Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Fourth Edition

Similar presentations


Presentation on theme: "Security+ Guide to Network Security Fundamentals, Fourth Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Fourth Edition
Chapter 8 Wireless Network Security

2 Objectives Describe the different types of wireless network attacks
List the vulnerabilities in IEEE security Explain the solutions for securing a wireless network Security+ Guide to Network Security Fundamentals, Fourth Edition

3 Introduction Wireless data communications have revolutionized computer networking Wireless data networks found virtually everywhere Wireless networks have been targets for attackers Early wireless networking standards had vulnerabilities Changes in wireless network security yielded security comparable to wired networks Security+ Guide to Network Security Fundamentals, Fourth Edition

4 Wireless Attacks Bluetooth Two types of Bluetooth network topologies
Wireless technology Uses short-range radio frequency transmissions Provides for rapid, ad-hoc device pairings Example: smartphone and Bluetooth headphones Personal Area Network (PAN) technology Two types of Bluetooth network topologies Piconet Scatternet Security+ Guide to Network Security Fundamentals, Fourth Edition

5 Table 8-1 Bluetooth products
Security+ Guide to Network Security Fundamentals, Fourth Edition

6 Wireless Attacks (cont’d.)
Piconet Established when two Bluetooth devices come within range of each other One device (master) controls all wireless traffic Other device (slave) takes commands Active slaves can send transmissions Parked slaves are connected but not actively participating Security+ Guide to Network Security Fundamentals, Fourth Edition

7 Figure 8-1 Bluetooth piconet
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

8 Wireless Attacks (cont’d.)
Scatternet Group of piconets with connections between different piconets Bluejacking Attack that sends unsolicited messages to Bluetooth-enabled devices Text messages, images, or sounds Considered more annoying than harmful No data is stolen Security+ Guide to Network Security Fundamentals, Fourth Edition

9 Figure 8-2 Bluetooth scatternet
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

10 Wireless Attacks (cont’d.)
Bluesnarfing Unauthorized access to wireless information through a Bluetooth connection Often between cell phones and laptops Attacker copies s, contacts, or other data by connecting to the Bluetooth device without owner’s knowledge Security+ Guide to Network Security Fundamentals, Fourth Edition

11 Wireless LAN Attacks Institute of Electrical and Electronics Engineers (IEEE) Most influential organization for computer networking and wireless communications Dates back to 1884 Began developing network architecture standards in the 1980s 1997: release of IEEE Standard for wireless local area networks (WLANs) Higher speeds added in 1999: IEEE b Security+ Guide to Network Security Fundamentals, Fourth Edition

12 Wireless LAN Attacks (cont’d.)
IEEE a Specifies maximum rated speed of 54Mbps using the 5GHz spectrum IEEE g Preserves stable and widely accepted features of b Increases data transfer rates similar to a IEEE n Ratified in 2009 Security+ Guide to Network Security Fundamentals, Fourth Edition

13 Wireless LAN Attacks (cont’d.)
Improvements in IEEE n Speed – up to 600Mbps Coverage area – double a, b, g Interference – different frequencies Security – high level encryption required Wireless client network interface card adapter Performs same functions as wired adapter Antenna sends and receives signals Security+ Guide to Network Security Fundamentals, Fourth Edition

14 Wireless LAN Attacks (cont’d.)
Access point (AP) major parts Antenna and radio transmitter/receiver send and receive wireless signals Bridging software to interface wireless devices to other devices Wired network interface allows it to connect by cable to standard wired network AP functions Acts as “base station” for wireless network Security+ Guide to Network Security Fundamentals, Fourth Edition

15 Figure 8-3 Access point © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

16 Wireless LAN Attacks (cont’d.)
AP functions (cont’d.) Acts as a bridge between wireless and wired networks Can connect to wired network by a cable Autonomous access points Separate from other network devices and access points Have necessary “intelligence” for wireless authentication, encryption, and management Security+ Guide to Network Security Fundamentals, Fourth Edition

17 Wireless LAN Attacks (cont’d.)
Wireless broadband routers Single hardware device containing AP, firewall, router, and DHCP server Wireless networks have been vulnerable targets for attackers Not restricted to a cable Types of wireless LAN attacks Discovering the network Attacks through the RF spectrum Attacks involving access points Security+ Guide to Network Security Fundamentals, Fourth Edition

18 Wireless LAN Attacks (cont’d.)
Discovering the network One of first steps in attack is to discover presence of a network Beaconing AP sends signal at regular intervals to announce its presence and provide connection information Wireless device scans for beacon frames War driving Process of passive discovery of wireless network locations

