Wireless Security and Wireless Security Monitoring by gvv20778

VIEWS: 67 PAGES: 35

									          Wireless Security
                 and
     Wireless Security Monitoring

The Rogue Access Point: A Threat to Wired
        and Wireless Networks


  Rick Doten
  Director, Vulnerability Assessment Division
                Outline

•   Types of Wireless Networks
•   Threats of Wireless Networks
•   Wireless Security Tools
•   Wireless Security Monitoring
•   How Wireless can be secure
Wireless Networking Categories

• Personal Area Networking
   – Bluetooth, UWB
• Local Area Networking
   – IEEE 802.11 (a, b, g)
   – HomeRF
   – Packet Radio 900mhz ISM
• Wide Area Networking
   – 2.5-3G cellular
   – Blackberry
   Security Risks of Wireless LANs

• Easier for unauthorized devices to attach to wireless
  network
   - Don’t need physical access
   - Many organizations don’t apply security
   - Presence of free wireless hacking tools


• Internal systems are usually not as secure as
  external or DMZ systems
Business Risks of Wireless LANs

A wireless attacker could affect you business in the following
  ways:
    • Ability to destroy data
    • Ability to steal proprietary data from client workstations and
      servers
    • Disruption of network service through corruption of network
      devices


RISK: Inability to meet core business and customer needs that
  could lead to loss of revenue
Security Risks INTRODUCED by Wireless
              Technology

• Rogue Access Points
• Clients Communicating in Ad Hoc Mode




  Computerworld survey estimate at least 30 percent of businesses have
  rogue wireless LANs.
          Rogue Device Threat

Can make your network vulnerable…
• Even with a secure wireless network
• Even if you have no wireless network
• Both Access Points and Clients are dangerous

Goal
 Protect network jacks
 Identify unauthorized wireless devices
WarChalking
                 Wireless Tools

• Types of Monitoring tools
   – Stumbling
   – Sniffing
   – Handheld


• Hacking tools
   – WEP Cracking
   – ARP Spoofing
            Stumbling Tools

Stumbling tools identify the presence of wireless
networks. They look for beacons from access
points, and also broadcast client probes and wait
for access points to respond.
                      Netstumbler

http://www.netstumbler.com
–   Free
–   Window based
–   Very simple GUI
–   GPS capable
                   Wellenreiter

http://www.remote-exploit.org
– Free
– Linux based
– Supports many
  wireless cards
– GPS capable
           Other Stumbling Tools

• MacStumbler (MAC)
  http://homepage.mac.com/macstumbler/
• MiniStumbler (PocketPC)
  http://www.netstumbler.com/download.php?op=getit&lid=21
• Mognet (JAVA)
  http://chocobospore.org/mognet/
• BSD-AirTools – dstumbler (BSD)
  http://www.dachb0den.com/projects/bsd-airtools.html
             Sniffing Tools

Sniffing tools capture the traffic from a wireless
network and can view the data passed across the
air.
                        Kismit

http://www.kismetwireless.net
– Free
– Linux based
– GPS capable
                     AiroPeek

http://www.wildpackets.com/products/airopeek
– Must pay for it
– Windows based
– Real time
  packet decoding
              Other Sniffing Tools

• AirTraf (Linux)
  http://airtraf.sourceforge.net/index.php
• Ethereal (All OS’s)
  http://www.ethereal.com/
• Sniffer Wireless (Windows, PocketPC)
  http://www.sniffer.com/products/sniffer-wireless/default.asp?A=3
• BSD-AirTools - Prism2dump (BSD)
  http://www.dachb0den.com/projects/bsd-airtools.html
            Handheld Tools

Handheld tools are more portable and provide
wireless network identification and network status
monitoring.
                    AirMagnet

http://www.airmagnet.com/

– Pocket PC based
                   Waverunner

http://www.flukenetworks.com/us/LAN/Handheld+Testers/Wave
Runner/Overview.html

– Linux kernal on iPaq
            Other Handheld Tools

• Kismet (Linux, Sharp Zaurus)
  http://www.kismetwireless.net
• IBM Wireless Security Auditor (Linux, iPaq)
  http://www.research.ibm.com/gsal/wsa/
             Hacking Tools

Hacking tools are for pointed attacks to gain
access to secured wireless networks.
              WEP Cracking Tools

• WEPCrack
  http://wepcrack.sourceforge.net/
• AirSnort
  http://sourceforge.net/projects/airsnort/
• BSD-Tools dweputils
  http://www.dachb0den.com/projects/dweputils.html
           ARP Spoofing MitM Tools

• libradiate
  http://www.packetfactory.net/projects/radiate/
• ettercap
  http://ettercap.sourceforge.net
• dsniff
  http://naughty.monkey.org/~dugsong/dsniff/
• AirJack
   http://802.11ninja.net
Wireless Security Monitoring
       Need For Wireless Security
              Monitoring
• To protect the Wired network from Wireless
  Technology:
   – To Identify and locate wireless devices within the
     organization
   – Provide method of response
        Effective Wireless Security
                Monitoring
•   Complete area coverage
•   24/7 monitoring
•   Remote distributed sensors
•   Central data aggregation and analysis
•   Integration into enterprise network management
•   Scalability
Wireless Monitoring Product Types
Products that Scan Wired Network for
           Access Points
  • ISS Internet Scanner
    http://www.iss.net
  • Foundstone Foundscan
    http://www.foundstone.com
  • Qualys
    http://www.qualys.com
  • Nmap
    http://www.insecure.org/nmap/
Wireless Clients (laptop or PDA)
     walked around facility

• Netstumbler
  http://www.netstumbler.com
• Kismet
  http://www.kismetwireless.net
• Wellenreiter
  http://www.remote-exploit.org
• Air Magnet
  http://www.airmagnet.com/
 Enterprise Wireless Monitoring
            Solutions

• Air Defense
  http://www.airdefense.net/
• IBM Distributed Wireless Security Auditor
  http://www.research.ibm.com/gsal/dwsa/
• Isomair
  http://www.isomair.com/
• NETSEC Wireless Security Monitoring Service
  http://www.netsec.net/
Wireless Security Answer
           Wireless can be Secure

• Apply all security features of products
• Require Authentication and Authorization and
  Encryption
• Use the same well known network security solutions
  as wired networks including:
   – Network segmentation
   – Use of personal firewalls
   – Well defined, trainable, and enforceable security policy
• Perform Wireless Security Monitoring
     My Favorite Wireless URLs
Wireless Security Links
    – http://bengross.com/wireless.html
    – http://www.wirelessanarchy.com/

Wireless Industry News
    – http://www.80211-planet.com/

Wireless Blogs
    – http://www.wardriving.com/
    – http://80211b.weblogger.com/

Mailing Lists
    – wireless-subscribe@kismetwireless.net
    – wirelesslan-subscribe@yahoogroups.com
                     Questions?



Rick Doten
Director, Vulnerability Assessment Division
NETSEC
rdoten@netsec.net

								
To top