Andmeside loeng 12 simple OPEN honeypot will do the trick •Else, if the probed SSID list contains...
122
Transcript of Andmeside loeng 12 simple OPEN honeypot will do the trick •Else, if the probed SSID list contains...
IRT0030 ANDMESIDE
LOENG 12
Indrek Rokk
3
Võrgu turvamine
• Absoluutset turvalisust ei ole
• WiFi võrgud füüsiliste eripärade tõttu kergemini
rünnatavad
• Tea, mis maailmas toimub
• Ole tuttav vastaste (pahalaste) vahenditega, saad
neid võrgu kaitsmisel ära kasutada
• Ole tuttav seadusandlusega (järgmised slaidid) –
lisaks veel varjatud jälgimine ja sõnumi saladus
• Kõige olulisem järgmisel slaidil
4
DON’T
PANIC
5
EESTI seadusandlus (1)
Karistusseadustik § 206. Arvutiandmetesse sekkumine
Arvutisüsteemis olevate andmete või programmi ebaseadusliku muutmise, kustutamise, rikkumise või sulustamise, samuti arvutisüsteemi andmete või programmi ebaseadusliku sisestamise eest – karistatakse rahalise karistuse või kuni kolmeaastase vangistusega Elutähtsa valdkonna arvutisüsteemi vastu või oluline kahju karistatakse rahalise karistuse või kuni viieaastase vangistusega
Allikas: https://www.riigiteataja.ee/akt/105072013010
6
EESTI seadusandlus (2)
§ 207. Arvutisüsteemi toimimise takistamine
Arvutisüsteemi toimimise ebaseadusliku häirimise või takistamise eest andmete sisestamise, edastamise, kustutamise, rikkumise, muutmise või sulustamise teel – karistatakse rahalise karistuse või kuni kolmeaastase vangistusega Oluline kahju või takistatakse elutähtsa valdkonna arvutisüsteemi tööd või avalike teenuste osutamist karistatakse rahalise karistuse või kuni viieaastase vangistusega
7
EESTI seadusandlus (3)
§ 2161. Arvutikuriteo ettevalmistamine
Käesoleva seadustiku §-s 206, 207, 208, 213 või 217 sätestatud kuritegude toimepanemise eesmärgil selleks vastavalt kavandatud või kohandatud seadme, programmi, ka salasõna, kaitsekoodi või muude arvutisüsteemile juurdepääsuks vajalike andmete valmistamise, valdamise, levitamise või muul viisil kättesaadavaks tegemise eest, samuti muude käesolevas paragrahvis nimetatud kuritegude toimepanemiseks vajalike andmete kasutamise, levitamise või muul viisil kättesaadavaks tegemise eest – karistatakse rahalise karistuse või kuni kolmeaastase vangistusega
8
EESTI seadusandlus (4)
§ 217. Arvutisüsteemi ebaseaduslik kasutamine
Arvutisüsteemile ebaseadusliku juurdepääsu eest koodi, salasõna või muu kaitsevahendi kõrvaldamise või vältimise teel – karistatakse rahalise karistuse või kuni kolmeaastase vangistusega Sama teo eest: 1) kui sellega on tekitatud oluline kahju või 2) kasutatud riigisaladust, salastatud välisteavet või ainult ametialaseks kasutamiseks ettenähtud andmeid sisaldavat arvutisüsteemi või 3) juurde pääsetud elutähtsa valdkonna arvutisüsteemile, karistatakse rahalise karistuse või kuni viieaastase vangistusega
9
EESTI seadusandlus (5)
§ 156. Sõnumisaladuse rikkumine
Kirjavahetuse ja sidevahendi abil edastatud sõnumi saladuse
rikkumise eest –
karistatakse rahalise karistusega
Sama teo eest isiku poolt, kes pääses sõnumi juurde oma
tööülesannete tõttu -
karistatakse rahalise karistuse või kuni üheaastase
vangistusega
§ 208. Nuhkvara, pahavara ja arvutiviiruse levitamine
§ 213. Arvutikelmus
Eetilisus • Tehniliste võimaluste ning
oskuste kooslus on privileeg
• Sellega kaasneb vastutus
• Inimeste elu on netis püha
ja privaatne
10
11
Rünnaku meetodid • Eavesdropping
• Hijacking
• Man-in-the-middle
• Denial of service (DoS)
• Management interface exploits
• Encryption cracking
• Authentication cracking
• MAC spoofing
• Captive Portal Circumvention
• Peer-to-peer attacks
• Social engineering
Where did we go wrong?
Where are we going? • Technology of convenience versus the
inconvenience of securing it.
• The poor, poor users were left out in the
authentication cold.
• Half-ass security standards pass the buck and /
or provide defacto insecure options.
• Security acronyms have taken precedence over
proper implementation.
