PwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure



Similar documents
WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

United States Trustee Program s Wireless LAN Security Checklist

Security Awareness. Wireless Network Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WIRELESS NETWORKING SECURITY

Wireless LAN Security: Securing Your Access Point

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Network Security Best Practices

Wireless Tools. Training materials for wireless trainers

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Wireless Networks. Welcome to Wireless

Security in Wireless Local Area Network

Closing Wireless Loopholes for PCI Compliance and Security

Introduction. Course Description

chap18.wireless Network Security

Access Point Configuration

Security in IEEE WLANs

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

Attacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay

Chapter 2 Configuring Your Wireless Network and Security Settings

XX-XXX Wireless Local Area Network Guidelines. Date: August 13, 2003 Date Adopted by NITC: Other:

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Designing AirPort Extreme Networks

How To Protect A Wireless Lan From A Rogue Access Point

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

802.11b and associated network security risks for the home user

Recommended Wireless Local Area Network Architecture

The Basics of Wireless Local Area Networks

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

HANDBOOK 8 NETWORK SECURITY Version 1.0

Mobile Office Security Requirements for the Mobile Office

How To Secure Wireless Networks

Wireless Network Standard and Guidelines

Chapter 3 Safeguarding Your Network

Enterprise A Closer Look at Wireless Intrusion Detection:

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

WLAN Security Networking with Confidence

Industrial Communication. Securing Industrial Wireless

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

WLAN and IEEE Security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

WIRELESS SECURITY TOOLS

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Basic processes in IEEE networks

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

9 Simple steps to secure your Wi-Fi Network.

Technical Brief. Wireless Intrusion Protection

CS 356 Lecture 29 Wireless Security. Spring 2013

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Topics in Network Security

Cisco Aironet Wireless Bridges FAQ

A Division of Cisco Systems, Inc. GHz g. Wireless-G. Access Point with SRX. User Guide WIRELESS WAP54GX. Model No.

Wireless Network Policy

Chapter 2 Wireless Networking Basics

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

Guideline on Wireless Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Wireless (Select Models Only) User Guide

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Top 10 Security Checklist for SOHO Wireless LANs

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

How To Manage An Wireless Network At A University

Network Access Security. Lesson 10

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Wireless LAN Security I: WEP Overview and Tools

Security and privacy in public WLAN networks

DOS ATTACKS IN INTRUSION DETECTION AND INHIBITION TECHNOLOGY FOR WIRELESS COMPUTER NETWORK

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

Wireless Auditing on a Budget

Security Requirements for Wireless Networks and their Satisfaction in IEEE b and Bluetooth

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Cisco Wireless Control System (WCS)

Wireless LAN Security

WHIFF Wireless Intrustion Detection System A project by Foundstone, Inc. and Carnegie Mellon University

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

PCI Wireless Compliance with AirTight WIPS

Wireless LAN Access Point. IEEE g 54Mbps. User s Manual

Wireless Security for Mobile Computers

EAP N Wall Mount Access Point / WDS AP / Universal Repeater

Transcription:

PwC Outline Wireless LAN Security: Attacks and Countermeasures 1. Introduction 2. Problems with 802.11 security 3. Attacks on and risks to Wireless Networks 4. Defending wireless networks ISACA Hong Kong May 6 2003 John Lauderdale Global Risk Management Solutions Tel. +852 22892926 John.Lauderdale@hk.pwc.com Demos: WLAN Discovery Eavesdropping WEP cracking Fake Access Point 2 pwc The case for wireless networking Access points and network cards Wireless benefits Increased productivity, lower installation cost, greater flexibility Used by hospitals, universities, airports, hotels and retail shops. Ad-hoc networks enable network connectivity and data synchronization Access Point (AP) Network Cards Risks of wireless networks = risks of wired networks + new risks introduced by weaknesses in wireless protocols. Wireless LANs can be the logical equivalent to having an Ethernet port in a parking lot or on the street 3 pwc 4 pwc Introduction: OSI layers and 802 structure Introduction: WLAN technologies OSI data-link layer OSI physical layer Max Data Rate Frequency Modulation 802 LLC 802.11 MAC 802.11 802.11b 802.11g 802.11a 802.11 2 Mb/s 2.4 GHz and IR FHSS and DSSS 802.11b 11 Mb/s 2.4 GHz DSSS 802.11g 22 Mb/s 2.4 GHz OFDM 802.11a 54 Mb/s 5 GHz OFDM 5 pwc Infrastructure mode vs. One cell provides Basic Service Set (BSS) service Many cells working together provides Extended Service Set (ESS) 11 Channels Channels 1, 6, and 11 are nonoverlapping Range 50 Meters indoors to 1500 Meters outdoors Directional antennas can enable access from tens of kilometers Signal strength determines the speed and transmission distance 6 pwc 1

