1 / 64

Nebraska University Center for Information Assurance

BSYOD: Bring and Secure Your Own Device Hardening your Mobile Devices to Participate in the Wireless World. Nebraska University Center for Information Assurance. Timeline. Part 1: NUICA, Who are we?. Part 4: Audience Questions and Suggestions. Part 2: Security concerns.

rollo
Télécharger la présentation

Nebraska University Center for Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BSYOD: Bring and Secure Your Own DeviceHardening your Mobile Devices to Participate in the Wireless World Nebraska University Center for Information Assurance

  2. Timeline Part 1: NUICA, Who are we? Part 4: Audience Questions and Suggestions Part 2: Security concerns Part 3: Some Solutions 11:15 12:00 12:15

  3. NUCIA Nebraska University Center for Information Assurance http://nucia.unomaha.edu/

  4. The UNO NUCIA Team Connie Jones Bill Mahoney Ken Dick Robin Gandhi Dwight Haworth Steve Nugen Abhishek Parakh Charles Spence Leah Pietron

  5. Information Assurance IA research and education is supported across the college of IS&T and the Graduate college NSA designated National Center of Academic Excellence in Information Assurance Education (CAE IAE) Degrees include BS in IA; MS in IA (starting Fall 2012)NEW, IA concentrations with CS and MIS Non-degree programs and activities include MIS IA certificate, International Cyber Defense Workshop Special programs for High School teachers and students

  6. Student Accomplishment (1) UCSB iCTF 2010: 72 teams (900 students!) from 16 countries competed in a game of hacking, challenge-solving, and state-sponsored warfare. (26 US Universities)

  7. Student Accomplishment (2) Placed 7th among all US Undergraduate teams

  8. Student Accomplishment (3) • IFSF CTF Quals hostedfrom Tunisia • 4th among US teams • 21st among 236 teamsWorldwide

  9. State of the Art IA Labs STEAL-1 STEAL-2 STEAL-4 STEAL-3 7 pods; 5 hosts ea 9 pods; 5 hosts ea Virtual Machines Student Research New SCADATestbed New hosts: Quad;16 GB; dual NICS 6 VM Servers; 4 NICS each DesktopWorkstations Each host can support multiple VMs; Networking optionsinclude host-only; STEAL domain; and Internet (via VPN) Networks:STEAL Only(Isolated)UNO Internet;Private Internet Able to carve out subsets to simulate different domains,cross-domain architectures, hardened systems, targets, and attackers. Supports teaching and research

  10. Wireless Security Issues

  11. 802.11 Networks • 802.11: A family of IEEE specifications for WLANs operating in 2.4 GHz RF spectrum • 2.4 GHz Frequency, Unlicensed • Divided into 14 channels • Infrastructure mode is most commonly used PC-1 PC-2 Gateway Internet AP

  12. Inherent Security Issues • Nodes in the physical vicinity of each other can monitor all network traffic • Open hotspots do not encrypt any traffic between the mobile node and the access point • Mobile applications may use insecure protocols to exchange sensitive information

  13. NIST Guidance • Guidelines for Securing Wireless Local Area Networks (WLANs) • NIST SP 800-153 • http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf

  14. Worrisome Scenarios • Capturing Wireless traffic • Rouge Access Points • Sniffing • Session high jacking • Insecure Apps • IPhone Southwest App • Privacy issues • Malicious QR codes • Wireless Encryption Cracking • WEP and WPA attacks

  15. Rouge Access Points • Advertise open access points in public places with similar names to legitimate ones • E.g. attwifi, boingo, linksys, NETGEAR PC-1 PC-2 Sniffer Gateway Internet AP HUB

  16. Sniffing • Passive monitoring of wireless traffic • The RF monitor mode allows every frame appearing on a channel to be copied into the scanning node • Hardware easily available for purchase • Wireless cards whose firmware and corresponding driver software together permit reading of all raw 802.11 frames • ~ $ 30

  17. Sniffing Alfa wardriving card Kismac Macbook Air

  18. Scanning available networks

  19. Network activity

  20. Selecting a target

  21. Selecting a target

  22. Foraging with Wireshark

  23. Foraging with Wireshark

  24. Foraging with Wireshark

  25. Session Highjacking http://codebutler.com/firesheep

  26. Insecure Apps • Some applications have inherent flaws that can be exploited on public networks • Case: Southwest Airlines iPhone App

  27. Southwest Airlines iPhone App • Use a remote network proxy to examine HTTP traffic

  28. Southwest Airlines iPhone App • The app assigns a Device ID to uniquely identify the device

  29. Southwest Airlines iPhone App • The registration data is sent out in the clear!

  30. Southwest Airlines iPhone App • … and any subsequent login information

  31. Privacy violations • Universal Device Identifiers • iPhone UUID, ANDROID_ID • Several application use UUID to perform some sort of tracking • A user does not have control over this the use of this information by apps • The UUID may be transmitted in the clear over unprotected WiFi networks

