1 / 42

Wireless Security… The cost of convenience.

Wireless Security… The cost of convenience. Erik Graham, CISSP-ISSAP. Wireless Security…. Key Aspects of Information Security Wireless Technologies General Attacks/Defense Wireless - 802.11 a/b/g Overview Attacks/Defense Wireless - Bluetooth Overview Attacks/Defense Questions.

efrat
Download Presentation

Wireless Security… The cost of convenience.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security… The cost of convenience. Erik Graham, CISSP-ISSAP

  2. Wireless Security… • Key Aspects of Information Security • Wireless Technologies • General Attacks/Defense • Wireless - 802.11 a/b/g • Overview • Attacks/Defense • Wireless - Bluetooth • Overview • Attacks/Defense • Questions

  3. What Is Information Security?

  4. Key Aspects of Information Security • Confidentiality • Protecting information from unauthorised disclosure • Integrity • Protecting information from unauthorised modifications, and ensure that information is accurate and complete • Availability • Ensuring information is available when needed

  5. Know Your Enemy “Know your enemy and know yourself; in a hundred battles, you will never be defeated. When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and of yourself, you are sure to be defeated in every battle.” Sun Tsu, Art of War

  6. Wireless Technologies • What are wireless technologies? • Wireless technologies allow users to access/exchange information without having to be physically connected • RF (Radio Frequency) • Bluetooth • 802.11 • IR (Infrared) • Wireless handheld devices (require line of site) • Cellular

  7. Wireless Technologies • What problems are associated with this technology? • Information now moving across airwaves rather than a fixed cable • Devices are normally made for easy install • Convenience vs security

  8. Wireless Technologies • Why should I care? • Scenario 1: An individual uses your open wireless connection to attack other computers… • Scenario 2: Your open wireless allows an individual to access your sensitive/personal data… • Scenario 3: An individual uses your open wireless connection to access your computer and store illegal images…

  9. General Attacks/Defense

  10. General Attacks/Defense • Common defense for all attacks… … EDUCATION … “I don’t care how many millions of dollars you spend on technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk

  11. Wireless - 802.11 a/b/g • Alert the users to possible threats • Educate users on the security policy • Educate users on social engineering • Train users on security software

  12. Wireless - 802.11 a/b/g

  13. Wireless - 802.11 a/b/gOverview • Common to all versions: • Frequency range is international (ISM band) • 802.11b • Maximum transfer rate: 11Mb • Range – 50m (150ft) • Operating frequency – 2.4 GHz • 802.11a • Maximum transfer rate: 54Mb • Range – 25m (75ft) • Operating frequency – 5 GHz • 802.11g • Maximum transfer rate: 54Mb • Range – 50m (150ft) • Operating frequency – 2.4 GHz • Backwards compatible with 802.11b

  14. Wireless - 802.11 a/b/gArchitecture • Wireless LANs • Ad-Hoc Mode:

  15. Wireless - 802.11 a/b/gArchitecture • Wireless LANs • Infrastructure Mode:

  16. Wireless – 802.11 a/b/g Attack/Defense

  17. Wireless – 802.11 a/b/g • Attack: • Default Settings • Defense: • Change default passwords to access point! • Implement security

  18. Wireless – 802.11 a/b/g • Attack: • Signal propagation • Defense: • Use directional antennas • Control the broadcast power to limit the signal propagation to company owned or controlled property. • Think in three dimensions!

  19. Wireless – 802.11 a/b/g

  20. Wireless – 802.11 a/b/g • Attack: • Sniffing • Kismet - www.kismetwireless.net • Can be used to determine SSID and MAC addresses • Netstumber - www.netstumbler.com • Defense: • Encryption • Use the strongest encryption algorithm available • Use the highest level of encryption available

  21. Wireless – 802.11 a/b/g • Attack: • Jamming • Void11 – www.wlsec.net/void11 • Defense: • Solution will vary based on the specifics of the attack • Difficult to stop intentional jamming

  22. Wireless – 802.11 a/b/g • Attack: • Cracking WEP encryption • WEPCrack - wepcrack.sourceforge.net • DWEPCrack – www.dachb0den.com • Defense: • Avoid encryption algorithms that have know issues such as WEP

