Practical Approach in Teaching Wireless LAN Security using Open Source Software



Similar documents
WiFi Security Assessments

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Wireless LAN Security: Securing Your Access Point

Methodology: Security plan for wireless networks. By: Stephen Blair Mandeville A. Summary

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

WIRELESS SECURITY TOOLS

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Building secure wireless access point based on certificate authentication and firewall captive portal

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

9 Simple steps to secure your Wi-Fi Network.

Top 10 Security Checklist for SOHO Wireless LANs

Securing your Linksys Wireless Router BEFW11S4 Abstract

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

Security in Wireless Local Area Network

Network Security Best Practices

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Top 10 Security Checklist for SOHO Wireless LANs

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

CS 356 Lecture 29 Wireless Security. Spring 2013

WEP WPA WPS :: INDEX : Introduction :

Wireless Encryption Protection

chap18.wireless Network Security

Industrial Communication. Securing Industrial Wireless

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Chapter 3 Safeguarding Your Network

The next generation of knowledge and expertise Wireless Security Basics

Offensive Security. Wireless Attacks - WiFu

Technical Brief. Wireless Intrusion Protection

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Wireless Networks. Welcome to Wireless

Wireless Security with Cyberoam

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)

Chapter 2 Configuring Your Wireless Network and Security Settings

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Implementing Security for Wireless Networks

DOS ATTACKS IN INTRUSION DETECTION AND INHIBITION TECHNOLOGY FOR WIRELESS COMPUTER NETWORK

Introduction. Course Description

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

Topics in Network Security

An Experimental Study Analysis of Security Attacks at IEEE Wireless Local Area Network

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Advanced Security Issues in Wireless Networks

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

The Trivial Cisco IP Phones Compromise

WEP WPA WPS :: INDEX : Introduction :

WPA Migration Mode: WEP is back to haunt you...

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

How To Secure Wireless Networks

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Network Security: Introduction

United States Trustee Program s Wireless LAN Security Checklist

Security Awareness. Wireless Network Security

Wireless Security for Mobile Computers

Your Wireless Network has No Clothes

0) What is the wpa handhake?

Wireless Network Security


Attacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

PCI Wireless Compliance with AirTight WIPS

Hacking. Aims. Naming, Acronyms, etc. Sources

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Closing Wireless Loopholes for PCI Compliance and Security

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Understanding WiFi Security Vulnerabilities and Solutions. Dr. Hemant Chaskar Director of Technology AirTight Networks

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

WarDriving and Wireless Penetration Testing with OS X

Wireless Network Security

Wireless Tools. Training materials for wireless trainers

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

Securing your Linksys WRT54G

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Security in IEEE WLANs

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK

Ensuring HIPAA Compliance in Healthcare

The Importance of Wireless Security

Wireless LAN Security Mechanisms

Wireless LAN Security I: WEP Overview and Tools

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

Security Issues with Integrated Smart Buildings

Configuring Security Solutions

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Wireless LAN Pen-Testing. Part I

New Avatars of Honeypot Attacks on WiFi Networks

Wireless security. Any station within range of the RF receives data Two security mechanism

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Setting up a WiFi Network (WLAN)

Transcription:

