Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lock up your Wireless LANs There are Hackers in Town Tuesday 26th February 2002 1:30 to 2:15 PM Ross Chiswell CEO Integrity.

Published byEvan Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "Lock up your Wireless LANs There are Hackers in Town Tuesday 26th February 2002 1:30 to 2:15 PM Ross Chiswell CEO Integrity."— Presentation transcript:

1 rchiswell@integritydata.com.au Lock up your Wireless LANs There are Hackers in Town Tuesday 26th February 2002 1:30 to 2:15 PM Ross Chiswell CEO Integrity Data Systems Pty. Ltd.

2 rchiswell@integritydata.com.au Ross Chiswell Ross Chiswell, Chief Executive Officer of Integrity Data Systems, is a veteran of the wireless networking industry. Involved in IT for almost two decades and specifically in wireless networking since 1993, Ross has developed an in-depth knowledge of wireless technologies and is recognised as Australia’s expert in the field. Ross has a key focus to source new technology from around the world and establish strategic partnerships with world-class suppliers.

3 rchiswell@integritydata.com.au

4 Wireless LAN Security Issues Cracking the encryption key –decrypting and reading the wireless LAN packets Unauthorised access.. –to wireless LAN as a resource when not a registered user –to the main network via the wireless LAN Authorised user, but.. –unauthorised snooping or sniffing of other traffic –eavesdropping in public space wireless LANs on other users traffic Phantom Access Points gathering data from genuine users Unknown wireless LANs inside corporation

5 rchiswell@integritydata.com.au Wireless LAN Security Stories New wireless LAN vulnerabilities uncovered Monday 13 August, 2001 14:53 GMT+10:00 By Staff writer A second, more dangerous method of defeating wireless LAN encryption has been revealed by security experts. Researchers from Rice University and AT&T Labs in Florham Park, New Jersey, have…. Wireless LANs dealt new blow Security goes from bad to worse Dennis Fisher & Carmen Nobel, eWEEK August 10, 2001 5:57 PM ET A new attack that can compromise the encryption cipher used on wireless…... Lock up your wireless LAN By George Lawton August 23, 2001 The driver of the unmarked van outside your office may not be on a long lunch break….

6 rchiswell@integritydata.com.au Wireless LAN Security - Background Wired Equivalent Privacy (WEP) –Designed by the IEEE to prevent eavesdroppers and unauthorised connections to the wireless network. –Provide privacy similar to a wired LAN, not as an encryption solution –WEP 64 bit RC4 encryption algorithm - 5 digit key –WEP 128 bit RC4 encryption algorithm - 13 digit key

7 rchiswell@integritydata.com.au WEP - Background Wired Equivalent Privacy (WEP) –Designed by the IEEE to prevent eavesdroppers and unauthorised connections to the wireless network. –Provide privacy similar to a wired LAN, not as an encryption solution –WEP 64 bit RC4 encryption algorithm - 5 digit key –WEP 128 bit RC4 encryption algorithm - 13 digit key This cable acts as an antenna and may carry raw (un-encrypted) signals.

8 rchiswell@integritydata.com.au Wireless LAN Analysis- tools AiroPeek from WildPackets Grasshopper from BV Systems Mobile Manager from Wavelink Sniffer Wireless from Network Associates NetStumbler AirSnort via the SourceForge –AirSnort has been designed to break WEP encryption keys. –It operates by passively monitoring transmissions, and when enough “interesting” packets have been gathered, usually over a 24 hour period, it can then calculate the WEP key. –Once the WEP key has been obtained, then WEP encrypted packets on the wireless LAN can be opened and read, just like on a wired LAN.

9 rchiswell@integritydata.com.au WEP - How is it broken Weak key attack –Attacks the key scheduling section of the algorithm Described in a paper –“Weaknesses in the Key Scheduling Algorithm of RC4” written by Scott Fluhrer, Itisk Mantin and Adi Shamir –Also called the “FMS” attack Hacker using tools like AirSnort captures packets –AirSnort looks for the pattern bought about by the key scheduling, tagging interesting packets. Once it has enough “interesting” packets it can then calculate the key... 4D7E6CB8 4FA4A5B 4FA4A5D 4FA4A5E 4FA4A5F 4FA4A60 5E4FDF4 592CC5F 4FE70EA 18F6C512 184D4C16 19581CF9 18F38B25 4FA4A63 4FA4A61 4FA4A62

10 rchiswell@integritydata.com.au WEP - How is it broken Weak key attack –Attacks the key scheduling section of the algorithm Described in a paper –“Weaknesses in the Key Scheduling Algorithm of RC4” written by Scott Fluhrer, Itisk Mantin and Adi Shamir –Also called the “FMS” attack Hacker using tools like AirSnort captures packets –AirSnort looks for the pattern bought about by the key scheduling, tagging interesting packets. Once it has enough “interesting” packets it can then calculate the key... 4D7E6CB8 4FA4A5B 4FA4A5D 4FA4A5E 4FA4A5F 4FA4A60 5E4FDF4 592CC5F 4FE70EA 18F6C512 184D4C16 19581CF9 18F38B25 4FA4A63 4FA4A61 4FA4A62 4FA4A5C = 83511900

