Security AllInOne Edition Chapter 10 Wireless Security Brian
Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki
Wireless Look No Wires!
Wireless Attempt at communication using nonphysical links. Examples • Radio Waves • Light Pulses Often used for networking, but can be used simply to eliminate wires for device to device communication.
Wireless LAN protocols
802. 11 standard • Wireless LAN networking • Data Link layer specifications • Components – Access point (a type of bridge) – Wireless Card – SSID
802. 11 family • 802. 11 b – 11 Mbs – 2. 4 Ghz (same as common home devices) • 802. 11 a – 54 Mbps – 5 Ghz (not as commonly used, however absorbed by walls, yielding less range possibly) • 802. 11 g – 54 Mbs – 2. 4 Ghz – Cards are generally backwards compatible and can serve as 802. 11 b or 802. 11 a • 802. 11 n – Uses Multiple Input Multiple Output (MIMO) – 100 Mbs – 2. 4 G or 5 Ghz
Wireless Problems • Easy to get access to airwaves, hard to restrict! Talk about the attacks next.
Wireless Attacks
Wireless Attacks • War driving – Wireless scanners – Netstumber (see next slide) • Warchalking (2 slides) (more)
Net. Stumbler
War chalking symbols
Man in the Middle • Airsnarfing, put up a fake access point get people to connect with you.
Evesdropping and attaining nonauthorized acess • Evesdropping – Kismit – Air Snort – breaks WEP retrieves encryption keys (security+ exam reference airsnort, even thought it’s no longer developed) – aircrack-ng – breaks WEP and WPA-psk
Wireless Countermeasures • Turn off SSID broadcasts (problems? ) • Enable MAC filtering (problems? ) • Use Encryption (we’ll talk about this next) • Use Enterprise Mode for authentication
Transmission encryption There are many different types of wireless encryption protocols • WEP – – – Shared passwords (why is this bad? ) 64/40 or 128/104 bit key Uses RC 4 Easily crack able (due to key reuse) Only option for 802. 11 b (more)
Transmission Encryption • WPA PSK – Shared password – Uses TKIP normally • RC 4 with changing keys – Can use AES (not certified) • 128 bit key • WPA 2 PSK – Uses AES (normally) • 128 bit key – Can use TKIP • RC 4 with changing keys (more)
Transmission Encryption • WPA or WPA 2 in Enterprise Mode – Uses 802. 1 X authentication to have individual passwords for individual users • RADIUS – what was radius again? • 802. 11 i – the official IEEE wireless security spec, officially supports WPA 2
Wireless Device to Device Communication
Bluetooth
Bluetooth • What is the purpose of Bluetooth, is it networking? • Bluetooth Modes – Discovery Mode – Automatic Pairing
Bluetooth Attacks • Bluejacking – Sending forged message to nearby bluetooth devices – Need to be close – Victim phone must be in “discoverable” mode • Bluesnarfing – Copies information off of remote devices • Bluebugging – – More serious Allows full use of phone Allows one to make calls Can eavesdrop on calls
Bluetooth Countermeasures • Disable it if your not using it • Disable auto-discovery • Disable auto-pairing
WAP
WAP Wireless Application Protocol – a protocol developed mainly to allow wireless devices (cell phones) access to the Internet. • Requires a Gateway to translate WAP <-> HTML (see visual) • Uses WTLS to encrypt data (modified version of TLS) • Uses HMAC for message authentication • WAP GAP problem (see visual and explain) • A lot of wireless devices don’t need WAP anymore… why?
WAP
WAP GAP As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
Chapter 10 – Review Questions Q. What encryption protocol does WEP use Q. What 2 key lengths does WEP support Q. What encryption protocol does WPA 2 use? Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security? Q. What does WAP use for security?
Chapter 10 – Review Questions Q. What is the WAP GAP Q. Define how to accomplish a Mi. M attack on a wireless network Q. What type of authentication concept would help against the attack above? Q. What is one way office users could use wireless to violate network security? Q. What is Bluetooth used for? Q. What is Bluesnarfing?
Wireless security • Access control – Turn off SSID broadcasts (problems) – MAC filtering (problems) • Encryption – Discussed later • Authentication – Use Radius and 802. 1 X • Isolation – VLANs over wireless
- Slides: 29