Wireless security
Download
1 / 23

Wireless Security - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

Wireless Security. Objective:. Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your network. Benefits of a Wireless Network. Can be an extension to a wired LAN Wired LANs can be at time, impractical, or impossible

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Wireless Security' - nasim-white


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Objective
Objective:

  • Understand the benefits of a wireless network

  • Understand security risks

  • Examples of vulnerabilities

  • Methods to protect your network


Benefits of a wireless network
Benefits of a Wireless Network

  • Can be an extension to a wired LAN

  • Wired LANs can be at time, impractical, or impossible

  • No wiring

  • Moving does not require re-wiring, network re-configuration or cable drops.

  • Portability/Flexibility

  • Less Expenditures on relocation and initial setup


Wva wireless vulnerabilities and attacks
WVA-Wireless Vulnerabilities and Attacks

Wireless attacks fall under 4 main categories:

  • Passive Attacks

  • Active Attacks

  • Man in the Middle Attacks

  • Jamming


Passive attack
Passive Attack

  • Eavesdropping: People listening and monitoring your network

  • Network Monitor, TCPdump in Linux ,NetStumbler, or Airsnort, are tools used to capture and “analyze” network traffic by “war drivers”


War driving
“War Driving”

  • The act of driving around looking for open

    WI FI nodes

  • There are websites and software that allows potential hackers to get a map of open APs.

  • Many sites/forums with thousands of users have adopted war driving as a hobby. While many claim this to be solely as hobby, your network may be at risk if a potential hacker discovers your unsecured network

  • Same sites and forums map your Wi Fi location on the internet..





Active attacks
Active Attacks

  • Insertion :based on placing unauthorized devices on the wireless network without going through a security process.

  • Spoofing: Cloaking SSID or MAC addresses to get by security measures

  • DOS (denial of service): Jamming, flooding attacks that prevent sites/networks from performing efficiently.

  • Releasing Malware into Network: software with the intent to cause harm to nodes/network. (viruses, trojan horses, spyware, adware, keystroke loggers, etc.


Wva wireless vulnerability and attacks
WVA-Wireless Vulnerability and Attacks

MAC Authentication SpoofingMost Wi-Fi WLAN equipment vendors include a sublevel of rudimentary authentication via MAC address white/black listing. Standard tools can "spoof" MAC addresses which allow any attacker to mask himself/herself as an authorized client thereby gaining access to the WLAN.


Man in the middle attack
Man in the Middle Attack

  • attacker will control the communication between two parties by secretly controlling both sides of the communication stream.

  • Attacker can use a rogue AP and “spoof” the SSID to which unsuspecting users will log on to.


Wva wireless vulnerabilities and attacks1
WVA-Wireless Vulnerabilities and Attacks

  • 802.11 SSID Can be SpoofedThe SSID used to identify an 802.11 network can be trivially faked by an attacker.

    If a client can be tricked into connecting to a malicious AP then it may become vulnerable in a number of ways: (a) it may accept an unencrypted connection, (b) the malicious AP might be used as part of a man-in-the-middle attack, (c) the user might be tricked by phishing attacks behind the AP (e.g. a fake hotspot signup page).


Jamming
Jamming

  • RF frequencies interfere with the operation of the wireless network

  • Can be unintentional jamming: cordless phones and other devices on the same frequency

  • Not very common attack: A lot of work only to “interfere”…The payoff isn't as great for hackers.


Wva wireless vulnerability and attacks1
WVA-Wireless Vulnerability and Attacks

Falling victim to an insertion attack can prove to be costly.

  • Personal information is exposed

  • Corporations risk losing money, personnel info., client accounts, etc. (possibly lead to lawsuits)


Security measures
Security Measures

  • Although there is no guarantee that your network will be 100 % secure, you can minimize the chances and, perhaps, even deter a few “wannabe hackers”. After all, you wouldn’t leave your front door open…would you?


Security measures1
Security Measures

Avoid Misconfiguration

  • Change ALL default passwords on your router.

  • Enable WEP. WEP is disabled by default.

  • Avoid using DHCP if possible (especially in corporate environment)

  • Periodically change Passwords.


Security measures2
Security Measures

Use Static IP addresses

  • Avoid dynamic addresses assigned by DHCP. (default setting on AP is to use DHCP)

  • Corporate environment: Avoid employees bringing in their personal, possibly misconfigured AP.

  • Assign every node a private address so as to avoid your devices from being reached directly from the internet.

  • Private IP EX: 10.192.193.45


Security measures3
Security Measures

  • MAC filtering: Enable MAC filtering in your router so that only specified computers can connect to your AP

  • Reduce signal “leakage” by placing router in an area where its radius covers only your work space. (i.e. avoid the coverage including front yard)


Security measures4
Security Measures

From a corporate standpoint:

  • It is crucial to create an risk assessment before incorporating a wireless network.

  • They should make security measures which they have a need for, so that they can aquire the proper hardware/software solutions


Security measures5
Security Measures

-continued

  • Agencies should understand the need to constantly having to provide upgrades, fixes, and or patches, to maintain proper security.

  • No one protocol or encryption is 100% safe or effective.


Conclusion
Conclusion

  • An overall good practice for a personal or corporate level, is to use common sense.

  • Educate yourself about the risks and vulnerabilities, and make sure that you use every security measure available to you:

    Firewalls, encryptions, properly placed APs, MAC filtering, etc.


Sources for further information
Sources for further Information

  • NIST (National Institute of Standards and Technology) http://csrc.nist.gov

  • http://www.networkworld.com

  • http://www.wirelessve.org

  • http://www.wardriving.com

  • http://wigle.net


ad