340 likes | 924 Vues
Steven Senkus. Wireless Security. What is Wireless Networking?. Transmission of computer-readable data signal through radio waves to the Internet or another computer. Takes place at the physical layer (hardware). A Brief History.
E N D
Steven Senkus Wireless Security
What is Wireless Networking? • Transmission of computer-readable data signal through radio waves to the Internet or another computer. • Takes place at the physical layer (hardware)
A Brief History • In 1985, the FCC authorized public use of Industrial, Scientific, and Medical bands (902 MHz - 5.85 GHz) • The IEEE later created the 802.11 Working Group to standardize wireless LAN communication. • The standard was approved and published in 1997. 802.11 uses 2.4 GHz or 5 GHz frequency bands. • Due to security demands, WEP (Wired Equivalent Privacy) was added to the 802.11 standard
Wi-Fi Alliance • Formed in 1999; non-profit industry association that worked to unite 802.11 wireless transmission under one certification standard • Ensures interoperability between manufacturers by only allowing the Wi-Fi trademark for certified products.
Wi-Fi Is Everywhere! • Corporations • Home Networks • Universities • Airports • Coffee Shops • Restaurants • Hotels • Libraries • etc.
lower infrastructure costs share resources like printers and shared access to a centralized storage. Advantages of Wireless Networking • mobility • ease of adding devices/ network expansion • minimal cost • speed • ranges up to ~300m outdoors / ~70m indoors
Multiple devices on a WLAN can slow Internet access Wireless transmissions are detectable; security is necessary for privacy and authentication Disadvantages of Wireless Networking • limited frequency • suspected health risks from radio communication • network size is determined by area of transmission • signal interference (cordless phones, other APs, walls)
Dangers of an Unsecured WLAN • Free Internet access for anyone • Illegal activity can be traced back to your network • Wardriving • Intruder configuration of network, installation of malware / backdoors • Outsider access to shared resources (printers, computers) • Eavesdropping / Identity Theft
World's largest known theft of credit card information • A St. Paul, MN Marshalls store (owned by TJX) cut corners on network maintenance, infrastructure, financial standards, and used WEP for Wi-Fi security. Hackers were able to intercept sensitive financial and customer data. • TJX claims to have lost 45.7 million credit/debit card numbers as well as personal information of an estimated 500,000 customers.
WEP Security • WEP = “Wired Equivalent Privacy”; introduced in 1997 as part of the 802.11b standard. • Two types of authentication: Open System and Shared Key • Open System allows any station to connect and encrypts communication. • Shared Key encrypts and decrypts data sent between an access point (AP; router) and a station (computer with a wireless NIC) after a valid key is entered.
WEP Authentication • 1. Station sends an Authentication frame to the AP. • 2. AP replies with a 128 byte random challenge text. • 3. Station encrypts this with the shared key and sends it • 4. AP decrypts challenge text. If it matches the original sent text, then the AP indicates successful authentication
WEP Weaknesses • Wired Equivalency Privacy isn't. • The U.S. Government limited exportable cryptography; as a result, WEP secret keys were limited to 40 bits when first developed. • Researchers from the University of Maryland and Berkeley discovered weaknesses in WEP key reuse, weak message authentication, and traffic injection. • WEP's underlying RC4 algorithm was found to be insecure when multiple packets were analyzed • Encrypted packets are predictable and can be decrypted through statistical analysis
WEP Weaknesses • FBI agents demonstrated that a WEP-secured network can be cracked in three minutes • Several detailed articles and YouTube videos explain the procedure step-by-step • Widely understood to be insecure and, as a result, use has been deprecated. However, WEP is still included with hardware for legacy compatibility. • WEP is the equivalent of a “No Trespassing Sign”
WPA/WPA2 • In 2001, the IEEE addressed the problem by creating the 802.11i task force to address WEP insecurity. • This resulted in the creation of WPA (Wi-Fi Protected Access) and WPA2 after ratification of the 802.11i standard. • WPA encrypts information and ensures that the network security key has not been modified. • WPA-certified devices retain WEP support for legacy systems. • WPA's encryption key differs in every packet • All hardware certified for 802.11b, g, and n must implement WPA and WPA2.
WPA/WPA2 • PSK = Personal Mode – designed for small networks • Network traffic is encrypted with a 256 bit key • Keys can be 8-63 ASCII characters or 64 hexadecimal digits • TKIP = Temporal Key Integrity Protocol – algorithm – used in WPA and an option in WPA2 – per-packet key mixing and a message integrity check • Bruteforce and dictionary attacks are made more difficult with an 8 character minimum passphrases.
