1 / 15

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP. Demonstration of Wireless Insecurities. Agenda: Demonstrate ease of access to unprotected WLAN Setup 802.11 standard security roll-out (SSID and MAC restrictions)

luce
Download Presentation

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Demonstration of Wireless InsecuritiesPresented by: Jason Wylie, CISM, CISSP

  2. Demonstration of Wireless Insecurities Agenda: • Demonstrate ease of access to unprotected WLAN • Setup 802.11 standard security roll-out (SSID and MAC restrictions) • Demonstrate ability to locate an AP and spoof MAC Adresses • Set up WEP on AP and demonstrate WEP weaknesses • Discuss methods of providing security over wireless

  3. Equipment Layout

  4. Equipment / Tools Linksys Access Point Laptop with Linksys PCMCIA Wlan Cards Unauthorized “Hacker” Client System NetStumbler, SMAC, WEPCrack, and Ethereal Web Server

  5. Rogue (unprotected) Access Point • No Security Measures in place • Access Point Advertises SSID • Casual Users can browse your network • Typical of departmental or “personal “ access points • An intruder starts with internal access to your network

  6. Baseline 802.11Wireless Security • Disabling SSID Broadcast • Service Set Identifier Broadcasting • MAC Restrictions • Limit participation to only allowed MAC addresses • WEP • Wired Equivalent Privacy

  7. Baseline 802.11Wireless Security ~ Disabling SSID Broadcast ~ ADDED SECURITY: • SSID is not broadcast to unknown clients. CONS: • Requires manual input of SSID on all client systems. • SSID information is sent in “plain-text” from the client to the AP.

  8. Getting past SSID Obscurity • Sniffing traffic on the WLAN • Identify SSID broadcast from employee system during AP association. • Configure Wireless card with discovered SSID.

  9. Baseline 802.11Wireless Security ~ MAC Filtering ~ ADDED SECURITY: • WLAN association is restricted from unknown MAC addresses. CONS: • Requires manual input of all client system MAC addresses into the AP. • MAC “spoofing” is a trivial task.

  10. Getting past MAC Filtering • Sniffing traffic on the WLAN • Identify valid MAC addresses from employee WLAN interaction. • Spoof the MAC address of the employee’s system.

  11. Baseline 802.11Wireless Security~ WEP Encryption ~ ADDED SECURITY: • Traffic is encrypted during transmission CONS: • Requires distribution of WEP keys to employees. • WEP keys can be broken easily

  12. Getting past WEP • Sniffing traffic on the WLAN • Gather at least 500MB of traffic • Process through Wepcrack • Keys to the kingdom are revealed

  13. Alternatives • Limit Broadcast Range of Access Points • Put the Access Points outside the Firewall • Use strong authentication • Encrypt traffic with IPSEC VPN (3DES or AES) • Use proprietary Key Rotation Methods • EAP (LEAP – Cisco, EAP-TLS, EAP-TTS) • Manually Scan for “Rogue” Access Points • Install IDS for WLANs • Detects MAC Spoofing • Identifies “Rogue” Access Points.

  14. Extensible Authentication Protocol (RFC 2284) • Provides a flexible link layer security framework • Simple encapsulation protocol • No dependency on IP • ACK/NAK, no windowing • No fragmentation support • Few link layer assumptions • Can run over any link layer (PPP, 802, etc.) • Does not assume physically secure link • Assumes no re-ordering • Can run over lossy or lossless media • Retransmission responsibility of authenticator (not needed for 802.1X or 802.11)

  15. URLs for More Information • IEEE 802 web page: http://grouper.ieee.org/groups/802/dots.html • IETF web page: http://www.ietf.org/ • The “Unofficial 802.11 Security” Web Site: http://www.drizzle.com/~aboba/IEEE/ • 80211 Planet http://www.80211-planet.com

More Related