Wireless and mobile device security
Transcript of Wireless and mobile device security
JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
Wireless and
Mobile Device
SecurityJIM DOHERTY
Contents
Preface XVII
Acknowledgments XIX
PART ONE Introduction to Wireless and Mobile Networks
The Evolution of Data Networks 3
The Dawn of Data Communication 4
Early Data Networks 5
The Internet Revolution 7
Advances in Personal Computers 8
Mobile Phones and the Creation of the Other New Network 8
Computers Go Mobile 9
The Convergence of Mobile and Data Networks 10
Business Challenges Addressed by Wireless Networking 11
IP Mobility 13
The Impact of Bring Your Own Device 16
Common Operating Environment 16
BYOD: An IT Perspective and Policy 18
The Basic Tenets of Network Security 21
The Evolution of Cybercrime 23
Wireless Network Security 24
Mobile IP Security 27
CHAPTER SUMMARY 28
KEY CONCEPTS AND TERMS 29
CHAPTER 1 ASSESSMENT 29
The Evolution of Wired Networking to
Wireless Networking 31
Networking and the Open System Interconnection Reference Model
The Seven Layers of the OSI Reference Model 33
Communicating over a Network 34
The Data Link Layer 37
The Physical Layer 38
From Wired to Wireless 39
The Economic Impact of Wireless Networking 40
Wireless Networking and the Way People Work 41
Health Care 41
Warehousing and Logistics 42
Retail 43
General Business and Knowledge Workers 43
The Wi-Fi Market 44
How Wi-Fi Affects Developing Nations 45
The Internet of Things 45
CHAPTER SUMMARY 46
KEY CONCEPTS AND TERMS 47
CHAPTER 2 ASSESSMENT 47
The Mobile Revolution 49
Introduction to Cellular or Mobile Communication 50
Cellular Coverage Maps 51
Frequency Sharing 53
Cellular Handoff 56
The Evolution of Mobile Networks 56
AMPS 1G 56
GSM and CDMA 2G 57
GPRS and EDGE 58
3G Technology 58
4G and LTE 59
BYOD and the BlackBerry Effect 59
The Economic Impact of Mobile IP 61
The Business Impact of Mobility 62
Business Use Cases 63
Any Business Involving the Moving of People orThings
Delivery (Drop Off) Loss Mitigation 64
Information Dissemination 64
Enterprise Business Management Applications 65
CHAPTER SUMMARY 66
KEY CONCEPTS AND TERMS 66
CHAPTER 3 ASSESSMENT 67
Contents
CHAPTER 4
V
Security Threats Overview:
Wired, Wireless, and Mobile 69
What to Protect? 70
General Threat Categories 71
Confidentiality 72
Integrity 73
Availability 73
Accountability 74
Nonrepudiation 74
Threats to Wireless and Mobile Devices 75
Data Theft Threats 75
Device Control Threats 77
System Access Threats 78
Risk Mitigation 79
Mitigating the Risk of BYOD 80
BYOD for Small-to-Medium Businesses 83
Defense in Depth 84
Authorization and Access Control 86
AAA 86
Information Security Standards 88
ISO/IEC 27001:2013 88
ISO/IEC 27002:2013 89
NISTSP 800-53 89
Regulatory Compliance 90
The Sarbanes-OxleyAct 90
The Gramm-Leach-BlileyAct 91
The Health Insurance Portability and Accountability Act
and the Health Information Technology for Economic
and Clinical Health Act 91
The Payment Card Industry Data Security Standard 91
Detrimental Effects of Regulations 92
CHAPTER SUMMARY 93
KEY CONCEPTS AND TERMS 94
CHAPTER 4 ASSESSMENT 94
vi Contents
part two WLAN Security 97
gffTOECT How DoWLANsWork? 99
WLAN Topologies 100
Wireless Client Devices 100
802.11 Service Sets 102
The 802.11 Standards 103
802.11 Unlicensed Bands 105
Narrowband and Spread Spectrum 105
Multipath 106
Frequency Hopping Spread Spectrum 106
Direct Sequence Spread Spectrum 107
Wireless Access Points 107
How Does a WAP Work? 109
WAP Architecture 111
Wireless Bridges 112
Wireless Workgroup Bridges 112
Residential Gateways 113
Enterprise Gateways 114
Wireless Antennas 114
Omnidirectional Antennas 115
Semi-Directional Antennas 115
Highly Directional Antennas 117
MlMO Antennas 118
Determining Coverage Area 119
Site Surveys 120
Spectrum and Protocol Analysis 121
CHAPTER SUMMARY 124
KEY CONCEPTS AND TERMS 124
CHAPTER 5 ASSESSMENT 125
WLAN and IP Networking Threat and