Allikas: http://airsnarf.shmoo.com/rogue_squadron.pdf
12
13
Eavesdropping – Pealtkuulamine/jälgimine
• Wardriving ja muud analoogilised asjad
• Raadio kaardil kaks olekut (mode), mis seda võimaldavad • Promiscuous – kuulab ainult BSS liiklust mille küljes ollakse
• Monitor – võimaldab kuulata kogu raadiovõrgu liiklust
Basic Service Set
14
15
Eavesdropping – Pealtkuulamine/jälgimine (2)
• Wardriving
• Raadio kaardil kaks olekut (mode), mis seda võimaldavad • Promiscuous – kuulab ainult BSS liiklust mille küljes ollakse
• Monitor – võimaldab kuulata kogu raadiovõrgu liiklust
• Mitmed erinevad programmid • Eetri jälgimiseks – NetStumbler (aktiivne), KisMet
(passivne) jne
• Liikluse salvestamiseks – Airodump-ng, Wireshark, muud paketianalüsaatorid
Uusi nippe pealtkuulamiseks
Wifi ruuter UPSi kestas
16
Allikas: http://renderlab.net/projects/sneaky/
Rogue APs for “Penetration Testers”
http://www.shmoocon.org/2008/presentations/
Larry_Pesce-Rogue_APs_for_Penetration_Testers.pdf
Uusi nippe pealtkuulamiseks (2)
17
Allikas:http://2010.hack.lu/archive/2009/tmplab-HostileWRT-5-hacklu.pdf
Blue For The Pineapple …. http://penturalabs.wordpress.com/2013/04/25/blue-for-the-pineapple/
Bring Your Own Rogue [Router|DHCP|Access Point] http://blog.rootshell.be/2013/02/07/bring-your-own-rogue-routerdhcpaccess-point/
Uusi nippe pealtkuulamiseks (3)
• The iPhone wireless LAN ownage in a box
18
Allikas: http://www.formortals.com/Home/tabid/36/EntryID/97/Default.aspx
19
Hijacking/Man-in-the-Middle (1)
• Tuntud kui Evil Twin rünnak
• Vajadus – ohver vaja ühendada sobiliku AP
külge, millel originaalse AP SSID
• Kasutatakse DeAuth pakette, mida ründaja
saadab välja AP nimel
• Ohver otsib uue AP millega ennast autentida ja
ühendub ründaja omasse, sest sellel tugevam
signaal.
NB! Windows automaatselt ühendab ennast, kui
DeAuth
20
Hijacking/Man-in-the-Middle (2)
21
Hijacking/Man-in-the-Middle (3)
• Kui ründaja AP mingeid teenuseid ohvrile ei paku
on tegemist layer 2 DoS ründega
• Ründaja AP ühendab ennast originaalse AP
külge. Ohver ei saagi aru, et liiklus käib nüüd läbi
ründaja AP. Hea nüüd ohvriga toimetada.
• WiFi phishing rünnak – püsti vale captive portal
leht, küsib ohvri andmeid. Kõik paistab õige
olevat.
• Session hijacking
• Firefox’i plugin
• Täpsem info:
http://codebutler.com/firesheep
• Korralikku kaitset ei ole, mis on
see tegelikult ei kaitse – Fireshepherd.
Mis viga - FireShepherd continuously sends random
data over the network in an attempt to confuse session
hijacking tools such as Firesheep.
22
Firesheep
Click Me.
Allikas: https://docs.google.com/present/view?id=dtv8cxf_20x2xhpvg2
What needs to be done?
• Sites need to transmit session cookies over SSL. • Hotspots need to use WPA encryption. NOT WEP.
o NOT WEP. WEP is very weak and poorly written WEP doesn't stop Firesheep in a shared hotspot
• People need to know the risks. (Spread the word.) o Anybody else at a Hotspot, Hotel/Airport Wifi o Unencrypted wifi at home o Anybody on a shared hub (Hotels with ethernet) o Anybody at your ISP or further upstream
25
Kliendid teevad kasutaja elu mugavaks
• Windows kliendi häda – otsib aktiivselt APd mille
külge ennast ühendada. Need on APd mille
külge on ennast kunagi ühendatud. Ründaja
teatab et tema on selline AP.
Tarkvaraline AP Karma
http://www.secguru.com/link/karma_wireless_client_security_assessment_tools
Jasager http://www.digininja.org/jasager/
26
Kui unikaalne otsitav võrk on?
Wigle (Wireless Geographic Logging Engine)
http://wigle.net/
27
28
12. aprill 2013
29
19. november 2013
Klientide ja APde seos
• Airgraph-ng http://www.aircrack-ng.org/doku.php?id=airgraph-ng
30
'Free Public WiFi'
• Võrk nimega “Free Public WiFi”
• Tegemist Ad-Hoc võrguga
• Windows XP bug – parandatud SP3s
• Kui võrku ei leia, pane püsti võrk viimase võrgu
nimega
• Järgmised XP masinad mis ei leia võrku –
Ad-Hoc võrk viimase nimega
• Hetkel Eestis veel levib
Allikas: http://www.npr.org/templates/story/story.php?storyId=130451369
31
Wi-Fish
32
Allikas: MD Sohail Ahmad, Prabhash Dhyani Wi-Fish Finder: Who Will
Bite the Bait
https://www.defcon.org/html/links/dc-archives/dc-17-archive.html
Wi-Fish (2)
• If the probed SSID list contains at least one OPEN network
A simple OPEN honeypot will do the trick
• Else, if the probed SSID list contains at least one WEP network
Caffe Latte will do the trick
• Else, if the probed SSID list contains only WPA-PSK networks
Honeypot attack still possible!
