1 / 21

Wi-Fi: How it Works and Security Measures

Wi-Fi: How it Works and Security Measures. What is Wi-Fi?. Any wireless local area network (WLAN) product that meets the Institute of Electrical and Electronics Engineers' (IEEE) standards Typically covers a range of 20 meters indoors. The OSI Model.

harken
Download Presentation

Wi-Fi: How it Works and Security Measures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wi-Fi: How it Works andSecurity Measures

  2. What is Wi-Fi? Any wireless local area network (WLAN) product that meets the Institute of Electrical and Electronics Engineers' (IEEE) standards Typically covers a range of 20 meters indoors

  3. The OSI Model International Standards Organization (ISO) developed the Open Systems Interconnection (OSI) model It is meant to divide all network communication into seven distinct parts Each layer takes care of a specific job, then passes the data on to the next layer

  4. Layer 1 - Physical Refers to any physical device meant to transmit data Examples are cables, wireless cards, antenna, and fiber optics These devices handle the actual transmission of data (like carrier pigeons) The actual data that is to be sent or received through this layer is determined by higher-level layers

  5. Layer 2 – Data Link Figures out what Media Access Control (MAC) Address data should be going to MAC Addresses are unique numbers assigned to all wireless devices that are used in identifying different devices on a local network This layer only handles data sent across ONE network, an internet connection that sends data over multiple networks uses Layer 3

  6. Layer 3 - Network Handles data transmission to other networks using the Internet Protocol (IP) Address Like Layer 2, this layer only handles the addressing and routing of data (it gets data to where it needs to go)

  7. Layer 4 - Transport This layer makes sure that data is reliably transferred to upper layers Communication protocols operate on this layer to ensure that the data packets were sent correctly and in the right order This is necessary due to the fickle nature of sending data through various mediums and over long distances, such as internet connections to prevent packets from being duplicated, fragmented, and to account for lost data

  8. Layer 7 - Application The highest layer – applications that want to send data put it into here Data that is sent is expected to arrive in an identical condition at the destination If a WLAN card was sent data, Layer 1 will pass it up to Layer 7 If a program is sending data to another target, that data will be sent from Layer 7 down to Layer 1

  9. Connecting to a WLAN: Authentication Whenever a client wants to connect to a WLAN, it must first authenticate to it Authentication serves to identify to a WLAN the client that is attempting to connect For WEP (Wired Equivalency Protection) encrypted APs, this can be done in two ways: shared-system authentication and open-system authentication

  10. Shared-System Authentication To begin shared-system authentication, a client will send a message to the access point (AP) saying that it is ready to begin The AP will respond with an unencrypted (or “clear text”) message The client will encrypt this message using the key that its user entered and send it back to the AP If the message was encrypted using the correct key, the AP will inform the client that it is now authenticated

  11. Open-System Authentication This is essentially like having no authentication The client will send a data frame to the AP to identify itself The AP sends back a successful authentication frame

  12. Which is more Secure? The answer here is actually that open-system authentication is more secure It is very important to remember that with wireless traffic, waves are sent everywhere, not just to a single intended destination If someone has set their wireless card to “sniff” (monitor) all wireless traffic rather than just the traffic intended for their terminal, they could capture a sample of a correctly encrypted frame versus a clear text frame

  13. WEP Security Shortcomings WEP is a stream cypher, so its security relies on its initialization vectors (IVs) to never be used more than once Due to the limited size of an IV, however, there is a 50% chance that an IV will be repeated after 5,000 packets of data – a number that is quickly reached on a busy network A program such as aircrack-ng (will be demonstrated later) can run statistical analyses on captured IVs to crack the key in less than five minutes

  14. WPA Encryption WPA (Wi-Fi Protected Access) encryption was developed in response to the discovery that WEP was insecure It uses a more secure method of both authenticating and transferring data

  15. The Four-Way Handshake The “handshake” is the conversation a client has with the AP as it tries to authenticate using WPA encryption This authentication process is drastically more secure than WEP because the key used to decrypt the traffic changes every time a client connects, and the key is never divulged across a wireless medium

  16. The WPA Security Hole Even though the PMK is never transmitted using the four-way handshake, WPA is still able to be compromised If a potential hacker is monitoring the handshake, he/she will be able to use a dictionary file containing possible PMKs to see if any of them would yield the same result as a successful handshake This method only works on weak passwords, however, and a complete brute force attempt at cracking the key would take hundreds, thousands, or even millions of years depending on the password length

  17. Deauthentication Attacks Normally, whenever a client wishes to disconnect from an AP, it sends a disassociation packet to the AP telling it to cease communications with it The AP, however, does not know necessarily where that packet originated from, it can only see the MAC address that the data frame claims that it has come from Knowing this, any client can send an AP a deauthentication request for any other client on the network. Operating systems do not usually provide a method for doing this, as there is no legal usage for doing so

  18. This type of attack has different uses In the case of cracking a WEP key, it can be used to generate traffic between the client and the AP, because Windows will automatically try to re-authenticate with an AP that it has lost connectivity with, thus continually generating traffic that can be captured and used to crack the key In the case of cracking a WPA PMK, this attack can force the client to redo the four-way handshake, allowing to to be captured for use with a dictionary attack Or, of course, you could just free-up all of the broadband for yourself. . .

  19. Script Kiddies Now that the internet is so widely accessible and there are plenty of tools available that can be used to break into and deface virtual property, a new type of hacker, the “Script Kiddie” is commonplace

  20. The Blaster Worm • The Blaster Computer Worm was a virus propagated in the early 2000s that was designed to turn victim's PCs into tools to overflow windowsupdate.com with useless traffic (a DoS attack) • On August 29, 2003, Jeffrey Lee Parson (seen on the last slide), an 18-year-old from Hopkins, Minnesota was arrested for creating a variant of the worm, adding only his screen name and a back door into the virus

More Related