Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basic Network Security Perimeter devices – Firewall – Intrusion Detection/Prevention System – URL Filter/Web proxy – Spam filter If an attacker successfully.

Published byDwain Payne Modified over 9 years ago

Similar presentations

Presentation on theme: "Basic Network Security Perimeter devices – Firewall – Intrusion Detection/Prevention System – URL Filter/Web proxy – Spam filter If an attacker successfully."— Presentation transcript:

1 Basic Network Security Perimeter devices – Firewall – Intrusion Detection/Prevention System – URL Filter/Web proxy – Spam filter If an attacker successfully breaches your wireless infrastructure, how valuable are your perimeter security devices? 10/15/2013CST8304 - 802.11 Security1

2 Basic Network Security 10/15/2013CST8304 - 802.11 Security2

3 Defining Wi-Fi Security How does one define Wi-Fi security? – Encryption of the data – Encryption of the transmission medium – Environmental shielding – User education Let’s take a closer look at attacks and countermeasures… 10/15/2013CST8304 - 802.11 Security3

4 Attack Techniques How do attackers break into Wi-Fi networks? Are all attacks meant to gain unauthorized access? – No. Are all attacks technical in nature? – No. 10/15/2013CST8304 - 802.11 Security4

5 Social Engineering Wiley attackers use knowledge gained through illegitimate means to present themselves as an initiated member of a company – After dumpster diving, an attacker may discover a hidden SSID written down on a post-it note – The attacker calls the help desk, pretending to be an employee – The attacker mentions the name of the hidden SSID but states that they have forgotten the WPA key Maybe the help desk agent gives them the WPA key… 10/15/2013CST8304 - 802.11 Security5

6 Social Engineering Recognize this guy? – Kevin Mitnick – Once the most wanted computer criminal in the United States – Social Engineering since age 12. – Compromised systems without using hacking tools – only codes/passwords he obtained through social engineering. 10/15/2013CST8304 - 802.11 Security6

7 Social Engineering Targets The Help Desk – Often holds the keys to accessing the wi-fi network – Can sometimes fall into routine of assisting users without asking for verification Verifying users may also not be a part of the company policy on the whole. – Often under-trained, from a security perspective. Attackers will often portray a user who is very smart, or very dumb, to get the info they want. – Some attackers will threaten users with manager engagement This is where having a good manager comes in… 10/15/2013CST8304 - 802.11 Security7

8 Social Engineering Targets On-site Contractors – Not fully invested in the company, not loyal – May receive more access than necessary Contractors may also become the attackers – Too much access + excessive curiosity = potential for compromise – Mr. Mitnick is a good example. 10/15/2013CST8304 - 802.11 Security8

9 Social Engineering Targets Employees/end users – Sometimes credentials are shared in order to provide access to resources on an interim basis There may be a lack of understanding of accountability – Wireless keys/passwords may be on post-its in plain sight – Leaving systems unlocked – Receiving calls from the “help desk” to confirm their credentials 10/15/2013CST8304 - 802.11 Security9

10 Social Engineering Countermeasures Education, education, EDUCATION! – Ensure that your users know better than to leave passwords or WiFi keys written down Introduce software such as KeePass to users for storage of passwords and keys – Ensure that users are NOT sharing passwords for ANYTHING – Loose lips sink ships. Ensure that your help desk knows how to properly authenticate users If it’s written in policy, even the CEO can’t call in without proper identification and get access (and they can’t fire you because it’s written in a policy) 10/15/2013CST8304 - 802.11 Security10

11 Social Engineering Countermeasures Shred-IT boxes – Most companies have shred-it boxes in their offices nowadays – Instead of providing information to those who are willing to dumpster dive, the info is disposed of securely Implement proper security policies – Follow the principle of minimal access – Users (especially contractors) should only have access to resources that are mission critical 10/15/2013CST8304 - 802.11 Security11

12 Eavesdropping Wi-Fi signal is sent on an extremely tap-able distribution medium – The air! A well-placed antenna can view copies of the data being transmitted over the air War driving is a good example of eavesdropping Defined as the intercepting and reading of messages and information by unintended recipients. 10/15/2013CST8304 - 802.11 Security12

13 Eavesdropping Analogy – verbal communication – When someone speaks to you, or to a group with which you are affiliated, it is a conversation, not eavesdropping – If someone is speaking to another individual, or to a group with which you have no affiliation, but you decide to listen in… that’s eavesdropping. And if you decide to chime in on a conversation to which you are not invited… that’s intrusion! 10/15/2013CST8304 - 802.11 Security13

14 Eavesdropping Tools of the trade – Discovery NetStumbler (or MacStumbler for Mac) KisMet (or KisMac) Easy Wi-Fi Radar – Sniffing/Injection 10/15/2013CST8304 - 802.11 Security14 Wireshark OmniPeek CommView AirPcap Javvin CAPSA MS NetMon