• Else, if the probed SSID list contains only WPA2 network
Honeypot attack still possible in some cases
33
Võõrad APd (Rogue AP)
• APd millel pole meie võrku asja, aga mingil
põhjusel olemas.
• Odavad kodukasutuse APd
• WiFi kliendid
• Tarkvaralised või viruaalsed APd, ka mobiilseadmetes
• AP ja STA roll samaaegselt
• Suurematel tootjatel omad lahendused nende
tuvastamiseks.
• Tuleb alati kindlaks teha, kas nähtav võõras on
üldse meie võrgus
34
Kaitse võõraste APde eest (1)
• Disabling unused Ethernet ports. This is a simple solution,
but it should not be relied on by itself because people do
make mistakes and leave ports open.
• Using port security on switches. Many switches support
port-based filtering by MAC addresses and other
parameters. You can specify that the only MAC addresses
that can connect to your switch are those in the specified
list. This is not a wireless MAC address in this case, so
the attacker would have to guess a valid MAC address
rather than sniffing for one on the WLAN.
35
Kaitse võõraste APde eest (2)
• State clearly in your acceptable use policy that
users cannot install APs. This will most certainly
not prevent the installation of all rogue APs, but it
will deter many from installing them.
• Implement enterprise-capable WLAN solutions
that automatically detect and report rogue APs
and graphically show their locations.
36
Kaitse võõraste APde eest (3)
• Implement network access control technology. This will
cause the attacker’s computer to go straight to the
quarantine area when he or she accesses the network.
The NAC device/server would be installed between the
switch that provides connectivity to your Ethernet ports
and the rest of the network. Any device that connects will
now have to be authenticated and validated, which will
make many attackers run away quickly for fear of being
caught by the IT professionals who knew enough to
protect that port.
37
38
Denial of Service (1)
• Võivad olla nii lihtsad kui keerukad
• OSI kihil 1 – raadio segamine (RF jamming) –
summutatakse meile kasulikku signaali
• Meelega – signaali generaatorid
• Kogemata – mikrolaineahjud, traadita telefonid
• Ainuke kaitse on allikas ülesse otsida ja kõrvalda.
Abiks spektrianalüsaatorid. Näit. WiSpy 2.4x
http://www.metageek.net/products/wi-spy_24x
39
Denial of Service (2)
• OSI kihil 2 tavaliselt assotsiatsiooni ja autentimise rünnakud
• Näiteks: • PS-Pool floods
• Association floods
• Authentication floods
• Empty data floods
• Rünnakuid võimaldab kaitsmata management kaadrid, tulekul/olemas standard IEEE802.11w
• Servapidi DoS – väikse kiirusega klient meie võrgus = levisaatel (broadcast) kiirus väike
Autoimmunity Disorder in Wireless LAN
40
Allikas: http://www.airtightnetworks.com/home/resources/knowledge-center/wlan-self-dos.html
Denial of Service (3)
• Takistame klientidel APga ühendumist
• Teooria: Another frame type related to authentication frames is the de-
authentication frame, which when sent to a WLAN client
causes the client to disconnect from the AP to which the client
is currently connected. This may cause a WLAN client to go
through the entire probe request process again, or at least
make it restart the authentication/association process. De-
authentication frames can be sent to the broadcast MAC
address and cause the disconnection of every client associated
with the AP sending that frame, but many current WLAN clients
ignore multicast de-authentication frames, diminishing the
potential scale of this type of attack.
41
42
Management Interface Exploits
• Enamus APsid ikka veel vaike seadistusega.
• Netis saadaval tabelid vastavate seadetega
• Kaitseks muuta seaded ja kasutada turvalisi
ühendusi (HTTPS, SSH2 ja SNMPv3)
• Mida ei kasutata keerata kinni.
43
Encryption Cracking
Hiljem pikemalt
• WEP hästi lihtsalt murtav
• WPA/WPA2 halvasti valitud paroolid/võtmed
sõnastikega murtavad
44
Authentication cracking
• WPA ja WPA2 autentimine pealtkuulatav
• Kui ei õnnestunud pealkuulata, kasuta DeAuth rünnet
• Kui on olemas autentimis paketid, SSID ja võimalike paroolide sõnastik siis on võimalik kättesaada WPA ja WPA2 võti.
Vahendiks CoWPatty
• Mõned EAPd (seletus hiljem) on murtavad, sh. Cisco LEAP
http://www.willhackforsushi.com/Asleap.html
http://www.cwnp.com/community/articles/hacking_solutions_cracking_cisco_leap_authentication.html
Võrgunime peitmine
45
46
Defcon ja SSID
47
Veel toredaid SSID
• GOOD HACKER VIRUS
• itimeesonloll
• Ostsin endale wifi
• AndroidAP
• HTC Portable Hotspot
• Saab sõnasõdu pidada
http://www.huffingtonpost.com/2012/09/12/the-funniest-wifi-networks-
conversations-video_n_1875165.html
48
49
MAC spoofing / Captive Portal Circumvention
• MAC aadressi lihtne muuta, kui õige kaart. Osad kaardid näitavad, et saadavad pakette muudetud MAC aadressiga, tegelikult saadavad originaal MACiga.
