View
218
Download
0
Category
Tags:
Preview:
Citation preview
Security+All-In-One Edition
Chapter 10 – Wireless Security
Brian E. Brzezicki
WirelessLook No Wires!
Wireless
Attempt at communication using non-physical links. Examples
• Radio Waves
• Light Pulses
Often used for networking, but can be used simply to eliminate wires for device to device communication.
Wireless LAN protocols
802.11 standard
• Wireless LAN networking
• Data Link layer specifications
• Components– Access point (a type of bridge)– Wireless Card– SSID
802.11 family• 802.11b
– 11Mbs– 2.4Ghz (same as common home devices)
• 802.11a – 54Mbps– 5Ghz (not as commonly used, however absorbed by walls,
yielding less range possibly)• 802.11g
– 54Mbs– 2.4Ghz– Cards are generally backwards compatible and can serve as
802.11b or 802.11a• 802.11n
– Uses Multiple Input Multiple Output (MIMO)– 100Mbs– 2.4G or 5Ghz
Wireless Problems
• Easy to get access to airwaves, hard to restrict!
Talk about the attacks next.
Wireless Attacks
Wireless Attacks• War driving
– Wireless scanners– Netstumber (see next slide)
• Warchalking (2 slides)
(more)
NetStumbler
War chalking symbols
Man in the Middle
• Airsnarfing, put up a fake access point get people to connect with you.
Evesdropping and attaining non-authorized acess
• Evesdropping – Kismit – Air Snort – breaks WEP retrieves encryption keys
(security+ exam reference airsnort, even thought it’s no longer developed)
– aircrack-ng – breaks WEP and WPA-psk
Wireless Countermeasures
• Turn off SSID broadcasts (problems?)
• Enable MAC filtering (problems?)
• Use Encryption (we’ll talk about this next)
• Use Enterprise Mode for authentication
Transmission encryptionThere are many different types of wireless
encryption protocols• WEP
– Shared passwords (why is this bad?)– 64/40 or 128/104 bit key– Uses RC4– Easily crack able (due to key reuse)– Only option for 802.11b
(more)
Transmission Encryption• WPA PSK
– Shared password– Uses TKIP normally
• RC4 with changing keys
– Can use AES (not certified)• 128 bit key
• WPA2 PSK– Uses AES (normally)
• 128 bit key
– Can use TKIP• RC4 with changing keys
(more)
Transmission Encryption
• WPA or WPA2 in Enterprise Mode– Uses 802.1X authentication to have individual
passwords for individual users
• RADIUS – what was radius again?
• 802.11i – the official IEEE wireless security spec, officially supports WPA2
Wireless Device to Device Communication
Bluetooth
Bluetooth• What is Bluetooth
• What is the purpose of Bluetooth, is it networking?
• Bluetooth Modes– Discovery Mode– Automatic Pairing
Bluetooth Attacks
• Bluejacking – Sending forged message to nearby bluetooth devices– Need to be close– Victim phone must be in “discoverable” mode
• Bluesnarfing– Copies information off of remote devices
• Bluebugging– More serious– Allows full use of phone– Allows one to make calls– Can eavesdrop on calls
Bluetooth Countermeasures
• Disable it if your not using it
• Disable auto-discovery
• Disable auto-pairing
WAP
WAPWireless Application Protocol – a protocol developed
mainly to allow wireless devices (cell phones) access to the Internet.
• Requires a Gateway to translate WAP <-> HTML (see visual)
• Uses WTLS to encrypt data (modified version of TLS)
• Uses HMAC for message authentication• WAP GAP problem (see visual and explain)• A lot of wireless devices don’t need WAP anymore…
why?
WAP
WAP GAP
As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
Chapter 10 – Review QuestionsQ. What encryption protocol does WEP use
Q. What 2 key lengths does WEP support
Q. What encryption protocol does WPA2 use?
Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security?
Q. What does WAP use for security?
Chapter 10 – Review QuestionsQ. What is the WAP GAP
Q. Define how to accomplish a MiM attack on a wireless network
Q. What type of authentication concept would help against the attack above?
Q. What is one way office users could use wireless to violate network security?
Q. What is Bluetooth used for?
Q. What is Bluesnarfing?
Wireless security
• Access control– Turn off SSID broadcasts (problems)– MAC filtering (problems)
• Encryption– Discussed later
• Authentication– Use Radius and 802.1X
• Isolation– VLANs over wireless
Recommended