Wireless LAN Security: Hacking Techniques and Protection BRKEWN-2020

Similar documents
D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless LAN Security. Gabriel Clothier

Wireless KRACK attack client side workaround and detection

Configuring Layer2 Security

Securing a Wireless LAN

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Appendix E Wireless Networking Basics

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

FAQ on Cisco Aironet Wireless Security

802.1X: Deployment Experiences and Obstacles to Widespread Adoption

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

WLAN Roaming and Fast-Secure Roaming on CUWN

Authentication and Security: IEEE 802.1x and protocols EAP based

Cisco Questions & Answers

Wireless Attacks and Countermeasures

Chapter 24 Wireless Network Security

Security in IEEE Networks

COPYRIGHTED MATERIAL. Contents

Wireless Network Security Spring 2016

Securing Wireless LAN Controllers (WLCs)

Wireless Network Security Spring 2015

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

TestsDumps. Latest Test Dumps for IT Exam Certification

Configuring the Client Adapter through Windows CE.NET

Section 4 Cracking Encryption and Authentication

Cisco Exactexams Questions & Answers

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Configuring WLANsWireless Device Access

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Wireless Network Security

Secure Wireless LAN Design and Deployment

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Wireless technology Principles of Security

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Cisco Exam Questions & Answers

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

Exam Questions CWSP-205

What is Eavedropping?

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

Configuring Authentication Types

Securing Your Wireless LAN

Authentication and Security: IEEE 802.1x and protocols EAP based

Configuring Wireless Security Settings on the RV130W

Configuring Management Frame Protection

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

WPA-GPG: Wireless authentication using GPG Key

FinIntrusion Kit / Release Notes. FINFISHER: FinIntrusion Kit 4.0 Release Notes

Mobile Security Fall 2013

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Managing Rogue Devices

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Wireless Intrusion Detection System

ClearPass QuickConnect 2.0

WPA Passive Dictionary Attack Overview

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

GETTING THE MOST OUT OF EVIL TWIN

Implementing X Security Solutions for Wired and Wireless Networks

Configuring Cipher Suites and WEP

Configuring a VAP on the WAP351, WAP131, and WAP371

Wireless Network Security

Configuring the Client Adapter through the Windows XP Operating System

LESSON 12: WI FI NETWORKS SECURITY

Configuring the Client Adapter through the Windows XP Operating System

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

Configuring the WMIC for the First Time

Security Setup CHAPTER

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

ENHANCING PUBLIC WIFI SECURITY

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Selected Network Security Technologies

Physical and Link Layer Attacks

b/g/n 1T1R Wireless USB Adapter. User s Manual

Cisco Actualtests Exam Questions & Answers

Trusted AP Policies on a Wireless LAN Controller

Configure Network Access Manager

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

802.1X: Background, Theory & Implementation

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

Managing Rogue Devices

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Standard For IIUM Wireless Networking

Configuring a WLAN for Static WEP

Workgroup Bridges. Cisco WGBs. Information About Cisco Workgroup Bridges. Cisco WGBs, page 1 Third-Party WGBs and Client VMs, page 9

Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach

W hy i OS (Android & others) F ail i nexplicably?

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Securing Wireless Enterprise Networks.

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

CUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide

CertifyMe. CISCO EXAM QUESTIONS & ANSWERS

Transcription:

Wireless LAN Security: Hacking Techniques and Protection BRKEWN-2020

WLAN Hacking Techniques Topics to discuss What this session is about Attack Taxonomy Well Known broken technologies Incorrectly used technologies DoS Attacks XSS Webauth highjack 2

What this session is about? Understand security issues from a wireless perspective Know how to protect your network Know how real attacks look like How issues can arise from errors in Implementation 3

Attack Taxonomy Some classification helps 4

Attack Taxonomy What is an Attack? Exploiting a vulnerability What is a Vulnerability? It is a weaknesses that allows an attacker to reduce a system information assurance (wikipedia) 5

Attack Taxonomy Multiple classifications are possible Passive Attacks: Eavesdropping Traffic Analysis Active Attack Protocol Based Denial of Service Impersonation Resource starvation Privilege escalation 6

