Wireless Network Defensive Strategies

Similar documents
Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Wireless Attacks and Countermeasures

Analyzing Wireless Security in Columbia, Missouri

Wireless LAN Security (RM12/2002)

Overview of Security

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Attack & Defense in Wireless Networks

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Security Analysis of Common Wireless Networking Implementations

Wireless technology Principles of Security

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

CS263: Wireless Communications and Sensor Networks

Security in IEEE Networks

Wireless Networking Basics. Ed Crowley

Decision Computer Group

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Activity Configuring and Securing a Wireless LAN in Packet Tracer

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

CIT 380: Securing Computer Systems. Network Security Concepts

Wireless Router at Home

Wireless Technologies

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Section 4 Cracking Encryption and Authentication

How Insecure is Wireless LAN?

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Shared Access Networks Wireless. 1/27/14 CS mywireless 1

Part 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper

Wireless Communication and Networking CMPT 371

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Wireless Network Security

What action do you want to perform by issuing the above command?

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

What is Eavedropping?

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Basic Wireless Settings on the CVR100W VPN Router

Advanced Security and Mobile Networks

Release Notes for Avaya WLAN 9100 Access Point Operating System (AOS) Release

HACKING & INFORMATION SECURITY Presents: - With TechNext

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

ABSTRACT. The rapid growth in Wireless networking brought the need for securing the wireless

WarDriving. related fixed line attacks war dialing port scanning

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

5 Tips to Fortify your Wireless Network

PRODUCT GUIDE Wireless Intrusion Prevention Systems

ECE 435 Network Engineering Lecture 8

123 Manual, LP-1522 Broadband Wireless AP/Router, Point to point/ Point to Multipoint plus Access point installation mode.

LESSON 12: WI FI NETWORKS SECURITY

Wireless LAN -Architecture

Topic 2b Wireless MAC. Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point

Applied Methodologies, Inc. Wireless Security Audit produced for NYC Utility

Wireless MAXg Technology

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

Wireless Network Security

ShenZhen Foscam Intelligent Technology Co., Ltd

D-Link AirPlus G DWL-G700AP

ECCouncil Certified Ethical Hacker. Download Full Version :

NM6000 User's guide v1.2

5. Execute the attack and obtain unauthorized access to the system.

Distributed Queue Dual Bus

1. What is a network protocol and why are protocols needed when two machines communicate? 2 marks

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Chapter 5 Local Area Networks. Computer Concepts 2013

Chapter 5 Advanced Configuration

WIDS Technology White Paper

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

Multiple Access in Cellular and Systems

EXPLOITING CLOUD SYNCHRONIZATION TO HACK IOTS

1. Press "Speed Test" to find out your actual uplink and downlink speed.

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

CS Final Exam

EnGenius Quick Start Guide

Configuring the Wireless Parameters (CPE and WBS)

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

WI-FI HUB+ TROUBLESHOOTING GUIDE

Security SSID Selection: Broadcast SSID:

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Chapter 4. The Medium Access Control Sublayer. Points and Questions to Consider. Multiple Access Protocols. The Channel Allocation Problem.

Dolphin-M. User s Manual

Information Security in Corporation

CSE 461: Multiple Access Networks. This Lecture

Recurrent Security Gaps In ac Routers

Wireless Security Security problems in Wireless Networks

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

FEATURES HARDWARE CONNECTION

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Network Security. Thierry Sans

CWNA Exam PW0-100 certified wireless network administrator(cwna) Version: 5.0 [ Total Questions: 120 ]

HiPER 518W-Plus. 300Mbps Wireless 3G VPN Router. Overview. Features DATA SHEET. Highlights

Link Layer. (continued)

Networking. Prof. Abdul Hameed

Wireless Network Security Spring 2016

Radiolabs Bridge in a Box Setup

Wireless Networks. Lecture 4: Wireless Networking Devices. Assistant Teacher Samraa Adnan Al-Asadi 1

AplombTech Smart Router Manual

Transcription:

Wireless Network Defensive Strategies Jay A. Crossler ECE 646 Analytical Project 12 Dec 2003

