Wireless Security-25 Juni 2008
-
Upload
flipsingadji -
Category
Documents
-
view
6 -
download
4
description
Transcript of Wireless Security-25 Juni 2008
Yosia Suherman ([email protected])
Professional Service Dept.Professional Service Dept.Professional Service Dept.Professional Service Dept.
Wireless Wireless Wireless Wireless SecuritySecuritySecuritySecurityWireless Wireless Wireless Wireless SecuritySecuritySecuritySecurity
Securityupdate
11 Domains of ISO 27001 & 2700211 Domains of ISO 27001 & 2700211 Domains of ISO 27001 & 2700211 Domains of ISO 27001 & 27002
Why Attacks Are IncreasingWhy Attacks Are IncreasingWhy Attacks Are IncreasingWhy Attacks Are Increasing
HighlightsHighlightsHighlightsHighlights• Fact about Wifi ?
• Top 10 Wireless Attack
• How they do that
• Prevention
Fact about WifiFact about WifiFact about WifiFact about Wifi
http://www.theregister.co.uk/2005/08/19/finnish_wifi_bank_hack/
Fact about WifiFact about WifiFact about WifiFact about Wifi
http://www.securityfocus.com/brief/273
Fact about WifiFact about WifiFact about WifiFact about Wifi
Fact about WifiFact about WifiFact about WifiFact about Wifi
Wifi DeploymentWifi DeploymentWifi DeploymentWifi Deployment• Shell
• D’cost
Hotspot AnywhereHotspot AnywhereHotspot AnywhereHotspot Anywhere
Hotspot DetectionHotspot DetectionHotspot DetectionHotspot Detection
Top 10 Wireless AttackTop 10 Wireless AttackTop 10 Wireless AttackTop 10 Wireless Attack1. Reveal SSID2. MAC Address Spoofing3. Encryption Attack4. Authentication5. Eavesdropping6. MITM ( Man in The Middle) Attack 7. Wireless Denial Of Service8. Roque Access Point9. Client to client Attack10. Physical damage or theft
HowHowHowHow
Find Find Find Find TargetTargetTargetTarget
War ChalkingWar ChalkingWar ChalkingWar ChalkingWar DrivingWar DrivingWar DrivingWar Driving
ToolsToolsToolsTools SuccessSuccessSuccessSuccess
Find TargetFind TargetFind TargetFind Target1. Mall / Shopping Center
2. Office
3. Hospital
4. Internet Public Access
5. Airport
6. School / Campus
7. Hotels
War ChalkingWar ChalkingWar ChalkingWar Chalking• Wireless Hotspot Sign Indicator
War WardrivingWar WardrivingWar WardrivingWar Wardriving• Wardriving is the act of searching for Wi-Fi wireless
networks by a person in a moving vehicle using such items as a laptop or a PDA.
EquipmentEquipmentEquipmentEquipment• Antenna
– Omni
– Bidirectional
ResultResultResultResult
ToolsToolsToolsTools1. Netstumbler/Kismet/KisMac
2. Mac Changer
3. Aircrack
4. AirSnort
5. Wireshark
6. Void
7. Airpawn
…..etc
Top 3 AttackTop 3 AttackTop 3 AttackTop 3 Attack1. Reveal SSID2. MAC Address Spoofing3. Encryption Attack4. Authentication5. Eavesdropping6. MITM ( Man in The Middle) Attack 7. Wireless Denial Of Service8. Roque Access Point9. Client to client Attack10. Physical damage or theft
Reveal SSIDReveal SSIDReveal SSIDReveal SSID
• Many Access Point use this protection to hide SSID
• To reveal SSID you can use : Kismet or Aircrack
• Filtering access to the access point allows only those MAC addresses specified in the list the ability to access the wireless network.
• To bypass this protection you can use : MAC Changer
MAC SpoofingMAC SpoofingMAC SpoofingMAC Spoofing
Encryption AttackEncryption AttackEncryption AttackEncryption Attack
• Enabling WEP Encrytion for secure data transmission.
• Other encryption WPA, WPA2
To crack WEP encryption can use : AirCrack
OthersOthersOthersOthers AttackAttackAttackAttack• 1. Reveal SSID• 2. MAC Address Spoofing• 3. Encryption Attack• 4. Authentication• 5. Eavesdropping• 6. MITM ( Man in The Middle) Attack • 7. Wireless Denial Of Service• 8. Roque Access Point• 9. Client to client Attack• 10. Physical damage or theft
More
details
in tra
ining
PreventionPreventionPreventionPrevention
TechnologyProcess
People
PeoplePeoplePeoplePeople� Security Awareness (Seminar, Workshop, Security Update)
� Training for improvement skill
ProcessProcessProcessProcess• Security Policy Enforcement
• Monitoring (log/traffic/signal)
• Regular Audit/Assessment
• ISO 27001
TechnologyTechnologyTechnologyTechnology• OSI Layer Protection
– Layer 2 (Data Link Layer) :
• WEP - Enterprise Encryption Gateways
• Tunneling Protocol (L2TP)
• 802.1x /EAP
– Layer 3 :
• Point to Point Tunneling Protocol (PPTP)
• IP Security (IPSec)
– Layer 7 :
• Secure Shell (SSH)
• Secure Shell Version 2 (SSH2)
• Client (Mobile Client (Mobile Client (Mobile Client (Mobile Unit)Unit)Unit)Unit)• Personal Firewall
• VPN
• Antivirus
TechnologyTechnologyTechnologyTechnology
Wireless Security SuiteWireless Security SuiteWireless Security SuiteWireless Security Suite
Q & AQ & AQ & AQ & A