330 likes | 577 Views
Lecture 2. Wireless Security. Objectives. List the vulnerabilities of the IEEE 802.11 standard Describe the types of wireless attacks that can be launched against a wireless network. Security Principles: Challenges of Securing Information.
E N D
Lecture 2 Wireless Security
Objectives • List the vulnerabilities of the IEEE 802.11 standard • Describe the types of wireless attacks that can be launched against a wireless network
Security Principles: Challenges of Securing Information • Trends influencing increasing difficultly in information security: • Speed of attacks • Sophistication of attacks • Faster detection of weaknesses • Day zero attacks • Distributed attacks • The “many against one” approach • Impossible to stop attack by trying to identify and block source
Security Principles: Categories of Attackers • Six categories of attackers: • Hackers • Not malicious; expose security flaws • Crackers • Script kiddies • Spies • Employees • Cyberterrorists
Security Principles: Categories of Attackers (continued) Table 8-1: Attacker profiles
Security Principles: Security Organizations • Many security organizations exist to provide security information, assistance, and training • Computer Emergency Response Team Coordination Center (CERT/CC) • Forum of Incident Response and Security Teams (FIRST) • InfraGard • Information Systems Security Association (ISSA) • National Security Institute (NSI) • SysAdmin, Audit, Network, Security (SANS) Institute
Authentication • IEEE 802.11 authentication: Process in which AP accepts or rejects a wireless device • Open system authentication: • Wireless device sends association request frame to AP • Carries info about supported data rates and service set identifier (SSID) • AP compares received SSID with the network SSID • If they match, wireless device authenticated
Authentication (continued) • Shared key authentication: Uses WEP keys • AP sends the wireless device the challenge text • Wireless device encrypts challenge text with its WEP key and returns it to the AP • AP decrypts returned result and compares to original challenge text • If they match, device accepted into network
Vulnerabilities of IEEE 802.11 Security • IEEE 802.11 standard’s security mechanisms for wireless networks have fallen short of their goal • Vulnerabilities exist in: • Authentication • Address filtering • WEP
Open System Authentication Vulnerabilities • Inherently weak • Based only on match of SSIDs • SSID beaconed from AP during passive scanning • Easy to discover • Vulnerabilities: • Beaconing SSID is default mode in all APs • Not all APs allow beaconing to be turned off • Or manufacturer recommends against it • SSID initially transmitted in plaintext (unencrypted)
Open System Authentication Vulnerabilities (continued) • Vulnerabilities (continued): • If an attacker cannot capture an initial negotiation process, can force one to occur • SSID can be retrieved from an authenticated device • Many users do not change default SSID • Several wireless tools freely available that allow users with no advanced knowledge of wireless networks to capture SSIDs
Open System Authentication Vulnerabilities (continued) Figure 8-12: Forcing the renegotiation process
Shared Secret Key Authentication Vulnerabilities • Attackers can view key on an approved wireless device (i.e., steal it), and then use on own wireless devices • Brute force attack: Attacker attempts to create every possible key combination until correct key found • Dictionary attack: Takes each word from a dictionary and encodes it in same way as passphrase • Compare encoded dictionary words against encrypted frame
Shared Secret Key Authentication Vulnerabilities (continued) • AP sends challenge text in plaintext • Attacker can capture challenge text and device’s response (encrypted text and IV) • Mathematically derive keystream
Shared Secret Key Authentication Vulnerabilities (continued) Table 8-2: Authentication attacks
Address Filtering Vulnerabilities Table 8-3: MAC address attacks
WEP Vulnerabilities • Uses 40 or 104 bit keys • Shorter keys easier to crack • WEP implementation violates cardinal rule of cryptography • Creates detectable pattern for attackers • APs end up repeating IVs • Collision: Two packets derived from same IV • Attacker can use info from collisions to initiate a keystream attack
WEP Vulnerabilities (continued) Figure 8-13: XOR operations
WEP Vulnerabilities (continued) Figure 8-14: Capturing packets
WEP Vulnerabilities (continued) • PRNG does not create true random number • Pseudorandom • First 256 bytes of the RC4 cipher can be determined by bytes in the key itself Table 8-4: WEP attacks
Other Wireless Attacks: Man-in-the-Middle Attack • Makes it seem that two computers are communicating with each other • Actually sending and receiving data with computer between them • Active or passive Figure 8-15: Intercepting transmissions
Other Wireless Attacks: Man-in-the-Middle Attack (continued) Figure 8-16: Wireless man-in-the-middle attack
Other Wireless Attacks: Denial of Service (DoS) Attack • Standard DoS attack attempts to make a server or other network device unavailable by flooding it with requests • Attacking computers programmed to request, but not respond • Wireless DoS attacks are different: • Jamming: Prevents wireless devices from transmitting • Forcing a device to continually dissociate and re-associate with AP
Summary • Significant challenges in keeping wireless networks and devices secure • Six categories of attackers: Hackers, crackers, script kiddies, computer spies, employees, and cyberterrorists
Summary (continued) • Man-in-the-middle attacks and denial of service attacks (DoS) can be used to attack wireless networks
LABs • LAB A • 8-3 from book • LAB B