Scribd Logo
Upload

Welcome to Scribd!

  • Wireless in Securities

    Uploaded by

    Shane Hartman
    101 views22 pages
    WEP uses an RC4 cipher stream and "x no. Of bits" key with a 24 bit random number known as the initialization vector (IV) WEP Key Recovery WEP uses the same WEP key and different IV Eventually reusing the IV Unauthorized data decryption and Data Integrity Once the key is known it can be used to gain access to data or the AP itself Poor key management Once set they remain the same In Corp. Environment people leave and the keys should be changed but rarely are W

    Original Description:

    Original Title

    Wireless In Securities

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    WEP uses an RC4 cipher stream and "x no. Of bits" key with a 24 bit random number known as the initialization vector (IV) WEP Key Recovery WEP uses the same WEP key and different IV Eventually reusing the IV Unauthorized data decryption and Data Integrity Once the key is known it can be used to gain access to data or the AP itself Poor key management Once set they remain the same In Corp. Environment people leave and the keys should be changed but rarely are W

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    101 views22 pages

    Wireless in Securities

    Uploaded by

    Shane Hartman
    WEP uses an RC4 cipher stream and "x no. Of bits" key with a 24 bit random number known as the initialization vector (IV) WEP Key Recovery WEP uses the same WEP key and different IV Eventually reusing the IV Unauthorized data decryption and Data Integrity Once the key is known it can be used to gain access to data or the AP itself Poor key management Once set they remain the same In Corp. Environment people leave and the keys should be changed but rarely are W

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    Shane Hartman – CISSP, GCIA, GREM

    Suncoast Security Society
     Wireless Types
     Wireless Advantages / Disadvantages
     Wireless Insecurities – WEP
     Wireless Insecurities ‐ WPA
     Hardening wireless
     Detecting Rouge Wireless
     Wireless Intrusion Detection
     Demo cracking WEP
     Demo cracking WPA
     802.11a
     5 Ghz
     300 ft. range
     54 mb transfer rate
     802.11b
     2.5 Ghz
     300 ft. range
     11 mb transfer rate
     802.11g
     2.5 Ghz
     150 ft. range
     54 mb transfer rate
     802.11n
     2.5  Ghz/ 5 Ghz
     1200 ft. range
     Theoretical 300 mb transfer rate ‐ burst
     Convenience
     Mobility
     Productivity
     Deployment
     Expandability
     Cost
     Security
     Range
     Reliability
     Speed
     Wireless Equivalent Privacy
     Part of the 802.11 standard to prevent eavesdropping and 
    data tampering
     Uses an RC4 cipher stream and “x no. of bits” key with a 24 bit 
    random number known as the initialization vector (IV)
     WEP Key Recovery
     WEP uses the same WEP key and different IV
     The IV is limited from (0 – 16,777,215) 
     Eventually reusing the IV
     Unauthorized data decryption and Data Integrity
     Once the key is known it can be used to gain access to 
    data or the AP itself
     Poor key management
     Once set they remain the same
     In Corp. environment people leave and the keys should 
    be changed but rarely are
     No access point authentication
     Authentication works one way 
     Clients authenticate to the AP but
     The access point has no way of authenticating the 
    client
     Wifi Protected Access
     Also known as 802.11i
     Moved away from the RC4 cipher steam of WEP 
    to :
     TKIP (Temporal Key Integrity Protocol ) /and or
     AES (Advanced Encryption Standard)
     Used 4 way hand shake to authenticate and 
    encrypt
     Poor key management
     Once set they remain the same
     In Corp. environment people leave and the keys should 
    be changed but rarely are
     No access point authentication
     Authentication works one way 
     Clients authenticate to the AP but
     The access point has no way of authenticating the 
    client
     Don’t use wireless – if possible
     User Layered Approach
     MAC Address filter
     Turn off SSID broadcast
     Don’t allow AP to issue IP Addresses
     Only allow access during certain times
     Use WPA2 – Large no dictionary key – Home
     Use WPA2 – With 802.1x port security aka (Radius)
     Turn off auto connect to preferred networks on 
    clients (Karma)
     Establish VPN connection from wireless APs to 
    your office
     Use “fake AP” and produce 53,000 Aps
     Apply protection to structure to prevent wireless
     Setup wireless intrusion detection
     Implement a wireless security policy
     Provide for physical security
     Provide a supported WLAN infrastructure
     Implement 802.1x port‐based security on your 
    switches
     Limit the number of MAC addresses per port to 
    only one
     SW2(config‐if) # switchport port‐security maximum 1
     Use a wireless client to detect the AP
     You have to be within range of the AP
     Can be difficult to detect if not broadcasting
     Hard to manage remote sites
     Tools
     Airdefense – www.airdefense.net
     Airmagnet – www.airmagnet.com
     Netstumbler – www.netstumbler.com
     Kismet – www.kismetwirless.net
     Much more difficult –You have to rely a lot on the 
    footprint that is leaves instead of outright 
    detection.
     Look for things like:
     Multiple MAC addresses to one port
     Larger than normal bandwidth usage on port
     Analysis of packets will show anomalies 
     Unusual DHCP entries
     Issues / Problems
     Hard to discern what is directed at you
     True detection occurs after the packets pass through 
    your AP
     Infrastructure is loosely put together support 
    connectivity besides intrusion detection
     Little to no support for this type of detection
     Arpwatch – http://www‐nrg.ee.lbl.gov
     Tools that do OS fingerprinting
     Nmap – www.insecure.org
     Xprobe – http://sys‐security.com/blog/xprobe2/
     Nessus – www.nessus.org
     http://www.intel.com/standards/case/case_802_11.htm
     Unwanted Wireless Signals Bounce Off This Paint ‐
    http://www.informationweek.com/news/mobility/showArticle.jhtml?articleID=198001494
     WLAN Keygenerator ‐ http://darkvoice.dyndns.org/wlankeygen/
     Wireless Security: Why WPA2 is better than WPA ‐
    http://www.thegeekpub.com/Home/ArticleView/tabid/59/selectmoduleid/399/ArticleID/64/reftab/65/Default.aspx
     WPA PSK Crackers: Loose Lips Sink Ships ‐ http://www.wi‐fiplanet.com/tutorials/article.php/3667586
     SANS Reading Room – http://www.sans.org
     Airdefense – www.airdefense.net
     Airmagnet – www.airmagnet.com
     Netstumbler – www.netstumbler.com
     Kismet – www.kismetwirless.net
     Arpwatch – http://www‐nrg.ee.lbl.gov
     Tools that do OS fingerprinting
     Nmap – www.insecure.org
     Xprobe – http://sys‐security.com/blog/xprobe2/
     Nessus – www.nessus.org
     Air Crack ‐ http://www.aircrack‐ng.org/
     Air Replay ‐ http://www.wirelessdefence.org/Contents/Aircrack_aireplay.htm
     Airsnort ‐ http://airsnort.shmoo.com/
     FakeAP ‐ http://www.blackalchemy.to/project/fakeap/
     Hotspotter ‐ http://www.remote‐exploit.org/codes_hotspotter.html
     Karma ‐ http://theta44.org/karma/index.html
     MacChanger ‐ http://alobbs.com/macchanger/

    You might also like