1 / 62

Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense. Chapter 11 Hacking Wireless Networks. Objectives. Explain wireless technology Describe wireless networking standards Describe the process of authentication Describe wardriving

Mia_John
Download Presentation

Hands-On Ethical Hacking and Network Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Hands-On Ethical Hacking and Network Defense Chapter 11 Hacking Wireless Networks

  2. Objectives • Explain wireless technology • Describe wireless networking standards • Describe the process of authentication • Describe wardriving • Describe wireless hacking and tools used by hackers and security professionals Hands-On Ethical Hacking and Network Defense

  3. Understanding Wireless Technology • For a wireless network to function, you must have the right hardware and software • Wireless technology is part of our lives • Baby monitors • Cell and cordless phones • Pagers • GPS • Remote controls • Garage door openers • Two-way radios • Wireless PDAs Hands-On Ethical Hacking and Network Defense

  4. Components of a Wireless Network • A wireless network has only three basic components • Access Point (AP) • Wireless network interface card (WNIC) • Ethernet cable Hands-On Ethical Hacking and Network Defense

  5. Access Points • An access point (AP) is a transceiver that connects to an Ethernet cable • It bridges the wireless network with the wired network • Not all wireless networks connect to a wired network • Most companies have WLANs that connect to their wired network topology • The AP is where channels are configured • An AP enables users to connect to a LAN using wireless technology • An AP is available only within a defined area Hands-On Ethical Hacking and Network Defense

  6. Hands-On Ethical Hacking and Network Defense

  7. Service Set Identifiers (SSIDs) • Name used to identify the wireless local area network (WLAN) • The SSID is configured on the AP • Unique 1- to 32-character alphanumeric name • Name is case sensitive • Wireless computers need to configure the SSID before connecting to a wireless network • SSID is transmitted with each packet • Identifies which network the packet belongs • The AP usually broadcasts the SSID Hands-On Ethical Hacking and Network Defense

  8. Hands-On Ethical Hacking and Network Defense

  9. Service Set Identifiers (SSIDs) (continued) • Many vendors have SSIDs set to a default value that companies never change • An AP can be configured to not broadcast its SSID until after authentication • Wireless hackers can attempt to guess the SSID • Verify that your clients or customers are not using a default SSID Hands-On Ethical Hacking and Network Defense

  10. Hands-On Ethical Hacking and Network Defense

  11. Configuring an Access Point • Configuring an AP varies depending on the hardware • Most devices allow access through any Web browser • Steps for configuring a D-Link wireless router • Enter IP address on your Web browser and provide your user logon name and password • After a successful logon you will see the device’s main window • Click on Wireless button to configure AP options • SSID • Wired Equivalent Privacy (WEP) keys Hands-On Ethical Hacking and Network Defense

  12. Hands-On Ethical Hacking and Network Defense

  13. Hands-On Ethical Hacking and Network Defense

  14. Hands-On Ethical Hacking and Network Defense

  15. Configuring an Access Point (continued) • Steps for configuring a D-Link wireless router (continued) • Turn off SSID broadcast • Disabling SSID broadcast is not enough to protect your WLAN • You must also change your SSID Hands-On Ethical Hacking and Network Defense

  16. Hands-On Ethical Hacking and Network Defense

  17. Wireless NICs • For wireless technology to work, each node or computer must have a wireless NIC • NIC’s main function • Converting the radio waves it receives into digital signals the computer understands • There are many wireless NICs on the market • Choose yours depending on how you plan to use it • Some tools require certain specific brands of NICs Hands-On Ethical Hacking and Network Defense

  18. Understanding Wireless Network Standards • A standard is a set of rules formulated by an organization • Institute of Electrical and Electronics Engineers (IEEE) • Defines several standards for wireless networks Hands-On Ethical Hacking and Network Defense

  19. Institute of Electrical and Electronics Engineers (IEEE) Standards • Working group (WG) • A group of people from the electrical and electronics industry that meet to create a standard • Sponsor Executive Committee (SEC) • Group that reviews and approves proposals of new standards created by a WG • Standards Review Committee (RevCom) • Recommends proposals to be reviewed by the IEEE Standards Board • IEEE Standards Board • Approves proposals to become new standards Hands-On Ethical Hacking and Network Defense

