Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.

Wireless Security

Objective:

Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your network

Benefits of a Wireless Network

Can be an extension to a wired LAN Wired LANs can be at time, impractical, or

impossible No wiring Moving does not require re-wiring, network

re-configuration or cable drops. Portability/Flexibility Less Expenditures on relocation and initial

setup

WVA-Wireless Vulnerabilities and Attacks

Wireless attacks fall under 4 main categories: Passive Attacks Active Attacks Man in the Middle Attacks Jamming

Passive Attack

Eavesdropping: People listening and monitoring your network

Network Monitor, TCPdump in Linux ,NetStumbler, or Airsnort, are tools used to capture and “analyze” network traffic by “war drivers”

“War Driving” The act of driving around looking for open WI FI nodes

There are websites and software that allows potential hackers to get a map of open APs.

Many sites/forums with thousands of users have adopted war driving as a hobby. While many claim this to be solely as hobby, your network may be at risk if a potential hacker discovers your unsecured network

Same sites and forums map your Wi Fi location on the internet..

Stats of found Wi Fi Spots (wigle.net)

Wardriving maps available online (wigle.net)

Wardriving map using Google Earth

Active Attacks Insertion :based on placing unauthorized devices on

the wireless network without going through a security process.

Spoofing: Cloaking SSID or MAC addresses to get by security measures

DOS (denial of service): Jamming, flooding attacks that prevent sites/networks from performing efficiently.

Releasing Malware into Network: software with the intent to cause harm to nodes/network. (viruses, trojan horses, spyware, adware, keystroke loggers, etc.

WVA-Wireless Vulnerability and Attacks

MAC Authentication SpoofingMost Wi-Fi WLAN equipment vendors include a sublevel of rudimentary authentication via MAC address white/black listing. Standard tools can "spoof" MAC addresses which allow any attacker to mask himself/herself as an authorized client thereby gaining access to the WLAN.

Man in the Middle Attack

attacker will control the communication between two parties by secretly controlling both sides of the communication stream.

Attacker can use a rogue AP and “spoof” the SSID to which unsuspecting users will log on to.

WVA-Wireless Vulnerabilities and Attacks

802.11 SSID Can be Spoofed

The SSID used to identify an 802.11 network can be trivially faked by an attacker.

If a client can be tricked into connecting to a malicious AP then it may become vulnerable in a number of ways: (a) it may accept an unencrypted connection, (b) the malicious AP might be used as part of a man-in-the-middle attack, (c) the user might be tricked by phishing attacks behind the AP (e.g. a fake hotspot signup page).

Jamming

RF frequencies interfere with the operation of the wireless network

Can be unintentional jamming: cordless phones and other devices on the same frequency

Not very common attack: A lot of work only to “interfere”…The payoff isn't as great for hackers.

WVA-Wireless Vulnerability and Attacks

Falling victim to an insertion attack can prove to be costly.

Personal information is exposed Corporations risk losing money, personnel

info., client accounts, etc. (possibly lead to lawsuits)

Security Measures

Although there is no guarantee that your network will be 100 % secure, you can minimize the chances and, perhaps, even deter a few “wannabe hackers”. After all, you wouldn’t leave your front door open…would you?

Security Measures

Avoid Misconfiguration

Change ALL default passwords on your router.

Enable WEP. WEP is disabled by default. Avoid using DHCP if possible (especially in

corporate environment) Periodically change Passwords.

Security Measures

Use Static IP addresses Avoid dynamic addresses assigned by DHCP.

(default setting on AP is to use DHCP) Corporate environment: Avoid employees bringing

in their personal, possibly misconfigured AP. Assign every node a private address so as to avoid

your devices from being reached directly from the internet.

Private IP EX: 10.192.193.45

Security Measures

MAC filtering: Enable MAC filtering in your router so that only specified computers can connect to your AP

Reduce signal “leakage” by placing router in an area where its radius covers only your work space. (i.e. avoid the coverage including front yard)

Security Measures

From a corporate standpoint:

It is crucial to create an risk assessment before incorporating a wireless network.

They should make security measures which they have a need for, so that they can aquire the proper hardware/software solutions

Security Measures

-continued

Agencies should understand the need to constantly having to provide upgrades, fixes, and or patches, to maintain proper security.

No one protocol or encryption is 100% safe or effective.

Conclusion

An overall good practice for a personal or corporate level, is to use common sense.

Educate yourself about the risks and vulnerabilities, and make sure that you use every security measure available to you:

Firewalls, encryptions, properly placed APs, MAC filtering, etc.

Sources for further Information

NIST (National Institute of Standards and Technology) http://csrc.nist.gov

http://www.networkworld.com http://www.wirelessve.org http://www.wardriving.com http://wigle.net