Practical Approach in Teaching Wireless LAN Security using Open Source Software Mohd Azizi Sanwani & * Kamaruddin Mamat Centre for Diploma Programme, Multimedia University Cyberjaya, MALAYSIA * Faculty of Computer & Mathematical Science, Universiti Teknologi MARA, MALAYSIA azizi.sanwani@mmu.edu.my, kamar@tmsk.uitm.edu.my Abstract Security plays a major role in today s networking especially in wireless field where widespread deployment of wireless local area network (WLAN) has changed the circumstances in maintaining secure network. While both network security and wireless networking has become major subjects in many computer science courses throughout the world, teaching the concept from theoretical standpoint is vastly different from real world scenarios. This paper presents several hands-on scenarios to depict flaws in typical wireless security implementation by using Open Source Software (OSS) as the tool for simulated attacks. Sanwani, M.A. & Mamat, K. (2011). Practical Approach in Teaching Wireless LAN Security using Open Source Software. Malaysian Journal of Educational Technology, 11(2), pp. 19-23. Introduction WLAN has been proven to be highly beneficial by improving the productivity, decreasing the infrastructure cost and resolving business continuity issues. However these advantages also come with several downsides. The most apparent is the concern for its security. The physical nature of wireless propagation has rendered the conventional approach in securing the network to be ineffective. In the conventional wired LAN setting, the attacker must first, either have to bypass the firewall or have physical access to the available LAN port inside the network before he is able to tap into the intended network. In contrast, in WLAN this limitation has become irrelevant as it uses entirely different approach with regards to the physical medium as it works by transmitting and receiving packets via radio-frequency. The downside is that it may radiate the transmission beyond the intended area and users. Anyone within the coverage is able to intercept the communication. Furthermore, the early WLAN architecture was engineered with ease of use as the major criteria and security was added almost as an afterthought. Consequently, it leads to certain flaws in the encryption implementation that could potentially jeopardize the security of the network [1,2,3,4,5,6]. Methodology In conventional method, security subjects were usually taught using lecture/tutorial approach with heavy emphasis on theory. At present, to meet the ever changing security challenges, there is an urgent need for students to shift their mentality to better comprehend the attacker s mindset [7]. Using hands-on approach, this paper intends to highlight several scenarios whereby the potential threats of wireless LAN can be exposed by using OSS. In this manner, students are be able to learn about networking and security concepts such as radio frequency, authentication, encryption, Service Set Identifier (SSID) broadcasting, packet sniffing etc. by actually performing the attack in controlled environment [8, 9]. While it might introduce some controversy as some students might abuse the knowledge, there are several ways to mitigate the risks such as exposing the students with the ethical consideration and legal implication [10, 11]. Wireless Access Point Setup Wireless access point (WAP) should be first setup in isolated, stand-alone network in order to conduct the attacks in controlled environment and to avoid disrupting live network [9, 10]. The configurations can be demonstrated first by the instructor, followed by hands-on implementation by the students in order to ensure them to be accustomed with WAP configuration such as the selecting SSID name, encryption type; Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), or WPA2, password selection, MAC address filtering, SSID broadcasting etc. These configurations could be changed depending on the scenarios involved. ISSN 1675 0292 19

Hardware WLAN adaptor which has Linux driver support is compulsory as some scenarios require the adaptor to perform packet injection and switch into monitor mode. Handy references for suitable chipset can be found at [12]. Operating System As most computers have preinstalled Microsoft Windows XP/Vista/7, there are several approaches to go about in having a Linux system. The easiest method is to use Linux Live CD/DVD. Via this approach, no installation is required and no alteration can be made onto the system as it runs only in read-only mode. Alternatively, virtualization software such as VirtualBox [13] can be utilized. However, the most practical option is to have a fresh installation of Linux on the hard disk drive (dual boot) or on the flash drive. There are numerous Linux distributions available but Backtrack [14] would be an ideal choice as it has comprehensive software for penetration testing and digital forensic. WLAN Security Threats (5 Scenarios) WLAN face similar threats as conventional wired network. However, in addition it also has certain vulnerabilities which are unique to WLAN. The most prominent and frequently exploited are discussed as follow; Wardriving/piggybacking This act of locating WLAN is usually referred as casual eavesdropping. Despite its name it has evolved as an umbrella term for any method used to locate WLAN; walking, biking, etc. However, there is distinct difference between wardriving and piggybacking. While wardriving is strictly locating WLAN, piggybacking refers to the act of using the WLAN service without explicit permission or knowledge. WLAN without proper authentication or encryption mechanism are prone to this exploits using software such as Kismet [15]. Figure 1 Vulnerable WLANs exposed by Kismet scan Packet sniffing Due to the open nature of data transmission in WLAN, the access is available to anyone within range. Therefore, there is possibility that the packets would be captured by unauthorized person. The threat become more serious if there is no encryption mechanism in place, thus sensitive or personal information are prone to public disclosure. Tool such as Wireshark [16] is usually used for eavesdropping and to further analyse the captured packets to discover any useful information or flaws. ISSN 1675 0292 20

