Wireless Problems• Easy to get access to airwaves, hard to restrict!. Wireless Countermeasures• Turn off SSID broadcasts problems?. Transmission Encryption• WPA PSK – Shared password – U
Trang 1All-In-One Edition Chapter 10 – Wireless Security
Brian E Brzezicki
Trang 2Look No Wires!
Trang 4Wireless LAN protocols
Trang 5802.11 standard
• Wireless LAN networking
• Data Link layer specifications
• Components
– Access point (a type of bridge)
– Wireless Card
– SSID
Trang 7Wireless Problems
• Easy to get access to airwaves, hard to restrict!
Talk about the attacks next
Trang 8Wireless Attacks
Trang 10NetStumbler
Trang 11War chalking symbols
Trang 12Man in the Middle
• Airsnarfing, put up a fake access point get people to connect with you
Trang 13Evesdropping and attaining
non-authorized acess
• Evesdropping
– Air Snort – breaks WEP retrieves encryption keys
(security+ exam reference airsnort, even thought it’s no longer developed)
– aircrack-ng – breaks WEP and WPA-psk
Trang 14Wireless Countermeasures
• Turn off SSID broadcasts (problems?)
• Enable MAC filtering (problems?)
• Use Encryption (we’ll talk about this next)
• Use Enterprise Mode for authentication
Trang 15– Easily crack able (due to key reuse)
– Only option for 802.11b
(more)
Trang 16Transmission Encryption
• WPA PSK
– Shared password
– Uses TKIP normally
• RC4 with changing keys– Can use AES (not certified)
• 128 bit key
• WPA2 PSK
– Uses AES (normally)
• 128 bit key– Can use TKIP
• RC4 with changing keys
(more)
Trang 17Transmission Encryption
• WPA or WPA2 in Enterprise Mode
– Uses 802.1X authentication to have individual passwords for individual users
• RADIUS – what was radius again?
• 802.11i – the official IEEE wireless security spec, officially supports WPA2
Trang 18Wireless Device to Device
Communication
Trang 19Bluetooth
Trang 21– Allows full use of phone
– Allows one to make calls
– Can eavesdrop on calls
Trang 22Bluetooth Countermeasures
• Disable it if your not using it
• Disable auto-discovery
• Disable auto-pairing
Trang 23WAP
Trang 24Wireless Application Protocol – a protocol developed mainly to allow wireless devices (cell phones)
access to the Internet.
• Requires a Gateway to translate WAP <-> HTML
(see visual)
• Uses WTLS to encrypt data (modified version of
TLS)
• Uses HMAC for message authentication
• WAP GAP problem (see visual and explain)
• A lot of wireless devices don’t need WAP anymore… why?
Trang 25WAP
Trang 26WAP GAP
As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext If someone could access the gateway, they could capture the communications
Trang 27Chapter 10 – Review Questions
Q What encryption protocol does WEP use
Q What 2 key lengths does WEP support
Q What encryption protocol does WPA2 use?
Q Why is MAC filtering or turning off SSID
broadcasting not sufficient security?
Q What does WAP use for security?
Trang 28Chapter 10 – Review Questions
Q What is the WAP GAP
Q Define how to accomplish a MiM attack on a wireless
Trang 29Wireless security
• Access control
– Turn off SSID broadcasts (problems)
– MAC filtering (problems)