15 Eavesdropping Countermeasures Environmental shielding – If the signal can’t get through the walls, an attacker will have a hard time picking it up! Hidden SSID – Causes clients to send directed probes, which can be intercepted and provide an avenue for hijacking Disable mixed mode – Permitting clients to connect with 802.11b/g/n opens up more avenues for intrusion 10/15/2013CST8304 - 802.11 Security15

16 Hijacking Commandeering a user’s wireless connection without consent Layer 2 hijacking = DoS – If the attacker provides layer 3 functionality, they can potentially take over the target system 10/15/2013CST8304 - 802.11 Security16

17 Hijacking DoS - How it’s done – An attacker will run an AP using the same SSID as a legit AP to which the target is associated – The attacker helps the target de-auth from the AP through de-auth frames or excessive interference – The target must now re-associate to an AP – The attacker ensures that their rogue AP has a stronger signal than the legit AP to coax the target into associating to their equipment 10/15/2013CST8304 - 802.11 Security17

18 Hijacking Layer 3 Attack – How it’s done – Start off with the same steps as the DoS – In this scenario, the rogue AP is equipped with DHCP connectivity – Target gets kicked off of the legit AP, re-associates to rogue AP – Rogue AP provides an IP address to the target – The attacker now has the target’s IP address and can commence with a full-scale attack 10/15/2013CST8304 - 802.11 Security18

19 Hijacking 10/15/2013CST8304 - 802.11 Security19 Legit AP Attacker Weaker signal from legit AP Rogue AP Stronger signal from rogue AP Target

20 Hijacking 10/15/2013CST8304 - 802.11 Security20 If a user were to re-associate to the rogue AP, and then attempt a connection to an FTP site, a tool such as Karma could redirect the traffic, in turn intercepting the user’s credentials.

21 Hijacking Windows + Mobile Device Vulnerability – Preferred network list (PNL) List of preferred SSIDs for association – Devices will try to connect to each AP in the PNL Disclosure of each network in the PNL Great opportunity to find out which networks are preferred and stand up a rogue AP with an SSID from the list – Windows Specific If no SSIDs from the PNL are available, generate some random SSID and attempt to connect to that… this helps keep the adapter from turning off when not connected Software exists to respond to any SSID association requests 10/15/2013CST8304 - 802.11 Security21

22 Hijacking Countermeasures WIDS/Rogue AP Detection – Split MAC w/ Controller Config – If the controller notices a rogue AP, it can drown it out Controller starts broadcasting the same AP as the rogue AP Controller increases the power until it is greater than that of the rogue AP 10/15/2013CST8304 - 802.11 Security22

23 Denial of Service Launched against Layer 1 or 2 Layer 1 = RF Jamming – IE: cell phone jammers – High-power RF radiators across 2.4GHz or 5GHz spectrum – Signal generator strength is greater than that of your 802.11 device, so users only get the noise from the signal generator, rather than your device 10/15/2013CST8304 - 802.11 Security23

24 Denial of Service Accidental DoS can come from other appliances – Microwave or Cordless phone, for example Generally detected by users complaining of loss of service 10/15/2013CST8304 - 802.11 Security24

25 Denial of Service Layer 2 Attack – Attacker spoofs BSSID and sends deauthentication frames from said BSSID De-auth frames are management frames, and therefore will not be ignored by the STA – Several different types PS-Poll Floods Association Floods Auth Floods Empty Data Floods 10/15/2013CST8304 - 802.11 Security25

26 Denial of Service PS-Poll Flood – PS = Power Saving – STA tells the AP that it will enter PS mode – AP caches data frames for the STA while it sleeps – An attacker could spoof the STA MAC ID and send PS-Poll frames – The AP would then send all of the data frames to the attacker and the target, and the target may not get the data (if it is in PS mode) 10/15/2013CST8304 - 802.11 Security26

27 Denial of Service Association Flood – Attacker floods the AP with association packets from random MAC IDs – This means that it will be less likely that a legit STA will authenticate Auth Flood – Same as association flood, only the attacker uses authentication packets instead of association packets 10/15/2013CST8304 - 802.11 Security27

28 Denial of Service Empty Data Floods – Multiple WiFi adapters in an attacker STA – Attacker generates a multitude of packets of the maximum allowable size – Use up most of the WiFi bandwidth 10/15/2013CST8304 - 802.11 Security28

Download ppt "Basic Network Security Perimeter devices – Firewall – Intrusion Detection/Prevention System – URL Filter/Web proxy – Spam filter If an attacker successfully."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.

Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J.

Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J.

Similar presentations

Ads by Google