Remote Security.


55 views
Uploaded on:
Description
Open System permits any station to join and scrambles correspondence. ... WPA encodes data and guarantees that the system security key has not been altered. ...
Transcripts
Slide 1

Steven Senkus Wireless Security

Slide 2

What is Wireless Networking? Transmission of PC clear information signal through radio waves to the Internet or another PC. Happens at the physical layer (equipment)

Slide 3

A Brief History In 1985, the FCC approved open utilization of Industrial, Scientific, and Medical groups (902 MHz - 5.85 GHz) The IEEE later made the 802.11 Working Group to institutionalize remote LAN correspondence. The standard was endorsed and distributed in 1997. 802.11 utilizations 2.4 GHz or 5 GHz recurrence groups. Because of security requests, WEP (Wired Equivalent Privacy) was added to the 802.11 standard

Slide 4

Wi-Fi Alliance Formed in 1999; non-benefit industry affiliation that attempted to join 802.11 remote transmission under one affirmation standard Ensures interoperability between makers by just permitting the Wi-Fi trademark for guaranteed items.

Slide 5

Wi-Fi Is Everywhere! Enterprises Home Networks Universities Airports Coffee Shops Restaurants Hotels Libraries and so forth

Slide 6

lower base costs offer assets like printers and shared access to a brought together capacity. Favorable circumstances of Wireless Networking portability simplicity of including gadgets/system development negligible cost speed ranges up to ~300m outside/~70m inside

Slide 7

Multiple gadgets on a WLAN can moderate Internet access Wireless transmissions are recognizable; security is essential for protection and verification Disadvantages of Wireless Networking restricted recurrence suspected wellbeing dangers from radio correspondence system size is dictated by territory of transmission sign impedance (cordless telephones, different APs, dividers)

Slide 8

Dangers of an Unsecured WLAN Free Internet access for anybody Illegal movement can be followed back to your system Wardriving Intruder arrangement of system, establishment of malware/secondary passages Outsider access to shared assets (printers, PCs) Eavesdropping/Identity Theft

Slide 10

World\'s biggest known robbery of Visa information A St. Paul, MN Marshalls store (possessed by TJX) cut corners on system upkeep, framework, money related measures, and utilized WEP for Wi-Fi security. Programmers could capture delicate budgetary and client information. TJX cases to have lost 45.7 million acknowledge/platinum card numbers and individual data of an expected 500,000 clients.

Slide 11

WEP Security WEP = "Wired Equivalent Privacy"; presented in 1997 as a component of the 802.11b standard. Two sorts of confirmation: Open System and Shared Key Open System permits any station to associate and encodes correspondence. Shared Key encodes and decodes information sent between an entrance point (AP; switch) and a station (PC with a remote NIC) after a legitimate key is entered.

Slide 12

WEP Authentication 1. Station sends an Authentication edge to the AP. 2. AP answers with a 128 byte irregular test content. 3. Station scrambles this with the mutual key and sends it 4. AP unscrambles challenge content. On the off chance that it coordinates the first sent content, then the AP shows fruitful confirmation

Slide 13

WEP Weaknesses Wired Equivalency Privacy isn\'t. The U.S. Government constrained exportable cryptography; thus, WEP mystery keys were restricted to 40 bits when initially created. Specialists from the University of Maryland and Berkeley found shortcomings in WEP key reuse, feeble message confirmation, and movement infusion. WEP\'s basic RC4 calculation was observed to be unreliable when numerous bundles were dissected Encrypted parcels are unsurprising and can be unscrambled through factual investigation

Slide 14

WEP Weaknesses FBI operators showed that a WEP-secured system can be broken in three minutes Several definite articles and YouTube recordings clarify the methodology regulated Widely comprehended to be uncertain and, therefore, utilize has been belittled. In any case, WEP is still included with equipment for legacy similarity. WEP is what might as well be called a "No Trespassing Sign"

Slide 15

WPA/WPA2 In 2001, the IEEE tended to the issue by making the 802.11i team to address WEP weakness. This brought about the making of WPA (Wi-Fi Protected Access) and WPA2 after sanction of the 802.11i standard. WPA scrambles data and guarantees that the system security key has not been adjusted. WPA-confirmed gadgets hold WEP support for legacy frameworks. WPA\'s encryption key varies in each bundle All equipment ensured for 802.11b, g, and n must actualize WPA and WPA2.

Slide 16

WPA/WPA2 PSK = Personal Mode – intended for little systems Network activity is encoded with a 256 piece key Keys can be 8-63 ASCII characters or 64 hexadecimal digits TKIP = Temporal Key Integrity Protocol – calculation – utilized as a part of WPA and an alternative in WPA2 – per-parcel key blending and a message uprightness check Bruteforce and lexicon assaults are made more troublesome with a 8 character least passphrases.