Malaysian Journal of Educational Technology Figure 2 Captured packets revealed visited website MAC spoofing Most WAP come with built-in capability of MAC address filtering. Via this approach, only selected client as specified in the safe list will be allowed access as shown in Figure 3. This restriction is due to the assumption that MAC address is unique to any devices. Security mechanism by MAC filtering can easily be bypassed as the attacker can masquerade as authorized user by spoofing the MAC address [17]. Figure 3 Example of MAC address filtering scheme in Linksys WAP WEP attack While WEP encryption has been proved to be insecure and can easily be cracked [1], [2], [3], it is one of the most widely used encryption in WLAN and still being incorporated as an encryption option in new WAP from vendor such as Linksys. For this attack, the motivation is to capture enough Initialisation Vector (IV), which is a set of random bits used as seed for RC4 cipher. To replicate busy traffic in typical WLAN, a technique known as packet injection can be performed to force WAP to retransmit selected packets quickly. Once sufficient amount IV has been collected, the WAP can be considered to be compromised as it can easily be cracked using Aircrack [18]. ISSN 1675 0292 21

WPA/WPA2 Pre-Shared Key (PSK) dictionary attack WPA and its successor, WPA2 were developed to rectify the security flaws in WEP encryption. Although it does solve most of the deficiencies in WEP, unfortunately it also had created another potential attack vector; dictionary attack. Since this discovery, several tools has been developed that capable of mounting successful attack on WPA/WPA2 PSK enabled WLAN [18, 19]. The key components to mount this attack are password files which is a compilation of common password or generated wordlist and the four-way handshake i.e. Extensible-Authentication-Protocol-Over-LAN (EAPOL). Dictionary attack is a realistic approach as it limits the amount of possible passwords to be tested by exploiting the human tendency of choosing weak passwords [20]. Good password files are available for download at [21, 22, 23]. The first phase is to capture the four-way handshake of the target WAP. The detail of the target client (i.e. channel, MAC address) can be obtained from Kismet scan. There are several scenarios whereas the fourway handshakes occur. The typical one is when a legitimate client is associating with the AP. Thus, the attacker needs to wait for any wireless client to associate in order to capture the handshake. However, there is an alternative method to speed up this process by deauthenticating a target client from the WLAN; packets can be sent to disrupt the communication between target and WAP thus forcing it to reauthenticate. This attack is practically a Denial of Service (DoS). The final step in this attack is to crack the WPA/WPA2 PSK by replicating the WPA/WPA2 initialization process to match the password list using Aircrack [18]. However, the attack will ultimately fail if the passphrase used does not exist in the password list. This would be a good lesson in choosing secure password for security purpose [8]. Figure 4 Successful WPA-PSK attack via Aircrack Discussion By implementing this method, students can gain hands-on experience in configuring and setting up a secure wireless network. The exposure from this practical exercise will ensure that the student acquire some insight into the offensive security field, which will expand their awareness for the need of real world security solutions [7, 11]. Furthermore, by using OSS to replicate actual attack on WLAN, students are in a better position to appreciate the theory that they learn in class [9]. Hands-on approach also promotes active learning and improves communication skills among the students. Consequently, majority of students demonstrate high interest in the subject and explore the topic further beyond the classroom [8], ISSN 1675 0292 22

