This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1. By : Septafiansyah Dwi Putra ITB
2. Radio Frequency Basics Mobile telephony Cellular Digital
Packet Data (CDPD) Private data networks Bluetooth 3G Etc
3. Immediate communication, mobile user Two-way, interactive
Broadcast Convenience Bandwidth limitations Roaming (no fixed
location)
4. A wireless LAN or WLAN is a wireless local area network that
uses radio waves as its carrier. The last link with the users is
wireless, to give a network connection to all users in a building
or campus. The backbone network usually uses cables Wireless LANs
operate in almost the same way as wired LANs, using the same
networking protocols and supporting the most of the same
applications.
5. The wireless LAN connects to a wired LAN There is a need of
an access point that bridges wireless LAN traffic into the wired
LAN. The access point (AP) can also act as a repeater for wireless
nodes, effectively doubling the maximum possible di
6. 802.11a offers speeds with a theoretically maximum rate of
54Mbps in the 5 GHz band 802.11b offers speeds with a theoretically
maximum rate of 11Mbps at in the 2.4 GHz spectrum band 802.11g is a
new standard for data rates of up to a theoretical maximum of 54
Mbps at 2.4 GHz.
7. Wired Equivalent Privacy (WEP) A protocol to protect
link-level data during wireless transmission between clients and
access points. Services: Authentication: provides access control to
the network by denying access to client stations that fail to
authenticate properly. Confidentiality: intends to prevent
information compromise from casual eavesdropping Integrity:
prevents messages from being modified while in transit between the
wireless client and the access point.
8. Means: Based on cryptography Non-cryptographic Both are
identity-based verification mechanisms (devices request access
based on the SSID Service Set Identifier of the wireless
network).
9. Authentication techniques
10. Cryptographic techniques WEP Uses RC4 symmetric key, stream
cipher algorithm to generate a pseudo random data sequence. The
stream is XORed with the data to be transmitted Key sizes: 40bits
to 128bits Unfortunately, recent attacks have shown that the WEP
approach for privacy is vulnerable to certain attack regardless of
key size
11. Data integrity is ensured by a simple encrypted version of
CRC (Cyclic Redundant Check) Also vulnerable to some attacks
12. Security features in Wireless products are frequently not
enabled. Use of static WEP keys (keys are in use for a very long
time). WEP does not provide key management. Cryptographic keys are
short. No user authentication occurs only devices are
authenticated. A stolen device can access the network. Identity
based systems are vulnerable. Packet integrity is poor.
14. Windows Wireless NIC drivers are easy to get Wireless
hacking tools are few and weak Unless you pay for AirPcap devices
or OmniPeek Linux Wireless NIC drivers are hard to get and install
Wireless hacking tools are much better
15. For Linux, the best chipsets to use are Orinoco,
Prism2.x/3, Atheros, and Cisco A good resource is at Madwifi Go to
http://madwifi-project.org/wiki/Compatibility
16. Service Set Identifier (SSID) An identifier to distinguish
one access point from another Initialization Vector (IV) Part of a
Wired Equivalent Privacy (WEP) packet Used in combination with the
shared secret key to cipher the packet's data
17. SSID can be found from any of these frames Beacons Sent
continually by the access point (unless disabled) Probe Requests
Sent by client systems wishing to connect Probe Responses Response
to a Probe Request Association and Reassociation Requests Made by
the client when joining or rejoining the network If SSID
broadcasting is off, just send adeauthentication frame to force a
reassociation
18. Each MAC must be entered into the list of approved
addresses High administrative effort, low security Attacker can
just sniff MACs from clients and spoof them
19. In Windows, just select it from the available wireless
networks Click on set up a wireless network from a home or small
office. And then input the SSID
20. In Windows Vista Rund regedt32 Navigate to
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCla
ss{4D36E972-E325-11CE-BFC1-08002BE10318} Find REG_SZ name
NetworkAddress and change it SMAC is easier
21. Many Wi-Fi cards allow you to change the MAC in Windows'
Device Manager
22. Brute-force keyspace takes weeks even for 40-bit keys (use
Cain & Abel) Collect Initialization Vectors, which are sent in
the clear, and correlate them with the first encrypted byte This
makes the brute-force process much faster
23. Aircrack-ng or AirSnort (old) kismet Cain & Abel
WLAN-Tools DWEPCrack WEPAttack Cracks using the weak IV flaw Best
countermeasure use WPA/WPA2
24. This demo is conducted in my home Network configuration.
Linksys Access point WEP 64 bit key Passcode ??? SSID DIJIANG
25. WPA/WPA2 is strong No major weaknesses However, if you use
a weak Pre-Shared Key, it can be found with a dictionary attack
Tool: Aircrack-ng
26. Change the default setting Filtering MAC Address 100% safe
= imposible