Terminology Let s be clear 7

Terminology Wireless Technology 802.11 WPA WPA2 Authentication PSK - 802.1x(EAP) Encryption TKIP WEP AES- CCMP 8

Terminology Supplicant Authenticator Backend Auth Server 802.1x over 802.11 data Radius [79] over UDP Probe req/resp Authentication req/resp Association req/resp EAP Authentication 9

EAP Protocol Attacks A zoo with lots of Animals 10

EAP protocols Attacks What is EAP? Extensible Authentication Protocol, RFC 3748 It is an authentication framework over data link layer Used commonly over PPP or 802.1x networks What Protocols are over EAP? -> A lot EAP-MD5: defined by IETF, minimal security LEAP: defined by Cisco, obsolete and vulnerable EAP-TLS: RFC 5126, PKI based, high security, complex PEAP: joint effort, very common support, multiple inner methods EAP-Fast: TLS based, evolution of LEAP/PEAP, intended to be easier to implement And many more: EAP-IKE, EAP-AKA, EAP-TTLS, EAP-SIM, etc, etc 11

EAP protocols Attacks II Possible Attacks against EAP Dictionary based attacks: capture packet exchange, then do offline analysis. May use cryptographic shortcuts Impersonation attack: take the role of client (supplicant) or of AP (authenticator) DoS: break valid connections MitM(Man in the Middle attack): intercept complete conversation and highjack the session 12

EAP protocols Attacks III Protocol Comparison Example Protocol Dictionary Attack MitM Impersonation EAP-MD5 LEAP EAP-TLS EAP-FAST (configuration) (configuration) PEAP (implementation) (configuration) 13

EAP-TLS, secure but can be incorrectly used How to use a nice technology incorrectly 14

EAP-TLS, secure but be used incorrectly EAP-TLS is secure authentication algorithm Allows mutual authentication between supplicant and authenticator It is offered by almost all wireless infrastructure and client vendors It can be hard to implement: PKI handling is difficult to do properly, certificate renewal may be an issue on some cases Extensive support on dual factor systems (token cards, etc) Fairly secure: so how can we break it? if trust checks were not set properly. 15

EAP-TLS, secure but you can break it EAP-TLS needs two certificates 1. Server side: it identifies the authenticator, and it allows client to know who it is talking to 2. Client side: it provides the identity of the client to be validated by the authenticator (AP/WLC, etc) Typical problem, taking shortcuts: instead of buying certificate to third party, or implementing proper certificate trust in the domain, client is configured to do not validate 16

EAP-TLS, secure but you can break it ADU ProSet 17

EAP-TLS, Attack Recipe What you need: Authenticator that can ignore client identity Example: WLC configured to ignore identity, or FreeRadius A victim A mechanism to be a interesting peer for the victim 18

EAP-TLS, Attack Recipe WLC example, just tell it to ignore everything (Cisco Controller) >show local-auth config User credentials database search order: Primary... Local DB Timer: Active timeout... 300 Configured EAP profiles: Name... cisco Certificate issuer... vendor Peer verification options: Check against CA certificates... Disabled Verify certificate CN identity... Disabled Check certificate date validity... Disabled EAP-FAST configuration: Local certificate required... No Client certificate required... No Enabled methods... tls Configured on WLANs... 1 19

EAP-TLS, Attack Recipe Match real SSID ((Cisco Controller) >show wlan 1 WLAN Identifier... 1 Profile Name... mycompany Network Name (SSID)... mycompany Status... Enabled Interface... management Authentication... Global Servers Accounting... Disabled Dynamic Interface... Disabled Local EAP Authentication... Enabled (Profile badguy') Security 802.11 Authentication:... Open System Static WEP Keys... Disabled 802.1X... Disabled Wi-Fi Protected Access (WPA/WPA2)... Enabled WPA (SSN IE)... Disabled WPA2 (RSN IE)... Enabled TKIP Cipher... Disabled AES Cipher... Enabled Auth Key Management 802.1x... Enabled 20