• Tsitaat - MAC address authorization: “That’s not a lock. That’s a speedbump. If you drive around a speedbump instead of over it, is that illegal?”
• Mööda hiilimiseks MAC Spoofing või tunneldamine kasutades ICMP ja DNS protokolle
50
Peer-to-Peer Attack
• A peer-to-peer attack occurs anytime one WLAN STA attacks another WLAN station that is associated with the same AP. Hijacking attacks are sometimes referred to as peer-to-peer attacks as well.
• Ciscol kaitseks Public Secure Packet Forwarding (PSPF), teistel tootjatel sarnased lahendused.
• Rünnaku näiteks ründaja Ad-Hoc võrk mille SSID on sama eetris oleva võrgu SSIDga
51
Social Engineering • Social engineering is a technique used for persuading people to give you something that they should not give you. Successful social engineering attacks occur because the target might be ignorant of the organization’s information security policies or intimidated by an intruder’s knowledge, expertise, or attitude. Social engineering is one of the most dangerous and successful methods of hacking into any IT infrastructure—wired or wireless.
• "Hackers rely on you to be naïve. They are counting on it,“ Allikas: http://www.computerworld.com/s/article/9131571/_Mafiaboy_spills_the_
beans_at_IT360_on_underground_hackers
• Anonymous speaks: the inside story of the HBGary hack Allikas: http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars
• Robin Sage - wikipedia
The Seven Deadly Social Engineering Vices
• Curiosity
• Courtesy
• Gullibility
• Greed
• Thoughtlessness
• Shyness
• Apathy
Allikas:
http://blog.knowbe4.com/bid/290552/The-Seven-Deadly-Social-Engineering-Vices
52
Social Engineering (2)
53
Inimesed käitusid soovitud suunas. NB! Exit 107 ja õige koha valik kontrolliks.
54
Mida head näeme?
Allikas: http://fishbowl.pastiche.org/2013/04/14/it_security_in_a_nutshell/
55
56
AAA
• IT turvalisuse kontseptsioon authentication,
authorization ja accounting - AAA
• Authentication Who are you?
• Authorization What do you want?
• Accounting What have you done?
Kliendi ühendumine võrku • Before an 802.11 client can send data over a WLAN network, it goes through
the following three-stage process: • 802.11 probing—802.11 networks make use of a number of options, but for an enterprise
deployment, the search for a specific network involves sending a probe request out on multiple
channels that specifies the network name (SSID) and bit rates.
• 802.11 authentication—802.11 was originally developed with two authentication mechanisms.
The first one, called “open authentication”, is fundamentally a NULL authentication where the
client says “authenticate me”, and the AP responds with “yes”. This is the mechanism used in
almost all 802.11 deployments.
• A second authentication mechanism is based on a shared WEP key, but the original
implementation of this authentication method is flawed. Although it needs to be included for
overall standards compliance, it is not used or recommended.
• Open authentication is the only method used in enterprise WLAN deployments, and as
previously mentioned, it is fundamentally a NULL authentication, Therefore, “real authentication”
is achieved by using 802.1X/EAP authentication mechanisms.
• 802.11 association—This stage finalizes the security and bit rate options, and establishes the
data link between the WLAN client and the AP.
• A typical secure enterprise WLAN AP blocks WLAN client traffic at the AP until a successful
802.1X authentication.
• If a client has joined a network and roams from one AP to another within the network, the
association is called a re-association. The primary difference between an association and a re-
association event is that a re-association frame sends the MAC address (BSSID) of the previous
AP in its re-association request to provide roaming information to the extended
57
Olekumasin
58
59
Autentimine
• Open System Authentication - Kõik, kes tulevad
autenditakse automaatselt. On kasutusel, sest
uuemad autentimis süsteemid ja WPA/WPA2
kasutavad seda alguspunktina.
Cisco seadmetel dot11AuthenticationType on
sellisel juhul OpenSystem.
• Shared Key Authentication – kasutab WEP
protokolli ja on seetõttu kasutu.
WiFi võrkude turvalisus
60
61
Paketi pikkuse suurenemine
• WEP lisab 8 baiti
• WPA lisab 20 baiti
• WPA2 lisab 16 baiti
• Essential Crypto for Pen Testers (Without the
Math!)“
• Link:
http://www.willhackforsushi.com/presentations/Es
sential_Crypto_Without_the_Math_Webcast-
20100426.pdf
62
63
WEP • Tsitaat:
In fairness to the IEEE, since I have not seen it clearly documented elsewhere outside the standards, the original specification stated that WEP was intended to protect “authorized users of a wireless LAN from casual eavesdropping” (emphasis added). It was never intended as a robust security technology in the first place. I would argue that it still protects authorized users from casual eavesdropping, depending on how you define casual.
Allikas: Tom Carpenter “CWNA : Certified Wireless Network Administrator Official Study Guide (Exam PW0-100)”
WEP – What on Earth does this Protect
64
WEP põhimõte
• WEP encryption is based on the RC4 stream cipher.