  32. Security and Privacy Hall of shame • http://blog.afewguyscoding.com/2011/12/survey-mobile-device-security-threats-vulnerabilities-defenses/ • http://www.msnbc.msn.com/id/46856168/ns/technology_and_science-security/t/cracks-appear-face-apples-ios-security/

  33. Malicious QR Codes • QR codes can be used to launch malicious websites that infect or root mobile devices • Malicious QR codes can be pasted on legitimate advertisements and fliers • Disable automatic launching of applications upon scanning of QR codes

  34. WEP and WPA Cracking • WEP-based passwords are very easy to crack. • WPA/PSK is relatively easy to crack given a short password length. • WPS pin bruteforce also weakens WPA/WPA2 protected networks

  35. WEP and WPA Cracking • Tools: • Aircrack-ng suite • Kismet – wireless sniffing tool • A wireless adapter that supports monitor mode for wireless sniffing • Linux operating system • Alternative (Kismac + wireless adapter + Mac)

  36. WEP and WPA Cracking (Aircrack-ng)

  37. WEP and WPA Cracking (Kismac)

  38. SOME USEFUL APPS AND BEST PRACTICES

  39. Best Practices • Center for Internet Security (CIS) Mobile Security Benchmarks • iPhone 5.0.1 security benchmark • Google Android 2.3 (Gingerbread) • http://benchmarks.cisecurity.org/ • http://benchmarks.cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.mobile

  40. Monitor Device Operation • iOS Apps for this include • System Status • Functionality includes displaying the system log • http://itunes.apple.com/us/app/system-status-device-activity/id401457165 • SYS Activity Manager • http://itunes.apple.com/us/app/sys-activity-manager-plus/id440654325

  41. Monitor your environment • iOS Network/Port Scanners continued • IT Tools • http://itunes.apple.com/us/app/it-tools/id324054954 • IP Network Scanner • http://itunes.apple.com/us/app/ip-network-scanner/id335517657 • LanScan HD • http://itunes.apple.com/us/app/lanscan-hd/id461551081 41

  42. Monitor your environment • iOS Network/Port Scanners include: • Scanny • http://itunes.apple.com/us/app/scany-network-port-scanner/id328077901 • iNetPro • http://itunes.apple.com/us/app/inet-pro-network-scanner/id305242949 • Deep Whois • http://itunes.apple.com/us/app/deep-whois-lookup-ips-domains/id328895000

  43. Screen Locks • Physical security is important for mobile devices • Store large amounts of personal data • Easier to steal • Easier to misplace • Maximize security by: • Set up passcodes for device access • Auto-locking feature • Automatic data erasure after failed attempts

  44. Screen Locks • Be careful with pattern locks. • Sometimes the pattern lock path is shown on the screen as it is used (depends upon the device). • Your pattern may be left behind by smudge marks. • Consider if someone might be watching your screen.

  45. Hardware Encryption • iPhone Support • iPhone 3GS and later • Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode • Third-party applications can use the data protection APIs

  46. Hardware Encryption • Android Support • Android 2.3 (Gingerbread) • All Motorola Devices • Some HTC Devices • Android 3.0+ • All Honeycomb Devices • All Ice Cream Sandwich Devices

  47. Hardware Encryption • Screen locks provide a good start, but do not encrypt the SD card or phone data. • Android provides additional settings • But, built-in encryption module have often been rendered useless

  48. Hardware Encryption • iPhone • 3GS, Encryption declared ‘useless’ by hackers, 2009 • http://www.wired.com/gadgetlab/2009/07/iphone-encryption • iOS 4, Encryption broken by ElcomSoft, 2011 • http://www.extremetech.com/mobile/84150-how-ios-4-encryption-was-cracked-and-how-to-protect-your-iphone • Alternative encryption methods may be available through apps

  49. Hardware Encryption • iPhone • Also remember to encrypt device backups • Examples • Device location tracking • http://www.geek.com/articles/apple/how-to-deal-with-your-iphone-tracking-you-20110420/ • Facebook login data • http://www.cultofmac.com/159169/facebook-ios-security-flaw-highlights-security-risk-in-ios-backups/ • User enabled, or enforced through configuration profiles 49

  50. Virtual Private Networks • VPNs build an encrypted tunnel from a mobile device to a trusted endpoint • Prevents eavesdropping on untrusted networks • iPhone, iPad and Android support the following • Cisco IPSec, L2TP/IPSec PSK, and PPTP virtual private network protocols. • Android additionally supports L2TP/IPsec CRT

More Related