Wireless Security - PowerPoint

Document Sample
Wireless Security - PowerPoint Powered By Docstoc
					by: Frank Pfleger
   Introduction to Wireless Networks

   Secure the Network
    ◦ Wireless Security Mechanisms


   Unsecure the Network
    ◦ Security Mechanism Weaknesses
    ◦ Tools and Techniques


   Wardriving / Procedures
   Private Wi-Fi
    ◦ Easy installation  security problems
    ◦ Location freedom

   Office Wi-Fi
    ◦ Location freedom
    ◦ Laptop popularity

   Public Hotspot
    ◦ Non-private ( mostly with fee )
    ◦ Public places


                            Introduction  Secure  Unsecure  Wardriving  Conclusion
   Non Encryption
    ◦ Static IP addresses
      Deactivate DHCP
      Assign IP address on every host

    ◦ MAC address filter
      Restrict access to unique hardware address
      Add MAC address for every host

    ◦ Hide SSID
      Deactivate the SSID broadcasting




                             Introduction  Secure  Unsecure  Wardriving  Conclusion
   Encryption
    ◦ WEP – Wired Equivalent Privacy
        Based on RC4 (pseudo-random generator)
        XOR between data and random (bitstream)
        RC4 uses WEP key + Initialization vector
        INSECURE
    ◦ WPA – Wi-Fi Protected Access
      Based on the WEP architecture ( RC4 )
      TKIP – Temporal Key Integrity Protocol
      RC4 uses WPA key (PSK or EAP) + Initialization vector
       + Per packet key mixing + Re Keying
       + Message Integrity Check
      SECURE

                              Introduction  Secure  Unsecure  Wardriving  Conclusion
   Encryption
    ◦ WPA2 – Wi-Fi Protected Access 2
      Implements IEEE 802.11 a,b,g
       and basic/mandatory functions of IEEE 802.11 i
      New architecture based on AES
      AES – Advanced Encryption Standard
        Symmetric crypto system
        Complies with the requirements of FIPS 140-2
      Choose strong password / passphrase (63 characters)
      SECURE




                              Introduction  Secure  Unsecure  Wardriving  Conclusion
   RADIUS
    ◦ Remote Authentification Dial-In Server
    ◦ Client – Server system
    ◦ AAA protocol
      Authentification ( who )
      Authorization ( what )
      Accounting ( track consumption )


   VPN – Virtual Private Network
    ◦ Tunnel
    ◦ Authentification
    ◦ Secure Encryption ( Public Key / RSA )


                            Introduction  Secure  Unsecure  Wardriving  Conclusion
   Weaknesses
    ◦ Serveral techniques to compromise


   Sniffing a IP address
    ◦ Deactivated DHCP
    ◦ IP address transmitted in every packet

   Spoofing a MAC address
    ◦ MAC address filter
    ◦ MAC address transmitted in every frame




                            Introduction  Secure  Unsecure  Wardriving  Conclusion
   Hacking WEP
    ◦   Introduced in 1999
    ◦   Serious weaknesses identified in 2001
    ◦   IV – Initialization Vector used for decryption
    ◦   ICV – Integrity Check Value
         CRC32 checksum
         CRC32 is strict linear
    ◦ Calculation of the Key
           Attack based on security flaw in CRC32
           500 000 – 1 000 000 IV‘s for 128 bit encryption
           Techniques: Packet Reinjection / Deauthenticate Client
           TU Darmstadt ( PTW ) 50 000 IV‘s for 128 bit (50%)


                                   Introduction  Secure  Unsecure  Wardriving  Conclusion
   WPA / WPA2
    ◦ Currently no weakness or security flaw
    ◦ Weak Passwords
      Choose a strong password
      At least 12 characters
      Mixed letters, numbers and symbols
    ◦ Dictionary Attack
    ◦ Brute-Force Attack




                            Introduction  Secure  Unsecure  Wardriving  Conclusion
   Tools and Techniques
    ◦ MAC address spoofing
      Linux
        macchanger –s wlan0
      Windows
        supported by some Wi-Fi cards
        SMAC or other tools
    ◦ ARP spoofing
      Spoof the wrong MAC – IP combination
      Windows
        WinArpSpoofer
      Linux
        arpspoof –t 10.0.0.1 ( all packets to your host)


                                Introduction  Secure  Unsecure  Wardriving  Conclusion
   Tools and Techniques
    ◦ Man-in-the-Middle ( MITM )
        Use ARP spoofing to get packets
        Analyze packets
        Forward packets to victim
        Linux:
          fragroute/fragrouter
          sslsniff ( https MITM )
    ◦ DNS Spoofing
      Spoof the wrong Hostname – IP combination
      Linux:
          dnsspoof



