WiFi Secuiry: Attack & Defence
-
Upload
prakashchandra-suthar -
Category
Technology
-
view
109 -
download
0
description
Transcript of WiFi Secuiry: Attack & Defence
WiFi SECURITY
HACKING & INFORMATION SECURITYPresents:
-With TechNext
We Are…The Speakers…
Sudarshan Pawar
Certified Security Expert(C.S.E.)Certified Information Security Specialist (C.I.S.S.)Security Xplained (TechNext Speaker)Computer Engg.& a Security Professional
Prakashchandra SutharSecurity Enthusiast
Cisco Certified Network AssociateRed Hat Linux Certified
Security Xplained (TechNext Speaker)Computer Engg
Security Researcher.
Topics to be covered
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
We are not including stats, history, who did what/when/why-> Bcoz it’s Booooring….!!! U can google them later….!
Current Generation
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
Wifi Basics
• WiFi(Wireless Fidelity)->Wireless networks(commonly referred as WLAN
• Developed on IEEE 802.11 standards• Wireless networks include: Bluetooth, Infrared
communication, Radio Signal etc.• Components used:
oWireless Client Receivero Access Pointo Antennas
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
Extension to a wired network
(BROADBAND ROUTER)
(ACCESS POINT)
(EXTENSION POINT)
Multiple Access points
(BROADBAND ROUTER)
(ACCESS POINT-1)
(ACCESS POINT-2)
LAN -2-LAN
LAN-1 LAN-2
3g Hotspot
GPRS 3G 4G
Internet
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
How many of you have tried this???
WiFi StandardsPoints 802.11b 802.11a 802.11g 802.11n
Extension to 802.11 802.11 802.11a 802.11g
Bandwidth (Mhz) 20 (11Mbps) 20 (54Mbps) 20 (54Mbps) 20 (54Mbps)40 (150Mbps)
Frequency(Ghz) 2.4 5 2.4 2.4, 5
Pros Lowest cost; signal range is good and not easily obstructed
fast maximum speed; regulated frequencies prevent signal interference from other devices
fast maximum speed; signal range is good and not easily obstructed
fastest maximum speed and best signal range; more resistant to signal interference from outside sources
Cons slowest maximum speed
highest cost; shorter range signal that is more easily obstructed
costs more than 802.11b; appliances may interfere on the unregulated signal frequency
standard is not yet finalized;
Are u seriously concerned about wifi security????? Be honest!
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
WEP(Wired Equivalence Privacy)
• The first encryption scheme made available for Wi-Fi.
• Uses 24 bit initialization vector for cipher stream RC4 for confidentiality
• CRC-32 bit checksum for integrity.• Typically used by home users.• Uses 64,128, 256 bit keys• Flawed from the get go.
WEP Working
KEY STORE WEP Key IV
RC4 CIPHER KEYSTREAM
DATA ICV
PAD KID CIPHERTEXTIV
WEP ENCRYPTED PACKET(MAC FRAME)
CRC 32 CHECKSUM
XORALGO.
WEP Weakness
1. Key management and key size2. 24 bit IV size is less.3. The ICV algorithm is not appropriate4. Use of RC4 algorithm is weak5. Authentication messages can be easily forged
Wep Broken beyond repair
WPA (Wi-Fi Protected Access)
• Data Encryption for WLAN based on 802.11 std.• Improved Encryption & Authentication Method.• Uses TKIP
– Based on WEP– Michael algorithm
• Hardware changes not required• Firmware update
Types1. Personal 2. Enterprise PSK 802.1x + RADIUS
WPA WorkingTemporary Encryption keyTransmit AddressT.S.C.
KEY MIXING
WEP SEED
RC4 CIPHER KEYSTREAM
MAC HEADER
IV KID EIV CIPHER TEXT
MSDU
MIC KEYMPDU ICVMICHAELS
ALGORITHM MSDU + MIC KEY
( PACKET TO BE TRANSMITTED )
WPA2
• Long Term Solution (802.11)• Stronger Data protection & Network access control• Used CCMP– Based on AES
• Hardware changes required
Types1. Personal Pre Shared Key2. Enterprise 802.1x + RADIUS
WPA2 Working
Source: EC Council
Source: someecards
Breaking WPA/WPA2
• Dictionary Attacks(Not so successful, but yeah some time…)
• Brute Force(tools like: Kismac, Aireplay etc)• WPA PSK
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
Security breaching sequenceFind the network
Study its traffic
Study Security mechanisms
ATTACK!!!!!!!!(i.e. Decrypt the
packets)
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
BEFORE ATTACK
DOS
Access point is busy handling attackers request
AFTER ATTACK
Man In The Middle Attack(MITM)
• Before
After…
ARP Poisoning/Spoofing
Source: http://securitymusings.com/wp-content/uploads/2008/12/arp-spoofing.png
WiFi JAMMING….
WiFi JAMMING….
Fake Access Points
SSID: XYZ Bank
Fake Access Points
SSID: XYZ Bank
• Basics of Wifi• Types of wireless networks• Wireless Standards(802.11 series)• Encryption Algorithms• Wireless hacking methodology• ATTACKS(commonly encountered)• Staying secure(Defense)• Security Tools
Defense against WPA / WPA2 attacks
• Extremely Complicated keys can help• Passphrase should not one from dictionary, so
use uncommon-senseless words.• Key should be more than 20 chars with
combination of special chars, numbers, alphabets. Change them at regular intervals.
#eY,t#!$c@/\/_B-gUd0n3?@$sW0rD
1. WPA instead of WEP2. WPA2 Enterprise implementation3. Place AP at secured location.4. Centralized authentication & Update Drivers
regularly.5. Changing default SSID after Configuring
WLAN6. Firewall policies & Router access Password
Security Checkboxes
1. MAC add. Filtering2. Encryption at Access Point 3. Packet Filtering between AP4. Network Strength configuration.5. Use Ipsec’s for encryption on WLANS6. Check out for Rogue Access Points
Security Checkboxes(contd…)
Wi-Fi Security Auditing Tools
• AirMagnet Wifi Analyzer• AirDefense• Adaptive wireless IPS• ARUBA RF Protect WIPS• And many others…
?
Questions?
• What you want to ask, many already have that same question on their mind. Be bold and lead
• OK, if you don’t want to speak and keep shut and keep thinking about it in your mind and take those questions home, make sure you email those to us and sleep well at night!
What should be our topic for the next meet?
I hate to ask but, how can we make this better?