Hacking Air Wireless State of the Nation. Presented By Adam Boileau

Similar documents
CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Wireless Network Security

Chapter 24 Wireless Network Security

Wireless Network Security Spring 2015

Wireless LAN Security. Gabriel Clothier

Wireless Network Security Spring 2016

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Wireless Attacks and Countermeasures

Network Security. Thierry Sans

FAQ on Cisco Aironet Wireless Security

Mobile Security Fall 2013

Network Encryption 3 4/20/17

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

What is Eavedropping?

COPYRIGHTED MATERIAL. Contents

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Network Security and Cryptography. December Sample Exam Marking Scheme

Wireless Security. Training materials for wireless trainers

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Layered Access Control-Six Defenses That Work. Joel M Snyder Senior Partner Opus One, Inc.

Wireless Network Security Fundamentals and Technologies

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Security in IEEE Networks

Wireless technology Principles of Security

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Wireless Networking Basics. Ed Crowley

How Insecure is Wireless LAN?

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Wireless LAN Security (RM12/2002)

LESSON 12: WI FI NETWORKS SECURITY

Implementing Cisco Network Security (IINS) 3.0

Standard For IIUM Wireless Networking

Security+ SY0-501 Study Guide Table of Contents

5 Tips to Fortify your Wireless Network

Requirements for Building Effective Government WLANs

Wireless# Guide to Wireless Communications. Objectives

Wireless Network (In)Security

Wireless Security and Monitoring. Training materials for wireless trainers

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

How Secure is Wireless?

CSA for Mobile Client Security

Securing a Wireless LAN

Hooray, w Is Ratified... So, What Does it Mean for Your WLAN?

Network Security and Cryptography. 2 September Marking Scheme

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Simple and Powerful Security for PCI DSS

NETWORK THREATS DEMAN

Chapter 11: Networks

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Configuring Cipher Suites and WEP

CTS2134 Introduction to Networking. Module 08: Network Security

Chapter 11: It s a Network. Introduction to Networking

Course. Curriculum ADVANCED ETHICAL HACKING

IPv6- IPv4 Threat Comparison v1.0. Darrin Miller Sean Convery

Exam Questions CWSP-205

COSC4377. Chapter 8 roadmap

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Securing Remote Access to IT Resources

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Family Structural Overview

Section 4 Cracking Encryption and Authentication

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Security Assessment Checklist

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

CSC 4900 Computer Networks: Security Protocols (2)

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless Security Algorithms

Wireless KRACK attack client side workaround and detection

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Configuring Layer2 Security

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Wireless Network Security

CE Advanced Network Security Wireless Security

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

An introduction to wireless security at home, on the road and on campus. Sherry Callahan and Kyle Crane

Chapter 1 Describing Regulatory Compliance

CS Final Exam

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

Configuring WLANs CHAPTER

Children s Health System. Remote User Policy

PRODUCT GUIDE Wireless Intrusion Prevention Systems

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach

Wireless Security Security problems in Wireless Networks

Appendix E Wireless Networking Basics

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Securing Wireless LANs with Certificate Services

Securing Your Wireless LAN

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Transcription:

Hacking Air Wireless State of the Nation Presented By Adam Boileau

Introduction Wireless in 2006 802-dot-what? Threats to Wireless Networks Denial of Service Attacks against Authentication Attacks against the Network Traditional attacks over wireless 802.11i, The Savior Attacks Against 802.11i Building Secure Wireless Networks

Wireless Networking in 2006 Statistics 2005, 120m wifi chipsets shipped 64% annual growth 90% of laptops have wifi Trends Wireless is everywhere Cellular, GPS, Wifi, RFID Gradual increase of 802.11a use in response to saturation WEP gradually being replaced by WPA, WPA2 VoIP over Wireless next killer app in the bad way? Wired 802.1X, 802.11i, Endpoint security converging Security Landscape Becoming harder to break into wireless networks......but also becoming harder to deploy!

A whirlwind of eight oh two dot stuff 802.11a/b/g Wireless LAN standards, including WEP Not equivalent to wired privacy at all! Shonky crypto, basic mistakes 802.1X wired ethernet port security generic enough to apply to 802.11a/b/g 802.11i RSN Robust Security Network another name for WPA2 802.11a/b/g + new crypto (AES) + 802.1X WPA 802.11a/b/g + bits of 802.11i RC4 + Temporal Key (TKIP) + 802.1X + better ICV (MIC) for legacy hardware that lacks support for WPA2 (has RC4- hardware crypto, but not AES)

