wirelsslansecurity
TRANSCRIPT
-
8/3/2019 WirelssLANsecurity
1/30
-
8/3/2019 WirelssLANsecurity
2/30
Introduction to Wireless LANs Wireless LAN Technology
Threats and Vulnerabilities of Wireless LAN
War driving, its configuration Encryption Hazards
How to protect your Wireless LAN
Securing Rogue Access points
Conclusion
-
8/3/2019 WirelssLANsecurity
3/30
Wireless LAN is a flexible communicationsystem implemented as an extension to awired LAN ,using electromagnetic waves to
transmit and receive data over air,minimizing the need for wired connections.
It combines data connectivity with user
mobility and through simplifiedconfiguration enables movable LANs.
-
8/3/2019 WirelssLANsecurity
4/30
Key drivers are mobility and accessibility
Easily change work locations in the office
Internet access at airports and cafes,etc
Increased Productivity
Improved collaboration
No need to reconnect to the network
Ability to work in more areas
No need to wire hard-to-reach areas
-
8/3/2019 WirelssLANsecurity
5/30
Installation speed and simplicity
No cable to pull.
Eliminates current architecture obstacles.
Few transmitters/receivers for multiple for users.
-
8/3/2019 WirelssLANsecurity
6/30
Installation flexibility
The network goes where wires cannot.
Not constrained by expensive walls.
Easy to add more computers and devices.
-
8/3/2019 WirelssLANsecurity
7/30
Reduced cost-of-ownership
Mobile devices are less expensive than computerworkstations.
Can Run Errands and stay in touch. No need to build wiring closets.
-
8/3/2019 WirelssLANsecurity
8/30
Mobility
Access to real-time information.
Supports productivity.
Provides service opportunities.
Promotes flexibility.
-
8/3/2019 WirelssLANsecurity
9/30
Scalability Spans a variety of topologies.
Configurations are easily changed.
Works over great distances. Effective for wide range of user communities.
Small number of users with local needs.
Full infrastructure networks roaming over a broad area.
-
8/3/2019 WirelssLANsecurity
10/30
Cost
Wireless network cards cost 4 times more than wirednetwork cards.
The access points are more expensive than hubs andwires.
Signal Bleed Over
Access points pick up the signals of adjacent access
points or overpower their signal.
-
8/3/2019 WirelssLANsecurity
11/30
Environmental Conditions Susceptible to weather and solar activity.
Constrained by buildings, trees, terrain.
Less Capacity Slower bandwidth.
Limit to how much data a carrier wave can transmitwithout lost packets impacting performance.
http://www.Compaq.com
-
8/3/2019 WirelssLANsecurity
12/30
Corporate
Mobile networking for e-mail, file sharing, and webbrowsing.
Education Connectivity to the University Network for
collaborative class activities.
Ability to access research sources without requiring
a hard point.
-
8/3/2019 WirelssLANsecurity
13/30
Narrowband Technology.
Spread Spectrum.
Frequency-Hopping spread SpectrumTechnology
Direct Sequence Spread spectrum
Infrared Technology
-
8/3/2019 WirelssLANsecurity
14/30
IEEE 802.11
IEEE 802.11b
IEEE 802.11a
IEEE 802.11e
HiperLAN/2
-
8/3/2019 WirelssLANsecurity
15/30
Someone could block the entire radiocommunication channel by transmittingjunk on certain frequencies andanonymously stage a denial of service attackfrom your network.
Someone can plant viruses on your system. Change Web pages. The latest high-profile hacking method is
called war driving, whereby hackers findunprotected WLANs by driving aroundwith a laptop and 802.11 Ethernet card .
-
8/3/2019 WirelssLANsecurity
16/30
Regardless of the technology, WLAN securitywill always be limited because users willsidestep security features .
Thus,its the weakest link in an ITinfrastructure to steal corporate data.
As the number of WLAN cards grows, so willthe opportunities for hackers to break into
wireless networks
-
8/3/2019 WirelssLANsecurity
17/30
Sniffing and War Driving
Rogue Networks
Policy Management
MAC Address
SSID
WEP
-
8/3/2019 WirelssLANsecurity
18/30
Default installation allow any wireless NIC toaccess the network
Drive around (or walk) and gain access to
wireless networks
Provides direct access behind the firewall
Heard reports of an 8 mile range using a 24dB
gain parabolic dish antenna
-
8/3/2019 WirelssLANsecurity
19/30
Basic Configuration of War Driving
-
8/3/2019 WirelssLANsecurity
20/30
Network users often set up rogue wirelessLANs to simplify their lives
Rarely implement security measures
Network is vulnerable to War Driving andsniffing and you may not even know it
-
8/3/2019 WirelssLANsecurity
21/30
Full network access or no network access
Need means of identifying and enforcingaccess policies
-
8/3/2019 WirelssLANsecurity
22/30
Can control access by allowing only definedMAC addresses to connect to the network
This address can be spoofed
Must compile, maintain, and distribute a list ofvalid MAC addresses to each access point
Not a valid solution for public applications
-
8/3/2019 WirelssLANsecurity
23/30
SSID is the network name for a wirelessnetwork.
WLAN products common defaults: 101for 3COM and tsunami for Cisco
The more people that know the SSID, thehigher the likelihood it will be misused.
Changing the SSID requires communicating
the change to all users of the network
-
8/3/2019 WirelssLANsecurity
24/30
Designed to be computationally efficient,self-synchronizing, and exportable
Vulnerable to attack
All users of a given access point share thesame encryption key
Data headers remain unencrypted soanyone can see the source and destination ofthe data stream
-
8/3/2019 WirelssLANsecurity
25/30
WEP uses the RC4 encryption algorithm,
which uses the same key to scramble anddescramble the packets .
Dedicated hackers could still compromisethe network, most likely due to weakencryption and the reuse of encryption keys..
If your key management system cyclesthrough the same set of keys in a predictablemanner, determined hackers can gather datafrom your LAN traffic and correlate it with
the keys to help decipher the encryption.
-
8/3/2019 WirelssLANsecurity
26/30
Find unsecured access points
Use personal firewall software
Physically Secure Laptops
Biometrics
Using Hardware Tokens
-
8/3/2019 WirelssLANsecurity
27/30
TCP Fingerprinting (Nmap):
-
8/3/2019 WirelssLANsecurity
28/30
-
8/3/2019 WirelssLANsecurity
29/30
Wireless LANs are very useful and convenient,but current security state not ideal for sensitiveenvironments.
Cahners In-Stat group has projected that thenumber of wireless LAN cards will grow upfrom 2.6 million in 2000 to 11.8 million in 2003 .
Growing use and popularity require increased
focus on security
-
8/3/2019 WirelssLANsecurity
30/30