WPA2 • Interoperability ensured by EAP (Extensible Authentication Protocol) in Wi-Fi Alliance certification programs. • EAP is used to validate the identity of network devices. • WPA2 was designed to work with RADIUS servers to allow administration, auditing, and logging (username and login required) • WPA2-Enterprise is not practical for small networks due to server authentication. • Uses the AES-CCMP algorithm instead of the flawed RC4
WPA Weaknesses • WPA/WPA2-PSK: The “four-way handshake” packets sent over EAPoL (during client association) can be sniffed and cracked. • WPA/WPA2-PSK: Only as strong as the password chosen • Greater encryption equals greater packet size = more processing power and network bandwidth required • WPA uses the same encryption technology as WEP (RC4) • WPA is vulnerable to DoS attacks • All devices communicating with WPA must have WPA software.
Other Methods of Securing Wireless Networks • VPN – (Virtual Private Network) • Firewalls • MAC (Media Access Control) Filtering – create a table of authorized client MAC addresses and only allow those clients access to the wireless network • RADIUS Authentication and Authorization • Kerberos • RF Shielding
Wireless Tools and Techniques • Most are Linux based software programs • Not all uses are malicious; useful for network auditing • Configuration can be painful! • Widely available and legal • Free and modifiable (open source)
MITM (“Man in the Middle”) attacks: ARP poisoning DNS redirection Session Hijacking DHCP spoofing Wireless Tools and Techniques • War driving • Sniffing • Jamming • Spoofing (MAC address and IP address)
Netstumbler • WLAN detection • Works with Windows • Can be used with a GPS receiver
Kismet • WLAN detector (can detect hidden APs) • Packet sniffer • Intrusion detection
Driftnet • Listens to network traffic and picks up images from TCP traffic
Ettercap • MiTM attack suite • Active eavesdropping on several protocols • Network traffic interception • Password capturing • DNS redirection • Sniffing
Rogue Access Point • An access point that mimics a known access point to trick users and computers into connecting. Traffic can be monitored and directed • Also called Wiphishing, as fake websites can be generated to lure users into giving away their credentials
Wireless Security Tips • Change router password from default • Set router transmission power or physical location • Use wired connections for AP configuration • Disable SSID visibility and beacons (broadcasting) • Use a firewall • Use HTTPS and TLS • Use WPA2
Wireless Security Tips • Use a long and arbitrary password combination consisting of numbers, letters, special characters (if available) • For WEP, define all 4 keys and rotate them at regular intervals • Disable DHCP and assign static IP addresses • MAC address filtering • Turn off file sharing for stations connected to a wireless LAN
Sources • http://en.wikipedia.org/wiki/Wi-Fi • http://www.wi-fi.org/knowledge_center/kc-macfiltering • http://kb.netgear.com/app/answers/detail/a_id/1105 • http://codedrunk.blogspot.com/2008/01/breaking-wep-encryption-easy-way.html • http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack.html • http://electronics.howstuffworks.com/how-to-tech/how-to-detect-stealing-wifi[1-5].htm • http://en.wikipedia.org/wiki/WPA-PSK • http://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack • http://www.smallnetbuilder.com/wireless/wireless-features/24251-thefedscanownyourlantoo • http://openmaniak.com/ettercap.php • http://www.brighthub.com/computing/smb-security/articles/17766.aspx • http://www.brighthub.com/computing/smb-security/articles/17869.aspx • http://techdir.rutgers.edu/wireless.html • http://en.wikipedia.org/wiki/Wireless_security • http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm
Sources • http://windows.microsoft.com/en-US/windows-vista/What-are-the-different-wireless-network-security-methods • http://www.wi-fi.org/files/kc_4_Preventing%20Evil%20Twins-Wiphishing%20QandA.pdf • http://www.oreillynet.com/pub/a/wireless/2002/04/19/security.html • http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy • http://www.acm.org/crossroads/xrds9-4/wlan_abc.html • http://en.wikipedia.org/wiki/RC4_(cipher) • http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html • http://www.dummies.com/how-to/content/understanding-wep-weaknesses.html • http://connect-connect.blogspot.com/2007/09/wireless-security-insight-into-wep.html • http://www.bestsecuritytips.com/news+article.storyid+226.htm • http://www.differencebetween.net/technology/difference-between-wpa-and-wpa2/