[9]. Nevertheless, there are two aspects that must be imparted wisely by the instructor; the ethical consideration and legal ramification due to abuse of this know-how [10, 11]. Conclusion We had described five real-world attacks that can be simulated in a controlled environment to encourage awareness and enhance the understanding of WLAN security among students. This hands-on approach can be considered indispensable component of network security subject in this modern era as it balances the conventional method that put emphasis on theoretical knowledge with practical activities that promote active learning so that students would be more involved and motivated. Students who are exposed with this approach can be expected to be competent and self-assured in dealing with the complexity of network security once they enter the industry in the future. References [1] Fluhrer, Mantin & Shamir - Weaknesses in the Key Scheduling Algorithm of RC4, http://aboba.drizzlehosting.com/ieee/rc4_ksaproc.pdf - Retrieved April 1, 2011 [2] Bittau, A., Handley, M. & Lackey, J. - The Final Nail in WEP's Coffin, http://www.cs.ucl.ac.uk/staff/m.handley/papers/fragmentation.pdf - Retrieved April 1, 2011 [3] Tews, E., Pychkine, A. & Weinmann, R.P. - Breaking 104 bit WEP in less than 60 seconds, http://eprint.iacr.org/2007/120.pdf - Retrieved April 1, 2011 [4] Beck, M. & Tews,E. - Practical Attacks Against WEP and WPA, http://dl.aircrackng.org/breakingwepandwpa.pdf - Retrieved April 1, 2011 [5] Ohigashi, T. & Morii, M. - A Practical Message Falsification Attack on WPA,http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification% 20Attack%20on%20WPA.pdf - Retrieved April 1, 2011. [6] WPA2 Hole196 Vulnerability Airtight Networks, http://www.airtightnetworks.com/wpa2- Hole196 - Retrieved April 1, 2011, [7] Bratus, S., Shubina, A. & Locasto, M.E. (2010). Teaching the Principles of the Hacker Curriculum to Undergraduates, Proceedings of the 41st ACM Technical Symposium on Computer Science Education, March 10-13, 2010, Wisconsin, USA [8] José Carlos Brustoloni. Laboratory Experiments for Network Security Instruction, Journal on Educational Resources in Computing (JERIC), v.6 n.4, p.5-es, December 2006 [9] Wulf, T. (2003). Implementing a Minimal Lab for an Undergraduate Network Security Course, Journal of Computing Sciences in Colleges, Vol. 19, No. 1, pp. 94-98, October 2003 [10] P. Y. Logan & A. Clarkson, "Teaching students to hack: Curriculum issues in information security," in Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education St. Louis, Missouri, USA: ACM, 2005. [11] B. Pashel, A.B. - "Teaching students to hack: Ethical implications in teaching students to hack at the university level," in Proceedings of the 3rd annual Conference on Information Security Curriculum Development Kennesaw, Georgia: ACM, 2006. [12] Backtrack 4 Wiki, Wireless driver, http://www.backtracklinux.org/wiki/index.php/wireless_drivers - Retrieved April 1, 2011. [13] VirtualBox, http://www.virtualbox.org/ - Retrieved April 1, 2011. [14] Backtrack 4, http://www.backtrack-linux.org/ - Retrieved April 1, 2011. [15] Kismet, http://www.kismetwireless.net/ - Retrieved April 1, 2011. [16] Wireshark, http://www.wireshark.org/ - Retrieved April 1, 2011. [17] GNU MAC Changer, http://www.alobbs.com/macchanger/ - Retrieved April 1, 2011. [18] Aircrack-ng suite, http://www.aircrack-ng.org/ - Retrieved April 1, 2011. [19] CoWPAtty, http://wirelessdefence.org/contents/cowpattymain.htm - Retrieved April 1, 2011. [20] Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant. The Memorability and Security of Passwords - Some Empirical Results, http://www.mendeley.com/research/the-memorabilityand-security-of-passwordssome-empirical-results/ - Retrieved April 1, 2011. [21] Openwall wordlist, http://www.openwall.com/mirrors/. Retrieved April 1, 2011. [22] RenderLab wordlist, http://www.renderlab.net/projects/wpa-tables/ - Retrieved April 1, 2011. [23] Xploitz Master Password Collection, http://thepiratebay.org/torrent/4017231/-_xploitz_- _Master_Password_Collection. Retrieved April 1, 2011. ISSN 1675 0292 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information