Topics Wireless Security Intrusion Experiment Initial Findings Attempted Attacks Results WEP Vulnerabilities Other Tools Used Secure Configurations Recommendation Summary 2

Wireless has become critical Wireless Local Area Networks used: By Emergency Response Workers after 9/11 By police and terrorist response cells By government agencies to control remote security cameras Within the top five Stock exchanges throughout the world To Monitor critical patient status and retrieve medical records In over 200 wireless networks discovered while walking downtown DC and Pentagon City 3

Basic Wireless Configuration Out of the box: Can plug and play on most networks Default Admin password on router SSID set to broadcast mode DHCP enabled No MAC or IP filters No WEP key enabled 4

Intrusion Experiment Question: How easy is it to gain admin access to 30 local wireless networks? Answer: Very, very easy on 28 of them. 5

Step 1: Built a map of 30 local wireless systems Intrusion Experiment Initial Findings Used NetStumbler on a laptop and MiniStumbler on an ipaq to locate and analyze networks and settings 6

Intrusion Experiment Initial Findings (cont) Results: - Level 1 23 Systems had never changed the default password or enabled any security - Average intrusion time: 15 minutes to gain root access - Level 2 5 Systems had disabled SSID broadcasts and/or set a 56-bit WEP key - Average intrusion time: 4 hours to gain root access - Level 3 2 Systems had either a 128-bit key or VPN or both - Average intrusion time: did not achieve 7

Step 2: Used Kismet/KisMAC and Ethereal to sniff hidden SSIDs, MAC and IP addresses Intrusion Experiment Attempted Attacks Connected to 192.168.0.1 or router IP. Used router MAC to find device maker, or try to connect to find device name. Retrieved password from product docs on internet. 8

Intrusion Experiment Attempted Attacks (Cont) Step 3: Use Kismet/AirSnort to attempt to crack WEP keys (need about 1 Gig of packets sniffed) Use Ethereal to sniff names, passwords, websites, email, bank codes 9

Results: Intrusion Experiment Results Access to 28 networks was obtained Access to 5 networks that owners thought were secure was obtained Access to 2 live networks with 128-bit security was NOT obtained (not enough packets) Access to personal test network with 128-bit WEP was obtained (with continuous packet stream) 10

WEP Vulnerabilities Wireless Encryption Protocol (WEP) Commonly the only security used Susceptible to known attacks on Initialization Vectors Data encrypted with RC4 A stream cipher Keys vulnerable to known plaintext attacks CRC-32 used to check integrity of data Only a linear checksum is used: not sufficient 11

WEP Initialization Vectors (IV) WEP has: 16 Million possible IVs 9000 of which are weak A weak IV can expose one byte of the key 5% chance of revealing key byte AirSnort Attack collects and sorts IVs Statistically analyzes possible key bytes Shows tendency towards correct byte of key Need very large number of packets 12

Other Tools Used Pringle Can Antenna $10 antenna extended range to 1km (receive) and 400m (transmit) Signal Strength Meter KisMAC was very useful for relocating networks Lego Mindstorm Aiming arm Built a targeting device for relocating networks through an IR control 13

Security Configuration Suggested Configuration Techniques: Realize that WEP is not secure Remove wireless networks from LAN devices Remove SSID broadcasts; rename SSIDs Hard Code MAC addresses and IPs into allow-list Change encryption keys Look for Rogue access points Change Router Admin Password 14

Security Configuration Level III Configuration: Virtual Private Network Time: 5 hours to install Linux on 486 FreeS/WAN SSH Sentinal (SSH Tectia) Enable 3DES encryption www.freeswan.org www.ssh.com 15

Attacks on Reliability 1km Denial of Service using Pringles Can Easy to mount Exploit Carrier Sense Multiple Access with Collision detection (CSMA/CD) Transmit continuous stream of data packets Can be done with very low power Difficult to detect Transmit Clear To Send (CTS) and Request To Send (RTS) packets 16

Take Aways Wireless Security is critical Many people never change default router password It is easy to crack WEP in many routers It is easy to deny service to some wireless networks from 1 km away Simple fixes can greatly improve security 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback