05 wi fi network security

Copyright © 2014 CyberSecurity Malaysia
Internet and Computer Security Awareness
Wireless Network Security

Introduction
The popularity of wireless networks are due to the
cost effectives in deployment, no cabling required
compared to wired network and easy to use as well
as flexible deployment.
WiFi networks are everywhere!

Goals
3
After completion of this lesson, our wireless
communication will never be the same as we
will the potential threats associated to the
wireless network.
Beware of invisible wireless hacker!

Objectives
4
WiFi Network Fundamentals
Wired Network vs. WiFi Network
Common Problem and WiFi Threats
WiFi Protocol Attacks
WiFi Client Attacks
WiFi Data Disclosure
End Words

The Invisible Hacker: WiFi Hackers
5
WiFi Client Attacks
End Words

WiFi Network Architecture & Principle
6
Station
(STA)
Access Point
(AP)
SSID
Vendor OUI
Cisco (Aironet) 00-04-96
Agere (Orinoco) 00-02-2D
Nokia 00-e0-03
Linksys 00-04-5a
00-04-5a-03-3c-0f
OUI
(Organizationally Unique Identifier)
1
Station
(STA)
Station
(STA)
2
Station
(STA)
Access Point
(AP)
ESSID
3
BSSID = AP MAC AddressMAC Address
4
5
6
Station
(STA)
Access Point
(AP)
SSID
MAC Address
Attacker/ Auditor
Access Point
(AP)
Access Point
(AP)
Managed Mode
Monitor Mode
Master Mode
Ad Hoc Mode
http://standards.ieee.org/regauth/oui/index.shtml
Infrastructure
Ad-hoc

WiFi Operation Modes
7
Station
(STA)
Access Point
(AP)
SSID
1
Station
(STA)
Station
(STA)
3
Managed Mode Master Mode
Ad Hoc Mode Ad Hoc Mode
Monitor Mode
2
4

WiFi Networking
8
Probes
Station
Access Point
Beacons
Probes
RequestStation
Access Point
Probes
Response
1
2
3
4 Station Access PointProbe Request
Probe Response
AUTH Request
AUTH Response
Assoc Request
Assoc Response

9
WiFi Client Attacks
End Words

Wired Network: Possible Attacks
10
Virus & Malware
Attackers
Data Theft
INTERNET
INTRANET
SECURE ENTERPRISE PERIMETER
Desktop
Server
Inside
Threat

Wireless Network: Possible Attacks
11
Hacker
INTRANET
INTERNET
Desktop
1 Rogue AP Connected
to Network
3 Non-Compliant AP
5 Users Bypassing Network
Security Controls
Public
Wi-Fi AP
2 Leaked Wired Traffic
& Insertion
6 Wi-Fi Phishing
Legitimate Wi-Fi AP Evil Twin
Laptop
AP
Mobile User
Server
4 Neighboring AP
Wi-Fi Network aggravates
Threats to Enterprise Networks

12
WiFi Client Attacks
End Words

WiFi Hacking Highlights
13
A North Carolina Medical
Consulting Firm
Broke into the computer system of a local medical
consulting firm & illegally accessed information of
hundreds of patients, including checks and insurance
forms
Wireless hacking
bust in Michigan
 Two Michigan men repeatedly cracked Lowe’s nationwide
network from a 1995 Pontiac Grand Prix parked outside a
suburban Detroit store.
 Charged with penetrating and intentionally damaging a Lowe’s
system.
 First hopped onto the Wi-Fi network at the store to access the
company’s central data center at Lowe’s headquarters.
 Deployed hacking software, in one case crashing the point of
sale terminals.
A California Public School
District
Unprotected WLAN allowed full unauthorized access to
sensitive files & enabled hackers to upload their own files into
servers
A Texas County Court
Hackers accessed information filed by the clerk of courts by
using only a laptop & wireless card
A Wholesale club
Hacked via wireless network at a store location, credit card data
was stolen AND used to the tune of $20M. The lax security found
by the FTC to be an “unfair trade practice”; now under 9 years of
probation and have to institute security measures and hire 3rd
party auditor
Security causes electronics
giant register ban
Best Buy banned the use of wireless
cash registers at its 492 stores after
learning a hacker may have intercepted
a customer’s credit card number.
Home
Improvement
Store
Electronics
Retailer
Major
Wholesale
Store

WiFi Problem: Uncontrolled Medium
14
t r
2
The walls of the facility provide a solid line of defense against
intruders
Attacker
RF in the AIR is uncontrolled…
The walls of the facility provide a solid line of defense against
intruders
 With a single access point, walls come tumbling down
 Ethernet now extends to the parking lot!
Attacker
Server Server Server Computer