                                     Introduction  Secure  Unsecure  Wardriving  Conclusion
   Tools and Techniques
    ◦ Sniffing data
      Used for MITM or passive listening
      Capture and analyze data
      Linux / Windows:
        Wireshark ( Ethereal )

    ◦ Aircrack Toolkit
      Cracking a WEP encryption
      Airodump
        Logging / Scanning IV‘s
      Aireplay
        Re-inject packets


                                  Introduction  Secure  Unsecure  Wardriving  Conclusion
   Act of searching Wireless Networks
   In general with a car
    ◦ Warbiking
    ◦ Warwalking
   Warchalking
    ◦ Mark a place, mostly with chalk
   Mapping
    ◦ Create exact maps
    ◦ Use GPS to get the coordinates
    ◦ Provide information online
   Difference to Piggybacking
    ◦ Use of the wireless network


                            Introduction  Secure  Unsecure  Wardriving  Conclusion
   Equipment
    ◦ Good equipment for effective Wardriving
    ◦ Notebook with Tools
    ◦ Wireless Network Card
      Regular Card
      Special Card with an external antenna interface
    ◦ Antenna
      Directional
      Onmidirectional
      Parabolic (not for Wardriving)
    ◦ GPS receiver
      Logging / Mapping


                              Introduction  Secure  Unsecure  Wardriving  Conclusion
   Tools
    ◦ Operating System
      Windows ( just for Mapping and Logging )
      Linux (Special Distributions)
        All tools and drivers preinstalled
        Run from CD
        Eg. Backtrack ( Auditor )

    ◦ Scanning and Mapping
      Windows
        Netstumbler
      Linux
        Kismet


                                 Introduction  Secure  Unsecure  Wardriving  Conclusion
   Wardriving
    ◦ Scan for wireless networks ( Netstumbler / Kismet )
    ◦ Save the GPS position

   Piggybacking
    ◦ Connect to the wireless network
    ◦ Use the network




                            Introduction  Secure  Unsecure  Wardriving  Conclusion
   Using Backtrack ( Auditor )
   Hidden SSID
    ◦ aircrack to deauthenticate ( force reconnect )
    ◦ Scan with airodump for the SSID
   Scan and log IV‘s
    ◦ airodump to log
    ◦ Filters, Stores and analyzes packets for IV‘s
   Reinject packets
    ◦ aireplay reinjects found IV‘s
    ◦ Increases the retransmitted IV‘s
   Crack the Key
    ◦ aircrack to calculate the WEP key
    ◦ Enough IV‘s needed

                             Introduction  Secure  Unsecure  Wardriving  Conclusion
   MAC filter
    ◦ Scan packets with Wireshark ( Ethereal )
    ◦ Spoof a MAC address with macchanger
   DHCP deactivated
    ◦ Scan packets with Wireshark ( Ethereal )
    ◦ Set your IP address
   Man-in-the-Middle
    ◦   Spoof your MAC with the gateways IP
    ◦   Spoof your MAC with the victims IP
    ◦   Reroute packets
    ◦   Using arpspoof and fragroute


                             Introduction  Secure  Unsecure  Wardriving  Conclusion
   Spoof DNS Entry
    ◦ Spoof your IP address for different hostnames
    ◦ Eg. hostname of the victims bank
   Intercept SSL connections
    ◦   SSL MITM attack
    ◦   Fake SSL certificate
    ◦   Sniff data transmitted via SSL
    ◦   Using sslsniff
   Sniff Data
    ◦ Log and analyze all transmitted data
    ◦ Using Wireshark ( Ethereal )
   Get access to Computers
    ◦ Using various Windows / Linux tools

                               Introduction  Secure  Unsecure  Wardriving  Conclusion
   Secure your wireless network properly!

   Don‘t rely on
    ◦   Hidden SSID
    ◦   MAC filter
    ◦   Deactivated DHCP
    ◦   WEP

   Use a proper encryption
    ◦ WPA / WPA2 ( choose a strong password )
    ◦ VPN ( secure with multi user )


                           Introduction  Secure  Unsecure  Wardriving  Conclusion
Thanks for your attention.

Any Question?

                                    Frank Pfleger
                           mail@frankpfleger.com
           Introduction  Secure  Unsecure  Wardriving  Conclusion

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:10/1/2012
language:English
pages:22