1 / 94

Wireless Security Update

Wireless Security Update. Mark Ciampa Western Kentucky University mark.ciampa@wku.edu. Oxymoron. Government organization Same difference Pretty ugly Working vacation Tax return. Oxymoron. Jumbo shrimp Adult male Act naturally Microsoft Works Wireless security. Wireless Advantages.

bobby
Télécharger la présentation

Wireless Security Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security Update Mark Ciampa Western Kentucky University mark.ciampa@wku.edu

  2. Oxymoron • Government organization • Same difference • Pretty ugly • Working vacation • Tax return

  3. Oxymoron • Jumbo shrimp • Adult male • Act naturally • Microsoft Works • Wireless security

  4. Wireless Advantages • Mobility • Increased productivity • Easier installation • Less expensive installation

  5. Wireless Disadvantages • Radio signal interference • Health risks • Security

  6. Wireless Security Vulnerabilities • Unauthorized users access the wireless network • Attackers view transmitted data • Employees install rogue access points • Weaknesses in original IEEE 802.11 wireless security and new WPA

  7. Wireless Attack Tools • NetStumbler – Discover wireless network • Airopeek & Airmagnet – Packet sniffers • Kismet & Airsnort – Break security

  8. Wireless Security Attitudes • “It doesn’t matter if someone uses my wireless LAN” • “You can’t make a wireless LAN secure” • “I don’t know what to do”

  9. Does Wireless Security Matter? • Get into any folder set with file sharing enabled • See wireless transmissions • Access to network behind firewall can inject malware • Download harmful content linked to unsuspecting owner

  10. Does Wireless Security Matter? • Legal implications • Security begins at home

  11. Can Make Wireless Secure • Significant improvement wireless security • New IEEE wireless standard ratified • Common non-technical wireless security language now used • Vendors making wireless security easier

  12. Wireless Security Update • Wireless security that doesn’t work and why • Wireless security that does work • How to secure a home WLAN • Contents of wireless curriculum • How to secure an enterprise WLAN

  13. Wireless Security Update WLAN Defenses That Do Not Work

  14. Common WLAN Defenses • Encrypt transmissions (WEP) • Hide my network (Disable SSID beaconing) • Restrict who can join my network (MAC address filtering) • Use advanced security (WPA)*

  15. WLAN Defenses That Don’t Work • Encrypt transmissions (WEP) • Hide my network (Disable SSID beaconing) • Restrict who can join my network (MAC address filtering) • Use advanced security (WPA)*

  16. WEP • Wired equivalent privacy (WEP) intended to guard confidentiality of data through cryptography • WEP relies on a secret key that is “shared” between device and access point (AP) • Using same (shared) secret key to both encrypt and decrypt is private key cryptography or symmetric encryption

  17. WEP Objectives • Efficient - Algorithm must be proficient enough to be implemented in either hardware or software • Exportable - Must meet the guidelines set by the U.S. Department of Commence so wireless device using WEP can be exported overseas • Optional - The implementation of WEP in wireless LANs is an optional feature

  18. WEP Objectives • Reasonably strong - Security of the algorithm lies in the difficulty of determining the secret keys through attacks, which is related to the length of the secret key and the frequency of changing keys. WEP was to be “reasonably” strong in resisting attacks. • Self-synchronizing - Each packet must be separately encrypted (prevents a single lost packet from making subsequent packets indecipherable)

  19. WEP Keys • WEP keys must be a minimum of 64 bits in length • Most vendors add an option to use a larger 128-bit WEP key for added security (a longer key is more difficult to break)

  20. WEP Key Creation • 64-bit WEP key created by entering 5 ASCII characters (5y7js) or 10 hexadecimal characters (456789ABCD) • 128-bit WEP key created by entering 13 ASCII characters (98jui2wss35u4) or 26 hexadecimal characters (3344556677889900AABBCCDDEE) • Passphrase created by entering 16 ASCII characters (marchspringbreak)

  21. How WEP Works 1. Information has cyclic redundancy check (CRC) checksum value calculated (WEP calls this integrity check value (ICV))and appends it to end of text 2. WEP default shared secret key combined with initialization vector (IV), a 24-bit value that changes each time a packet is encrypted

  22. How WEP Works

  23. How WEP Works 3. Default shared secret key and IV are then entered into an RC4 pseudo-random number generator (PRNG) that creates a random number (output is keystream) 4. Text + ICV and keystream combined through exclusive OR (XOR) to create ciphertext 5. IV pre-pended to ciphertext

