1 / 22

Wireless Security

Wireless Security. by: Frank Pfleger. Overview. Introduction to Wireless Networks Secure the Network Wireless Security Mechanisms Unsecure the Network Security Mechanism Weaknesses Tools and Techniques Wardriving / Procedures. Introduction. Private Wi-Fi

reba
Télécharger la présentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security by: Frank Pfleger

  2. Overview • Introduction to Wireless Networks • Secure the Network • Wireless Security Mechanisms • Unsecure the Network • Security Mechanism Weaknesses • Tools and Techniques • Wardriving / Procedures

  3. Introduction • Private Wi-Fi • Easy installation  security problems • Location freedom • Office Wi-Fi • Location freedom • Laptop popularity • Public Hotspot • Non-private ( mostly with fee ) • Public places Introduction  Secure  Unsecure  Wardriving  Conclusion

  4. Secure the Network • Non Encryption • Static IP addresses • Deactivate DHCP • Assign IP address on every host • MAC address filter • Restrict access to unique hardware address • Add MAC address for every host • Hide SSID • Deactivate the SSID broadcasting  INSECURE Introduction  Secure  Unsecure  Wardriving  Conclusion

  5. Secure the Network • Encryption • WEP – Wired Equivalent Privacy • Based on RC4 (pseudo-random generator) • XOR between data and random (bitstream) • RC4 uses WEP key + Initialization vector • INSECURE • WPA – Wi-Fi Protected Access • Based on the WEP architecture ( RC4 ) • TKIP – Temporal Key Integrity Protocol • RC4 uses WPA key (PSK or EAP) + Initialization vector + Per packet key mixing + Re Keying+ Message Integrity Check • SECURE Introduction  Secure  Unsecure  Wardriving  Conclusion

  6. Secure the Network • Encryption • WPA2 – Wi-Fi Protected Access 2 • Implements IEEE 802.11 a,b,gand basic/mandatory functions of IEEE 802.11 i • New architecture based on AES • AES – Advanced Encryption Standard • Symmetric crypto system • Complies with the requirements of FIPS 140-2 • Choose strong password / passphrase (63 characters) • SECURE Introduction  Secure  Unsecure  Wardriving  Conclusion

  7. Secure the Network • RADIUS • Remote Authentification Dial-In Server • Client – Server system • AAA protocol • Authentification ( who ) • Authorization ( what ) • Accounting ( track consumption ) • VPN – Virtual Private Network • Tunnel • Authentification • Secure Encryption ( Public Key / RSA ) Introduction  Secure  Unsecure  Wardriving  Conclusion

  8. Unsecure the Network • Weaknesses • Serveral techniques to compromise • Sniffing a IP address • Deactivated DHCP • IP address transmitted in every packet • Spoofing a MAC address • MAC address filter • MAC address transmitted in every frame Introduction  Secure  Unsecure  Wardriving  Conclusion

  9. Unsecure the Network • Hacking WEP • Introduced in 1999 • Serious weaknesses identified in 2001 • IV – Initialization Vector used for decryption • ICV – Integrity Check Value • CRC32 checksum • CRC32 is strict linear • Calculation of the Key • Attack based on security flaw in CRC32 • 500 000 – 1 000 000 IV‘s for 128 bit encryption • Techniques: Packet Reinjection / Deauthenticate Client • TU Darmstadt ( PTW ) 50 000 IV‘s for 128 bit (50%) Introduction  Secure  Unsecure  Wardriving  Conclusion

  10. Unsecure the Network • WPA / WPA2 • Currently no weakness or security flaw • Weak Passwords • Choose a strong password • At least 12 characters • Mixed letters, numbers and symbols • Dictionary Attack • Brute-Force Attack Introduction  Secure  Unsecure  Wardriving  Conclusion

  11. Unsecure the Network • Tools and Techniques • MAC address spoofing • Linux • macchanger –s wlan0 • Windows • supported by some Wi-Fi cards • SMAC or other tools • ARP spoofing • Spoof the wrong MAC – IP combination • Windows • WinArpSpoofer • Linux • arpspoof –t 10.0.0.1 ( all packets to your host) Introduction  Secure  Unsecure  Wardriving  Conclusion

