1 / 26

WIRELESS NETWORK SECURITY

WIRELESS NETWORK SECURITY. Hackers. Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack. AD-HOC networks. WAR DRIVING. Searching for Wi-Fi by person in moving vehicle. MAN-IN-THE-MIDDLE. Hotspots have little security

mason-kent
Download Presentation

WIRELESS NETWORK SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WIRELESS NETWORK SECURITY

  2. Hackers • Ad-hoc networks • War Driving • Man-in-the-Middle • Caffe Latte attack

  3. AD-HOC networks

  4. WAR DRIVING • Searching for Wi-Fi by person in moving vehicle

  5. MAN-IN-THE-MIDDLE • Hotspots have little security • Entices computers to log into soft Access Point • Hacker connects to real AP – offers steady flow of traffic • Hacker sniffs the traffic • Forces you to loose connection + reconnect within the hackers AP.

  6. CAFFE LATTE ATTACK • Targets the Windows wireless stack • Possible to obtain the WEP key from a remote client • Sends flood of encrypted ARP requests • Attacker can obtain the WEP key within minutes

  7. Wireless Intrusion Prevention System (WIPS) • Robust way to counteract wireless security risks • PCI Security Standard Council published guidelines for large organizations

  8. WEP: Wired Equivalent Privacy 1999 • Secret Keys [Codes to Encrypt Data] • Secondary Goal : Control Network Access

  9. WEP • 64,128, 256 bit key • 24 bits used for Initialization Vector • Each packet includes integrity check

  10. Stream Ciphers • RC4 is a stream cipher • Expands a key into an infinite pseudo-random keystream

  11. What about IVs? • RC4 keystream should not be reused. • Use initialization vector to generate different keystream for each packet by augmenting the key • IV reuse(24 bits)=>16.7 million variations • Same shared key in both directions • Encryption is vulnerable to collision-based attacks.

  12. Linear Checksum • Encrypted CRC-32 used as integrity check • Fine for random errors, but not deliberate ones • CRC is linear • Can maliciously flip bits in the packet • Can replay modified packets!

  13. WEP • Problem #1: • No Limit on using the same IV Value more than once. This makes the encryption vulnerable to collision-based attacks. • Problem #2 • The IV is only 24 bits, there are only 16.7 million possible variations.

  14. WEP • Problem: #3: • Master Keys are used directly, when they should be used to generate other temporary keys. • Problem #4: • Users don’t change their keys very often on most networks, giving attackers ample time to try various techniques.

  15. 802.11i • TKIP [Temporal Key Integrity Protocol] • AES is a cryptographic algorithm - new hardware may be required • 802.1X: used for authentication

  16. 802.1X • Keeps the network port disconnected until authentication is complete. • The port is either made available or the user is denied access to the network.

  17. WPA: Wifi Protected Access • Subset of 802.11i • Master keys are never directly used. • Better key management. • Impressive message integrity checking.

  18. WPA: Wifi Protected Access • Advantages: • IV length has increased to 48 bits, over 500 trillion possible key combinations • IVs better protected through the use of TKIP sequence counter, helping to prevents reuse of IV keys.

  19. WPA: Wifi Protected Access • Master keys are never directly used • Better key management • Impressive message integrity checking.

  20. 802.11i WPA2 • WPA2 uses AES (Advanced Encryption Standard) to provide stronger encryption. • Enterprise uses IEEE 802.1X and EAP to provide authentication. Consumer uses a pre-shared key, or password. • New session Keys for every association- unique to that client. • Avoids reuse.

  21. WPA = TKIP + 802.1X To get a Robust Secure Network, the hardware must use CCMP [Counter Mode CBC MAC Protocol] WPA2 = CCMP+802.1X

  22. TIPS • Change default Administrator Passwords for router. • Turn on WPA/WEP Encryption • Change the Default SSID • Enable Mac Address Filtering

  23. TIPS • Disable SSID Broadcast • Do Not Auto-Connect to Open Wi-Fi Networks • Assign Static IP Addresses to Devices Turn off DHCP on the router access point

  24. TIPS Ensure firewall is enabled on your router and also each computer connected.

  25. TIPS • Position the router or Access Point Safely • Turn Off the Network during Extended Periods of Non-Use.

  26. Questions ?

More Related