Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Hotspot Security

Published byDomenic Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Hotspot Security"— Presentation transcript:

1 Wireless Hotspot Security
and Client Attacks Almerindo Graziano

2 The Menu :-)‏ The WiFi Explosion Common misconceptions
Wireless hotspots attacks Wireless Client Attacks Rogue Access Points WEP Insecurity WPA Security General recommendations

3 About Silensec IT Governance ISO 27001 Implementation Gap Analysis
Risk Management Penetration Testing Web apps, Systems, Networks Security Training BSI ISO 27001, BS25999 SANS Wireless Security, Hacking Techniques

4 Common Misconceptions
We do not use/allow wireless networks Our network is secure We use firewalls We use VPN Nobody would attack us

5 Mobile Phones Explosion
Over 100 mobile phone handsets with wi-fi capability (June 2007)‏ 213 million Wi-Fi chipsets shipped worldwide in 2007 (32% growth)‏ 20%of the total chipset market by 2009 Dual-mode phones in 2008 Bypass mobile operator Skype mobile phones

6 Wifi in Everything! Digital Camera Mobile TVs Presentation Projectors
Stereos CCTV Cameras Swipe cards systems Medical monitoring equipment Portable digital players

7 Wireless Networks are Everywhere

8 Terminology Station (STA)‏ Access Point (AP)‏ Infrastructure Mode
Laptop, PDA, mobile phone Access Point (AP)‏ Connect STAs to the main network Infrastructure Mode Most common (home and corporate)‏ Ad-Hoc Mode Connecting STAs without an AP Ad-Hoc Mode Infrastructure Mode

9 Terminology (2)‏ WEP (Wired Equivalent Privacy)‏
WEP Key (64, 128, 256, 512 bits)‏ WEP+ Dynamic WEP WPA and WPA2 (Wireless Protected Access)‏ Passphrase (8-63 characters)‏

10 Wireless Hotspots Provide public access to the Internet through wireless networks Public does NOT mean FREE Often located in airports, train stations, libraries, hotels, coffee bars Designed to be easy to use Find the network Click and connect Authenticate and you are in!

11 Hotspot Example: T-Mobile
Secure Connection

12 Hotspot Example: T-Mobile (2)‏
Enter Credentials

13 Hotspot Security Risks
Information disclosure Most information is not encrypted and may be captured easily Identity theft Fraud and financial loss Compromise your computer Expose personal info (contacts)‏ Catch a virus Back in the workplace Expose even more personal info Spread the virus

14 Wireless Isolation Commonly used by hotspots
Most modern AP support it too Traffic between hotspot clients not allowed Protect hotspot clients from possible malicious clients And anyway you have your firewall.. What about non-connected clients?

15 DEMO

16 Wireless Client Attacks

17 Windows Preferred Network List (PNL)‏
Includes networks created by the user Networks are also added when we connect to a new network (hotspot)‏ Connection can be automatic or manual

18 Windows Preferred Network List (PNL)‏
Will always connect to the networks higher on the list.. even is already connected to another network! even if that network is more secure AP with stronger power are preferred User is not notified of AP switch!

19 Dangerous Connections..
Newly networks are added to the PNL If new network is in range windows may connect to it

20 Rogue Access Points More powerful signal Karma-based

21 Power Rogue Access Point
Windows wireless configuration AP chosen based on position in the PNL signal power tmobile tmobile

22 Power Rogue Access Points
DEMO

23 Client Attacks with Karma
Powerful tool Responds to any probe request Comes with DHCP, DNS, Web server Exploits clients which broadcast SSIDs with no security...hotspots

24 Judicious Karma

25 KARMA DEMO

26 Wifizoo Gathers information passively No connection required Cookies
Passwords from FTP,POP3 etc.. ..and lots more

27 Wifizoo at Work.. DEMO

28 Wireless Hacking in the Skies..
Just relax and enjoy the flight Watch a film on your laptop ...while you are being hacked... But don't you worry, there will be no interruption to your film entertainment

29 arking Mode Found by Simple Nomad
If DHCP fails to provide an IP address, interfaces with Link- Local configurations will auto- assign an address in the /16 range Link-Local is on by default on all interfaces on all Windows platforms, including wireless interfaces Scan for available networks (ANL)‏ Parking Mode Try available PNL networks Try PNL networks Any Ad-Hoc network in PNL? No Connect to Non-Preferred Nets? No Yes Yes Connect to 1st Ad-Hoc network in PNL Connect to available networks (ANL)‏ Keep looking for preferred networks Set Random SSID and go in infrastruture mode

30 Windows Wireless Client Update
Hotfix described in KB917021 Non-broadcast networks Allows to set a network as non-broadcast by setting “Connect even if the network is not broadcasting” WAC only sends probe requests for non-broadcast networks Preferred broadcast networks in the PNL are not advertised Parking behaviour Security configuration is passed onto the wireless adapter driver, using the most secure encryption method that the wireless network adapter supports (including random encryption key)‏ Ad-hoc Manual connection WAC doesn't probe ad-hoc SSID contained in the PNL

31 Windows Wireless Client Update (ctd.)‏
Not included in SP2 Many clients have not installed it Parking mode is driver-dependant Most driver still use no security You can still override secure default settings

32 Vista Wireless VISTA allows to define non-broadcast wireless networks
Listed as Unnamed Network WAC will try to connect to wireless networks in the order they are listed in the PNL, whether they are broadcast or not Support ad-hoc using WPA2-PSK Strong passphrase selection

33 Hotspot Security Tips Doublecheck the name and presence of an official Hotspot network where the service is provided Remember that the majority of Hotspots do not ensure data confidentiality Always look out for a padlock and https sign on the hotspot login page Do NOT implicitly trust advertised “Free Public WiFi”

34 WEP WEP IS DEAD You MUST NOT use it
Equivalent to no security (almost)‏ Aircrak-ptw < 1 minute

35 WPA and WPA2 WPA Stronger security, maintaining hardware compatibility
Even stronger security Need new hardware

36 WPA Personal/WPA-PSK Both WPA and WPA2 can be used with a passphrase (8-63 character)‏ Weak passphrases offer WEP-like protection..NONE Use a strong password generator (free

37 Wireless Security Tips – At Home
Change default values IP addresses Admin passwords Adjust the power output of your access point if possible Use MAC address filtering Change the default SSID Enable WPA/WPA2 Use a strong passphrase (20+ char) Set AP configuration to HTTPS if possible

38 Wireless Security Tips – On the move
Switch off your wireless card if not needed Do no connect automatically to wireless networks (nothing comes free)‏ Change your personal firewall settings to not trust the local network Be on your guard

39 General Wireless Security Tips
Download and instal MS wireless update Uncheck automatic connection to unprotected networks Keep your computers patched all the time Remember that hotspot networks are not secure

40 Questions?

Download ppt "Wireless Hotspot Security"

Similar presentations

Home Wireless Security David Mitchell 12/11/2007.

Home Wireless Security David Mitchell 12/11/2007.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Chapter 9 Connecting to and Setting up a Network

Chapter 9 Connecting to and Setting up a Network
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
DVG-N5402SP.

DVG-N5402SP.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

Similar presentations

Ads by Google