  12. Unsecure the Network • Tools and Techniques • Man-in-the-Middle ( MITM ) • Use ARP spoofing to get packets • Analyze packets • Forward packets to victim • Linux: • fragroute/fragrouter • sslsniff ( https MITM ) • DNS Spoofing • Spoof the wrong Hostname – IP combination • Linux: • dnsspoof Introduction  Secure  Unsecure  Wardriving  Conclusion

  13. Unsecure the Network • Tools and Techniques • Sniffing data • Used for MITM or passive listening • Capture and analyze data • Linux / Windows: • Wireshark ( Ethereal ) • Aircrack Toolkit • Cracking a WEP encryption • Airodump • Logging / Scanning IV‘s • Aireplay • Re-inject packets Introduction  Secure  Unsecure  Wardriving  Conclusion

  14. Wardriving • Act of searching Wireless Networks • In general with a car • Warbiking • Warwalking • Warchalking • Mark a place, mostly with chalk • Mapping • Create exact maps • Use GPS to get the coordinates • Provide information online • Difference to Piggybacking • Use of the wireless network Introduction  Secure  Unsecure  Wardriving  Conclusion

  15. Wardriving • Equipment • Good equipment for effective Wardriving • Notebook with Tools • Wireless Network Card • Regular Card • Special Card with an external antenna interface • Antenna • Directional • Onmidirectional • Parabolic (not for Wardriving) • GPS receiver • Logging / Mapping Introduction  Secure  Unsecure  Wardriving  Conclusion

  16. Wardriving • Tools • Operating System • Windows ( just for Mapping and Logging ) • Linux (Special Distributions) • All tools and drivers preinstalled • Run from CD • Eg. Backtrack ( Auditor ) • Scanning and Mapping • Windows • Netstumbler • Linux • Kismet Introduction  Secure  Unsecure  Wardriving  Conclusion

  17. Procedures • Wardriving • Scan for wireless networks ( Netstumbler / Kismet ) • Save the GPS position • Piggybacking • Connect to the wireless network • Use the network Introduction  Secure  Unsecure  Wardriving  Conclusion

  18. Hacking WEP • Using Backtrack ( Auditor ) • Hidden SSID • aircrack to deauthenticate ( force reconnect ) • Scan with airodump for the SSID • Scan and log IV‘s • airodump to log • Filters, Stores and analyzes packets for IV‘s • Reinject packets • aireplay reinjects found IV‘s • Increases the retransmitted IV‘s • Crack the Key • aircrack to calculate the WEP key • Enough IV‘s needed Introduction  Secure  Unsecure  Wardriving  Conclusion

  19. Compromise the Network • MAC filter • Scan packets with Wireshark ( Ethereal ) • Spoof a MAC address with macchanger • DHCP deactivated • Scan packets with Wireshark ( Ethereal ) • Set your IP address • Man-in-the-Middle • Spoof your MAC with the gateways IP • Spoof your MAC with the victims IP • Reroute packets • Using arpspoof and fragroute Introduction  Secure  Unsecure  Wardriving  Conclusion

  20. Compromise the Network • Spoof DNS Entry • Spoof your IP address for different hostnames • Eg. hostname of the victims bank • Intercept SSL connections • SSL MITM attack • Fake SSL certificate • Sniff data transmitted via SSL • Using sslsniff • Sniff Data • Log and analyze all transmitted data • Using Wireshark ( Ethereal ) • Get access to Computers • Using various Windows / Linux tools Introduction  Secure  Unsecure  Wardriving  Conclusion

  21. Conclusion • Secure your wireless network properly! • Don‘t rely on • Hidden SSID • MAC filter • Deactivated DHCP • WEP • Use a proper encryption • WPA / WPA2 ( choose a strong password ) • VPN ( secure with multi user ) Introduction  Secure  Unsecure  Wardriving  Conclusion

  22. Wireless Security Thanks for your attention. Any Question? Frank Pfleger mail@frankpfleger.com Introduction  Secure  Unsecure  Wardriving  Conclusion

More Related