  20. The 802.11 Standard • The first wireless technology standard • Defined wireless connectivity at 1 Mbps and 2 Mbps within a LAN • Applied to layers 1 and 2 of the OSI model • Wireless networks cannot detect collisions • Carrier sense multiple access/collision avoidance (CSMA/CA) is used instead of CSMA/CD • Wireless LANs do not have an address associated with a physical location • An addressable unit is called a station (STA) Hands-On Ethical Hacking and Network Defense

  21. The Basic Architecture of 802.11 • 802.11 uses a basic service set (BSS) as its building block • Computers within a BSS can communicate with each others • To connect two BSSs, 802.11 requires a distribution system (DS) as an intermediate layer • An access point (AP) is a station that provides access to the DS • Data moves between a BSS and the DS through the AP Hands-On Ethical Hacking and Network Defense

  22. Hands-On Ethical Hacking and Network Defense

  23. The Basic Architecture of 802.11 (continued) • IEEE 802.11 also defines the operating frequency range of 802.11 • In the United States, it is 2.400 to 2.4835 GHz • Each frequency band contains channels • A channel is a frequency range • The 802.11 standard defines 79 channels • If channels overlap, interference could occur Hands-On Ethical Hacking and Network Defense

  24. The Basic Architecture of 802.11 (continued) • Other terms • Wavelength • Frequency • Cycle • Hertz or cycles per second • Bands Hands-On Ethical Hacking and Network Defense

  25. Hands-On Ethical Hacking and Network Defense

  26. An Overview of Wireless Technologies • Infrared (IR) • Infrared light can’t be seen by the human eye • IR technology is restricted to a single room or line of sight • IR light cannot penetrate walls, ceilings, or floors • Narrowband • Uses microwave radio band frequencies to transmit data • Popular uses • Cordless phones • Garage door openers Hands-On Ethical Hacking and Network Defense

  27. An Overview of Wireless Technologies (continued) • Spread Spectrum • Modulation defines how data is placed on a carrier signal • Data is spread across a large-frequency bandwidth instead of traveling across just one frequency band • Methods • Frequency-hopping spread spectrum (FHSS) • Direct sequence spread spectrum (DSSS) • Orthogonal frequency division multiplexing (OFDM) Hands-On Ethical Hacking and Network Defense

  28. IEEE Additional 802.11 Projects • 802.11a • Created in 1999 • Operating frequency range changed from 2.4 GHz to 5 GHz • Throughput increased from 11 Mbps to 54 Mbps • Bands or frequencies • Lower band—5.15 to 5.25 GHz • Middle band—5.25 to 5.35 GHz • Upper band—5.75 to 5.85 GHz Hands-On Ethical Hacking and Network Defense

  29. IEEE Additional 802.11 Projects (continued) • 802.11b • Operates in the 2.4 GHz range • Throughput increased from 1 or 2 Mbps to 11 Mbps • Also referred as Wi-Fi (wireless fidelity) • Allows for 11 channels to prevent overlapping signals • Effectively only three channels (1, 6, and 11) can be used in combination without overlapping • Introduced Wired Equivalent Privacy (WEP) Hands-On Ethical Hacking and Network Defense

  30. IEEE Additional 802.11 Projects (continued) • 802.11e • It has improvements to address the problem of interference • When interference is detected, signals can jump to another frequency more quickly • 802.11g • Operates in the 2.4 GHz range • Uses OFDM for modulation • Throughput increased from 11 Mbps to 54 Mbps Hands-On Ethical Hacking and Network Defense

  31. IEEE Additional 802.11 Projects (continued) • 802.11i • Introduced Wi-Fi Protected Access (WPA) • Corrected many of the security vulnerabilities of 802.11b • 802.15 • Addresses networking devices within one person’s workspace • Called wireless personal area network (WPAN) • Bluetooth is a common example Hands-On Ethical Hacking and Network Defense

  32. IEEE Additional 802.11 Projects (continued) • 802.16 • Addresses the issue of wireless metropolitan area networks (MANs) • Defines the WirelessMAN Air Interface • It will have a range of up to 30 miles • Throughput of up to 120 Mbps • 802.20 • Addresses wireless MANs for mobile users who are sitting in trains, subways, or cars traveling at speeds up to 150 miles per hour Hands-On Ethical Hacking and Network Defense

  33. IEEE Additional 802.11 Projects (continued) • Bluetooth • Defines a method for interconnecting portable devices without wires • Maximum distance allowed is 10 meters • It uses the 2.45 GHz frequency band • Throughput of up to 12 Mbps • HiperLAN2 • European WLAN standard • It is not compatible with 802.11 standards Hands-On Ethical Hacking and Network Defense

