1 / 26

Understanding Wireless Network Security: Risks and Mitigation Strategies

This comprehensive guide explores the security risks associated with wireless networks, including threats posed by hackers through techniques like war driving, man-in-the-middle attacks, and the Caffe Latte attack. We delve into WEP (Wired Equivalent Privacy) vulnerabilities, the importance of robust encryption methods like WPA and WPA2, and the use of protocols like TKIP and AES for better security. Additionally, we offer practical tips for securing your wireless network, including changing default passwords, enabling encryption, and disabling SSID broadcast.

mason-kent
Télécharger la présentation

Understanding Wireless Network Security: Risks and Mitigation Strategies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WIRELESS NETWORK SECURITY

  2. Hackers • Ad-hoc networks • War Driving • Man-in-the-Middle • Caffe Latte attack

  3. AD-HOC networks

  4. WAR DRIVING • Searching for Wi-Fi by person in moving vehicle

  5. MAN-IN-THE-MIDDLE • Hotspots have little security • Entices computers to log into soft Access Point • Hacker connects to real AP – offers steady flow of traffic • Hacker sniffs the traffic • Forces you to loose connection + reconnect within the hackers AP.

  6. CAFFE LATTE ATTACK • Targets the Windows wireless stack • Possible to obtain the WEP key from a remote client • Sends flood of encrypted ARP requests • Attacker can obtain the WEP key within minutes

  7. Wireless Intrusion Prevention System (WIPS) • Robust way to counteract wireless security risks • PCI Security Standard Council published guidelines for large organizations

  8. WEP: Wired Equivalent Privacy 1999 • Secret Keys [Codes to Encrypt Data] • Secondary Goal : Control Network Access

  9. WEP • 64,128, 256 bit key • 24 bits used for Initialization Vector • Each packet includes integrity check

  10. Stream Ciphers • RC4 is a stream cipher • Expands a key into an infinite pseudo-random keystream

  11. What about IVs? • RC4 keystream should not be reused. • Use initialization vector to generate different keystream for each packet by augmenting the key • IV reuse(24 bits)=>16.7 million variations • Same shared key in both directions • Encryption is vulnerable to collision-based attacks.

  12. Linear Checksum • Encrypted CRC-32 used as integrity check • Fine for random errors, but not deliberate ones • CRC is linear • Can maliciously flip bits in the packet • Can replay modified packets!

  13. WEP • Problem #1: • No Limit on using the same IV Value more than once. This makes the encryption vulnerable to collision-based attacks. • Problem #2 • The IV is only 24 bits, there are only 16.7 million possible variations.

  14. WEP • Problem: #3: • Master Keys are used directly, when they should be used to generate other temporary keys. • Problem #4: • Users don’t change their keys very often on most networks, giving attackers ample time to try various techniques.

  15. 802.11i • TKIP [Temporal Key Integrity Protocol] • AES is a cryptographic algorithm - new hardware may be required • 802.1X: used for authentication

  16. 802.1X • Keeps the network port disconnected until authentication is complete. • The port is either made available or the user is denied access to the network.

  17. WPA: Wifi Protected Access • Subset of 802.11i • Master keys are never directly used. • Better key management. • Impressive message integrity checking.

  18. WPA: Wifi Protected Access • Advantages: • IV length has increased to 48 bits, over 500 trillion possible key combinations • IVs better protected through the use of TKIP sequence counter, helping to prevents reuse of IV keys.

  19. WPA: Wifi Protected Access • Master keys are never directly used • Better key management • Impressive message integrity checking.

  20. 802.11i WPA2 • WPA2 uses AES (Advanced Encryption Standard) to provide stronger encryption. • Enterprise uses IEEE 802.1X and EAP to provide authentication. Consumer uses a pre-shared key, or password. • New session Keys for every association- unique to that client. • Avoids reuse.

  21. WPA = TKIP + 802.1X To get a Robust Secure Network, the hardware must use CCMP [Counter Mode CBC MAC Protocol] WPA2 = CCMP+802.1X

  22. TIPS • Change default Administrator Passwords for router. • Turn on WPA/WEP Encryption • Change the Default SSID • Enable Mac Address Filtering

  23. TIPS • Disable SSID Broadcast • Do Not Auto-Connect to Open Wi-Fi Networks • Assign Static IP Addresses to Devices Turn off DHCP on the router access point

  24. TIPS Ensure firewall is enabled on your router and also each computer connected.

  25. TIPS • Position the router or Access Point Safely • Turn Off the Network during Extended Periods of Non-Use.

  26. Questions ?

More Related