19 Table 8-2 War driving tools
Security+ Guide to Network Security Fundamentals, Fourth Edition

20 Wireless LAN Attacks (cont’d.)
War chalking Documenting and then advertising location of wireless LANs for others to use Previously done by drawing on sidewalks or walls around network area Today, locations are posted on Web sites Security+ Guide to Network Security Fundamentals, Fourth Edition

21 Table 8-4 War chalking symbols
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

22 Wireless LAN Attacks (cont’d.)
Attacks through the RF spectrum Wireless protocol analyzer Generating interference Wireless traffic captured to decode and analyze packet contents Network interface card (NIC) adapter must be in correct mode Kismet, Airmon, Wireshark Security+ Guide to Network Security Fundamentals, Fourth Edition

23 Wireless LAN Attacks (cont’d.)
Six modes of wireless NICs Master (acting as an AP) Managed (client) Repeater Mesh Ad-hoc Monitor – (Must be this for analyzing/capturing) Interference Signals from other devices can disrupt wireless transmissions Security+ Guide to Network Security Fundamentals, Fourth Edition

24 Wireless LAN Attacks (cont’d.)
Devices that can cause interference with a WLAN Microwave ovens Elevator motors Copy machines Outdoor lighting (certain types) Theft protection devices Bluetooth devices Security+ Guide to Network Security Fundamentals, Fourth Edition

25 Figure 8-5 Attacker interference
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

26 Wireless LAN Attacks (cont’d.)
Attacks using access points Rogue access points – installed by internal user Evil twin – installed by hacker Rogue access point Unauthorized access point that allows attacker to bypass network security configurations May be set up behind a firewall, opening the network to attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

27 Figure 8-6 Rogue access point
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

28 Wireless LAN Attacks (cont’d.)
Evil twin AP set up by an attacker Attempts to mimic an authorized AP Attackers capture transmissions from users to evil twin AP Hacking Facebook, Twitter, etc. Detecting Firesheep – ‘Blacksheep’ - ttechdows.com/2010/11/blacksheep-detects-firesheep-use-on-wireless-networks.html Security+ Guide to Network Security Fundamentals, Fourth Edition

29 Vulnerabilities of IEEE 802.11 Security
Original IEEE committee recognized wireless transmissions could be vulnerable Implemented several wireless security protections in the standard Left others to WLAN vendor’s discretion Protections were vulnerable and led to multiple attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

30 MAC Address Filtering Method of controlling WLAN access
Limit a device’s access to AP Media Access Control (MAC) address filtering Used by nearly all wireless AP vendors Permits or blocks device based on MAC address Vulnerabilities of MAC address filtering Addresses exchanged in unencrypted format Attacker can see address of approved device and substitute it on his own device Managing large number of addresses is challenging Security+ Guide to Network Security Fundamentals, Fourth Edition

31 Figure 8-7 MAC address filtering
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

32 SSID Broadcast Each device must be authenticated prior to connecting to the WLAN Open system authentication Device discovers wireless network and sends association request frame to AP Frame carries Service Set Identifier (SSID) User-supplied network name Can be any alphanumeric string 2-32 characters long AP compares SSID with actual SSID of network If the two match, wireless device is authenticated Security+ Guide to Network Security Fundamentals, Fourth Edition

33 Figure 8-8 Open system authentication
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

34 SSID Broadcast (cont’d.)
Open system authentication is weak Based only on match of SSIDs Attacker can wait for the SSID to be broadcast by the AP Users can configure APs to prevent beacon frame from including the SSID Provides only a weak degree of security Can be discovered when transmitted in other frames Older versions of Windows XP have an added vulnerability if this approach is used Security+ Guide to Network Security Fundamentals, Fourth Edition

35 Wired Equivalent Privacy (WEP)
IEEE security protocol Encrypts plaintext into ciphertext Secret key is shared between wireless client device and AP Key used to encrypt and decrypt packets WEP vulnerabilities WEP can only use 64-bit or 128-bit number to encrypt Initialization vector (IV) is only 24 of those bits Short length makes it easier to break Security+ Guide to Network Security Fundamentals, Fourth Edition

36 Figure 8-9 WEP encryption process
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

37 Wired Equivalent Privacy (cont’d.)
WEP vulnerabilities (cont’d.) Violates cardinal rule of cryptography: avoid a detectable pattern Attackers can see duplication when IVs start repeating Keystream attack (or IV attack) Attacker identifies two packets derived from same IV Uses XOR to discover plaintext See Figures 8-10 and 8-11 for details Security+ Guide to Network Security Fundamentals, Fourth Edition

38 Figure 8-10 XOR operations
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

39 Figure 8-11 Capturing packets
© Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

40 Wireless Security Solutions
Unified approach to WLAN security was needed IEEE and Wi-Fi Alliance began developing security solutions Resulting standards used today IEEE i WPA and WPA2 Security+ Guide to Network Security Fundamentals, Fourth Edition