  34. Hands-On Ethical Hacking and Network Defense

  35. Understanding Authentication • An organization that introduces wireless technology to the mix increases the potential for security problems Hands-On Ethical Hacking and Network Defense

  36. The 802.1X Standard • Defines the process of authenticating and authorizing users on a WLAN • Addresses the concerns with authentication • Basic concepts • Point-to-Point Protocol (PPP) • Extensible Authentication Protocol (EAP) • Wired Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA) Hands-On Ethical Hacking and Network Defense

  37. Point-to-Point Protocol (PPP) • Many ISPs use PPP to connect dial-up or DSL users • PPP handles authentication by requiring a user to enter a valid user name and password • PPP verifies that users attempting to use the link are indeed who they say they are Hands-On Ethical Hacking and Network Defense

  38. Extensible Authentication Protocol (EAP) • EAP is an enhancement to PPP • Allows a company to select its authentication method • Certificates • Kerberos • Certificate • Record that authenticates network entities • It contains X.509 information that identifies the owner, the certificate authority (CA), and the owner’s public key Hands-On Ethical Hacking and Network Defense

  39. Extensible Authentication Protocol (EAP) (continued) • EAP methods to improve security on a wireless networks • Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) • Protected EAP (PEAP) • Microsoft PEAP • 802.1X components • Supplicant • Authenticator • Authentication server Hands-On Ethical Hacking and Network Defense

  40. Hands-On Ethical Hacking and Network Defense

  41. Wired Equivalent Privacy (WEP) • Part of the 802.11b standard • It was implemented specifically to encrypt data that traversed a wireless network • WEP has many vulnerabilities • Works well for home users or small businesses when combined with a Virtual Private Network (VPN) Hands-On Ethical Hacking and Network Defense

  42. Wi-Fi Protected Access (WPA) • Specified in the 802.11i standard • It is the replacement for WEP • WPA improves encryption by using Temporal Key Integrity Protocol (TKIP) • TKIP is composed of four enhancements • Message Integrity Check (MIC) • Cryptographic message integrity code • Main purpose is to prevent forgeries • Extended Initialization Vector (IV) with sequencing rules • Implemented to prevent replays Hands-On Ethical Hacking and Network Defense

  43. Wi-Fi Protected Access (WPA) (continued) • TKIP enhancements (continued) • Per-packet key mixing • It helps defeat weak key attacks that occurred in WEP • MAC addresses are used in creating an intermediate key • Rekeying mechanism • It provides fresh keys that help prevent attacks that relied on reusing old keys • WPA also adds an authentication mechanism implementing 802.1X and EAP Hands-On Ethical Hacking and Network Defense

  44. Understanding Wardriving • Hackers use wardriving • Driving around with inexpensive hardware and software that enables them to detect access points that haven’t been secured • Wardriving is not illegal • But using the resources of these networks is illegal • Warflying • Variant where an airplane is used instead of a car Hands-On Ethical Hacking and Network Defense

  45. How It Works • An attacker or security tester simply drives around with the following equipment • Laptop computer • Wireless NIC • An antenna • Software that scans the area for SSIDs • Not all wireless NICs are compatible with scanning programs • Antenna prices vary depending on the quality and the range they can cover Hands-On Ethical Hacking and Network Defense

  46. How It Works (continued) • Scanning software can identify • The company’s SSID • The type of security enabled • The signal strength • Indicating how close the AP is to the attacker Hands-On Ethical Hacking and Network Defense

  47. NetStumbler • Shareware tool written for Windows that enables you to detect WLANs • Supports 802.11a, 802.11b, and 802.11g standards • NetStumbler was primarily designed to • Verify your WLAN configuration • Detect other wireless networks • Detect unauthorized APs • NetStumbler is capable of interface with a GPS • Enabling a security tester or hacker to map out locations of all the WLANs the software detects Hands-On Ethical Hacking and Network Defense

  48. Hands-On Ethical Hacking and Network Defense

  49. NetStumbler (continued) • NetStumbler logs the following information • SSID • MAC address of the AP • Manufacturer of the AP • Channel on which it was heard • Strength of the signal • Encryption • Attackers can detect APs within a 350-foot radius • But with a good antenna, they can locate APs a couple of miles away Hands-On Ethical Hacking and Network Defense

  50. Hands-On Ethical Hacking and Network Defense

More Related