230 likes | 398 Views
ECE 578: COMPUTER NETWORK AND SECURITY A TERM PAPER ON. Drive-by Hacking. Shekhar shinde Shinde@engr.orst.edu Oregon State University. Contents. Background Problem of drive by hacking Wireless security options Challenges Types of attacks Internet scanner
E N D
ECE 578: COMPUTER NETWORK AND SECURITY A TERM PAPER ON Drive-by Hacking Shekhar shinde Shinde@engr.orst.edu Oregon State University.
Contents • Background • Problem of drive by hacking • Wireless security options • Challenges • Types of attacks • Internet scanner • Real life solution to the problem • Conclusion • References
Background • WLAN technology is making its way into organizations, but: • Authorized deployments are hindered by security concerns. • Unauthorized (rogue) deployments put the corporate network at risk. • Top concerns: • Where are the access points? • Are they vulnerable to attack? • Where is the network perimeter?
Less than 1500ft * The Problem … “Drive By Hacking” The Building If the distance from the Access Port to the street outside is 1500 feet or less, then a Hacker could also get access – while sat outside
Wireless LAN Security Options • MAC address filtering • Vendor specific authentication • SSID/Network ID • Wired Equivalent Privacy (WEP) • Emerging IEEE 802.11x
Key Key Key Key Or in other words … The Problem ??Totally proprietary technology, and therefore vendor specific – and the initial broadcast keys can still be sniffed 1. User runs client software and enters User name & Password Valid only for session Valid only for session 3. When device wants to connect to a different AP, a new session is created, with a different unique set of keys 2. The request is sent to the RADIUS/EAP Server, RADIUS authenticates the session and sends unique session keys to device & AP
The Challenges • Rogues Access Points • Due to low cost, users setting up their own Aps without IT knowledge (ie boardrooms) • DHCP • One of the advantages of WLAN is the ability to move around the building, therefore moving between IP subnets – therefore DHCP is needed, but very abuse able !! • 803.11xx and other technologies (such as Bluetooth & WAP) are all new and so no standards exist, so very vendor specific
Types of Attacks • Insertion Attacks • Interception and unauthorised monitoring • Jamming • Client to Client Attacks • Brute Force on AP password • Encryption Attacks • Mis-configurations
Types of Attacks • Insertion • Deploying un-authorised devices or creating new wireless networks without prior knowledge of IT • Interception and Unauthorised Monitoring • As with wire networks it is possible to “sniff” the network, but where monitoring agents are required, with WLAN you can get everything. • Jamming • As name suggests this is a Denial of Service Attack floods the 2.4Ghz range, used by these and other devices, so nothing can communicate
Types of Attacks • Client to Client Attacks • Once Windows is configured to support Wireless it can be contacted by any other wireless device – so all the usual File Sharing and TCP service attacks work • Brute Force on Access Point password • The APs use simple usernames and passwords which can be easily brute forced, and key management is not easy • Encryption Attacks • Although 802.11 has WEP, vulnerabilities have already been found and the keys can easily be cracked • Mis-configurations • All major vendors make their units easy to deploy, so they come with insecure, well known pre-configurations, which are rarely changed when installed
WLAN Security Challenges • How to Defend against WLAN Threat • WLAN Security is similar to the Wired network. • Just represents an extension of wired networks • Another potential un-trusted entry point into the wired network. • Multi-Layer Security Approach • Protect WLAN holistically at the network, system, and application layer for clients, access points, and the back-end servers. • Apply traditional wired security countermeasures.
WLAN Discovery / Assessment/ Monitoring Tools • Internet Scanner 6.2, the market leading network vulnerability assessment tool, was the first to assess many 802.11b security checks. 802.11 checks are in several X-Press Updates (XPU 4.9 and 4.10). • RealSecure 6.5, the market leading IDS, was the first to monitor many 802.11b attacks. Recommend to make sure you are up to the latest X-Press Updates. 802.11 checks for IDS were in XPU 3.1.
Internet Scanner 1. Finds the Holes 2. Finds Rogue Access Points or Devices
Real Secure Kill !! Kill !!
The Solution • Wireless Scanner 1.0 is the solution for this problem • Identify 802.11b access points. • Assess the implementation of available security features. • Laptop-based for mobility. • “Wireless Scanner provides automated detection and security assessment of WLAN access points and clients.”
Target Market • Primary market of Wireless Scanner 1.0: • Enterprise customers • SMB customers • Security consultants / auditors • These customers want to: • Implement a WLAN without compromising their existing security measures. • Protect network from unauthorized APs.
How it works .. • Each device has a WLAN adapter • These communicate back to Access Ports (AP), or Wireless Bridges • The technology works like old ethernet bridges by simply passing data on • So anyone with a wireless device could, theoretically, connect to your network.
Features – Detection • Wireless Scanner detects access points… … and active clients.
Features – Security Assessment • Wireless Scanner probes access points to determine their vulnerability to connection and attack by unauthorized users.
Features – Reporting • Multi-level reporting • Export options • New Access Points report highlights new 802.11b devices discovered in scan.
Features – Flexibility • Mobile – users can scan while walking • User configurable: • Filters • Alarms and notifications • Encryption keys for scanning • Configurations can be saved and loaded
References: • “Wireless scanner” a white paper by stephen schmid. • Cryptography and Network Security: Principles and Practice, Second Edition by William Stallings • Web reference of www.computing.co.uk/News/ • Cryptography and network security, third edition by William Stallings • Fundamentals Of Computer Security Technology by Edward G. Amoroso. • Network Security by Mario Devargas. • LAN Times Guide To Security And Data Integrity by Marc Farley, Tom Stearns, And Jeffrey Hsu. • Computer System And Network Security by Gregory B. White, Eric A. Fisch, Udo W. Pooch.