Wi-Fi: How it Works and Security Measures. What is Wi-Fi? Any wireless local area network (WLAN) product that meets the Institute of Electrical and Electronics.

Slides:

Advertisements

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

Advertisements

Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.

Wireless Cracking By: Christopher Zacky.

OSI MODEL Maninder Kaur

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Network Layer and Transport Layer.

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Internetworking Fundamentals (Lecture #1) Andres Rengifo Copyright 2008.

1 Chapter 9 Computer Networks. 2 Chapter Topics OSI network layers Network Topology Media access control Addressing and routing Network hardware Network.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Chapter 2 Network Models.

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

COMPUTER NETWORKS.

IEEE Wireless LAN Standard

THE OSI MODEL KUDIRAT FAWEHINMI COSC 541.

OSI Reference Model and Security COMP 423. The Physical Layer Establish and terminate the physical and logical connections to the media Manage the flow.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.

Section 4 : The OSI Network Layer CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

© McLean HIGHER COMPUTER NETWORKING Lesson 1 – Protocols and OSI What is a network protocol Description of the OSI model.

Layer Architecture Layer architecture simplifies the network design. It is easy to debug network applications in a layered architecture network. The network.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Computer Networks. Introduction Computer Network2 A History Lesson of Networking 1969 – ARPANET, first packet switched network consist of UCLA, Stanford,

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

Information Flow Across the Internet. What is the Internet? A large group of computers that link together to form the Worldwide Area Network (WAN)

Wireless Networking & Security Greg Stabler Spencer Smith.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.

Lecture 24 Wireless Network Security

Network Protocols and Standards (Part 2). The OSI Model In 1984, the International Organization for Standardization (ISO) defined a standard, or set of.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.

ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

N ETWORKING Standards and Protocols. S TANDARDS AND P ROTOCOLS The OSI Model.

Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

TCP/IP Protocol Suite Suresh Kr Sharma 1 The OSI Model and the TCP/IP Protocol Suite Established in 1947, the International Standards Organization (ISO)

Mr. Sathish Kumar. M Department of Electronics and Communication Engineering I’ve learned that people will forget what you said, people will forget what.

The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Instructor Materials Chapter 6 Building a Home Network

Using MIS 2e Chapter 6 Appendix

How Data Flows through the Internet

Topic 5: Communication and the Internet

Chapter 3: Open Systems Interconnection (OSI) Model

Network Protocol Layers

WJEC GCSE Computer Science

Presentation transcript:

Wi-Fi: How it Works and Security Measures

What is Wi-Fi? Any wireless local area network (WLAN) product that meets the Institute of Electrical and Electronics Engineers' (IEEE) standards Typically covers a range of 20 meters indoors

The OSI Model International Standards Organization (ISO) developed the Open Systems Interconnection (OSI) model It is meant to divide all network communication into seven distinct parts Each layer takes care of a specific job, then passes the data on to the next layer

Layer 1 - Physical Refers to any physical device meant to transmit data Examples are cables, wireless cards, antenna, and fiber optics These devices handle the actual transmission of data (like carrier pigeons) The actual data that is to be sent or received through this layer is determined by higher-level layers

Layer 2 – Data Link Figures out what Media Access Control (MAC) Address data should be going to MAC Addresses are unique numbers assigned to all wireless devices that are used in identifying different devices on a local network This layer only handles data sent across ONE network, an internet connection that sends data over multiple networks uses Layer 3

Layer 3 - Network Handles data transmission to other networks using the Internet Protocol (IP) Address Like Layer 2, this layer only handles the addressing and routing of data (it gets data to where it needs to go)

Layer 4 - Transport This layer makes sure that data is reliably transferred to upper layers Communication protocols operate on this layer to ensure that the data packets were sent correctly and in the right order This is necessary due to the fickle nature of sending data through various mediums and over long distances, such as internet connections to prevent packets from being duplicated, fragmented, and to account for lost data