  24. How WEP Works

  25. WEP Won’t Work • WEP creates a detectable pattern for attackers (weak keys) • Attacker who captures packets for length of time can see the duplication and use it to crack the code • Weakness is with initialization vector (IV), 24-bit value that changes each time a packet is encrypted

  26. WEP Won’t Work • IV is 24-bit number = 16,777,216 possible values • “Expanded” WEP not increase IV • AP transmitting at only 11 Mbps can send and receive 700 packets each second • Since different IV used for each packet IVs start repeating in less than 7 hours • Ways to reduce time needed to minutes • Some WLANs always start with the same IV after the system is restarted and then follow the same sequence of incrementing IVs

  27. WEP Won’t Work • RC4 uses a pseudo-random number generator (PRNG) to create keystream • PRNG does not create true random number but what appears to be (pseudo) random number • First 256 bytes of the RC4 cipher can be determined by bytes in the key itself • RC4 cipher is not considered the most effective cipher for the task

  28. WLAN Defenses That Don’t Work • Encrypt transmissions (WEP) • Hide my network (Disable SSID beaconing) • Restrict who can join my network (MAC address filtering) • Use advanced security (WPA)*

  29. SSID Beaconing • Service Set Identifier (SSID) is “beaconed” from AP • Provides information to wireless devices wanting to join network • Beaconing SSID is default mode • Some users disable SSID beaconing so network not appear on Windows list of available wireless networks

  30. Disable SSID Beaconing

  31. Disable SSID Beaconing Won’t Work • SSID is initially transmitted in cleartext when device negotiating with AP • Attacker only has to watch for any authorized device to negotiate • If attacker cannot capture initial negotiation process can force one to occur

  32. Force Renegotiation

  33. Disable SSID Beaconing Won’t Work • If SSID suppressed from beacon frames, still transmitted in other management frames sent by the AP • Windows can’t see it • Netstumbler can see it • Many users do not change default SSID and these well known; an attacker can try default SSIDs until a connection is accepted

  34. Disable SSID Beaconing Won’t Work • Steps to manually enter SSID on wireless device that not receive beaconed SSID are inconvenient • Turning off SSID beaconing prevents wireless devices from freely roaming from one wireless network to another • Many access points prohibit or discourage turning off SSID beaconing

  35. Discourage Turning Off SSID Beaconing

  36. Disable SSID Beaconing Won’t Work • Not uncommon to detect multiple wireless signals at home or work • May received signal with broadcast SSID and signal where broadcast SSID turned off • If using Windows XP the device will always connect to the access point that is broadcasting its SSID

  37. WLAN Defenses That Don’t Work • Encrypt transmissions (WEP) • Hide my network (Disable SSID beaconing) • Restrict who can join my network (MAC address filtering) • Use advanced security (WPA)*

  38. MAC Address Filtering • Access control - Intended to limit a user’s admission to the AP (only those authorized able to become part of wireless LAN) • Most common type of access control is Media Access Control (MAC) address filtering (not part IEEE standard) • MAC address is unique 48-bit number “burned” into the network interface card adapter when manufactured

  39. MAC Address

  40. MAC Address

  41. MAC Address Filtering • Access to the wireless network can be restricted by entering the MAC address of approved or denied devices • Once the MAC addresses are entered, only specific devices can be authenticated based on MAC address

  42. MAC Address Filtering

  43. MAC Filtering

  44. MAC Address Filtering Won’t Work • MAC addresses initially exchanged in cleartext between device and access point • MAC address can be “spoofed” • Some wireless NICs allow for a substitute MAC address to be used • Programs available that allow users to spoof MAC address

  45. MAC Address Filtering Won’t Work

  46. WLAN Defenses That Don’t Work • Encrypt transmissions (WEP) • Hide my network (Disable SSID beaconing) • Restrict who can join my network (MAC address filtering) • Use advanced security (WPA)*

  47. WPA Won’t Work* • Wi-Fi Protected Access (WPA) • Intended to provide enhanced security using older wireless equipment • Must enter same passphrase on access point and wireless device • Passphrases less than 20 characters subject to offline dictionary attacks

  48. Wireless Security Update Wireless Security Solutions

  49. 802.11i • By IEEE organization • Designed specifically address WLAN vulnerabilities • Ratified June 2004

  50. Common Security Models • By Wi-Fi organization • Personal Security Model • WPA – Personal • WPA2 - Personal • Enterprise Security Model • WPA - Enterprise • WPA2 - Enterprise

More Related