Introduction: Antennas Establishing a WLAN connection Antennas Omni-directional Sector Uni-directional Antenna images courtesy of www.hyperlinktech.com 802.11 network Basic Service Set (BSS) Central access point (AP) and client stations. BSS is identified with as service-set identifier (SSID). WLAN infrastructure mode connection: AP sends out beacon packets every few seconds with SSID/BSID. Network card detects AP, displays the SSID, and gives the user the option to associate with it. The station and AP go through a handshake and authentication process and make the connection 8 pwc WLAN discovery using NetStumbler Demo 1: Establishing a wireless network connection Demo 2: Network Discovery using NetStumbler NetStumbler runs on Windows Puts network card into monitoring mode Scans all eleven channels to identify active network traffic / SSIDs Monitors but does not record transmitted data Used for: War Driving War Chalking War Flying Data can be uploaded to a centralised database Records MAC address SSID Network name Network channel Equipment vendor Connection type Whether WEP encryption is used SNR GPS latitude, longitude Time first seen, time last seen Charts signal strength histogram 9 pwc 10 pwc Wired Equivalent Privacy (WEP) WEP designed to secure wireless link only, not end-to-end security Provides Authentication Confidentiality Integrity Does not provide Audit, authorisation, or nonrepudiation 40 or 104 bits 24 bits User chosen bits IV Encryption Key Encrypted WEP Encryption keys 40 bit (5 ASCII characters), 104 bits (13 ASCII characters), or 140 bits (only with some implementations) 12 pwc IV Pad and ID P Message CRC 2

Typical security problems with 802.11 security Security features not Poor packet integrity. enabled by default. Device authentication is Use of short IVs. simple shared key challenge-response. Use of short 40 bit keys. Authentication is not Shared crypto keys. enabled; simple SSID identification occurs. Crypto keys cannot be updated automatically The client does not and frequently. authenticate the AP. 13 pwc Risk: Loss of Confidentiality Interception of wireless signals Ease of signal access Physical controls less effective Difficult to control signal transmission distance: transmission may be outside the building Passive eavesdropping Disclosure of sensitive network information, User Ids, Passwords, configuration data Rogue access points may be placed by an insider. Signals can be detected from the street Network sniffer / analyser Captures network traffic Effective because WEP is often not used and can be broken. Wireless packet analysers can automate the process of capturing and analysing network traffic. 14 pwc Risk: Loss of Confidentiality (cont) Risk: Loss of Integrity Monitoring Loss of integrity Sniffing traffic sent between the access point Possible when and the main part of the network if it is encryption is not connected using a hub. used. Rogue access points WEP integrity is A malicious or irresponsible user can put a checked using rogue access point an a closet, under a CRC which can conference room table, or any other hidden area of a building. be easily modified Rogue APs are usually a surprise to the IT Dept. May enable unauthorised network access. May enable authorised users to get access through an unauthorised channel. It may be difficult for most users to tell the difference between real and rogue access points. 15 pwc 16 pwc Risk: Loss of Integrity (cont) Risks of wireless connections via third party networks Denial of Service Radio jamming results in communication breakdown Microwave or cordless phone interference Unintentional DoS may result from monopolising a wireless signal by downloading a large file (consider restricting the amount and type of data allowed over wireless networks) 17 pwc Connectivity using third-party wireless networks (airports, hotels, coffee shops) Malicious users access public networks Untrusted public networks bridge users own network, possibly allowing anyone on the public network access to the bridged network. High gain antennas increase the chance of eavesdropping by increasing coverage area. When connecting via third-party networks, additional encryption should be used. 18 pwc 3