EAP-TLS, Attack Success! Client is now associated to me (Cisco Controller) >show client summary Number of Clients... 4 MAC Address AP Name Status WLAN/Guest-Lan Auth Protocol Port Wired ----------------- ----------------- ------------- -------------- ---- -------- ---- ---- - 00:1b:77:42:1c:99 LAP1240-4 Associated 1 Yes 802.11g 8 No 00:1e:be:25:d6:52 LAP1240-4 Probing N/A No 802.11b 8 No 00:1f:3c:ab:b6:c5 LAP1240-4 Probing N/A No 802.11b 8 No 00:40:96:b4:47:6d LAP1240-4 Probing N/A No 802.11b 8 No 21

EAP-TLS, can I catch this? Rogue detection can see this, and flag as malicious: (Cisco Controller) >show rogue ap summary Rogue Location Discovery Protocol... Disabled Rogue on wire Auto-Contain... Disabled Rogue using our SSID Auto-Contain... Disabled Valid client on rogue AP Auto-Contain... Disabled Rogue AP timeout... 1200 MAC Address Classification # APs # Clients Last Heard ----------------- ------------------ ----- --------- ----------------------- 00:15:2b:d9:59:80 Unclassified 1 1 Thu Feb 18 14:05:42 2010 00:1e:be:81:95:20 Unclassified 1 0 Thu Feb 18 13:59:42 2010 00:21:1c:7a:43:e0 Malicious 1 1 Thu Feb 18 14:02:42 2010 00:a0:c5:f4:7b:b7 Unclassified 1 0 Thu Feb 18 14:02:42 2010 22

EAP-TLS, can I catch this? Rogue rules can easily detect a fake AP: (wlc) >show rogue ap malicious summary Number of APs... 2 MAC Address State # APs # Clients Last Heard ----------------- ------------------ ----- --------- ----------------------- 00:1e:4a:8f:75:70 Alert 2 1 Wed May 5 10:17:46 2010 00:21:1b:64:62:00 Alert 2 0 Wed May 5 10:17:46 2010 23

EAP-TLS, can I catch this? MFP will generate alerts if BSSID is spoofed (wlc) >show wps mfp statistics BSSID Radio Validator AP Last Source Addr Found Error Type Count Frame Types ----------------- ----- -------------------- ----------------- ------ -------------- ---------- ----- ------ 00:1c:b0:ea:63:02 b/g LAP1242-28 00:1C:B0:EA:63:02 Infra Missing MFP IE 53 Beacon 24

LEAP, lightweight EAP Not enough for current security requirements 25

LEAP Introduces accommodations for WEP key rotation. Used extensively in wireless, not in wired 802.1x. Lightweight hence the name Lightweight EAP. Can be programmed into the DSP of the wireless NIC for very fast, hardware based, authentication. 26

LEAP Supplicant Authenticator Backend Auth Server Code= Request Type= Identity Code= Response Type= Identity Code= Request Type= 17 (LEAP) Code= Response Type= 17 (LEAP) Type-Data= username Type-Data= client-challenge Type-Data= client-challenge-resp. 27

LEAP Supplicant Authenticator Backend Auth Server Code= Success Code= Response Type= 17 (LEAP) Code= Response Type= 17 (LEAP) Type-Data= server-challenge Type-Data= server-challenge-resp Radius-Accept 28

LEAP - Recipe Trivial password recovery What you need: Sniffer capture of authentication exchange Either be patient or kick user out to obtain exchange Main tools available: Asleap (linux, windows port) THC-leapcracker 29

LEAP Step 1 Asleap: Uses dictionary hash calculation THC-leapcracker: brute force Dictionary is faster, but only as good as the initial dictionary input Brute Force: slow, but should catch harder variations 30

LEAP Step 1 Hash generation Let s focus on Asleap: hash generation 31

LEAP Step 2 Obtaining Exchange 32

LEAP Step 2 Obtaining Exchange 33

LEAP Step 3 Decoding Ah, that is easy password! 34

LEAP Step 3 Decoding Ok something better 35

LEAP Can I catch this? No, if attacker has patience Yes, if he/she uses combined Deauth attacks Best prevention: do not use LEAP 36