Layer 7 - Application The highest layer – applications that want to send data put it into here Data that is sent is expected to arrive in an identical condition at the destination If a WLAN card was sent data, Layer 1 will pass it up to Layer 7 If a program is sending data to another target, that data will be sent from Layer 7 down to Layer 1

Connecting to a WLAN: Authentication Whenever a client wants to connect to a WLAN, it must first authenticate to it Authentication serves to identify to a WLAN the client that is attempting to connect For WEP (Wired Equivalency Protection) encrypted APs, this can be done in two ways: shared-system authentication and open-system authentication

Shared-System Authentication To begin shared-system authentication, a client will send a message to the access point (AP) saying that it is ready to begin The AP will respond with an unencrypted (or “clear text”) message The client will encrypt this message using the key that its user entered and send it back to the AP If the message was encrypted using the correct key, the AP will inform the client that it is now authenticated

Open-System Authentication This is essentially like having no authentication The client will send a data frame to the AP to identify itself The AP sends back a successful authentication frame

Which is more Secure? The answer here is actually that open-system authentication is more secure It is very important to remember that with wireless traffic, waves are sent everywhere, not just to a single intended destination If someone has set their wireless card to “sniff” (monitor) all wireless traffic rather than just the traffic intended for their terminal, they could capture a sample of a correctly encrypted frame versus a clear text frame

WEP Security Shortcomings WEP is a stream cypher, so its security relies on its initialization vectors (IVs) to never be used more than once Due to the limited size of an IV, however, there is a 50% chance that an IV will be repeated after 5,000 packets of data – a number that is quickly reached on a busy network A program such as aircrack-ng (will be demonstrated later) can run statistical analyses on captured IVs to crack the key in less than five minutes

WPA Encryption WPA (Wi-Fi Protected Access) encryption was developed in response to the discovery that WEP was insecure It uses a more secure method of both authenticating and transferring data

The Four-Way Handshake The “handshake” is the conversation a client has with the AP as it tries to authenticate using WPA encryption This authentication process is drastically more secure than WEP because the key used to decrypt the traffic changes every time a client connects, and the key is never divulged across a wireless medium

The WPA Security Hole Even though the PMK is never transmitted using the four-way handshake, WPA is still able to be compromised If a potential hacker is monitoring the handshake, he/she will be able to use a dictionary file containing possible PMKs to see if any of them would yield the same result as a successful handshake This method only works on weak passwords, however, and a complete brute force attempt at cracking the key would take hundreds, thousands, or even millions of years depending on the password length

Deauthentication Attacks Normally, whenever a client wishes to disconnect from an AP, it sends a disassociation packet to the AP telling it to cease communications with it The AP, however, does not know necessarily where that packet originated from, it can only see the MAC address that the data frame claims that it has come from Knowing this, any client can send an AP a deauthentication request for any other client on the network. Operating systems do not usually provide a method for doing this, as there is no legal usage for doing so

This type of attack has different uses In the case of cracking a WEP key, it can be used to generate traffic between the client and the AP, because Windows will automatically try to re-authenticate with an AP that it has lost connectivity with, thus continually generating traffic that can be captured and used to crack the key In the case of cracking a WPA PMK, this attack can force the client to redo the four-way handshake, allowing to to be captured for use with a dictionary attack Or, of course, you could just free-up all of the broadband for yourself...

Script Kiddies Now that the internet is so widely accessible and there are plenty of tools available that can be used to break into and deface virtual property, a new type of hacker, the “Script Kiddie” is commonplace

The Blaster Worm The Blaster Computer Worm was a virus propagated in the early 2000s that was designed to turn victim's PCs into tools to overflow windowsupdate.com with useless traffic (a DoS attack) On August 29, 2003, Jeffrey Lee Parson (seen on the last slide), an 18-year-old from Hopkins, Minnesota was arrested for creating a variant of the worm, adding only his screen name and a back door into the virus