Hacker mischief / Wireless network risks Hacker mischief / wireless network risks. Wireless networks may be put at risk by someone trying to Get unauthorised access to the internal network. Steal and disclose sensitive information transmitted unencrypted over the air. Launch a DoS attack against wireless connections or devices. Steal the identity of network users. Corrupt sensitive data sent over WLAN or on the network. Use rogue access points to gain sensitive information. 19 pwc 7. Violate the privacy of WLAN users and track their actions. 8. Load a virus on a wireless device which will later get onto the network. 9. Use wireless connections to access a company s network, then launch attacks on other networks. 10.Access and compromise network management controls. 11.Use a third-party un-trusted WLAN to access a company network. 12.Attack ad-hoc transmissions. 20 pwc Network eavesdropping using Kismet Demo 3: Network Discovery and Eavesdropping using Kismet and Ethereal Demo 4: WEP Cracking using Airsnort Demo 5: Fake Access Point 21 pwc Kismet Linux based Multi-tier architecture with separate Kismet Server and User interface Monitors traffic on 11 channels Captures traffic (including weak WEP IVs) for later analysis Detects all types of wlan connectivity. Probe, Access points, Adhoc connections Detects vulnerable factory configurations Kismet Features Multiple packet sources Channel hopping IP block detection Cisco product detection via CDP Ethereal/tcpdump compatable file logging Airsnort-compatable "interesting" (cryptographically weak) logging Hidden SSID decloaking Grouping and custom naming of SSIDs Multiple clients viewing a single capture stream Graphical mapping of data (gpsmap) Cross-platform support (handheld linux and BSD) Manufacturer identification Detection of default access point configurations Detection of Netstumbler clients Runtime decoding of WEP packets Multiplexing of multiple capture sources 22 pwc WEP Cracking using Airsnort Management Countermeasures Takes advantage of Key scheduling algorithms implemented with RC4 Monitors network traffic and computes encryption keys after at least 100 Mb of network packets have been sniffed. May take 3-4 hours on a saturated network May take a few days on a low usage network WEP keys can be generated in less than one second after enough traffic is captured. Used for WEP key discovery which enables confidentiality and integrity to be compromised. 23 pwc 1. Develop WLAN Usage policies What information can be sent over WLAN links? Who can use it? For what purpose? What standard security settings should be applied to PCs connecting to Wireless networks? Where can it be used? Encryption requirements? Hardware requirements? Software requirements? Frequency and scope of security assessments? Encryption and key management? 24 pwc 4

Operational Countermeasures 2. Conduct wireless security audits Use wireless site survey tools to measure signal range 3. Implementing physical security access controls boundary protection 5. Secure Access points Configure administrative passwords No default passwords Consider 2-factor authentication Ensure cryptography (SSL) is used when configuring devices Use strong Encryption Use strongest available (104 bit or more) Control the reset function Use static IP addresses (not DHCP) for small networks Assign Ethernet MAC Access Control Lists (ACLs) for small networks Restricts the network cards that can connect Change SSID from the factory default Disable SSID broadcast or reduce its interval 25 pwc 26 pwc Access point Configuration Disable SNMP or use SNMP v3 which has stronger authentication Change SNMP community string from public Change the default channel (1,6,11) Implement strong authentication Usernames/passwords, smartcards, biometrics, PKI 6. Keep Access Points Secure Software patches and upgrades Periodically check for software updates Keep an eye on new technology to overcome WLAN shortcomings 802.11x 802.11i-Robust Security Network 27 pwc 28 pwc Wireless Assessments 7. Implement personal firewalls 8. Implement Intrusion Detection System (IDS) Understand the limitations of Network and Host IDS Attacks on wireless clients may go undetected Network IDS may not detect Datalink level DoS attacks Consider using wireless IDS which can: Detect unauthorised peer-to-peer communications Detect rogue access points Identify physical location of wireless devices within buildings Allow analysis and monitoring of wireless communications 29 pwc Wireless Assessments Checks wireless security posture Uses wireless network analysers and other tools. Checks for rogue access points and other unauthorised access Can be combined with penetration testing Consider using independent third parties for wireless assessments, who may Be more up to date on security vulnerabilities Be better trained on wireless security Use more up-to-date tools 30 pwc 5

Summary: Key points PwC Like any new technology, implementing Wireless networks brings benefits but also new and increased risk. Wireless technology drives the need for better internal security. Companies should prohibit the use of wireless networking technology unless they are prepared to implement the procedural, operational and technology needed to mitigate known risks. There are wireless risks even if you are not planning to implement wireless technology. Rogue access points New phones, PDAs, laptops come with built-in WLAN and bluetooth capabilities. Users are buying WLAN cards for use at home and leaving them in their laptop when they take them to the office. This can provide a backdoor into the network. Questions? John Lauderdale Global Risk Management Solutions Tel. +852 22892926 John.Lauderdale@hk.pwc.com 31 pwc Wireless LAN security mini-checklist 1. Develop wireless LAN policies standards, procedures and guidelines. 2. Understand how the overall network architecture is affected by Wireless LAN technology; will use of wireless connectivity put your network at risk? 3. Label and keep an inventory of all wireless and handheld devices 4. Perform periodic wireless security assessments. This should inc lude ongoing, randomly timed security audits to monitor and track wireless and handheld devices. 5. Enable wireless security features. Routinely test that the preve ntative and detective controls are working properly. 6. Design and implement a defence-in-depth strategy using built-in security features. 7. Apply patches and security enhancements. Be sure to change factory default security settings. 8. Implement a holistic security architecture that includes the use of firewalls, cryptography, and IDS. 9. Standardize security configurations, based on the policy. 10. Implement configuration / change control and management to ensure the latest software releases and security configuration enhancements have been applied to all equipment. 11. Provide security training to raise awareness about security issues surrounding wireless technologies. 12. Vigilantly monitor new threats and vulnerabilities associated with wireless technologies. 33 pwc 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information