Wireless Security by Nick von Dadelszen
-
Upload
patricia-fitzpatrick -
Category
Documents
-
view
21 -
download
1
description
Transcript of Wireless Security by Nick von Dadelszen
![Page 1: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/1.jpg)
Copyright Security-Assessment.com 2005
Wireless Security
by Nick von Dadelszen
![Page 2: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/2.jpg)
Copyright Security-Assessment.com 2005
Wireless Security History• 802.11b Standard
– Three security options• SSID• MAC filtering• WEP
• Easily Breakable– SSID Broadcasting– War-Driving– WEP cracking
![Page 3: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/3.jpg)
Copyright Security-Assessment.com 2005
Current Technologies• 802.1X
– RADIUS Authentication– Dynamic WEP encryption key distribution– Widely implemented by manufacturers late 2001 and 2002
• WPA– Wi-Fi Protected Access– security standard (required for certification)– Solves WEP issues by utilising TKIP– Includes 802.1X authentication– Allow Pre-shared Key mode (PSK) that doesn’t require
RADUIS (only considered slightly better than WEP)– Currently being implemented by manufacturers
![Page 4: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/4.jpg)
Copyright Security-Assessment.com 2005
New Technologies• 802.11i
– IEEE standard– Approved last July, starting to appear in the market– Includes WPA plus AES encryption– Still allows a shared-key mode
• WAPI– New standard produced by the Chinese government– Requires all Wi-Fi companies operating in China to comply
with the standard– Requires international companies to partner with a local
company to gain access to the standard (considered a national secret)
![Page 5: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/5.jpg)
Copyright Security-Assessment.com 2005
Wireless Security Issues• Security is off by default
• Security is implemented poorly– Shared key modes, potentially less secure than WEP
• Reliance on security by obscurity– Disabling SSID broadcasting– MAC filtering
• If you don’t implement it they will
![Page 6: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/6.jpg)
Copyright Security-Assessment.com 2005
Wellington WarDrive• Kismet (802.11b)
– 232 Networks– 142 unencrypted (includes hotspots)
• Netstumbler (802.11b/g)– 161 Networks– 91 unencrypted (includes 60 hotspots)
• 20% of networks still unencrypted (not including hotspots)
![Page 7: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/7.jpg)
Copyright Security-Assessment.com 2005
![Page 8: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/8.jpg)
Copyright Security-Assessment.com 2005
Distance Is Relative
![Page 9: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/9.jpg)
Copyright Security-Assessment.com 2005
New Tools Allowing Easy Cracking
• Aircrack – next generation WEP cracker. No
longer relies on weak IVs. Cracks most WEP
implementations.
• Wpa-psk-bf – Brute-forcer for WPA in pre-shared-
key mode.
• ASLEAP – Cracker for LEAP authentication.
• Hotspotter – Automatic wireless client
penetration.
![Page 10: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/10.jpg)
Copyright Security-Assessment.com 2005
More New Tools
• Void11 – sends deauthentication frames forcing
reconnection (used to capture authentication
frames)
• WepAttack – can break WEP with one packet
• Aireplay – reinjects encrypted packets to speed
capture time
• All available on one bootable-CD (Auditor)
![Page 11: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/11.jpg)
Copyright Security-Assessment.com 2005
![Page 12: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/12.jpg)
Copyright Security-Assessment.com 2005
![Page 13: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/13.jpg)
Copyright Security-Assessment.com 2005
![Page 14: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/14.jpg)
Copyright Security-Assessment.com 2005
HotSpot Issues• Public wireless access
– CafeNet– Telecom Wireless Hotspot Service
• No authentication of Access Point
• Users enter account credentials to access Internet
• Prone to Rogue APs and credential theft– Airsnarf
![Page 15: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/15.jpg)
Copyright Security-Assessment.com 2005
Wireless Defenses
• Treat wireless networks as untrusted, like the
Internet
• Rotate encryption keys
• Use strongest security available
• Change AP default admin user accounts
• Regularly search for rogue APs
• User hotspot education
![Page 16: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/16.jpg)
Copyright Security-Assessment.com 2005
Wireless Network Design
![Page 17: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/17.jpg)
Copyright Security-Assessment.com 2005
Other Technologies - Bluetooth
• Many phones now come with bluetooth
• More bluetooth devices than 802.11 devices
• All security is optional
• Most users don’t bother to secure their phones
• Bluetooth Wardriving!!!
![Page 18: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/18.jpg)
Copyright Security-Assessment.com 2005
![Page 19: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/19.jpg)
Copyright Security-Assessment.com 2005
Non-discoverable Phones
• Most bluetooth devices allow you to make them
non-discoverable
• Do not broadcast
• Still able brute-force MAC address to connect
• Redfang tool does this for you
![Page 20: Wireless Security by Nick von Dadelszen](https://reader035.fdocuments.net/reader035/viewer/2022062422/568134d6550346895d9c01a9/html5/thumbnails/20.jpg)
Copyright Security-Assessment.com 2005
Bluetooth Attacks• Bluesnarfing
• Backdooring
• Bluebugging
• Bluejacking