410 likes | 554 Views
Wireless LAN Attacks + Components & Design + Security. Wireless Network Attacks. Wireless LAN Attacks. Drive-By Hackers Sit outside the corporate premises and read network traffic Can send malicious traffic into the network Easily done with readily available downloadable software
E N D
Wireless LAN Attacks • Drive-By Hackers • Sit outside the corporate premises and read network traffic • Can send malicious traffic into the network • Easily done with readily available downloadable software • War Drivers • Merely discover unprotected access points—become drive-by hackers only if they break in https://wigle.net/gps/gps/main
Wireless LAN Attacks (cont’d.) • War chalking • Documenting and then advertising location of wireless LANs for others to use • Previously done by drawing on sidewalks or walls around network area • Today, locations are posted on Web sites
WLAN Security Threats • Rogue Access Points • Unauthorized access points that are set up by a department or an individual • They often fail to implement core security • This gives drive-by hackers free access to the internal network, bypassing both the border firewall and access point security • Often operate at high power, attracting many hosts to their low-security service
Evil Twin Access Point An attacker makes his or her computer act as an access point. It operates at very high power. Victim wireless clients within the victim building associate with the evil twin access point instead of with a legitimate access point within the building.
Evil Twin Access Point 1. The victim sends its authentication credentials to the evil twin. 2. The evil twin passes the credentials on to the legitimate access point. 3. The legitimate access point sends back a secret key. 4. The evil twin remembers the key, then sends it to the client.
Evil Twin Access Point Afterwards, the Evil Twin intercepts each encrypted message It decrypts it, reads it, and reencrypts it, and passes it on.
Wireless LANs (WLANs) WLANs usually supplement wired LANs instead of replacing them. The access point connects wireless users to the firm’s main wired LAN (Ethernet) This gives the mobile client user access to the firm’s servers on the wired LAN and the firm’s router for Internet access
5-1/5-2: 802.11 Wireless LANs (WLANs) Companies can build large WLANs by placing access points judiciously around the building
Wireless Transmission • Signal transmission • No fixed path, signals travel without guidance • Antenna • Used for both the transmission and reception of wireless signals • To exchange information, two antennas must be tuned to the same frequency—this means share the same channel
Antennas • Directional antenna:transmits and receives signals to and from one general direction • Used in a point-to-point link—i.e., satellite downlink • Directional Antennas: • Parabolic • Patch • Sector • Yagi Parabolic Sector Patch Yagi
Antennas • Omnidirectionalantenna: issuesand receives wireless signals withequal strength and clarity in all directions—similar to how ripples radiate from the point where a rock is tossed into water • Used when many different receivers must be able to pick up the signal and when the receiver’s location is highly mobile • Omnidirectional (OD) Antennas: • Dipole • Domes and other wall or ceiling mounted antennas
Signal Degradation • Fading • Variation in signal strength • Electromagnetic energy scattered, reflected, diffracted • Attenuation • Signal weakens • Moving away from transmission antenna • Noise • Significant problem • Wireless signals cannot depend on conduit or shielding to protect them from EMI (electromagnetic interference)
Frequency Ranges • 2.4-GHz band (older) • Frequency range: 2.4–2.4835 GHz • 11 unlicensed communications channels • Susceptible to interference • 5-GHz band (newer) • Frequency bands - 5.1 GHz, 5.3 GHz, 5.4 GHz, 5.8 GHz • CHANNEL = a portion of a frequency range • Allows multiple devices on separate wireless networks to transmit at the same time in a similar location • If all devices were using the same channel they would not know which access point to connect to
WLAN Components • Ad hoc WLAN • Wireless nodes transmit directly to each other • Use wireless NICs • No intervening connectivity device • Poor performance • Wireless access point (WAP) • Accepts wireless signals from multiple nodes • Retransmits signals to network • Aka base stations, wireless routers, wireless gateways
WLAN Components • Ad hoc WLAN • Wireless nodes transmit directly to each other • Use wireless NICs • No intervening connectivity device • Poor performance • Wireless access point (WAP) • Accepts wireless signals from multiple nodes • Retransmits signals to network • Aka base stations, wireless routers, wireless gateways
WLAN Architecture (cont’d.) • Infrastructure WLAN • Stations communicate with access point (AP) • Not directly with each other • Access point requires sufficient power, strategic placement • WLAN may include several APs • Dependent upon number of stations it must serve • Maximum number of stations varies: 10-100, depending on the wireless technology used
Determining the Design (cont’d.) • Larger WLANs • Systematic approach to access point placement • Site survey • Assesses client requirements, facility characteristics, coverage areas • Determines access point arrangement ensuring reliable wireless connectivity within a given area Network+ Guide to Networks, 6th Edition
