Wireless Hacking Lesson 13. Reminder As a reminder, remember that the tools and techniques that you learn this semester are only to be used on systems.

Slides:



Advertisements
Similar presentations
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Advertisements

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security+ Guide to Network Security Fundamentals, Third Edition
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Wired Equivalent Privacy (WEP)
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Wireless Hacking. Wireless LANs and footprinting Wireless LANs l see basic conceptsbasic concepts Linux versus Windows footprinting l you need a card.
Wireless Encryption: WEP and cracking it. Eric Shea.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Linux Networking and Security
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
CHAPTER 9 Sniffing.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Encryption Protocols used in Wireless Networks Derrick Grooms.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Solving the Security Risks of WLAN Tuukka Karvonen
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
Understand Wireless Security LESSON Security Fundamentals.
Module 48 (Wireless Hacking)
Wireless Protocols WEP, WPA & WPA2.
Wireless Security.
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
Wireless Hacking.
Wireless Network Security
WLAN Security Antti Miettinen.
Presentation transcript:

Wireless Hacking Lesson 13

Reminder As a reminder, remember that the tools and techniques that you learn this semester are only to be used on systems you are authorized to perform scans/tests on. Authorization doesn’t simply mean that you are an authorized user but rather that: You are specifically authorized to perform the penetration activity on the system. Conducting activity outside your authorized boundaries can result in: Failing the class should it occur now Having your employment terminated if you try this on a company system Criminal prosecution depending on the specific activity

Wireless Networks Unlike wired networks, there is little to no control over who is receiving traffic on the network Antenna selection can extend range of wireless reception by several miles devices can be small and easily concealed Anonymity is provided to anyone who can successfully connect to the wireless network No source information is available to attempt to trace the origin of the attack

Poor Authentication Current production devices have weak authentication schemes without running additional protocols Authentication is currently only provided by SSID, Service Set Identifier or WEP, Wired Equivalent Privacy SSID is easily sniffed from existing traffic WEP is a weak encryption protocol that is easily cracked Future support for 802.1X will provide stronger authentication

Weak Encryption WEP, or Wired Equivalent Privacy is the encryption method used to attempt privacy of the wireless packets It is an implementation of the RC4 stream cipher, supporting 40 and 104 bit encryption keys The implementation is subject to weak Initialization Vectors, allowing an attacker to crack the WEP key once they have collected enough packets There are automated tools to perform the cracking of the WEP keys, AirSnort being one of the most popular New wireless standards such as i will allow for WEP to be replaced by AES, Advanced Encryption Standard

Shared Media Topology An wireless LAN operates as a shared media technology. Allows any device in Promiscuous mode, i.e. Sniffer programs, to capture every packet that is being transmitted and received from an access point Password are easily retrieved from any cleartext protocol, Telnet, POP3, SMTP, FTP

Access Points in Houston An wireless LAN operates as a shared media technology. Allows any device in Promiscuous mode, i.e. Sniffer programs, to capture every packet that is being transmitted and received from an access point Password are easily retrieved from any cleartext protocol, Telnet, POP3, SMTP, FTP In preparation for Houston Tabletop Exercise, CIAS personnel conducted some war driving in Houston. Number of different war drivers Netstumbler – windows based Kismet – Linux based

Wireless mapping Once you’ve got all that data on open wireless access points, what do you do with it all? Create those cool maps! Several tools to help with this StumbVerter uses MapPoint to plot data from files in the NetStumbler format. GPSMap is included with Kismet

Wireless Scanning and Enumeration Once you’ve found some wireless systems, the next step is similar to wired systems: Scanning Enumeration Along with the Access Points you’ve discovered, you should have learned their: SSID (Service Set IDentifier) Used as the identifier to distinguish one access point from another. Similar to a domain name for a wireless network. MAC address (Media Access Control) The unique address that identifies each node of a network WEP usage (Wired Equivalent Privacy) Encryption for wireless networks IP address

SSID All war-driving software designed to grab SSID’s. A probe request to the network with a zero-length SSID will generally result in the network responding with the SSID. SSID’s may also be obtained by: Watching for beacons. These are sent continually by some access points. Watch for probe responses to other systems. Reassociation requests (if system wanders out of range then back in) If probe responses blocked, you can wait until a client tries to reassociate or you can force the issue by sending a deauthentication frame which should result in systems trying to reconnect.

Sniffing Once you’ve located a potential target network you need to gather some data. Use sniffer to capture packets Are the packets encrypted? Is it a WEP implementation or some other scheme such as SSL over HTTP. Wireless sniffers not really any different from sniffers for wired lines. Only difference is that sniffers designed for wireless environment will categorize the wireless packet structure. Setting wireless cards for promiscuous mode in Windows-based systems simple. In Linux more difficult. Text covers this in detail. Number of tools for wireless environment covered in text

WEP WEP was actually never designed as a security solution but rather just to protect against passive eavesdropping. Number of ways to attack the WEP algorithm. Fortunately for us there are tools out there already designed to help us with this. AirSnort WLAN-Tools (older program, outdated) DWEPCrack tool specifically designed to crack WEP packets via the BSD system. A final note, not related to WEP, wireless can be subject to DoS attacks, not only from computers but also from S-Band ISM frequency systems (Industrial Scientific and Medical)

WPA Wi-Fi Protected Access (WPA) Interim solution until i Temporal Key Integrity ProtocolTemporal Key Integrity Protocol (TKIP) was adopted for WPA TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP WPA2 implements i fully Mandatory support for CCMP, an AES-based encryption mode with strong securityCCMPAES CCMP: Counter Mode Cipher Block Chaining Message Authentication Code Protocol

Cyber Defense Exercise (CDX) A defensive exercise in which members from each of the military academies attempt to protect networks from attacks by aggressors The competition is sponsored by DHS and has been conducted since National Collegiate Cyber Defense Competition Builds on regional competitions April in San Antonio (Marriot Riverwalk)

Summary What is the importance and significance of this material? Wireless is becoming more common. In some environments it is replacing wired networks altogether. How does this topic fit into the subject of “Security Risk Analysis”? If its out there, we need to know how to attack it. Since there are some inherent problems with wireless, this can be an easy access for us into an organization’s network.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.