1 / 33

Understanding Wireless Security Vulnerabilities and Attack Types in IEEE 802.11 Networks

This lecture focuses on the vulnerabilities inherent in the IEEE 802.11 wireless standard and details various types of attacks that can be executed against wireless networks. It outlines security challenges, including the increasing speed and sophistication of attacks, and explores different categories of attackers from hackers to cyberterrorists. The presentation also covers authentication methods like open system and shared key, their vulnerabilities, and the implications of WEP weaknesses. Additionally, it highlights significant security organizations that provide valuable resources and training for improving wireless network security.

hall-reynolds
Télécharger la présentation

Understanding Wireless Security Vulnerabilities and Attack Types in IEEE 802.11 Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 2 Wireless Security

  2. Objectives • List the vulnerabilities of the IEEE 802.11 standard • Describe the types of wireless attacks that can be launched against a wireless network

  3. Security Principles: Challenges of Securing Information • Trends influencing increasing difficultly in information security: • Speed of attacks • Sophistication of attacks • Faster detection of weaknesses • Day zero attacks • Distributed attacks • The “many against one” approach • Impossible to stop attack by trying to identify and block source

  4. Security Principles: Categories of Attackers • Six categories of attackers: • Hackers • Not malicious; expose security flaws • Crackers • Script kiddies • Spies • Employees • Cyberterrorists

  5. Security Principles: Categories of Attackers (continued) Table 8-1: Attacker profiles

  6. Security Principles: Security Organizations • Many security organizations exist to provide security information, assistance, and training • Computer Emergency Response Team Coordination Center (CERT/CC) • Forum of Incident Response and Security Teams (FIRST) • InfraGard • Information Systems Security Association (ISSA) • National Security Institute (NSI) • SysAdmin, Audit, Network, Security (SANS) Institute

  7. Authentication • IEEE 802.11 authentication: Process in which AP accepts or rejects a wireless device • Open system authentication: • Wireless device sends association request frame to AP • Carries info about supported data rates and service set identifier (SSID) • AP compares received SSID with the network SSID • If they match, wireless device authenticated

  8. Authentication (continued) • Shared key authentication: Uses WEP keys • AP sends the wireless device the challenge text • Wireless device encrypts challenge text with its WEP key and returns it to the AP • AP decrypts returned result and compares to original challenge text • If they match, device accepted into network

  9. Vulnerabilities of IEEE 802.11 Security • IEEE 802.11 standard’s security mechanisms for wireless networks have fallen short of their goal • Vulnerabilities exist in: • Authentication • Address filtering • WEP

  10. Open System Authentication Vulnerabilities • Inherently weak • Based only on match of SSIDs • SSID beaconed from AP during passive scanning • Easy to discover • Vulnerabilities: • Beaconing SSID is default mode in all APs • Not all APs allow beaconing to be turned off • Or manufacturer recommends against it • SSID initially transmitted in plaintext (unencrypted)

  11. Open System Authentication Vulnerabilities (continued) • Vulnerabilities (continued): • If an attacker cannot capture an initial negotiation process, can force one to occur • SSID can be retrieved from an authenticated device • Many users do not change default SSID • Several wireless tools freely available that allow users with no advanced knowledge of wireless networks to capture SSIDs

  12. Open System Authentication Vulnerabilities (continued) Figure 8-12: Forcing the renegotiation process

  13. Shared Secret Key Authentication Vulnerabilities • Attackers can view key on an approved wireless device (i.e., steal it), and then use on own wireless devices • Brute force attack: Attacker attempts to create every possible key combination until correct key found • Dictionary attack: Takes each word from a dictionary and encodes it in same way as passphrase • Compare encoded dictionary words against encrypted frame

  14. Shared Secret Key Authentication Vulnerabilities (continued) • AP sends challenge text in plaintext • Attacker can capture challenge text and device’s response (encrypted text and IV) • Mathematically derive keystream

  15. Shared Secret Key Authentication Vulnerabilities (continued) Table 8-2: Authentication attacks

  16. Address Filtering Vulnerabilities Table 8-3: MAC address attacks

  17. WEP Vulnerabilities • Uses 40 or 104 bit keys • Shorter keys easier to crack • WEP implementation violates cardinal rule of cryptography • Creates detectable pattern for attackers • APs end up repeating IVs • Collision: Two packets derived from same IV • Attacker can use info from collisions to initiate a keystream attack

  18. WEP Vulnerabilities (continued) Figure 8-13: XOR operations

  19. WEP Vulnerabilities (continued) Figure 8-14: Capturing packets

  20. WEP Vulnerabilities (continued) • PRNG does not create true random number • Pseudorandom • First 256 bytes of the RC4 cipher can be determined by bytes in the key itself Table 8-4: WEP attacks

  21. Other Wireless Attacks: Man-in-the-Middle Attack • Makes it seem that two computers are communicating with each other • Actually sending and receiving data with computer between them • Active or passive Figure 8-15: Intercepting transmissions

  22. Other Wireless Attacks: Man-in-the-Middle Attack (continued) Figure 8-16: Wireless man-in-the-middle attack

  23. Man in the middle

  24. Man in the middle

  25. Tools to perform Man in the middle attack

  26. Other Wireless Attacks: Denial of Service (DoS) Attack • Standard DoS attack attempts to make a server or other network device unavailable by flooding it with requests • Attacking computers programmed to request, but not respond • Wireless DoS attacks are different: • Jamming: Prevents wireless devices from transmitting • Forcing a device to continually dissociate and re-associate with AP

  27. Signal with no interference (Jamming)

  28. Mild interferance

  29. Jammed signal

  30. Other types of DOS attacks

  31. Summary • Significant challenges in keeping wireless networks and devices secure • Six categories of attackers: Hackers, crackers, script kiddies, computer spies, employees, and cyberterrorists

  32. Summary (continued) • Man-in-the-middle attacks and denial of service attacks (DoS) can be used to attack wireless networks

  33. LABs • LAB A • 8-3 from book • LAB B

More Related