Determining the Design (cont’d.) • Install access points • Must belong to same ESS • Enterprise-wide WLAN design considerations • How wireless LAN portions will integrate with wired portions • AP can participate in VLANs, allowing mobile clients to move from one AP’s range to another while belonging to the same virtual LAN Network+ Guide to Networks, 6th Edition
Wireless Repeater & Extenders • Devices that receive a transmitted signal, increases its gain (power), and rebroadcasts it to extend its range and coverage • Original signal strength restored and, in most cases, with much of the noise removed • Repeaters and extenders can add a small amount of delay (latency) to the signal • Too many repeaters or extenders on a wireless system may cause timing issues on networks Network+ Guide to Networks, 6th Edition
Avoiding Pitfalls • Access point versus client configurations • SSID mismatch (case sensitive) • Incorrect encryption • Incorrect channel, frequency • Standard mismatch (802.11 a/b/g/n) • Incorrect antenna placement • Verify client within 330 feet • Interference • Check for EMI sources Network+ Guide to Networks, 6th Edition
5-28: Wireless LAN Management • Initial Access Points Placement in a Building • Must be done carefully to have good coverage yet to minimize interference between access points • Lay out 30-meter to 50-meter radius circles on blueprints • Adjust for obvious potential problems such as brick walls • In multistory buildings, must consider interference in three dimensions
5-28: Wireless LAN Management • Access Points Placement in a Building • Install access points and do site surveys to determine signal quality • Adjust access point placement and signal strength as needed • Adjust them frequently afterward as conditions change • Adjust either their placements or relative signal powers
5-24: 802.11 Core Security Standards • Provide Security between the Wireless Station and the Wireless Access Point • Client (and perhaps access point) authentication • Passes key to client • Subsequent encryption of messages for confidentiality Authentication Protected Communication
5-24: 802.11 Core Security Standards • Protection Does Not Extend Beyond Access Point • Only protects the wireless client—access point connection Network Protected Communication No Protection
5-24: 802.11 Core Security Standards • Wired Equivalent Privacy (WEP) • Initial rudimentary core security provided with 802.11 in 1997 • Everyone shared the same secret encryption key, and this key could not be changed automatically • Because secret key was shared, it does not seem to be secret • Users often give out freely • Key initially could be cracked in 1–2 hours; now can be cracked in 3–10 minutes using readily available software
5-24: 802.11 Core Security Standards • Wireless Protected Access (WPA) • The Wi-Fi Alliance • Normally certifies interoperability of 802.11 equipment • Certified products get to use the Wi-Fi logo • Created WPA as a stop-gap core security standard in 2002 until 802.11i was finished
5-24: 802.11 Core Security Standards • Wireless Protected Access (WPA) • Designed for upgrading old equipment • WPA uses a subset of 802.11i that can run on older wireless NICs and access points • WPA added simpler security algorithms for functions that could not run on older machines • Equipment that cannot be upgraded to WPA should be discarded • Recently part of WPA has been cracked
5-24: 802.11 Core Security Standards • 802.11i (WPA2) • Uses AES-CCMP with 128-bit keys for confidentiality and key management • Gold standard in 802.11 core security • But companies have large installed bases of WPA-configured equipment • Now that WPA has been partially cracked,companies should upgrade to 802.11i New
5-25: 802.11 Security in 802.1X and PSK Modes • 802.1X Mode (See Figure 5-26) • Uses a central authentication server for consistency • Wi-Fi Alliance calls this enterprise mode • Both WPA and 802.11i use 802.1X mode
5-25: 802.11 Security in 802.1X and PSK Modes • 802.1X Mode (See Figure 5-26) • For UTP connections, 802.1X provides no protection between the supplicant and the network access server • OK because UTP is difficult to tap
5-25: 802.11 Security in 802.1X and PSK Modes • 802.1X Mode (See Figure 5-26) • However, with wireless transmission, protection is needed between the wireless supplicant and the access point because radio transmissions are easy to tap
5-25: 802.11 Security in 802.1X and PSK Modes • 802.1X Mode (See Figure 5-26) • Extended versions of EAP provide this protection • There are several—PEAP, EAP-TLS, etc.
5-25: 802.11 Security in 802.1X and PSK Modes • Pre-Shared Key (PSK) Mode: Stations Share a Key with the Access Point • For networks with a single access point • Access point does all authentication and key management • All users must know an initial pre-shared key (PSK) • Each, however, is later given a unique key PSK PSK Unique Key Unique Key
5-25: 802.11 Security in 802.1X and PSK Modes • Pre-Shared Key (PSK) Mode: Stations Share a Key with the Access Point • If the pre-shared key is weak, it is easily cracked • Pass phrases that generate key must be at least 20 characters long • Wi-Fi Alliance calls this personal mode • This is a good name because it is designed for home use