Wireless Security
Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your network
Benefits of a Wireless Network Can be an extension to a wired LAN Wired LANs can be at time, impractical, or impossible No wiring Moving does not require re-wiring, network re-configuration or cable drops. Portability/Flexibility Less Expenditures on relocation and initial setup
WVA-Wireless Vulnerabilities and Attacks Wireless attacks fall under 4 main categories: Passive Attacks Active Attacks Man in the Middle Attacks Jamming
Passive Attack Eavesdropping: People listening and monitoring your network Network Monitor, TCPdump in Linux ,NetStumbler, or Airsnort, are tools used to capture and “analyze” network traffic by “war drivers”
“War Driving” The act of driving around looking for open WI FI nodes There are websites and software that allows potential hackers to get a map of open APs. Many sites/forums with thousands of users have adopted war driving as a hobby. While many claim this to be solely as hobby, your network may be at risk if a potential hacker discovers your unsecured network Same sites and forums map your Wi Fi location on the internet..
Stats of found Wi Fi Spots (wigle.net)
Wardriving maps available online (wigle.net)
Wardriving map using Google Earth
Active Attacks Insertion :based on placing unauthorized devices on the wireless network without going through a security process. Spoofing: Cloaking SSID or MAC addresses to get by security measures DOS (denial of service): Jamming, flooding attacks that prevent sites/networks from performing efficiently. Releasing Malware into Network: software with the intent to cause harm to nodes/network. (viruses, trojan horses, spyware, adware, keystroke loggers, etc.
WVA-Wireless Vulnerability and Attacks MAC Authentication Spoofing Most Wi-Fi WLAN equipment vendors include a sublevel of rudimentary authentication via MAC address white/black listing. Standard tools can "spoof" MAC addresses which allow any attacker to mask himself/herself as an authorized client thereby gaining access to the WLAN.
Man in the Middle Attack attacker will control the communication between two parties by secretly controlling both sides of the communication stream. Attacker can use a rogue AP and “spoof” the SSID to which unsuspecting users will log on to.
WVA-Wireless Vulnerabilities and Attacks 802.11 SSID Can be Spoofed The SSID used to identify an 802.11 network can be trivially faked by an attacker. If a client can be tricked into connecting to a malicious AP then it may become vulnerable in a number of ways: (a) it may accept an unencrypted connection, (b) the malicious AP might be used as part of a man-in-the-middle attack, (c) the user might be tricked by phishing attacks behind the AP (e.g. a fake hotspot signup page).
Jamming RF frequencies interfere with the operation of the wireless network Can be unintentional jamming: cordless phones and other devices on the same frequency Not very common attack: A lot of work only to “interfere”…The payoff isn't as great for hackers.
WVA-Wireless Vulnerability and Attacks Falling victim to an insertion attack can prove to be costly. Personal information is exposed Corporations risk losing money, personnel info., client accounts, etc. (possibly lead to lawsuits)
Security Measures Although there is no guarantee that your network will be 100 % secure, you can minimize the chances and, perhaps, even deter a few “wannabe hackers”. After all, you wouldn’t leave your front door open…would you?
Security Measures Avoid Misconfiguration Change ALL default passwords on your router. Enable WEP. WEP is disabled by default. Avoid using DHCP if possible (especially in corporate environment) Periodically change Passwords.
Security Measures Use Static IP addresses Avoid dynamic addresses assigned by DHCP. (default setting on AP is to use DHCP) Corporate environment: Avoid employees bringing in their personal, possibly misconfigured AP. Assign every node a private address so as to avoid your devices from being reached directly from the internet. Private IP EX: 10.192.193.45
Security Measures MAC filtering: Enable MAC filtering in your router so that only specified computers can connect to your AP Reduce signal “leakage” by placing router in an area where its radius covers only your work space. (i.e. avoid the coverage including front yard)
Security Measures From a corporate standpoint: It is crucial to create an risk assessment before incorporating a wireless network. They should make security measures which they have a need for, so that they can aquire the proper hardware/software solutions
Security Measures -continued Agencies should understand the need to constantly having to provide upgrades, fixes, and or patches, to maintain proper security. No one protocol or encryption is 100% safe or effective.
Conclusion An overall good practice for a personal or corporate level, is to use common sense. Educate yourself about the risks and vulnerabilities, and make sure that you use every security measure available to you: Firewalls, encryptions, properly placed APs, MAC filtering, etc.
Sources for further Information NIST (National Institute of Standards and Technology) http://csrc.nist.gov http://www.networkworld.com http://www.wirelessve.org http://www.wardriving.com http://wigle.net