WiFi Problem: RF Signal Propagation
15
THIS IS THE ATTACK SURFACE

WiFi Problem: Extending Antenna
16
A Dual-Use Homebrew
Product – Pringles Cans
http://www.oreillynet.com/lpt/wlg/448
Yagi Antenna Omni Antenna

WiFi Problem: Free WiFi Hacking Tools

WiFi Problem: WiFi Communication
Evolving to…
Workstation
Access Point
Rogue Access Point Ad Hoc
Network
Legit
Association
Malicious
Association
Hacker / Soft AP
Employee Station Company Access
Point
Rogue Access Point
Employee AP
Neighbor AP
Neighbor Station

WiFi Threat: Soft Access Points

WiFi Threat: Weak Configuration
Common Mistakes in Wireless Implementations
Descriptive SSID
e.g. BANK_NAME SSID
Vulnerable Encryption Setting
e.g. WEP Encryption
Access Point’s Coverage Areas
e.g. A very good quality of access point signal
from across the road

WiFi Threat: Factory Configuration

WiFi Threat: Connecting to WiFi Network
22
 accidental association
 malicious association
 malicious access points
 vulnerable access points
Don’t You Know?

WiFi Threat: WiFi DoS
23
Hacker Station
(CommView, Aircrack-ng)
Access Point Client Station
(User)
Access Point Client Station
(User)
Signal Generator
(YDI PSG-1)
Physical Layer DoS
MAC Layer DoS
DoS Against a AP: shutdown the target AP from communicating with any device
DoS Against a Station: shutdown the Station from communicating with any device.
Broadcast: shutdown any network devices
Data flooding
Jamming signal

24
WiFi Client Attacks
End Words

WiFi Protocol Attack
25
BSSID = 00:1A:70:E5:E1:91
ESSID = linksys
WEP = aa:bb:cc:dd:ee
Attacker MAC STA = 06:14:A4:27:FB:12
Fake Authentication Attack
ARP Request Replay Attack

WiFi Protocol Attack (cont’d)
26Copyright © 2014 CyberSecurity Malaysia

27
WiFi Protocol Attack (cont’d)

28
WiFi Client Attacks
End Words

Wireless Man-in-the-Middle Attack

Wireless DoS Against WiFi Client
• Against a AP: Keeps all traffic from communicating with the rest of the network
• Against a Station: Keeps the Station from Communicating with any device.
• Broadcast: All network devices including some Internal networks shutdown
• Injected Traffic: Spanning Tree, Routing Information, Typical DoS
Target
(User) AP1
2
ORIGINAL MAC: 00 12 2D 50 43 1E
NEW MAC: 00 02 2D 50 D1 4E
MAC: 00 02 2D 50 D1 4E
3
3. Send Disassoc & Deauth frames
2. Impersonate AP by spoofing the
MAC
1. User enjoying good connection

Windows Preferred Network List
 Attack against personal anonymity
 Wireless technology is inherently
chatty and often uniquely tied to
the user
 Wireless cards will periodically
search for their preferred networks
by name
 Attacker can eavesdrop on this
conversation to identify unique
names
 Can associate location to network
name

32
WiFi Client Attacks
End Words

Choose Right Hardware

Detected WiFi Network @ Putrajaya

WiFi Traffic Decryption Method
35
BSSID = 00:1A:70:E5:E1:91
ESSID = linksys
WEP = f0:00:f0:D0:f0
Attacker MAC STA = 06:14:A4:27:FB:12
Victim MAC STA = 00:13:E8:27:EF:C1

WiFi Traffic Decryption Method

WiFi Hackers Can See Your Password
37

WiFi Hackers Can See Your Email

WiFi Hackers Can See Your IM Chat

40
WiFi Client Attacks
End Words

Best Practices
Client Station
Keep systems’ software
up to date
Must have personal
firewall installed
Must have antivirus
installed
Educate the
wireless user on
the proper usage
and security issues

Summary
• WiFi hacking tools are available freely and
…..anyone can run them.
• WiFi attacks are getting more dangerous, in what they can do!
• We must change the way we think about WiFi security

05 wi fi network security

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (19)

Similaire à 05 wi fi network security

Similaire à 05 wi fi network security (20)

Plus de Ministry of Education Malaysia

Plus de Ministry of Education Malaysia (20)

Dernier

Dernier (20)

05 wi fi network security