First the preshared key (40 or 104 bits) is combined
with a 24 bit initialization vector (IV) that should
change from packet to packet (WEP does not specify
how to select the IV).
• The combined key (preshared key + IV) is fed to the
RC4 algorithm that generates a continuous
keystream.
• The plaintext information is bit-wise combined with
the keystream by employing the XOR operation, thus
producing the encrypted information.
65
66
XOR võlud
67
http://www.willhackforsushi.com/presentations/
Essential_Crypto_Without_the_Math_Webcast-20100426.pdf
68
WEP Cracking – what is it? • WEP is a per packet encryption
mechanism which uses a
combination of a shared secret
(WEP Key) and an Initialization
Vector (IV) for generating the key
stream using the RC4 encryption
mechanism. This key stream is
XOR’ed with the data and
transmitted
• WEP cracking involves trying to
infer the WEP Key using various
statistical attacks – FMS, KoreK
• Lets now look at the historical
evolution of WEP Cracking
See ja järgnevad 2 slaidi: http://security-freak.net/defcon15/WEP-Cloaking-Defcon15.ppt
69
This hasn’t stopped people from using
band-aids to stop leakage
128-bit key
Suppress weak IV generation
ARP filtering
70
WEP puudused
XOR, RC4 (ei ole turvaline, nõrgad IVd)
• Ei ole öeldud kust tulevad IVd. Tootja laisk (000),
valib suvaliselt (sünnipäeva paradoks – 23
inimesega 50 % tõenäosus, 57 inimesega 99 %
tõenäosusega), IV+1
• Arvati et väiksed võrgukiirused, 24 bitti IVd piisav
~ 16 miljonit paketti
• Osa paketti kindla sisu ja pikkusega. ARP pakett
36 baiti
WEP krüpteerimine
71
The protocol defines no measures against
replay attacks.
Replay attack
72
The protocol defines no measures against
replay attacks.
• Vaata üle
Allikas: Understanding the WPA/WPA2 Break
http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf
73
SpeedTouch APd - ajalugu
• Kui tehase seadetega, siis WEP võti tuletatav
SSIDst
http://web.tahvel.info/2008/07/miks-vahetada-
speedtouch-ruuteri-parool/
74
75
Paremad lahendused vaja
• In the beginning, there was the wired equivalent
privacy (WEP) protocol. There were unforeseen
weaknesses in this protocol, and it was filled with
darkness. Then the IEEE said, “Let there be a
new Clause 8,” and there was a new Clause 8
and darkness fled from the face of the WLAN.
• Clause 8 oli enne standard IEEE802.11i
76
Uued krüpto algoritmid (1)
• TKIP/RC4 – IV pikkus on 48 bitti ja staatilise võtme pikkus on 128 bitti.
• Iga pakett on krüpteeritud eraldi võtmega, mis koosneb staatilisest võtmest, IVst ja saaja ning saatja MAC aadressidest.
• Andmepakettide kontrolliks parem algoritm – Message Integrity Check (MIC). Kaitseb WEPist tuntud bit-flipping rünnaku vastu.
• TKIP/RC4 rakendus on WPA.
• Üleminek WEP – WPA on võimalik firmware upgradega • Saab kasutada sama RC4 riistvara
Võtmed täpsemalt
• The way WPA/WPA2 PSK works is that, it derives the per-
sessions key called Pairwise Transient Key (PTK), using
the Pre-Shared Key and five other parameters—SSID of
Network, Authenticator Nounce (ANounce), Supplicant
Nounce (SNounce), Authenticator MAC address (Access
Point MAC), and Suppliant MAC address (Wi-Fi Client
MAC). This key is then used to encrypt all data between the
access point and client.
• So how is the Pre-Shared Key created? It is derived by
using the WPA-PSK passphrase supplied by the user, along
with the SSID. The combination of both of these are sent
through the Password Based Key Derivation Function
(PBKDF2), which outputs the 256-bit shared key.
77
WPA Võtmed
78
WPA ühenduse loomine
79
Nounce – number used once
MIC täpsemalt
• A MIC (Message Integrity Code) provides a keyed
cryptographic checksum to detect forgeries (also
called Message Authentication Code, or MAC)
• The MIC function is a one-way cryptographic
hash function
• The MIC is calculated over the source and
destination MAC addresses and the plaintext
after being seeded by the 64-bit MIC key
• The Cryptographic Doom Principle http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/
80
81
Uued krüpto algoritmid (2)
• CCMP/AES – RC4 asemel kasutusel AES.
Krüpteeritakse 128 bitised blokid 128 bitise
võtmega
• AES kasutamine nõuab “suurt” protsessori
jõudlust, seega toetavatel raadiokaartidel uus
protsessor. Osad tootjad üritavad teha asja
tarkvaraliselt, aeglustab tööd.
• CCMP/AES rakendus on WPA2
Stream chipher vs. Block chipher
• Stream ciphers produce a string of pseudo-
random output bits which are XORed with the
message to be encrypted
• Block ciphers process plaintext blocks which they
encrypt
• Block cipher modes allow you to randomly access just a
portion of an encrypted message, without wasting time
decrypting the whole thing.
