Download presentation
1
Wireless Insecurity
2
Wireless 802.11a works on 5 Ghz 802.11b,g,n works on 2.4 Ghz
Access points and wireless cards are used. Protocol can be either in the clear or encrypted. Wired Equivalent Privacy (WEP) provides poor security
3
Scenario Physical Security Access Point User Attacker
5
Typical Configuration
Corporate Resources Access Point PCMCIA Wireless NIC ISA/PCI Wireless NIC User Attacker USB Wireless NIC
6
Wireless Equivalence Protocol
RC4 Crypto algorithm 64, 128 bit encryption 24 bit Initialization Vector Compromised in under 24 hours Even faster now!!! No key management (key update) New
7
Configuring Wireless Service Set Identifier (SSID) Key
8
Steps for attack Surveying (Wardriving/Warwalking)
Identification (Warchalking) Crypto-analysis(Cracking) Penetration Exploitation
9
Wardriving Tools Laptop or PDA with Wireless Card
Prism Wireless Card for promiscuous monitoring Antenna GPS Netstumbler Kismet Wireshark Antenna GPS
10
PDA with wireless card and Ministumbler Goal is to identify Access Points and SSIDs
12
Warchalking Identifying wireless sites is a new trophy sport for some.
13
Note Access Points are Identified
14
Warchalking as a Social Activity
15
WEP Cracking Capture the packets of an Access Point for a Day using Ethereal. Pass through WEP Crack (Shareware) Will identify the key in under an hour. WEP crypto will be defeated (including 128 bit) Nobody uses WEP anymore right?
16
Use LONG pass phrases for Wireless
WPA2 TKIP AES WPA2-PSK can be cracked with PSK under 21 characters Use LONG pass phrases for Wireless Everyonehastherighttolife,libertyand security
17
Bypassing Access Points with MAC Access Control
Some Access Points require MACs to authenticate access. MACs can be discovered and forged Using linux ifconfig hw eth0 11:11:11:11:11
18
Other tools AirSnort AirJAM
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. AirJAM Jams Access Point denial of service attack
19
Aircrack-ng and WEPLab
are WEP key crackers implementing the Fluhrer - Mantin - Shamir (FMS) attack, and the KoreK approach. CoWPAtty (Dictionary attack tool)
20
Penetration Access the network Take/Alter Data
Use backdoor (Wi-Fi) or Front Door (cable) GO TO JAIL – Criminal Code
21
Improvements Wi-Fi Protected Access WPA2 (802.11i)
Implementation of Temporal Key Interchange Protocol Extensible Authentication Protocol
22
Other safeguards RADIUS Access control VPN based on Certificates
Intrusion Prevention System Intrusion Detection System
23
What is the point? Vulnerabilities are discovered
Vulnerabilities get fixed New vulnerabilities appear You must re-assess safeguards
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.