Vulnerability Analysis 127
Types of Attackers 129
Skilled Versus Unskilled Attackers 129
Insiders Versus Outsiders 129
Targets of Opportunity Versus Specific Targets 131
Scouting for a Targeted Attack 132
Contents
Physical Security and Wireless Networks 133
Social Engineering 133
Wardriving 136
RogueAccess Points 137
Rogue AP Vulnerabilities 137
Evil Twins 138
Bluetooth Vulnerabilities and Threats 140
Bluejacking 142
Bluesnarfing 143
Bluebugging 144
Is Bluetooth Vulnerable? 144
Packet Analysis 145
Wireless Networks and Information Theft 146
Malicious Data Insertion on Wireless Networks 148
Denial of Service Attacks 149
Peer-to-Peer Hacking over Ad Hoc Networks 150
When an Attacker Gains Unauthorized Control 151
CHAPTER SUMMARY 152
KEY CONCEPTS AND TERMS 153
CHAPTER 6 ASSESSMENT 153
Basic WLAN Security Measures 155
Design and Implementation Considerations for Basic Security
Radio Frequency Design 156
Equipment Configuration and Placement 157
Interoperability and Layering 158
Security Management 159
Authentication and Access Restriction 160
SSID Obfuscation 161
MAC Filters 162
Authentication and Association 163
VPN over Wireless 164
Virtual Local Area Networks 165
Data Protection 166
Wired Equivalent Privacy 166
Wi-Fi Protected Access 168
Wi-Fi Protected Access 2 169
Contents
Ongoing Management Security Considerations 171
Firmware Upgrades 171
Physical Security 172
Periodic Inventory 173
Identifying Rogue WLANs/Wireless Access Points 173
CHAPTER SUMMARY 174
KEY CONCEPTS AND TERMS 174
CHAPTER 7 ASSESSMENT 175
BBflfH Advanced WLAN Security Measures 177
Establishing and Enforcing a Comprehensive
Security Policy 178
Centralized Versus Distributed Design
and Management 178
Remote Access Policies 179
Guest Policies 180
Quarantining 180
Compliance Considerations 181
Employee Training and Education 181
Implementing Authentication and Access Control 182
Extensible Authentication Protocol 182
Remote Authentication Dial-In User Service 183
Intrusion Detection Systems and Intrusion
Prevention Systems 185
Protocol Filtering 185
Authenticated Dynamic Host Configuration Protocol 1
Data Protection 187
WPA2 Personal and Enterprise Modes 187
Internet Protocol Security 188
Virtual Private Networks 189
Malware and Application Security 189
User Segmentation 190
Virtual Local Area Networks 190
GuestAccess and Passwords 191
Demilitarized Zone Segmentation 192
Managing Network and User Devices 192
Simple Network Management Protocol Version 3 192
Discovery Protocols 193
IP Services 194
Contents
Coverage Area and Wi-Fi Roaming 1
Client Security Outside the Perimeter
Device Management and Use LogonsHard Drive Encryption 198
Quarantining 198
CHAPTER SUMMARY 199
KEY CONCEPTS AND TERMS 199
CHAPTER 8 ASSESSMENT 200
^WW^^WWM^P^M inn « a i a -- r\ ji
memmM'Wl WLAN Auditing Tools 201SSsigpp&jS^^ *j
WLAN Discovery Tools 202
NetStumbler and InSSIDer 203
Kismet 203
HeatMapper 204
Penetration Testing Tools 204
Metasploit 205
Security Auditor's Research Assistant
Password-Capture and Decryption Tools
Network Enumerators 208
Network Management and Control Tools
Wireless Protocol Analyzers 209
Aircrack-ng 210
Airshark 210
Network Management System 211
WLAN Hardware Audit Tools and Antennas
Hardware Audit Tools 212
Antennas 213
AttackTools and Techniques 214
Radio Frequency Jamming 214
Denial of Service 215
Hijacking Devices 216
Hijacking a Session 217
Network Utilities 219
CHAPTER SUMMARY 220
KEY CONCEPTS AND TERMS 221
CHAPTER 9 ASSESSMENT 221
Contents
WLAN and IP Network Risk Assessment 223
Risk Assessment 224
Risk Assessment on WLANs 226
OtherTypes of Risk Assessment 227
IT Security Management 228
Methodology 228
Legal Requirements 228
Other Justifications for Risk Assessments 228
Security Risk Assessment Stages 229
Planning 230
Information Gathering 230
Risk Analysis 232
Identifying and Implementing Controls 238
Monitoring 238
Security Audits 239
CHAPTER SUMMARY 240
KEY CONCEPTS AND TERMS 240