• A second advantage is that block ciphers can be used
to construct both encryption and message
authentication (MACs), which makes them a wonderful
building block for constructing authenticated encryption
modes.
82
83
Preshared Key (PSK) autentimine
• Tuntud kui WPA-Personal ja WPA2-Personal
• Tehakse järgnevad sammud: • STAs discover the AP’s security policies through passive
monitoring of the Beacon frames or through active probing. The
pairwise master key (PMK) is set to the value of the PSK.
• The four-way handshake is performed.
• The authenticator sends the GTK (group temporal key) to the
supplicant for use in decryption of multicast and broadcast frames.
• Oluline on, et PSK oleks piisavalt pikk (20 märki)
ja keerukas, muidu lahti murtav
Paroolide murdmiseks
Two Types of Password Cracking
• Online
- Trying different passwords to log in
- Can be slow and noisy
- You may only be allowed a few guesses
• Offline
- You grabbed the password hashes
- You now are only limited by how fast your
computer is
84
85
Rainbow tables - linke
• How Rainbow Tables work
http://kestas.kuliukas.com/RainbowTables/
• http://www.shmoocon.org/slides/matt_weir_shmoo09.pdf
• http://www.freerainbowtables.com/
• http://hak5.org/forums/index.php?showtopic=12708
• http://renderlab.net/projects/WPA-tables/
faili suurus 33Gb
86
Pyrit • Kasutame
GPUd
87
Allikas: http://code.google.com/p/pyrit/
WPA kaitse
• To prevent this attack, we suggest using a very short
rekeying time, for example 120 seconds or less. In 120
seconds, the attacker can only decrypt parts of the ICV
value at the end of a packet.
• Alternatively disabling the sending of MIC failure report
frame frames on the clients would also prevent the attack.
The best solution would be disabling TKIP and using a
CCMP only network.
Allikas: http://dl.aircrack-ng.org/breakingwepandwpa.pdf
88
• "RockYou" password list - 14-million unique
passwords
• Simply comparing the RockYou list to a list of
hashes from a domain controller gives you from a
third to a half of the passwords in seconds, even
when there are good password policies. Mutating
the RockYou list gives you even more passwords.
89
Paroolide statistikat
• Average Length of Password:
Phpbb.com: 7.06 characters
Finnish: 7.09 characters
• Percentage of passwords that contained an uppercase letter:
Phpbb.com: 4.38%
Finnish: 6.63%
• Percentage of passwords that contained a special character:
Phpbb.com: 0.75% <-Yes that is less than 1%
Finnish: 1.03%
• Percentage of passwords that contained a digit:
Phpbb.com: 44.18%
Finnish: 44.07%
• Percentage of passwords that ONLY had lowercase letters
Phpbb.com: 53.00%
Finnish: 52.13%
Allikas: http://reusablesec.blogspot.com/2009/04/ok-some-actual-results.html
90
Paroolide statistikat - Eesti
• Hiljuti sattus üks tuttav rakenduse otsa, kus
kasutajate paroole hoiti loetava tekstina (üldiselt
halb plaan ja see läks ka muutmisele). Samas
andis see võimaluse teha huvitavat parooli-
statistikat selle kohta, et mida siis kasutada ei
tohiks.
Allikas:
http://irve.eu/blog/2009/10/kas-tunned-oma-parooli-ara
91
Populaarsemad paroolid
1. 123456
2. [kasutusotstarbel põhinev]
3. parool
4. armastus
5. [mehenimi]
6. lilleke
7. musike
8. maasikas
9. [wtf firmanimi]
10. kiisuke
92
Populaarsemad paroolid (2)
11. rebane
12. Kallis
13. [kasutusotstarbel põhinev]
14. pisike
15. [anomaalia] <- üle kümne kasutaja teinud omale?
16. saladus
17. musirull
18. liblikas
19. sipsik
20. lammas
93
Teine vaade paroolidele
The work involved in hacking passwords is very
simple. There are 5 proven ways to do so:
• Asking: Amazingly the most common way to gain access
to someone's password is simply to ask for it (often in
relation with something else).
• Guessing: This is the second most common method to
access a person's account.
• Brute force attack: Very simple to do.
Allikas: http://www.baekdal.com/tips/password-security-usability
94
Teine vaade paroolidele (2)
• Common word attacks: A simple form of brute-force
attacks, where the hacker attempt to sign-in using a list of
common words.
• Dictionary attacks: Same concept as common word
attacks - the only difference is that the hacker now uses
the full dictionary of words (there are about 500,000
words in the English language).
95
Parooli valikust - soovitus
96
Allikas: http://xkcd.com/936/
Soovitus teisest vaatest
97
Thanks to the XKCD comic, every password cracking word
list in the world probably has correcthorsebatterystaple in it
already
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-
passwords/
98
Allikas: http://xkcd.com/538/
WPS ja Reaver
• Wi-Fi protected setup
• Bruteforce rünnaku võimalik teha.
• Artikkel:
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
• Reaver will recover the target AP's plain text WPA/WPA2
passphrase in 4-10 hours, depending on the AP. In
practice, it will generally take half this time to guess the
correct WPS pin and recover the passphrase.
