210 likes | 247 Views
Wireless Security Attack and Defense. Mischel Kwon, Director Wireless Information Assurance Office of the CIO, E-Gov USDOJ. Agenda. Wireless…what is it? Wireless - it is a new world… 802.11… Whose WAP are you using… War walking Securing wireless at work Securing 802.11 at home
E N D
Wireless SecurityAttack and Defense Mischel Kwon, Director Wireless Information Assurance Office of the CIO, E-Gov USDOJ
Agenda • Wireless…what is it? • Wireless - it is a new world… • 802.11… • Whose WAP are you using… • War walking • Securing wireless at work • Securing 802.11 at home • Bluetooth • IrDA • EvDO • Summary
Last Year The NO Wireless Policy WEP Captive Portals This Year Face it you have wireless Policy WPA2 + Authentication VPN Firewall/Policy Enforcement Bluetooth in everything Fake Access Points WiMax EvDO Yesterday and Today
Whose WAP are you Connected To Anyway? Who are you connected to?
War Driving • Equipment (the rig) • Laptop --- $1399 • Wireless card --- $67 • Antenna --- $10 (homebrew) • Scanning Software ---Free • GPS (optional)
Equipment • Antennas • Omni-directional • Mast mount • Semi-directional • Yagi • Highly-Directional • Grid • Parabolic • Home Brew Antennas
Equipment • Laptops • Windows • Linux • Mac OS X • Handhelds • HP iPaq • Sharp Zaurus
Equipment • Scanning Software • Net Stumbler • www.netstumber.com • Airopeek • www.wildpackets.com • Wellenreiter • www.remote-exploit.org • KISMET • www.kismetwireless.net • AirSnort • airsnort.shmoo.org
Wi-Finders http://www.kensington.com/html/3720.html#
Securing Wireless at Work • The Security Policy • Authentication • Authorization • VPN • DMZ • Wireless on their own VLAN • Hardened wireless gateway • Device policy enforcement • Passwords on devices • Auto erase on devices when password authentication fails a set number of times • Disable, remove, scratch IrDA ports not needed • Physical examination of site regularly • Wireless Audits • IDS
Secure 802.11 at Home • WEP • RC4 • 64 bit • 128 bit more secure (bit slower speed) • Pass phrase • WPA • Pre-shared keys • TKIP • Temporal Key Integrity Protocol. TKIP utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide additional protection. Still RC4. • AES • Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption. • Pre-shared keys with Radius • RADIUS uses an external RADIUS server to perform user authentication.
More Home Security • Mac Filtering • SSID • VPN • Best Practices…what not to do on your wireless segment • DMZ • Firewalls
Bluetooth • Cars • Phones • PDAs • Not on my laptop • Printers • Earpieces • Keyboard, mice • Coke Machines • EKG
Blue Sniffing and… • Smurf • MeetingPoint • BTScanner • BlueSweep • BlueWatch (not free) • Blue Jack
The Blue Attack • Hooking up? • Open Microphone • Dialing for dollars • Contacts, Notes, Email
Securing Bluetooth • PIN • Don’t be promiscuous • Turn it off
IrDA • Laptop • Phone • Blackberry • PDA • Keyboards/Mice • Is yours enabled? • Easy transfer • Banana sticker
EvDO • Evolution Data Only, Evolution Data Optimized • High speed • Always on • 2.4 mbps bandwidth • Supported by some cell phones • PCMCIA cards
Recommended References • NIST 800-48 • Wireless Security Implementation Guide, Defense Information Systems Agency • Wireless Security Checklist, Defense Information Systems Agency • Open-Source Security Testing Methodology Manual, Institute for Security and Open Methodologies • Wi-Foo The Secrets of Wireless Hacking • Real 802.11 Security Wi-Fi Protected Access and 802.11i • Wireless Security: Ensuring Compliance with HIPAA, GLBA, SOX, DoD 8100.2 and Enterprise Policy, AirDefense, www.airdefense.com • Weaknesses in the Temporal Key Hash of WPA, Vebjorn Moen, Havard Raddum, Kjell Hole, University of Bergen, Norway • Security Flaws in 802.11 Data Link Protocols, Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker • Securing a Wireless Network, Jon Allen, Jeff Wilson • Securing Wireless Data: System Architecture Challenges, Ravi, Raghunathan, Potlapally, Computer and Communications Research Labs NEC USA • Solving the Puzzling Layers of 802.11 Security, Mischel Kwon • 802.11 Security, Praphul Chandra • NIST Wireless Network Security 802.11, Bluetooth and Handheld Devices, Tom Karygiannis, Les Owens • Cisco SAFE: Wireless LAN Security in Depth