Slide 17

WPA2 Interoperability guaranteed by EAP (Extensible Authentication Protocol) in Wi-Fi Alliance accreditation programs. EAP is utilized to accept the personality of system gadgets. WPA2 was intended to work with RADIUS servers to permit organization, inspecting, and logging (username and login required) WPA2-Enterprise is not down to earth for little systems because of server confirmation. Utilizes the AES-CCMP calculation rather than the defective RC4

Slide 18

WPA Weaknesses WPA/WPA2-PSK: The "four-way handshake" parcels sent over EAPoL (amid customer affiliation) can be sniffed and broke. WPA/WPA2-PSK: Only as solid as the secret word picked Greater encryption rises to more prominent bundle size = all the more preparing force and system transfer speed required WPA utilizes the same encryption innovation as WEP (RC4) WPA is helpless against DoS assaults All gadgets speaking with WPA must have WPA programming.

Slide 19

Other Methods of Securing Wireless Networks VPN – (Virtual Private Network) Firewalls MAC (Media Access Control) Filtering – make a table of approved customer MAC addresses and just permit those customers access to the remote system RADIUS Authentication and Authorization Kerberos RF Shielding

Slide 20

Wireless Tools and Techniques Most are Linux based programming programs Not all uses are vindictive; valuable for system examining Configuration can be agonizing! Generally accessible and legitimate Free and modifiable (open source)

Slide 21

MITM ("Man in the Middle") assaults: ARP harming DNS redirection Session Hijacking DHCP satirizing Wireless Tools and Techniques War driving Sniffing Jamming Spoofing (MAC location and IP address)

Slide 22

Netstumbler WLAN recognition Works with Windows Can be utilized with a GPS collector

Slide 23

Kismet WLAN finder (can identify shrouded APs) Packet sniffer Intrusion identification

Slide 24

Wireshark

Slide 25

Aircrack-ng

Slide 26

Driftnet Listens to network movement and grabs pictures from TCP movement

Slide 27

Ettercap MiTM assault suite Active spying on a few conventions Network movement block attempt Password catching DNS redirection Sniffing

Slide 28

Backtrack

Slide 29

Rogue Access Point An entrance point that mirrors a known access point to trap clients and PCs into associating. Activity can be checked and coordinated Also called Wiphishing, as fake sites can be created to draw clients into giving without end their qualifications

Slide 30

Wireless Security Tips Change switch secret word from default Set switch transmission power or physical area Use wired associations for AP arrangement Disable SSID perceivability and reference points (broadcasting) Use a firewall Use HTTPS and TLS Use WPA2

Slide 31

Wireless Security Tips Use a long and discretionary watchword mix comprising of numbers, letters, uncommon characters (if accessible) For WEP, characterize every one of the 4 keys and pivot them at general interims Disable DHCP and allocate static IP addresses MAC address separating Turn off document sharing for stations associated with a remote LAN

Slide 32

Sources http://en.wikipedia.org/wiki/Wi-Fi http://www.wi-fi.org/knowledge_center/kc-macfiltering http://kb.netgear.com/application/answers/subtle element/a_id/1105 http://codedrunk.blogspot.com/2008/01/breaking-wep-encryption-simple way.html http://lifehacker.com/5305094/how-to-split a-wi+fi-systems wep-secret key with-backtrack.html http://electronics.howstuffworks.com/how-to-tech/how-to-identify taking wifi[1-5].htm http://en.wikipedia.org/wiki/WPA-PSK http://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack http://www.smallnetbuilder.com/remote/remote elements/24251-thefedscanownyourlantoo http://openmaniak.com/ettercap.php http://www.brighthub.com/processing/smb-security/articles/17766.aspx http://www.brighthub.com/figuring/smb-security/articles/17869.aspx http://techdir.rutgers.edu/wireless.html http://en.wikipedia.org/wiki/Wireless_security http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm

Slide 33

Sources http://windows.microsoft.com/en-US/windows-vista/What-are-the-distinctive remote system security-strategies http://www.wi-fi.org/records/kc_4_Preventing%20Evil%20Twins-Wiphishing%20QandA.pdf http://www.oreillynet.com/bar/a/remote/2002/04/19/security.html http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy http://www.acm.org/intersection/xrds9-4/wlan_abc.html http://en.wikipedia.org/wiki/RC4_(cipher ) http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html http://www.dummies.com/how-to/substance/understanding-wep-weaknesses.html http://interface connect.blogspot.com/2007/09/remote security-knowledge into-wep.html http://www.bestsecuritytips.com/news+article.storyid+226.htm http://www.differencebetween.net/innovation/contrast amongst wpa-and-wpa2/

Slide 34

Questions?

Recommended
View more...