99
Hole 196
• Affecting WPA/WPA2 Enterprise networks, this
issue allows an authenticated user to manipulate
other clients on the network to establish ARP
spoofing attacks, to impersonate data frames
from the AP or to create a DoS attack against
other users. This is all through leveraging a key
shared among all of the authorized clients in a
wireless LAN known as the Group Temporal Key
(GTK).
100
Hole 196
• Reflections on “hole196″
• http://www.willhackforsushi.com/?p=495
• http://www.airtightnetworks.com/fileadmin/pdf/WP
A-Too-Hole196-Defcon18-Presentation.pdf
101
Teine vaade Hole 196 ründele
• In fact, the exploit continues to demonstrate a
lack of any effective method of cracking the WiFi
Alliance WPA/WPA2 certified versions of IEEE
encryption standards found in WiFi gear of the
past seven years. Brute force and dictionary
attacks against short passphrases used typically
on home and small-business networks are still
the only means of key recovery.
Allikas: http://arstechnica.com/business/news/2010/07/wifi-hole196-major-exploit-or-
much-ado-about-little.ars
102
103
IEEE 802.1X autentimine
• Defineerib pordi põhise autentimise
• Kuna APdel raadio poole peal pordid puuduvad
on defineeritud Port Access Entity (PAE), mis
kontrollib andme edastust kindlale MAC
aadressile
104
Üldpõhimõte
105
Extensible Authentication Protocol (EAP)
• Erinevad tüübid
106
107
Rakendamise link
• Secure wi-fi Net : freeRadius + WRT54G =
802.1x (WPA-radius EAP/TLS) http://oriolrius.cat/blogcms/?item=secure-wi-fi-net-freeradius-wrt54g-
802-1x-wpa-radius-eap-tls
• Choosing the right flavor of 802.1X http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1167
608,00.html?track=wsl3
108
Tehnoloogiate võrdlus
Wireless Penetration Test Process
• Locate the target network.
• Tools: Kismet and Airodump-ng
• Determine encryption and authentication used by the network.
• Kismet and Airodump-ng will identify:
• WEP verse WPA
• PSK verse Enterprise Authentication
• Must manually identify the EAP type used by Enterprise
109
Wireless Penetration Test Process
• Authentication.
• Launch appropriate attacks based on the information
gathered above.
• Success of the attack relies on gathering reliable
information.
• If you do not know the EAP type you are shooting blind
and hoping your attack will work.
• Tööriist EAPeak
110
Gathering Usernames
• PEAP, TTLS, EAP-Fast, and LEAP transmit
unencrypted usernames.
• PEAP, TTLS and EAP-Fast transmit the username
before the encrypted tunnel is established.
• Different usernames can be used inside and outside the
encrypted tunnel.
• Some clients support this but it is very rarely implemented.
• This information leakage can be used to build a
list of usernames and domains at the target
organization.
111
AP Impersonation Attack
112
The AP Impersonation attack has been recently revitalized with new attacks
against WPA Enterprise.
This attack targets EAP/TTLS and PEAP networks.
Lugemist: http://www.foundstone.com/us/resources/whitepapers/802.11 Attacks.pdf
http://wirelessdefence.org/Contents/FreeRadius%20Wireless%20Pwnage%20Edition.htm
AP Impersination Attack (2)
113
Both EAP/TTLS and PEAP have the ability of establishing mutual
authentication between the client and the authentication server prior to
passing its inner authentication credentials (most often MSCHAPv2). It is
common, however, that client systems are not properly configured to validate
the authentication server’s TLS certificate or the client supplicant puts the
decision to decide whether or not to connect with a non-validated certificate.
Depending on the inner authentication protocol used, these credentials can be
passed in clear text, or may be subject to a brute force attack. Finally, because
it is commonplace to use Windows Domain authentication credentials in
EAP/TTLS and PEAP configurations, the attacker may also gain access to the
corporate domain.
Kaitseks: http://www.willhackforsushi.com/presentations/PEAP_Shmoocon2008_Wright_Antoniewicz.pdf
Slaidil 37 on näide õigest Windows konfiguratsioonist, vigased
konfiguratsioonide näited slaididel 24 – 26.
114
Zealous Autoconfig
Link: http://xkcd.com/416/
Põhimõtteliselt olemas :)
Linke: https://edge.arubanetworks.com/blog/2008/04/overzealous-wzc
http://airodump.net/intuitive-wifi-hacking-gui-ubuntu-linux/
115
Harivaid linke (1) NB! Lingid mõeldud enesetäiendamiseks ja hilisemaks lugemiseks.
Kui huvi ei ole lugema ei pea.
