wireless networking & security greg stabler spencer smith
TRANSCRIPT
![Page 1: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/1.jpg)
Wireless Networking & SecurityGreg Stabler
Spencer Smith
![Page 2: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/2.jpg)
Preview
• Brief History of Wireless networking • Types of Wireless Security
o Unsecuredo WEPo WPAo WPA2
• Why use wireless encryption?• Additional Security Measures for your router• What to do if on an unsecured network
![Page 3: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/3.jpg)
History of Wireless Networking
• Wireless Local Area Networks (WLAN) have been around since 1970.
• The first model was created at the University of
Hawaii by Norman Abramson. • This was a star topology and connected 7 computers
across 4 islands. • Today, wireless networking is largely standardized
by IEEE and their various versions of 802.11.
![Page 4: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/4.jpg)
Unsecured
• A wireless network with no sort of encryption algorithm applied.
• Any user can readily authenticate and access the
internet. • Packets are unencrypted and visible.
• Attacks:
o ARP Spoofing - Associate attacker's MAC address with default gateway's IP. All traffic meant for gateway goes through attacker's machine first. Traffic can be passed through (passive sniff) or modified and passed (MIM).
o Firesheep - Firefox extension that decodes cookies on unsecured network. Allows log in as user for sites like Facebook and Twitter.
![Page 5: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/5.jpg)
WEP: Wired Equivalent Privacy • Deprecated security algorithm for IEEE 802.11 networking.• Introduced as part of original 802.11 protocol in 1997. • Standard 64 bit WEP uses 40 bit key. Other 24 bits is IV.• Can also use 128/256 bit protocols. • IV (Initialization Vector) - prepended onto packets and is
based on pre-shared key. • Such short IVs in 64 bit caused reuse of IVs with same key,
which significantly shortened key cracking times of WEP. • Attacks:
o Aircrack-ng - Linux command line tool. Sniffs packets on a network to obtain IVs and breaks WEP key using information present in the IVs. Can be done in less than 10 minutes.
![Page 6: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/6.jpg)
WPA: Wi-Fi Protected Access
• Released by Wi-Fi Alliance in 2004 in IEEE 802.11i standard
• Replaced the exploitable WEP Encryption scheme• Required support of TKIP protocol • Also supported AES encryption• Designed to be backward compatible with older
hardware after firmware upgrades• 4-Way Handshake and Group Key Handshake• "Beck-Tews Attack" - TKIP Exploit:
o PhD Candidate in Germany discovered a method for injecting small packets into a network using WPA and TKIP
o Does not reveal full network key though, but can be used to spoof ARP and DNS packets
![Page 7: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/7.jpg)
WPA2: Wi-Fi Protected Access v2
• Released by Wi-Fi Alliance as upgrade to WPA• Backward compatible with WPA • Required support of TKIP and AES protocols• "Hole 196" Attack:
o Allows already authenticated user to spoof mac address of router using the Group Temporal Key (known to all clients)
o Client responds using their Pairwise Transient Key, which is unique to them, allowing attacker to decrypt the clients packets
![Page 8: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/8.jpg)
Why does it matter?
• Unencrypted networks or exploitable encryption schemes allow hackers to: o Steal login credentials
o Hijack browser sessions by stealing session
cookies
o Spoof packets on your network
o Use your network for malicious activity (ie Spam, DDOS) Authorities will charge you with the crimes
because it's your network
![Page 9: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/9.jpg)
Other Security Measures
• Enable MAC Address filteringo Prevents unauthorized computers from gaining
access even if they have the correct network key • Enable router firewall
• Change default Network SSID to something obscure
• Change default router password • Change encryption password frequently
![Page 10: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/10.jpg)
What to do on Unsecured Wireless
• Setup VPN Tunnel to a secured machine • Setup an SSH Tunnel to a secured machine
• Force HTTPS on all possible connections
• Do not transfer sensitive information
![Page 11: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/11.jpg)
Wrap-Up
• WEP is no longer a secure wireless method • WPA2 with AES encryption is currently the best
encryption scheme
• Enable any additional security measures supported by your router
• If on an unsecured network, use SSH or VPN tunneling to secure your data
![Page 12: Wireless Networking & Security Greg Stabler Spencer Smith](https://reader036.vdocuments.us/reader036/viewer/2022082517/56649f055503460f94c19611/html5/thumbnails/12.jpg)
• Fleishman, Glenn. "Battered, but not broken: understanding the WPA crack." 6 Nov 2008. <http://arstechnica.com/security/news/2008/11/wpa-cracked.ars>.
• "WPA2 Exploit Vulnerability Discovered." 25 Jul 2010.
<http://www.smoothblog.co.uk/2010/07/25/wpa2-exploit-vulnerability-discovered/>
• Moran, Joseph ."WEP Security is No Security at
All."<http://www.practicallynetworked.com/security/112907no_wep.htm>
• "History of Wireless." John Hopkins Bloomberg School of Public
Health <http://web.archive.org/web/20070210131824/http://www.jhsph.edu/wireless/history.html>
References