Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross.

Published byGavin Wright Modified over 9 years ago

Similar presentations

Presentation on theme: "Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross."— Presentation transcript:

1 Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross

2 What is SHARK? SHARK is a wireless security network to be used to study security related issues on wireless networks Meant to be a tool to teach interested students about wireless security Also meant to report statistics about attackers and methods used to researchers at ISU

3 Intended Users Primary –College students in computer related fields –Most likely ages 18 to 22 and male –Should already know the basics of wireless networking –Most likely uses a UNIX-based OS Secondary –Interested community members –People around campus looking for a free access point

4 Intended Uses Primary –To be used as a learning tool for students –To be used as a means of gaining information about methods of attack

5 Assumptions Software shall be freeware Traffic analyzer should be able to monitor connections, packet traffic, and activity inside of machines hosting WAPs Traffic generator shall generate authentic traffic Web server shall be secure Web server shall log names, emails, and MAC addresses of prospective hackers There will be five levels of difficulty

6 Limitations Wireless access points must be portable Initial build of SHARK must consist of three or fewer computers SHARK must be built within a $150 budget

7 SHARK Node

8 SHARK – Software OS - Ubuntu –Linux operating system –Free/Open-source software –Latest distribution in Debian family –Excellent documentation and support –User Interface is easy to use

9 SHARK – Software Squid –Web proxy cache –Fairly well documented –Free, open-source software –Supports our needs and more Allows for use as transparent proxy Port 80 forwarding on SHARK and all 7-of-9 traffic to web Rest of traffic on shark, tunneled to virtual Machine

10 SHARK – Software Apache –Free, open-source software –Well documented –Used to create local web-server login/registration Keep track of users –Used to help analyze results –Monitor individuals and their specific techniques –Ability to determine what hardware is in use

11 SHARK – Software MySQL –Well documented –Free/Open Source software –Easy to use –Database Locally used store user login/registration Store captured data

12 SHARK – Software WireShark/Ethereal –Free/Open-Source Software –Well Documented –Experience using software –Network Protocol Analyzer Uses second wireless card Captures all traffic on SHARK Network –Attack attempts –Generated traffic

13 Levels of Security SHARK has five levels of security –Guppy No security, used for basic registering on network –Clownfish WEP security –Swordfish Rotating WEP security –Barracuda WPA security –SHARK RADIUS security Each level provides statistical data on hacking patterns

14 7-of-9 Off-the-Shelf wireless access point –Provides easy installation of open wireless network –Connects to Hub to provide generic internet access for comparison –Traffic is captured and analyzed on SHARK node.

15 Traffic Generator – Baiting the Hook To break WEP and WPA encryption, attackers must analyze thousands of packets – Not just any packets, but ARP packets Void11 –Forces the generator to disconnect from the network by generating de-authentication packets Homebrew daemon –will be running to reconnect the generator to the SHARK network when it gets disconnected –Acting as a normal user

16 Traffic Generator – Baiting the Hook Void11 + daemon = ARP flooding –Can produce on average of 75,000 ARP packets/hour ARP packets contain Initialization Vectors a block of bits that is required to allow a stream or block cipher executed in any of several streaming modes without having to go through a re-keying process. Takes 50k – 200k IV’s to crack 64-bit WEP Takes 200k – 700k IV’s to crack 128-bit WEP Takes 500k – 1 Million IV’s to crack WPA- PSK

17 Secure Tunneling VPN – Virtual Private Network – Provide secure communications over unsecured networks for data integrity Benefits – extensible and easy to manage while providing the level of security we desire Downsides – if the machine itself is compromised, they have direct access Solution – using scripts we are able to “on-the-fly” configure the SHARK box

18 Secure Tunneling – VPN One of the only ways to provide a secure and extensible way to access the SHARK machines Need the ability to create multiple VPN sessions, so a VPN server is required Multiple solutions available –Point to Point Tunneling Protocol –Layer 2 Tunneling Protocol –Secure Sockets Layer

19 Electrical View

20 Electrical View Pros/Cons One external IP Firewall branches Lots of port forwarding

21 Port Forwarding External->Internal 10022(non tunnel) -> Virtualnet(ssh) 10023(non tunnel)-> Smallbox(ssh) 10024(non tunnel)-> Sharkweb(ssh) 80(non tunnel)-> Sharkweb(http) All other tunnel -> Virtualnet All other non tunnel -> dropped

22 Machine Breakdown

23 Sharkweb OS FreeBSD WebserverApache Web UtilitiesMySQL, PHP

24 SmallBox OS SuSE LINUX Packet CaptureWireShark FilterSnort WebserverApache

25 Virtualnet OS Ubuntu Virtual Machine ManagerXen

26 Virtual Machine 1(trophy) OSFreeBSD Remote Log onSSH WebserverApache MailSquirrelmail Programming Gcc, G++

27 Virtual Machine 2 OSDebian Linux UtilitiesTarPit

28 Virtual Machine 3 OSRedHat SoftwareHoneyD

29 Design Evaluation Form SHARK Wireless Network Functionality Relative Importance Evaluation Score Resultant Score Create Secured Wireless Network20%100%20% Virtual Net to direct user traffic to.10%100%10% Web server to register users10%100%10% Generate traffic to populate the network10%100%10% Security levels for users to break through.15%80%12% Secure tunnel from SHARK node to15%60%9% Capture data from access attempts.10%100%10% Analyze captured data10% 1% Total100%82%

30 Questions?

Download ppt "Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross.

Shark: A Wireless Internet Security Test Bed Senior Design Project May07-09 Stephen Eilers Jon Murphy Alex Pease Jessica Ross.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Electrical and Computer Engineering PeopleFinder Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Midway Design Review.

Electrical and Computer Engineering PeopleFinder Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Midway Design Review.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
NETWORK SECURITY.

NETWORK SECURITY.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Similar presentations

Ads by Google