• WiFi kasutamisest https://www.ria.ee/wifikasutamine
• 802.11 Attacks http://www.foundstone.com/us/resources/whitepapers/802.11%20Attacks.pdf
• WEP / WPA / WPA2 krüpteeringu murdmine http://wireless-comm.blogspot.com/2008/04/how-to-crack-your-wifi-wpa-psk.html
• The Final Nail in WEP’s Coffin
http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
• 802.11 Security Inaccessible star?
http://2006.hack.lu/images/0/08/Wifi-security_hacklu2006.pdf
• Practical attacks against WEP and WPA http://dl.aircrack-ng.org/breakingwepandwpa.pdf
116
Harivaid linke (2) • Wi-Fi and Bluetooth Course
http://www.kjhole.com/Standards/Intro.html
• A Comprehensive Review of 802.11 Wireless LAN Security
and the Cisco Wireless Security Suite http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm
• Wi-Fi security – WEP, WPA and WPA2 http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf
• WPA PSK Crackers: Loose Lips Sink Ships http://www.wi-fiplanet.com/tutorials/article.php/10724_3667586_1
• WPA Security Tips http://www.wi-fiplanet.com/tutorials/article.php/3737016
• Wireless Vulnerabilities & Exploits http://www.wirelessve.org/
117
Harivaid linke (3) • HOWTO: Wireless Security - WPA1, WPA2, LEAP, etc.
http://ubuntuforums.org/showthread.php?t=202834
• Wireless Tools for Linux
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html
• Wireless LAN Sniffer Applications and Scanners for Linux http://tuxmobil.org/linux_wireless_sniffer.html
• Wi-Spy Spectrum Analyzers Shows What's in Your Wireless
Backyard http://www.wifinetnews.com/archives/007861.html
• Five Wireless Threats You May Not Know http://www.sans.edu/resources/securitylab/wireless_security_1.php
• Breaking 40-bit WEP in less than 30 seconds? http://radajo.blogspot.com/2007/04/breaking-40-bit-wep-in-less-than-30.html
• Tarkus “kõrvataha” http://voru.wifi.ee/index.php?leht=7
• SSID valimise reeglid http://voru.wifi.ee/index.php?leht=48
• Näide enamlevinud SSIDest http://voru.wifi.ee/wardriving/ssid.php
• Your Wi-Fi can tell people a lot about you http://www.news.com/Your-Wi-Fi-can-tell-people-a-lot-about-you/2100-7355_3-
6163666.html
• WPA Cracking with CUDA: A How To http://www.wifiblog.org/2010/02/wpa-cracking-with-cuda-a-how-to/
• Wireless / Wifi Hack or Crack - ( fi.sh & karma ) http://capcomzone.blogspot.com/2009/08/wireless-wifi-hack-or-crack-fish-
karma.html
• 802.11_ (WiFi) Wireless Network Security http://www.raulsiles.com/resources/wifi.html
Harivaid linke (4)
Harivaid linke (5)
• Exploit Sweatshop http://www.gnucitizen.org/blog/exploit-sweatshop/
• "Wi-Fi (In)Security - All Your Air Are Belong To..." http://www.taddong.com/docs/Wi-Fi_(In)Security_GOVCERT-
2010_RaulSiles_Taddong_v1.0_2pages.pdf
• More WPA2 Hole 196 Reflections and TCP/IP Stack
(Mis)Behaviors http://blog.taddong.com/2010/09/more-wpa2-hole-196-reflections-and.html
• WPA TOO ! http://www.willhackforsushi.com/tmp/BlackHat-USA-2010-Ahmad-WPAToo.pdf
• Shifting the Focus of WiFi Security: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-
de_bouvette-farina.pdf
119
Harivaid linke (6)
• Vista Wireless Power Tools http://www.inguardians.com/pubs/Vista_Wireless_Power_Tools-Wright.pdf
• Essential Crypto for Pen Testers (Without the Math!) http://www.willhackforsushi.com/presentations/Essential_Crypto_Without_the_Mat
h_Webcast-20100426.pdf
• The twilight of Wi-Fi Protected Access http://pyrit.wordpress.com/the-twilight-of-wi-fi-protected-access/
• Wifi Security -or- Descending Into Depression and Drink http://www.blackhat.com/presentations/bh-dc-10/Kershaw_Mike/BlackHat-DC-
2010-Kershaw-dragorn-wifi-security-slides.pdf
120
Harivaid linke (7)
• PIN analysis http://www.datagenetics.com/blog/september32012/index.html
• Linkedin Password Infographic http://securitynirvana.blogspot.com/2012/06/linkedin-password-infographic.html
• Password cracking, mining, and GPUs http://blog.erratasec.com/2011/06/password-cracking-mining-and-gpus.html
• Common misconceptions of password cracking http://erratasec.blogspot.com/2012/08/common-misconceptions-of-password.html
• Revisiting password meters http://securitynirvana.blogspot.com/2010/11/revisiting-password-meters.html
• What's the deal with RC4? http://blog.cryptographyengineering.com/2011/12/whats-deal-with-rc4.html
• An Overview of Cryptography http://www.garykessler.net/library/crypto.html
121
Harivaid linke (8)
• Cryptography I https://www.coursera.org/course/crypto
• Divide and Conquer: Cracking MS-CHAPv2 with a 100%
success rate https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
• Password cracking, part II: when does password cracking
matter? http://www.lightbluetouchpaper.org/2012/09/04/password-cracking-part-ii-
when-does-password-cracking-matter/
• The only secure password is the one you can’t remember http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html
• A crossword based on the Adobe password leak http://zed0.co.uk/crossword/
122