802.soup

Denial of Service All wireless services are vulnerable to DoS attacks, accidental and deliberate Accidental: Other wireless networks, microwave ovens, cordless phones, AV transmitters Deliberate: Jammers, illegally powerful wireless networks, employees Countermeasures Good RF design to start with Tools to measure Layer-1 RF environment are available Business continuity the key to managing loss or degradation of wireless networks

Attacking Authentication: WEP WEP still widespread General belief still that WEP attacks are theoretical or impractical WEP cryptography totally broken Breaking WEP crypto sub 1 hour in the majority of cases Tools are sophisticated, attacks extremely practical Other powerful WEP attacks exist Chop-chop attack can read individual packets within a couple of minutes Possible to send traffic into a network without the WEP key WEP is unfit for any use whatsoever Most certainly not equivalent to wired privacy

Attacking the Network: Man in the Middle Attacker impersonates each party to the other Attacker pretends to be the server to the client, and the client to the server Traditionally done with DNS poisoning or ARP spoofing In wireless, can be DNS, ARP, Rogue AP even physically in the middle. Powerful technique for subverting authentication In cryptographic systems, MitM attacks the keyexchange process Only mitigation is PKI SSL certs, SSH keys, DNSSec, IPSec Insidious class of attack that can defeat all systems that do not use mutual authentication

Traditional Attacks over Wireless Wireless stations are mobile, transient, and vulnerable to all the classic attacks Viruses, trojans, worms, network buffer overflows, Anna_Kournikova.jpg.exe Vulnerable while at public hotspots, hotels, airports Wireless stations are part of your temporal network perimeter Moving between trust zones is a risk Attack the weakest link using wireless for the anonymity Wireless networks as a covert backchannel Classic stories of covert wireless devices being installed on corporate networks, eg. inside an xbox!

Traditional Attacks over Wireless Probing Client attack Wireless stations probe for their configured networks An attacker sees probes, responds by creating a network to match Attacks client via fake network Perhaps chooses network with weakest security posture The wireless station might be connected to the corporate wired network! Worst case, system is configured to route, eg. ICS Best case, an attacker has to break in first Even if you secure all your Access Points, are your client systems going to give up your secrets?

Useless defenses Closed/Hidden SSIDs Only hidden in beacons, not in probe responses 802.11b Shared auth Actually worse than open association, because it leaks RC4 PRGA! MAC Filtering Trivially bypassed: ip link set wlan0 address 00:de:ad:be:ef:00 Manual WEP Key rotation We change our keys once a week!, oh how cute. Pre-WPA Proprietary WEP Enhancements Generally don't address all WEP's problems Any or all of the above Still broken!

802.11i, the Savior? 802.11i has: potentially strong auth strong crypto replay protection (poor SACK-based QoS!) key management Does this sound like a VPN to you? Basically implements 802.1X + AES as a layer-2 specific, non-routable VPN technology Which is great! But... all the hassle of a VPN (complex client software, complex auth, PKI, user education)

Attacking Authentication: 802.11i/802.1X 802.11i standard delegates security to EAP Methods Different methods for password, certificate, SIM, etc. Some EAP methods are better than others Online dictionary attacks against password-based auth Enforce minimum password quality standards Offline dictionary attacks against EAP-MD5, EAP-LEAP Compound Binding Problem with EAP encapsulation Combining two secure EAP methods to produce an insecure result Loads of complexity Plenty of fruitful areas for bugs and vulnerability research Can be hard to configure correctly

Building Secure Wireless Networks Building wireless networks is too easy Because everyone can do it, everyone thinks they should Secure wireless networking is not easy 802.11i is complex, but so are the problems it has to solve It is possible to build secure wireless networks...... and it is mandated by the PCI-DSS! Combination of policy, design, education and technological enforcement Remember the CISSP triad availability is the real killer for wireless Think long and hard about VoIP over Wireless

Building Secure Wireless Networks WEP is not part of a secure wireless network Even with 802.11i, it's better to think of wireless networks as a remote-access technology, rather than a wired-lan-replacement technology Wireless infrastructure is part of your network perimeter Needs as much care and attention as your firewalls and routers Implement defense in depth Closed SSID, mac filtering, 802.11i with appropriate EAP method, terminating in a DMZ with firewalling, IDS, proper logs, and someone to read them! Remember Mutual Authentication! 802.11i mandates mutual authentication. Without it you have nothing.

Building Secure Wireless Networks Ensure policy prohibits connection of unsanctioned wireless access points Configure client machines to only associate with corporate access points Wireless IDS/IPS actually more useful than in most environments Configure to detect probing clients, Rogue APs, and provide performance metrics End-to-end VPN technology and aggressive host firewalling still required for road-warrior users 802.11i is a station-to-ap VPN only

Questions? http://www.security-assessment.com adam.boileau@security-assessment.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback