Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

Slides:



Advertisements
Similar presentations
Overview How to crack WEP and WPA
Advertisements

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Wireless Cracking By: Christopher Zacky.
Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.
Wireless Security. Why is it important? Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Over.
Computer Networks IGCSE ICT Section 4.
AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.
Certain security vulnerabilities exist in every mode of wireless communications.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
PRESENTATION ON WI-FI TECHNOLOGY
Wireless Encryption: WEP and cracking it. Eric Shea.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Hands-On Ethical Hacking and Network Defense Lecture 14 Cracking WEP Last modified
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless Networking & Security Greg Stabler Spencer Smith.
David Abarca, Instructor Del Mar College Computer Corner Wireless Network Access Control.
Chapter 8 Wireless Hacking Last modified
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
Ethical Hacking: Hacking GMail. Teaching Hacking.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Solving the Security Risks of WLAN Tuukka Karvonen
Wireless Security A lab that actually works! Anne Hewitt Oscar Salazar A lab that actually works! Anne Hewitt Oscar Salazar.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
KSU 2015-Summer Cyber Security | Group 1 | Seul Alice Bang Get a Wifi Password.
Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Wireless Hacking Lesson 13. Reminder As a reminder, remember that the tools and techniques that you learn this semester are only to be used on systems.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
Module 48 (Wireless Hacking)
Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00
Presented By: Rohit Maurya
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
Securing A Wireless Network
Ethical Hacking: Hacking GMail
Wireless Hacking.
Security Issues with Wireless Protocols
Presentation transcript:

Ethical Hacking Defeating Wireless Security

2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information Technology City College San Francisco City College San Francisco Web: samsclass.info Web: samsclass.info

3 Two Hacking Classes CNIT 123: Ethical Hacking and Network Defense Has been taught since Spring 2007 (four times) Face-to-face and Online sections available Fall 2008 CNIT 124: Advanced Ethical Hacking Taught for the first time in Spring 2008

4 Certified Ethical Hacker Those two classes prepare students for CEH Certification Those two classes prepare students for CEH Certification

5 Certificate in Network Security

6 Associate of Science Degree

Equipment Wireless Network Interface Cards (NICs) and Drivers

8 The Goal All wireless NICs can connect to an Access Point All wireless NICs can connect to an Access Point But hacking requires more than that, because we need to do But hacking requires more than that, because we need to do Sniffing – collecting traffic addressed to other devices Sniffing – collecting traffic addressed to other devices Injection – transmitting forged packets which will appear to be from other devices Injection – transmitting forged packets which will appear to be from other devices

9 Windows v. Linux The best wireless hacking software is written in Linux The best wireless hacking software is written in Linux The Windows tools are inferior, and don't support packet injection The Windows tools are inferior, and don't support packet injection But all the wireless NICs are designed for Windows But all the wireless NICs are designed for Windows And the drivers are written for Windows And the drivers are written for Windows Linux drivers are hard to find and confusing to install Linux drivers are hard to find and confusing to install

Wireless Security

11 Three Security Settings No security No security WEP (Wired Equivalent Privacy) WEP (Wired Equivalent Privacy) Old and broken Old and broken Easily hacked Easily hacked WPA and WPA2 (Wi-Fi Protected Access) WPA and WPA2 (Wi-Fi Protected Access) Very secure Very secure The only significant vulnerability is to a dictionary attack, if the key is a common word The only significant vulnerability is to a dictionary attack, if the key is a common word

Wireless Security in San Francisco Measured by CCSF students on Nov 18, 2008 Measured by CCSF students on Nov 18, 2008 WEP is the most popular security technique! WEP is the most popular security technique! 12

Cracking WEP Tools and Principles

14 A Simple WEP Crack The Access Point and Client are using WEP encryption The Access Point and Client are using WEP encryption The hacker device just listens The hacker device just listens Hacker Listening WEP- Protected WLAN

15 Listening is Slow You need to capture 50,000 to 200,000 "interesting" packets to crack a 64-bit WEP key You need to capture 50,000 to 200,000 "interesting" packets to crack a 64-bit WEP key The "interesting" packets are the ones containing Initialization Vectors (IVs) The "interesting" packets are the ones containing Initialization Vectors (IVs) Only about ¼ of the packets contain IVs Only about ¼ of the packets contain IVs So you need 200,000 to 800,000 packets So you need 200,000 to 800,000 packets It can take hours or days to capture that many packets It can take hours or days to capture that many packets

16 Packet Injection A second hacker machine injects packets to create more "interesting packets" A second hacker machine injects packets to create more "interesting packets" Hacker Listening and Injecting WEP- Protected WLAN

17 Injection is MUCH Faster With packet injection, the listener can collect 200 IVs per second With packet injection, the listener can collect 200 IVs per second 5 – 10 minutes is usually enough to crack a 64-bit key 5 – 10 minutes is usually enough to crack a 64-bit key Cracking a 128-bit key takes an hour or so Cracking a 128-bit key takes an hour or so Link l_14r Link l_14r

Cracking WEP The Attack

19 Airodump Sniffs packets to find networks Sniffs packets to find networks

20 Aireplay Finds an ARP packet and replays it to make cracking faster Finds an ARP packet and replays it to make cracking faster

21 Data This makes the #Data value go up much faster This makes the #Data value go up much faster We need at least 50,000 Data (IVs) to crack WEP We need at least 50,000 Data (IVs) to crack WEP

22 Aircrack The captured IVs make the keyspace much smaller The captured IVs make the keyspace much smaller Aircrack performs a brute-force attack on all remaining keys Aircrack performs a brute-force attack on all remaining keys