2 WPA2 uses AES (Advanced Encryption Standard) to provide stronger encryption. Enterprise uses IEEE 802.1X and EAP to provide authentication. Consumer uses a pre-shared key, or password. New session Keys for every association- unique to that client. Avoids reuse.

21. WPA = TKIP + 802.1X To get a Robust Secure Network, the hardware must use CCMP [Counter Mode CBC MAC Protocol] WPA2 = CCMP+802.1X

22. TIPS Change default Administrator Passwords for router. Turn on WPA/WEP Encryption Change the Default SSID Enable Mac Address Filtering

23. TIPS Disable SSID Broadcast Do Not Auto-Connect to Open Wi-Fi Networks Assign Static IP Addresses to Devices Turn off DHCP on the router access point

24. TIPS Ensure firewall is enabled on your router and also each computer connected.

25. TIPS Position the router or Access Point Safely Turn Off the Network during Extended Periods of Non-Use.

26. Questions ?