41 Wi-Fi Protected Access (WPA)
Introduced in 2003 by the Wi-Fi Alliance A subset of IEEE i Design goal: protect present and future wireless devices Temporal Key Integrity Protocol (TKIP) Encryption Used in WPA Uses longer 128 bit key than WEP Dynamically generated for each new packet Security+ Guide to Network Security Fundamentals, Fourth Edition

42 Wi-Fi Protected Access (cont’d.)
Preshared Key (PSK) Authentication After AP configured, client device must have same key value entered Key is shared prior to communication taking place Uses a passphrase to generate encryption key Must be entered on each AP and wireless device in advance Not used for encryption Serves as starting point for mathematically generating the encryption keys Security+ Guide to Network Security Fundamentals, Fourth Edition

43 Wi-Fi Protected Access (cont’d.)
Vulnerabilities in WPA Key management Key sharing is done manually without security protection Keys must be changed on a regular basis Key must be disclosed to guest users Passphrases PSK passphrases of fewer than 20 characters subject to cracking Security+ Guide to Network Security Fundamentals, Fourth Edition

44 Wi-Fi Protected Access 2 (WPA2)
Second generation of WPA known as WPA2 Introduced in 2004 Based on final IEEE i standard Uses Advanced Encryption Standard (AES) Supports both PSK and IEEE x authentication AES-CCMP Encryption Encryption protocol standard for WPA2 CCM is algorithm providing data privacy CBC-MAC component of CCMP provides data integrity and authentication Security+ Guide to Network Security Fundamentals, Fourth Edition

45 Wi-Fi Protected Access 2 (cont’d.)
AES encryption and decryption Should be performed in hardware because of its computationally intensive nature IEEE 802.1x authentication Originally developed for wired networks Provides greater degree of security by implementing port security Blocks all traffic on a port-by-port basis until client is authenticated Security+ Guide to Network Security Fundamentals, Fourth Edition

46 Wi-Fi Protected Access 2 (cont’d.)
Extensible Authentication Protocol (EAP) Framework for transporting authentication protocols Defines message format Uses four types of packets Request Response Success Failure Lightweight EAP (LEAP) Proprietary method developed by Cisco Systems Security+ Guide to Network Security Fundamentals, Fourth Edition

47 Wi-Fi Protected Access 2 (cont’d.)
Lightweight EAP (cont’d.) Requires mutual authentication used for WLAN encryption using Cisco client software Can be vulnerable to specific types of attacks No longer recommended by Cisco Protected EAP (PEAP) Simplifies deployment of 802.1x by using Microsoft Windows logins and passwords Creates encrypted channel between client and authentication server Security+ Guide to Network Security Fundamentals, Fourth Edition

48 Table 8-3 Wireless security solutions
Security+ Guide to Network Security Fundamentals, Fourth Edition

49 Other Wireless Security Steps
Antenna placement Locate near center of coverage area Place high on a wall to reduce signal obstructions and deter theft Power level controls Some APs allow adjustment of the power level at which the LAN transmits Reducing power allows less signal to reach outsiders Security+ Guide to Network Security Fundamentals, Fourth Edition

50 Other Wireless Security Steps (cont’d.)
Organizations are becoming increasingly concerned about existence of rogue APs Rogue access point discovery tools Security personnel can manually audit airwaves using wireless protocol analyzer Continuously monitoring the RF airspace using a wireless probe Types of wireless probes Wireless device probe Desktop probe Security+ Guide to Network Security Fundamentals, Fourth Edition

51 Other Wireless Security Steps (cont’d.)
Types of wireless probes (cont’d.) Access point probe Dedicated probe Wireless virtual LANs (VLANs) Organizations may set up to wireless VLANs One for employee access, one for guest access Configured in one of two ways Depending on which device separates and directs the packets to different networks Security+ Guide to Network Security Fundamentals, Fourth Edition

52 Summary Bluetooth is a wireless technology using short-range RF transmissions IEEE has developed five wireless LAN standards to date, four of which are popular today (IEEE a/b/g/n) Attackers can identify the existence of a wireless network using war driving Wired Equivalent Privacy relies on a secret key shared between wireless client device and access point Security+ Guide to Network Security Fundamentals, Fourth Edition

53 Summary (cont’d.) Wi-Fi Protected Access (WPA) and WPA2 have become the foundations of wireless security today Other steps to protect a wireless network include: Antenna positioning Access point power level adjustment Detecting rogue access points Security+ Guide to Network Security Fundamentals, Fourth Edition


Download ppt "Security+ Guide to Network Security Fundamentals, Fourth Edition"

Similar presentations


Ads by Google