CHAPTER 10 ASSESSMENT 241
Mobile Communication Security Challenges
Mobile Phone Threats and Vulnerabilities 246
Exploits, Tools, and Techniques 248
Google Android Security Challenges 248
Criticism of Android 252
Android Exploitation Tools 252
Android Security Architecture 253
Android Application Architecture 254
Google Play 255
Apple iOS Security Challenges 255
Apple iOS Exploits 257
Apple iOS Architecture 259
The App Store 260
PARTTHREE Mobile Security 243
Contents
CHAPTER 12
xi
Windows Phone Security Challenges 260
Windows Phone OS Exploits 261
Windows Phone Security Architecture 261
Windows Phone Architecture 261
Windows Store 262
CHAPTER SUMMARY 263
KEY CONCEPTS AND TERMS 263
CHAPTER 11 ASSESSMENT 264
Mobile Device Security Models 265
Google Android Security 266
The Android Security Model 266
The Android Sandbox 267
File-System Permissions 267
Android SDK Security Features 267
Rooting and Unlocking Devices 268
Android Permission Model 268
Apple iOS Security 269
The Apple Security Model 269
Application Provenance 270
iOS Sandbox 271
Security Concerns 271
Permission-Based Access 272
Encryption 272
Jailbreaking iOS 272
Windows Phone 8 Security 273
Platform Application Security 273
Security Features 273
Secure Boot 274
System App Integrity 275
Securing Apps 275
Windows Phone Security Issues 275
Security Challenges of Handoff-Type Features 276
BYOD and Security 276
Security Using Enterprise Mobility Management 278
Mobile Device Management 279
Mobile Application Management 279
CHAPTER SUMMARY 282
KEY CONCEPTS AND TERMS 283
CHAPTER 12 ASSESSMENT 283
Contents
CHAPTER 13
CHAPTER 14
Mobile Wireless Attacks and Remediation
Scanning the Corporate Network for Mobile Attacks 286
Security Awareness 287
Scanning the Network: What to Look For 288
Scanning forVulnerabilities 289
The Kali Linux Security Platform 291
Scanning with Airodump-ng 291
Client and Infrastructure Exploits 292
Client-Side Exploits 293
Other USB Exploits 293
Network Impersonation 294
Network Security Protocol Exploits 295
RADIUS Impersonation 295
Public Certificate Authority Exploits 296
Developer Digital Certificates 297
Browser Application and Phishing Exploits 297
Captive Portals 297
Drive-By Browser Exploits 298
Mobile Software Exploits and Remediation 298
Weak Server-Side Security 299
Unsecure Data Storage 299
Insufficient Transport Layer Protection 300
Unintended Data Leakage 301
Poor Authorization and Authentication 301
Broken Cryptography 301
Client-Side Injection 302
Security Decisions via Untrusted Inputs 302
Improper Session Handling 303
Lack of Binary Protections 303
CHAPTER SUMMARY 304
KEY CONCEPTS AND TERMS 304
CHAPTER 13 ASSESSMENT 304
Fingerprinting Mobile Devices 307
Is Fingerprinting a Bad or a Good Thing? 308
Types of Fingerprinting 309
Network Scanning and Proximity Fingerprinting 310
Online or Remote Fingerprinting 311
Fingerprinting Methods 314
Passive Fingerprinting 314
Active Fingerprinting 316
Contents xiii
Unique Device Identification 316
Apple iOS 316
Android 317
HTTP Headers 317
New Methods of Mobile Fingerprinting 318
Spyware for Mobile Devices 320
Spy Software 321
Spy Cells: Stingray 322
CHAPTER SUMMARY 324
KEY CONCEPTS AND TERMS 325
CHAPTER 14 ASSESSMENT 325
Mobile Maiware and
Application-Based Threats 327
Maiware on Android Devices 328
Criminal and Developer Collaboration 331
Madware 333
Excessive Application Permissions 334
Maiware on Apple iOS Devices 335
Maiware on Windows Phone Devices 337
Mobile Maiware Delivery Methods 337
Mobile Maiware and Social Engineering 338
Captive Portals 339
Drive-By Attacks 339
Clickjacking 339
Likejacking 339
Plug-and-Play Scripts 340
Mitigating Mobile Browser Attacks 340
Mobile Maiware Defense 342
Mobile Device Management 342
Penetration Testing and Smartphones 343
CHAPTER SUMMARY 344
KEY CONCEPTS AND TERMS 345
CHAPTER 15 ASSESSMENT 345
Contents
APPENDIX A
APPENDIX B
Answer Key 347
Standard Acronyms
Glossary of Key Terms
References 365
Index 377