Wireless Secuity and Design Introductions: Mike Danahy and Steve Mylander Today Wireless design Part I: Wireless Fundamentals Part II: Wireless Threats Part III: Tools of the Trade Part IV: Wireless Security Wireless Design and Security Wireless Funamentals Taken from the book “Maximum Wireless Security” by Cyrus Peikari; Seth Fogie Access Points WAP11 SOHO (Small Office and Home Office) AP Really like this AP because it has 2 antenas. Setup: Almost all APS are the same on ip address 192.168.0.1, admin for the login and admin for the password CHANGE THIS IMMEDIATELY do not need to change it to work; off the shelf philosophy Wireless Design and Security Wireless Funamentals Antennas: HEART AND SOUL OF YOUR WIRELESS Hertz; unit to measure radio frequency coming off of an antenna. One Frequency or hertz is the number of waves propogated in one second. FM Radio station using 103.5 mega Hertz or 103.5 mhz is a wave of 103,500,000 AM Redio Station 1050 AM is 1,050,000 herts or 1050 khz Lower the frequency the longer the distance. Wireless Design and Security Wireless Funamentals Antennas: “In many situations, a lower power signal transmitted using a good antenna can arrive at its destination with more accuracy than a high-powered signal transmitted using a poor antenna. Antennas are rated by the amount of gain that they provide” GAIN is the increase in power you get by using a directional antenna GAIN Measured in db or decibles:dbi and dbd CB antena compared to 2.4ghz antenna: 34' and 2.2' Wireless Design and Security Wireless Funamentals Antennas: In wireless there are 2 types of antennas OMNI-Directional and Directional Flashlight analogy OMNI-Directional are not truly Omni-directional great for covering a wide area (not long) SMISMCO10 is an omni-directional antenna designed for medium- to long-range multipoint applications TechnoLab Log Periodic Yagi at http://www.technolab- inc.com/ http://www.youtube.com/watch?v=hNFKbcJ_WK8 http://www.metacafe.com/watch/837885/wifi_antenna_hack * Wireless Design and Security Wireless Funamentals Antennas: Directional Antennas are great for Focusing point to point connection SigMax Circular Yagi: Signull SMISMCY12. “ This Yagi antenna from TechnoLab is truly one of a kind. Its low profile and small design make it a great indoor directional antenna. In addition, by placing this antenna on the outer perimeter of a building, you can easily create building-to-building links.” http://www.engadget.com/2005/11/15/how-to-build-a-wifi- biquad-dish-antenna http://www.l-com.com/item.aspx?id=22571 http://www.youtube.com/watch?v=kq3htRMNmss&feature=related Wireless Design and Security Wireless Funamentals Antennas: Directional Antennas are great for Focusing DON'T MAKE YOUR OWN Purchase Aps with attached antennas Purchase a recommended antenna PRE and POST tests. Wireless Design and Security Wireless Fundamentals 802.11 Protocol Defines all wifi or wireless standards for data communications. 802.1a The first wireless standard Operates at the 5 ghz range Sunset now. Not enough distance. FHSS (Frequency Hoping Spread Spectrum) DSSS (Direct-sequence Spread Spectrum) There is a difference Bluetooth (fhss) 802.1b-802.1g Most widely used today 802.1n Discussion on Ratification NOTE: please change this to 802.1i with 802.1x being the authentication component and the 802.1n being the Wireless Design and Security Wireless Fundamentals Interference the 1 – 6 – 11 rule some aps adjust automatically; can be good interference from bluetooth. microwaves and mobile phones (not cell phones) other demands the use of spread spectrum analyzer placement of the aps. other (discussion) Wireless Design and Security Wireless Security EVERYTHING IS BASED ON 5 SECURITY PRINCIPLES CONFIDENTIALITY: Render the information un-intelligible except by authorized entities. INTEGRITY: Data has not been altered in an unauthorized manner since it was created, transmitted or stored AUTHENTICATION: Verify the identity of the user or system that created information AUTHORIZATION: upon proving identity, the individual is then provided with the key or password that will allow access to some resources NON-REPUDIATION: Ensures that the sender cannot deny sending the message Wireless Design and Security Wireless Security EVERYTHING IS BASED ON THESE 5 PRINCIPLES PKI or Public Key Infrastructure symmetric vs asymmetric keys Public, Private keys and certificates. an explanation maybe WEP Only does one known symmetric key between AP and user. very week IV (initialization vector) and no data integrity. Want WEP safer with WEP key + IV value + MAC Address (tkip). temporal key integrity protocol. Wireless Design and Security Wireless Security WEP continued DEMO on hacking; pretty easy http://ethicalhack.org/vids/kismac-vid.php https://www.grc.com/passwords.htm kismac and others will also crack WPS encryption Remember password length does not matter with wep and it is everything in WPA or enhanced WEP 802.1n will take in Confidence, Integrity, Authentication, Authorization and non-repudiation. 802.1x demands the use of a radius server (Well almost).