  23. Wireless – 802.11 a/b/g • Attack: • Breaking LEAP authentication • Anwrap – www.securiteam.com • Defense: • Avoid authentication algorithms that have know issues such as LEAP

  24. Wireless – 802.11 a/b/g • Attack: • Information Disclosure • Kismet - www.kismetwireless.net • Netstumber - www.netstumbler.com • Defense: • Do not use an SSID that can identify the location/owner • Disable broadcasting of the SSID

  25. Wireless – 802.11 a/b/g • Attack: • Intercepting client • Rogue Access Point • Airsnarf - airsnarf.shmoo.com • Defense: • Use strong forms of machine authentication such as 802.1x EAP • Use user authentication in addition to machine authentication • User authentication should be two-factor • Educate the user on what a valid authentication will look like

  26. Wireless - Bluetooth

  27. Bluetooth Overview • What is bluetooth? • Open specification to enable short-range, low power, low cost inter-device communication - to untether cabled devices • Originally started in 1994 by Ericsson • Bluetooth Special Interest Group (SIG) • Formed in 1998 • 3Com, Ericsson, IBM, Intel, Lucent, Microsoft, Motorola, Nokia and Toshiba • Consumer: http://www.bluetooth.com • Technical: http://www.bluetooth.org

  28. Bluetooth Overview • Frequency range is international (ISM band) • Range : • Class 1 – 100m (330ft) • Class 2 – 10m (33ft) • Class 3 – 1m (3ft) • Operating frequency – 2.4 GHz • Maximum transfer rate: 2Mb

  29. Bluetooth - Architecture • Bluetooth Piconet Model • Bluetooth devices form an ad-hoc network called a piconet

  30. Wireless - Bluetooth Attack/Defense

  31. Wireless – Bluetooth • Attack: • Signal propagation • Defense: • Turn off devices/Bluetooth when not in use or if its not needed • Use correct class of Bluetooth device for task • Think in three dimensions!

  32. Wireless – Bluetooth • Attack: • Sniffing • hcidump • Defense: • Turn off Bluetooth if its not needed • Encryption • Use the highest level of encryption available

  33. Wireless - Bluetooth • Attack: • Bluejacking • Sending messages to other devices by placing the message in the name field • Defense: • Disable Bluetooth • Do not advertise your Bluetooth device

  34. Wireless - Bluetooth • Attack: • Bluesnarfing • Making copies of data on a open Bluetooth device • Phonebook, calendar, and anything else that the vendor has allowed the user to share via Bluetooth • Hacking tools exist to aid in Bluesnarfing • Defense: • Disable Bluetooth • Do not advertise your Bluetooth device • Secure Bluetooth to require PIN to access information

  35. Wireless – Bluetooth • Attack: • Bluebugging • Uses basic AT commands to read/write data • Tool: Blooover - trifinite.org • Defense: • Ensure device is using latest firmware/operating system • Disable Bluetooth

  36. Wireless - Bluetooth • Attack: • Denial of Service (DoS) • Tool: Bluesmack - trifinite.org • Defense: • Disable Bluetooth

  37. Wireless - Bluetooth Source: http://www.thebunker.net/security/bluetooth.htm

  38. Questions

  39. Resources

  40. Resources • Books • Hacking Exposed • ISBN: 0072260815 • Wi-Foo: The Secrets of Wireless Hacking • ISBN: 0321292171

  41. Resources • Web: • Airsnarf - airsnarf.shmoo.com • Anwrap – www.securiteam.com • Blooover - trifinite.org • Bluetooth (Consumers) - www.bluetooth.com • Bluetooth (Technical) – www.bluetooth.org • BluejackHQ - www.bluejackq.com • CWNP – www.cwnp.com • DWEPCrack – www.dachb0den.com • Kismet - www.kismetwireless.net • Marcel Holtman - www.holtmann.org • Netstumber - www.netstumbler.com • Void11 – www.wlsec.net/void11 • WEPCrack - wepcrack.sourceforge.net

  42. E-Mail • Erik Graham, CISSP-ISSAP • Erik.Graham@GDC4S.com

More Related