11 rchiswell@integritydata.com.au WEP - Future New standards –IEEE 802.11i, new wireless security standard will possibly use WEP2 encryption protocol, expected to be completed 2002 moving towards Advanced Encryption Standard (AES) –IEEE 802.1x, new authentication management system protocol 802.1x does not protect the data it ONLY control access Development work by key wireless chipset manufacturers –Agere Systems, Intersil and Cisco Together working on XWEP –Agere Systems WEPplus uses random key generation

12 rchiswell@integritydata.com.au Wireless Security - What about right now Ensure basic security features are turned on –Do not use default settings Use Secure Access Points –Additional non WEP based encryption –Per user per session key exchange –Radius AAA authentication Implement Virtual Private Networks (VPNs) –End to end security, include authentication and additional non WEP based encryption –Access Point should have VPN support or IPSec pass through as a minimum –Access Points with built in firewalls Use Gateway devices to protect main network

13 rchiswell@integritydata.com.au Wireless Security - What about right now Talk with your wireless LAN vendor –what is their current and future security strategy –make your own assessment as to their products risk, do not believe the “marketing” information at face value New WEP firmware –Old WEP firmware AirSnort - 30,000,000 packets gathered - 6,000 “interesting” packets found –WEP Key broken in 24 hours –New WEP firmware WEPplus from Agere Systems ORiNOCO first to market Nov 01 AirSnort - 41,000,000 packets gathered - Zero “interesting” packets found –If one interesting packet had been found, it could take years to break key

14 rchiswell@integritydata.com.au Wireless Security - Basics Change wireless network name from default –any, 101, tsunami Turn on closed group feature, if available in AP –Turns off beacons, so you must know name of the wireless network

15 rchiswell@integritydata.com.au Wireless Security - Basics Change wireless network name from default –any, 101, tsunami Turn on closed group feature, if available in AP –Turns off beacons, so you must know name of the wireless network MAC access control table in AP –Use Media Access Control address of wireless LAN cards to control access MAC address 4FA4A5C MAC Table 5E4FDF4 4FA4AFC Your on the list, I will connect

16 rchiswell@integritydata.com.au Wireless Security - Basics Change wireless network name from default –any, 101, tsunami Turn on closed group feature, if available in AP –Turns off beacons, so you must know name of the wireless network MAC access control table in AP –Use Media Access Control address of wireless LAN cards to control access Use Radius support if available in AP –Define user profiles based on user name and password User Name Password MAC address 4FA4A5C Your on the list, I will connect Profile Table Ross Chiswell xxxxxx 4FA4AFC I will check Radius

17 rchiswell@integritydata.com.au Wireless Security Solution #1 - Encryption and Authentication High Encryption Access Points –Non WEP based encryption –Key exchange on a per session per user basis –No common or shared key in both directions –Radius authentication (Steel Belted Radius) Key 1 Key 3 Key 2 User to user privacy

18 rchiswell@integritydata.com.au Wireless Security Solution #2 - Wireless & VPN VPN Back-end, Wireless Front-end –Standard Access Points using WEP based encryption –Radius or IEEE 802.1x authentication –Requires VPN Servers in back office VPN remote client software VPN pass thru VPN Server Danger to user to user privacy and corporate infrastructure

19 rchiswell@integritydata.com.au Wireless Security Solution #3 - VPN Access Points VPN capable Access Points –Non WEP based encryption –Radius authentication –VPN implemented over wireless LAN –VPN server in Access Point (does not need backend VPN server) –Firewall implemented in Access Point VPN remote client software VPN pass thru Access Point has VPN server and firewall Support L2TP PPTP IPSec User to user privacy

20 rchiswell@integritydata.com.au Wireless gateway –Allows user profiles for access and quality of service –Supports centralised user Authentication Radius, LDAP, NT4 Domain, Windows 2000 Active Directory –Support for VPN, Digital Certificates, Tokens and Smartcards –Allows role based access to services in mixed user environments Supports L2TP PPTP IPSec Wireless Security Solution #4 - Wireless Gateway

21 rchiswell@integritydata.com.au Wireless Security Summary Understand the issues and assess the risk –right product for the right situation Different vendors product will have different capabilities –IEEE 802.11 / WiFi compliance, and price are not the only issues –understand the difference, research and question vendors –basic inexpensive products, may only offer connectivity Select the right wireless technology partner –trained and accredited resellers, that understand wireless issues –wireless product not just a “me too” option for vendor

22 rchiswell@integritydata.com.au At Home or SOHO Cable, DSL, ISDN modem OR POTS IP Networks Network Operations Centre RADIUS server Network management, TFTP server Leased line, DSL, wireless, etc In Public Spaces or High Security Leased line, DSL, wireless, etc In Office Environments Servers VPN and Firewall in AP VPN & Firewall box VPN Gateway Wireless LAN - Which Product Where

23 rchiswell@integritydata.com.au Integrity Data Systems Specialist distributor of wireless networking technology www.integritydata.com.au 1300 131 000 “We don’t just stock it, we know how it works”

Download ppt "Lock up your Wireless LANs There are Hackers in Town Tuesday 26th February 2002 1:30 to 2:15 PM Ross Chiswell CEO Integrity."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through.

1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

Similar presentations

Ads by Google