Wireless In Securities

  • Uploaded by: Shane Hartman
  • 0
  • 0
  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Wireless In Securities as PDF for free.

More details

  • Words: 797
  • Pages: 22
Shane Hartman – CISSP, GCIA, GREM Suncoast Security Society

        

Wireless Types Wireless Advantages / Disadvantages Wireless Insecurities – WEP Wireless Insecurities ‐ WPA Hardening wireless Detecting Rouge Wireless Wireless Intrusion Detection Demo cracking WEP Demo cracking WPA



802.11a  5 Ghz  300 ft. range  54 mb transfer rate



802.11b  2.5 Ghz  300 ft. range  11 mb transfer rate



802.11g  2.5 Ghz  150 ft. range  54 mb transfer rate



802.11n  2.5  Ghz/ 5 Ghz  1200 ft. range  Theoretical 300 mb transfer rate ‐ burst

     

Convenience Mobility Productivity Deployment Expandability Cost

   

Security Range Reliability Speed

 



Wireless Equivalent Privacy Part of the 802.11 standard to prevent eavesdropping and  data tampering Uses an RC4 cipher stream and “x no. of bits” key with a 24 bit  random number known as the initialization vector (IV)



WEP Key Recovery  WEP uses the same WEP key and different IV  The IV is limited from (0 – 16,777,215)   Eventually reusing the IV



Unauthorized data decryption and Data Integrity  Once the key is known it can be used to gain access to  data or the AP itself



Poor key management  Once set they remain the same  In Corp. environment people leave and the keys should  be changed but rarely are



No access point authentication  Authentication works one way   Clients authenticate to the AP but  The access point has no way of authenticating the  client

  

Wifi Protected Access Also known as 802.11i Moved away from the RC4 cipher steam of WEP  to :  TKIP (Temporal Key Integrity Protocol ) /and or  AES (Advanced Encryption Standard)



Used 4 way hand shake to authenticate and  encrypt



Poor key management  Once set they remain the same  In Corp. environment people leave and the keys should  be changed but rarely are



No access point authentication  Authentication works one way   Clients authenticate to the AP but  The access point has no way of authenticating the  client

 

Don’t use wireless – if possible User Layered Approach      

MAC Address filter Turn off SSID broadcast Don’t allow AP to issue IP Addresses Only allow access during certain times Use WPA2 – Large no dictionary key – Home Use WPA2 – With 802.1x port security aka (Radius)





Turn off auto connect to preferred networks on  clients (Karma) Establish VPN connection from wireless APs to  your office

  

Use “fake AP” and produce 53,000 Aps Apply protection to structure to prevent wireless Setup wireless intrusion detection

    

Implement a wireless security policy Provide for physical security Provide a supported WLAN infrastructure Implement 802.1x port‐based security on your  switches Limit the number of MAC addresses per port to  only one  SW2(config‐if) # switchport port‐security maximum 1



Use a wireless client to detect the AP  You have to be within range of the AP  Can be difficult to detect if not broadcasting  Hard to manage remote sites



Tools    

Airdefense – www.airdefense.net Airmagnet – www.airmagnet.com Netstumbler – www.netstumbler.com Kismet – www.kismetwirless.net





Much more difficult –You have to rely a lot on the  footprint that is leaves instead of outright  detection. Look for things like:    

Multiple MAC addresses to one port Larger than normal bandwidth usage on port Analysis of packets will show anomalies  Unusual DHCP entries



Issues / Problems  Hard to discern what is directed at you  True detection occurs after the packets pass through  your AP  Infrastructure is loosely put together support  connectivity besides intrusion detection  Little to no support for this type of detection

    

Arpwatch – http://www‐nrg.ee.lbl.gov Tools that do OS fingerprinting Nmap – www.insecure.org Xprobe – http://sys‐security.com/blog/xprobe2/ Nessus – www.nessus.org

     

           

http://www.intel.com/standards/case/case_802_11.htm Unwanted Wireless Signals Bounce Off This Paint ‐ http://www.informationweek.com/news/mobility/showArticle.jhtml?articleID=198001494 WLAN Keygenerator ‐ http://darkvoice.dyndns.org/wlankeygen/ Wireless Security: Why WPA2 is better than WPA ‐ http://www.thegeekpub.com/Home/ArticleView/tabid/59/selectmoduleid/399/ArticleID/64/reftab/65/Default.aspx WPA PSK Crackers: Loose Lips Sink Ships ‐ http://www.wi‐fiplanet.com/tutorials/article.php/3667586 SANS Reading Room – http://www.sans.org  Airdefense – www.airdefense.net  Airmagnet – www.airmagnet.com  Netstumbler – www.netstumbler.com  Kismet – www.kismetwirless.net Arpwatch – http://www‐nrg.ee.lbl.gov Tools that do OS fingerprinting Nmap – www.insecure.org Xprobe – http://sys‐security.com/blog/xprobe2/ Nessus – www.nessus.org Air Crack ‐ http://www.aircrack‐ng.org/ Air Replay ‐ http://www.wirelessdefence.org/Contents/Aircrack_aireplay.htm Airsnort ‐ http://airsnort.shmoo.com/ FakeAP ‐ http://www.blackalchemy.to/project/fakeap/ Hotspotter ‐ http://www.remote‐exploit.org/codes_hotspotter.html Karma ‐ http://theta44.org/karma/index.html MacChanger ‐ http://alobbs.com/macchanger/

Related Documents

Wireless
December 2019 39
Wireless
October 2019 41
Wireless
November 2019 32
Wireless
October 2019 33

More Documents from ""