Security Through Obscurity Hidden SSID Proven wrong over and over again 37

Hidden SSID (non-broadcast) Still a common topic: people hiding the SSID as security measure Clients prefer broadcasted SSID No RF time savings by removing it Only benefit: accidental double click by guest/passing users Also, complying with auditors 38

Hidden SSID (non-broadcast) Can we find it? Not in the beacons 39

Hidden SSID (non-broadcast) Just wait for client or deauth it so it has to reconnect 40

WPA Preshared Key Attack Nice and easy, not up to Enterprise security levels 41

WPA(2)-PSK Allows secure authentication of 2 parties, without Radius server Easy implementation, designed for home use If key is compromised, you need to change all devices in the network As any shared key algorithm, it is vulnerable to brute force/dictionary attacks Key space is from 8 to 63 bytes If you have PSK + EAPoL exchange, you can decrypt traffic! 42

WPA(2)-4way handshake Supplicant Snonce=Random EAPoL M1 (ANonce, etc) Auth Server Snonce=Random EAPoL M2 (SNonce, MIC, RSNIE, etc) EAPoL M3 (Key RSC, Anonce, MIC, RSNIE, GTK[keyID], etc) EAPoL M4 (MIC, etc) 43

WPA-PSK Recipe Main ingredient: EAPoL exchange (M1 to M4) + SSID name For 8 characters + numbers: brute force, Cain tool : 750 years For 10 characters + numbers: brute force, Cain tool : 673706 years Maybe too long!! 44

WPA-PSK Observations A pure brute force classical attack is not really feasible for keys longer than 8 characters Dictionary attacks are real, but easy to protect Several optimizations in the market make PSK weak GPU based tools Rainbow Tables 45

WPA-PSK GPU attacks Basic laptop 2200 key tests per second on brute force High end card 52400 key tests This means between 2.5 and 61.5 years vs 750 on same key space when compared to CPU attacks 46

WPA-PSK Rainbow table attacks Rainbow table: look up table, used to recover plaintext password from a password hash You can generate your own: pyrit (GPU accelerated) You can download: Church of WiFi 40 GB for 1000 most common SSID names for 1M possible passwords, generated by FPGA hardware in 3 days FPGA for this is open source cowpatty tool can use rainbow table If your SSID matches, and the password was in the dictionary: recovering is a matter of seconds. http://imgs.xkcd.com/comics/security.png 47

WPA-PSK Summary To be secure, you need a real random password, with more than 12 characters (the more the better) Avoid pre calculated SSIDs Remember, this is WPA and WPA2, irrelevant of encryption used. If you got PSK, and EAPoL exchange, you can decrypt all captured traffic for that EAPoL session If PSK key is compromised, you need to change all devices : not good for enterprise security 48

DoS Killing it 49

DoS Attacks Resource Starvation You can always send too much of something Workarounds for some of the techniques Protocol Based Ping of Death Can be device bugs, or protocol weaknesses Wireless has large availability of potential DoS attacks: TKIP MIC, Auth flood, Assoc flood, Deauth, NAV, RF Jamming, etc Our equipment has detection and prevention countermeasures. 50

DoS - RF Easy to do, easy detection, but effective 51

DoS TKIP MIC Good example of protocol based MIC is used as protection for weak checksum algorithm If 2 group key errors are detected, AP starts countermeasures killing the BSSID for 60 seconds MIC weaknesses are used as part of the TKIP injection attacks (Beck-Tews, Halvorsen, Ohigashi-Morii) Effect: you can DoS any TKIP based network 52

DoS TKIP MIC Recipe What do you need? attack tool: mdk3 (covers multiple DoS techniques) You can add to most distributions, or use backtrack 53

DoS TKIP MIC Recipe 54

DoS TKIP MIC Can I catch it? Yes, MIC errors are reported show trapl Number of Traps Since Last Reset... 427 Number of Traps Since Log Last Displayed... 2 Log System Time Trap --- ------------------------ ------------------------------------------------- 1 Mon May 3 15:26:11 2010 WPA MIC Error counter measure activated on Radio with MAC 00:1c:b0:ea:63:00 and Slot ID 0. Station MAC Address is 00:40:96:b5:11:19 and WLAN ID is 6 You can disable countermeasures, so you are not affected -> price: more vulnerable to traffic injection attacks Be careful with false positives Best action: use WPA2+AES 55

DoS TKIP MIC Recipe show traplog Number of Traps Since Last Reset... 427 Number of Traps Since Log Last Displayed... 2 Log System Time Trap --- ------------------------ ------------------------------------------------- 1 Mon May 3 15:26:11 2010 WPA MIC Error counter measure activated on Radio with MAC 00:1c:b0:ea:63:00 and Slot ID 0. Station MAC Address is 00:40:96:b5:11:19 and WLAN ID is 6. 56

DoS 802.11 Floods Management traffic on 802.11 can be spoofed Floods can lead to resource exhaustion: Thousands of source addresses trying to associate to same AP Memory is reserved, association IDs used, CPU utilization is high, etc No easy solution: Rate limiting on AP Client MFP only limited protection Impact is limited: temporary loss of service 57

DoS in 802.11 How to protect: WLC, 12.4(21a)JY have DoS auth prevention Detection is best option Floods show clearly on WLC default signatures Protocol attacks like NAV changes can be easily detected WCS maps can show approximate location MFP can detect spoofed Aps Rogue rules can easily catch fake APs 58

XXS Sneaking the link 59

XSS Cross-site scripting Injecting client side script into webpages One of the most common types of attacks It has opportunistic component 60

XSS Cross-site scripting Some clients have protection (IE8 for example) 61

XSS Cross-site scripting Cisco does extensive tests on all web applications User side should not be forgotten Intended action will be under the user security context 62

Webauth Highjack No L2 security, gets you that. 63

Webauth Highjack Used on hotspot and guest access networks Provides Web based authentication over an open L2 network 64

Webauth Highjack Open networks means no security protection at wireless level No encryption or authentication! It is perfectly possible to launch attacks at L2 level, and highjack connections MAC spoofing is trivial 65

Webauth Highjack Attack is as simple as either kill valid client, or wait until it is not on the network, then use its address 802.11 makes very difficult to prevent MAC spoofing, unless you have L2 auth/encryption (WPA, WPA2) Prevention is to use guest on isolated environments (DMZ), and limit the APs servicing it Alternative: PSK + Webauth 66

IP Address attacks IP Spoofing, highjack and others 67

IP Address Attacks Not specific to Wireless Mentioned here due to several mechanisms present on WLC to provide protection DHCP Required IP/MAC Address binding IP Theft ARP spoofing IP can be trivially spoofed. Objective could be: Highjack connection (webauth, traffic default gateway, etc) DoS. (prevent connection to a resource) 68

DHCP Attacks Exhaust of DHCP addresses Easy on wired, not so on wireless due to 802.11 process needed DHCP spoofing Answering on behalf of server. It could be accidental sometimes. Option 82 can help WLC makes unicast to server on default configuration Controller can enforce protections on wireless side DHCP required: nice, but be careful with non-windows clients. Any new associated client must complete DHCP 69

IP Attacks ARP spoofing WLC is ARP proxy all the time No direct client to network ARP traffic by default Used to redirect traffic (typically default gateway) Newer versions will blacklist client if spoofed ARP matches default gateway IP Spoofing IP/MAC address binding in 5.2 and higher prevents address change, this could break Mac OS due to DNAv4 (network discovery) On webauth, it triggers new webauth authentication 70

IP Attacks IP Spoofing detection: *%APF-4-REGISTER_IPADD_ON_MSCB_FAILED: apf_foreignap.c:1331 Could not Register IP Add on MSCB. Identity theft alert for IP address. Address:00:40:96:b5:11:19 DHCP Required in action %DTL-1-ARP_POISON_DETECTED: dtl_net.c:1394 STA(Target MAC Address) [00:40:96:b5:11:19, 0.0.0.0] ARP (op ARP REQUEST) received with invalid SPA(Source IP Address) 192.168.32.94/TPA(Destination IP Address) 192.168.32.1 IP address change prevention: 71

Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Cisco Preferred Access points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center. Don t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com. 72

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback