View
244
Download
2
Embed Size (px)
Citation preview
Copyright © 2014 CyberSecurity Malaysia
Internet and Computer Security Awareness
Wireless Network Security
Introduction
Copyright © 2014 CyberSecurity Malaysia
The popularity of wireless networks are due to the cost effectives in deployment, no cabling required compared to wired network and easy to use as well as flexible deployment.
WiFi networks are everywhere!
Goals
3
After completion of this lesson, our wireless communication will never be the same as we will the potential threats associated to the wireless network.
Beware of invisible wireless hacker!
Copyright © 2014 CyberSecurity Malaysia
Objectives
4
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
The Invisible Hacker: WiFi Hackers
5
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
WiFi Network Architecture & Principle
6
Station (STA)
Access Point (AP)
SSID
Vendor OUI
Cisco (Aironet) 00-04-96
Agere (Orinoco) 00-02-2D
Nokia 00-e0-03
Linksys 00-04-5a
00-04-5a-03-3c-0f
OUI(Organizationally Unique Identifier)
1
Station (STA)
Station (STA)
2
Station (STA)
Access Point (AP)
ESSID
3
BSSID = AP MAC AddressMAC Address
4
5
6
Station (STA)
Access Point (AP)
SSID
MAC Address
Attacker/ Auditor
Access Point (AP)
Access Point (AP)
Managed Mode
Monitor Mode
Master Mode
Ad Hoc Mode
http://standards.ieee.org/regauth/oui/index.shtml
Infrastructure
Ad-hoc
Copyright © 2014 CyberSecurity Malaysia
WiFi Operation Modes
7
Station (STA)
Access Point (AP)
SSID
1
Station (STA)
Station (STA)
3
Managed Mode Master Mode
Ad Hoc Mode Ad Hoc Mode
Monitor Mode
2
4
Copyright © 2014 CyberSecurity Malaysia
WiFi Networking
8
Probes Station
Access Point
Beacons
Probes Request Station
Access PointProbes Response
1
2
3
4 Station Access PointProbe Request
Probe ResponseAUTH Request
AUTH Response
Assoc Request
Assoc Response
Copyright © 2014 CyberSecurity Malaysia
The Invisible Hacker: WiFi Hackers
9
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
Wired Network: Possible Attacks
10
Virus & Malware
Attackers
Data Theft
INTERNET
INTRANET
SECURE ENTERPRISE PERIMETER
Desktop
Server
Inside Threat
Copyright © 2014 CyberSecurity Malaysia
Wireless Network: Possible Attacks
11
Hacker
INTRANET
INTERNET
Desktop
1 Rogue AP Connected to Network
3 Non-Compliant AP
5 Users Bypassing Network Security Controls
Public Wi-Fi AP
2 Leaked Wired Traffic & Insertion
6 Wi-Fi Phishing
Legitimate Wi-Fi AP Evil Twin
Laptop
AP
Mobile UserServer
4 Neighboring AP
Wi-Fi Network aggravatesThreats to Enterprise Networks
The Invisible Hacker: WiFi Hackers
12
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
WiFi Hacking Highlights
13
A North Carolina Medical Consulting Firm
Broke into the computer system of a local medical consulting firm & illegally accessed information of hundreds of patients, including checks and insurance forms
Wireless hackingbust in Michigan
Two Michigan men repeatedly cracked Lowe’s nationwide network from a 1995 Pontiac Grand Prix parked outside a suburban Detroit store.
Charged with penetrating and intentionally damaging a Lowe’s system.
First hopped onto the Wi-Fi network at the store to access the company’s central data center at Lowe’s headquarters.
Deployed hacking software, in one case crashing the point of sale terminals.
A California Public School District
Unprotected WLAN allowed full unauthorized access to sensitive files & enabled hackers to upload their own files into
servers
A Texas County CourtHackers accessed information filed by the clerk of courts by using only a laptop & wireless card
A Wholesale club
Hacked via wireless network at a store location, credit card data was stolen AND used to the tune of $20M. The lax security found by the FTC to be an “unfair trade practice”; now under 9 years of probation and have to institute security measures and hire 3rd party auditor
Security causes electronics giant register ban
Best Buy banned the use of wireless cash registers at its 492 stores after learning a hacker may have intercepted a customer’s credit card number.
HomeImprovement
Store
HomeImprovement
Store
ElectronicsRetailer
ElectronicsRetailer
MajorWholesale
Store
MajorWholesale
Store
Copyright © 2014 CyberSecurity Malaysia
WiFi Problem: Uncontrolled Medium
14
t r
2
The walls of the facility provide a solid line of defense against intruders
Attacker
RF in the AIR is uncontrolled…
The walls of the facility provide a solid line of defense against intruders
With a single access point, walls come tumbling down Ethernet now extends to the parking lot!
Attacker
Server Server Server Computer
Copyright © 2014 CyberSecurity Malaysia
WiFi Problem: RF Signal Propagation
15
THIS IS THE ATTACK SURFACE
Copyright © 2014 CyberSecurity Malaysia
WiFi Problem: Extending Antenna
16
A Dual-Use HomebrewProduct – Pringles Cans
http://www.oreillynet.com/lpt/wlg/448
Yagi Antenna Omni AntennaCopyright © 2014 CyberSecurity Malaysia
WiFi Problem: Free WiFi Hacking Tools
Copyright © 2014 CyberSecurity Malaysia
WiFi Problem: WiFi Communication
Evolving to…
Workstation
Access Point
Rogue Access Point Ad Hoc Network
Accidental
Association
Legit Association
Malicious Association
Hacker / Soft AP
Employee Station Company Access Point
Rogue Access PointEmployee APNeighbor AP
Accidental Association
Neighbor Station
Copyright © 2014 CyberSecurity Malaysia
WiFi Threat: Soft Access Points
WiFi Threat: Weak Configuration
Common Mistakes in Wireless Implementations
Descriptive SSID e.g. BANK_NAME SSID
Vulnerable Encryption Setting e.g. WEP Encryption
Access Point’s Coverage Areas e.g. A very good quality of access point signal from across the road
Copyright © 2014 CyberSecurity Malaysia
WiFi Threat: Factory Configuration
Copyright © 2014 CyberSecurity Malaysia
WiFi Threat: Connecting to WiFi Network
22
accidental association malicious association malicious access points vulnerable access points
Don’t You Know?
Copyright © 2014 CyberSecurity Malaysia
WiFi Threat: WiFi DoS
23
Hacker Station(CommView, Aircrack-ng)
Access Point Client Station (User)
Access Point Client Station (User)
Signal Generator(YDI PSG-1)
Physical Layer DoS
MAC Layer DoS
DoS Against a AP: shutdown the target AP from communicating with any deviceDoS Against a Station: shutdown the Station from communicating with any device.Broadcast: shutdown any network devices
Data flooding
Jamming signal
Copyright © 2014 CyberSecurity Malaysia
The Invisible Hacker: WiFi Hackers
24
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
WiFi Protocol Attack
25
BSSID = 00:1A:70:E5:E1:91ESSID = linksysWEP = aa:bb:cc:dd:ee
Attacker MAC STA = 06:14:A4:27:FB:12
Fake Authentication Attack
ARP Request Replay Attack
Copyright © 2014 CyberSecurity Malaysia
WiFi Protocol Attack (cont’d)
26Copyright © 2014 CyberSecurity Malaysia
27
WiFi Protocol Attack (cont’d)
Copyright © 2014 CyberSecurity Malaysia
28
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
The Invisible Hacker: WiFi Hackers
Copyright © 2014 CyberSecurity Malaysia
Wireless Man-in-the-Middle Attack
Copyright © 2014 CyberSecurity Malaysia
Wireless DoS Against WiFi Client
• Against a AP: Keeps all traffic from communicating with the rest of the network• Against a Station: Keeps the Station from Communicating with any device.• Broadcast: All network devices including some Internal networks shutdown• Injected Traffic: Spanning Tree, Routing Information, Typical DoS
Target (User) AP1
2
ORIGINAL MAC: 00 12 2D 50 43 1E
NEW MAC: 00 02 2D 50 D1 4E
MAC: 00 02 2D 50 D1 4E
3
3. Send Disassoc & Deauth frames
2. Impersonate AP by spoofing the MAC
1. User enjoying good connection
Copyright © 2014 CyberSecurity Malaysia
Windows Preferred Network List
Attack against personal anonymity Wireless technology is inherently chatty and often uniquely tied to the user Wireless cards will periodically search for their preferred networks by name Attacker can eavesdrop on this conversation to identify unique names Can associate location to network name
Copyright © 2014 CyberSecurity Malaysia
The Invisible Hacker: WiFi Hackers
32
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
Choose Right Hardware
33Copyright © 2014 CyberSecurity Malaysia
Detected WiFi Network @ Putrajaya
Copyright © 2014 CyberSecurity Malaysia
WiFi Traffic Decryption Method
35
BSSID = 00:1A:70:E5:E1:91ESSID = linksysWEP = f0:00:f0:D0:f0
Attacker MAC STA = 06:14:A4:27:FB:12
Victim MAC STA = 00:13:E8:27:EF:C1
Copyright © 2014 CyberSecurity Malaysia
WiFi Traffic Decryption Method
36Copyright © 2014 CyberSecurity Malaysia
WiFi Hackers Can See Your Password
37
WiFi Hackers Can See Your Email
38Copyright © 2014 CyberSecurity Malaysia
WiFi Hackers Can See Your IM Chat
39Copyright © 2014 CyberSecurity Malaysia
The Invisible Hacker: WiFi Hackers
40
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
Copyright © 2014 CyberSecurity Malaysia
Best Practices
Client Station
Keep systems’ software up to date
Must have personal firewall installed
Must have antivirus installed
Educate the wireless user on the proper usage and security issues
Copyright © 2014 CyberSecurity Malaysia
Summary
• WiFi hacking tools are available freely and …..anyone can run them.• WiFi attacks are getting more dangerous, in what they can do!• We must change the way we think about WiFi security
Copyright © 2014 CyberSecurity Malaysia
Copyright © 2013 CyberSecurity Malaysia 43