Wireless Network Security - Clarkson University · Types of Attacks Intrusion – gain unauthorized...
Transcript of Wireless Network Security - Clarkson University · Types of Attacks Intrusion – gain unauthorized...
Wireless Network Security
Pat WilburWireless Networks
March 30, 2007
Types of Attacks
● Intrusion – gain unauthorized access to a network in order to use the network or Internet connection
Types of Attacks
● Intrusion – gain unauthorized access to a network in order to use the network or Internet connection
● Capturing – spy on packets being sent over wireless network in order to obtain sensitive information about a system, network, or user
Common Types of Attacks
● Intrusion – gain unauthorized access to a network in order to use the network or Internet connection
● Capturing – spy on packets being sent over wireless network in order to obtain sensitive information about a system, network, or user
● Denial of Service – debilitate the wireless network to disrupt user activity
Why Secure A Wireless Network?
● Protect sensitive data
Why Secure A Wireless Network?
● Protect sensitive data● Reduce unnecessary bandwidth consumption
Why Secure A Wireless Network?
● Protect sensitive data● Reduce unnecessary bandwidth consumption● Liability (and accountability)
Open Access Points
● The only way to keep communication truly secure is to use endtoend encryption.
Open Access Points
● The only way to keep communication truly secure is to use endtoend encryption.
● If having services like file shares and printers, it is advisable to have other security in place.
Open Access Points
● The only way to keep communication truly secure is to use endtoend encryption.
● If having services like file shares and printers, it is advisable to have other security in place.
● One should never assume that the private network is inaccessible from the outside.
Open Access Points
● The only way to keep communication truly secure is to use endtoend encryption.
● If having services like file shares and printers, it is advisable to have other security in place.
● One should never assume that the private network is inaccessible from the outside.
● It is common to pay a fixed rate for the Internet connection, and the extra traffic will not hurt.
Securing Wireless Networks
● MAC Address Filtering
Securing Wireless Networks
● MAC Address Filtering● Encryption
Securing Wireless Networks
● MAC Address Filtering● Encryption
– Access Point Encryption
Securing Wireless Networks
● MAC Address Filtering● Encryption
– Access Point Encryption– Endtoend Encryption
Securing Wireless Networks
● MAC Address Filtering● Encryption
– Access Point Encryption– Endtoend Encryption– VPN Tunneling
Securing Wireless Networks
● MAC Address Filtering● Encryption
– Access Point Encryption– Endtoend Encryption– VPN Tunneling
● Handshake Authentication
Access Point Encryption
● WEP – Wired Equivalence Privacy– 64bit (40bit key) or 128bit (104bit key)– Uses a key concatenated with an Initialization Vector– Due to limit in IV length, not long before IVs are
repeated, thus relatively easy to crack– Shared key system: no protection from legitimate clients– Readily available toolkits for cracking (aircrackng)– WEP2 boasted larger IVs and enforced 128bit
encryption, but same vulnerabilities existed—only slowed attackers
Access Point Encryption
● WPA – WiFi Protected Access– WPA was rushed to replace WEP– Based on passphrase used to generate a key– WPA2 implements the full 802.11i standard– Dynamically changed keys instead of static like WEP– Much more robust error checking which is less likely to
be faked, so harder to inject packets like in WEP– PSKmode is vulnerable to passphrase cracking when
weak passphrases are used
Access Point Encryption
● WPAEnterprise– An authentication server is required– RADIUS server often used– Each new session gets its own unique key for
increased security
Weaknesses in AP Encryption
● WEP– 64bit keys may be cracked in a matter of minutes
through sniffing and injection (aircrack and aireplay)– For more information on how frames are injected:
http://www.aircrackng.org/doku.php?id=aireplayng&DokuWiki=e08569e892dc2c22c68f28e0e17b90ab
Weaknesses in AP Encryption
● WEP– 64bit keys may be cracked in a matter of minutes
through sniffing and injection (aircrack and aireplay)– For more information on how frames are injected:
http://www.aircrackng.org/doku.php?id=aireplayng&DokuWiki=e08569e892dc2c22c68f28e0e17b90ab● WPAPSK
– Vulnerable to dictionary attacks
Weaknesses in AP Encryption
● WEP– 64bit keys may be cracked in a matter of minutes
through sniffing and injection (aircrack and aireplay)– For more information on how frames are injected:
http://www.aircrackng.org/doku.php?id=aireplayng&DokuWiki=e08569e892dc2c22c68f28e0e17b90ab● WPAPSK
– Vulnerable to dictionary attacks● WPAEnterprise
– Less vulnerable due to unique keys per session
References
● http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy● http://en.wikipedia.org/wiki/WiFi_Protected_Access● http://en.wikipedia.org/wiki/Wireless_security● http://en.wikipedia.org/wiki/Wireless_LAN_Security