05 wi fi network security

Copyright © 2014 CyberSecurity Malaysia

Internet and Computer Security Awareness

Wireless Network Security

Introduction


The popularity of wireless networks are due to the cost effectives in deployment, no cabling required compared to wired network and easy to use as well as flexible deployment.

WiFi networks are everywhere!

Goals

3

After completion of this lesson, our wireless communication will never be the same as we will the potential threats associated to the wireless network.

Beware of invisible wireless hacker!


Objectives

4

WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words


The Invisible Hacker: WiFi Hackers

5



WiFi Network Architecture & Principle

6

Station (STA)

Access Point (AP)

SSID

Vendor OUI

Cisco (Aironet) 00-04-96

Agere (Orinoco) 00-02-2D

Nokia 00-e0-03

Linksys 00-04-5a

00-04-5a-03-3c-0f

OUI(Organizationally Unique Identifier)

1

Station (STA)

Station (STA)

2

Station (STA)

Access Point (AP)

ESSID

3

BSSID = AP MAC AddressMAC Address

4

5

6

Station (STA)

Access Point (AP)

SSID

MAC Address

Attacker/ Auditor

Access Point (AP)

Access Point (AP)

Managed Mode

Monitor Mode

Master Mode

Ad Hoc Mode

http://standards.ieee.org/regauth/oui/index.shtml

Infrastructure

Ad-hoc


http://standards.ieee.org/regauth/oui/index.shtml

WiFi Operation Modes

7

Station (STA)

Access Point (AP)

SSID

1

Station (STA)

Station (STA)

3

Managed Mode Master Mode

Ad Hoc Mode Ad Hoc Mode

Monitor Mode

2

4


WiFi Networking

8

Probes Station

Access Point

Beacons

Probes Request Station

Access PointProbes Response

1

2

3

4 Station Access PointProbe Request

Probe ResponseAUTH Request

AUTH Response

Assoc Request

Assoc Response



9



Wired Network: Possible Attacks

10

Virus & Malware

Attackers

Data Theft

INTERNET

INTRANET

SECURE ENTERPRISE PERIMETER

Desktop

Server

Inside Threat


Wireless Network: Possible Attacks

11

Hacker

INTRANET

INTERNET

Desktop

1 Rogue AP Connected to Network

3 Non-Compliant AP

5 Users Bypassing Network Security Controls

Public Wi-Fi AP

2 Leaked Wired Traffic & Insertion

6 Wi-Fi Phishing

Legitimate Wi-Fi AP Evil Twin

Laptop

AP

Mobile UserServer

4 Neighboring AP

Wi-Fi Network aggravatesThreats to Enterprise Networks


12



WiFi Hacking Highlights

13

A North Carolina Medical Consulting Firm

Broke into the computer system of a local medical consulting firm & illegally accessed information of hundreds of patients, including checks and insurance forms

Wireless hackingbust in Michigan

Two Michigan men repeatedly cracked Lowe’s nationwide network from a 1995 Pontiac Grand Prix parked outside a suburban Detroit store.

Charged with penetrating and intentionally damaging a Lowe’s system.

First hopped onto the Wi-Fi network at the store to access the company’s central data center at Lowe’s headquarters.

Deployed hacking software, in one case crashing the point of sale terminals.

A California Public School District

Unprotected WLAN allowed full unauthorized access to sensitive files & enabled hackers to upload their own files into

servers

A Texas County CourtHackers accessed information filed by the clerk of courts by using only a laptop & wireless card

A Wholesale club

Hacked via wireless network at a store location, credit card data was stolen AND used to the tune of $20M. The lax security found by the FTC to be an “unfair trade practice”; now under 9 years of probation and have to institute security measures and hire 3rd party auditor

Security causes electronics giant register ban

Best Buy banned the use of wireless cash registers at its 492 stores after learning a hacker may have intercepted a customer’s credit card number.

HomeImprovement

Store

HomeImprovement

Store

ElectronicsRetailer

ElectronicsRetailer

MajorWholesale

Store

MajorWholesale

Store


WiFi Problem: Uncontrolled Medium

14

t r

2

The walls of the facility provide a solid line of defense against intruders

Attacker

RF in the AIR is uncontrolled…

The walls of the facility provide a solid line of defense against intruders

With a single access point, walls come tumbling down Ethernet now extends to the parking lot!

Attacker

Server Server Server Computer


http://www-1.ibm.com/servers/eserver/zseries/800.html

http://www-1.ibm.com/servers/eserver/zseries/800.html

WiFi Problem: RF Signal Propagation

15

THIS IS THE ATTACK SURFACE


WiFi Problem: Extending Antenna

16

A Dual-Use HomebrewProduct – Pringles Cans

http://www.oreillynet.com/lpt/wlg/448

Yagi Antenna Omni AntennaCopyright © 2014 CyberSecurity Malaysia

http://www.oreillynet.com/lpt/wlg/448

http://www.cnn.com/

http://www.telexwireless.com/2415AA-5.jpg




WiFi Problem: Free WiFi Hacking Tools


WiFi Problem: WiFi Communication

Evolving to…

Workstation

Access Point

Rogue Access Point Ad Hoc Network

Accidental

Association

Legit Association

Malicious Association

Hacker / Soft AP

Employee Station Company Access Point

Rogue Access PointEmployee APNeighbor AP

Accidental Association

Neighbor Station


WiFi Threat: Soft Access Points

WiFi Threat: Weak Configuration

Common Mistakes in Wireless Implementations

Descriptive SSID e.g. BANK_NAME SSID

Vulnerable Encryption Setting e.g. WEP Encryption

Access Point’s Coverage Areas e.g. A very good quality of access point signal from across the road


WiFi Threat: Factory Configuration


WiFi Threat: Connecting to WiFi Network

22

accidental association malicious association malicious access points vulnerable access points

Don’t You Know?


WiFi Threat: WiFi DoS

23

Hacker Station(CommView, Aircrack-ng)

Access Point Client Station (User)

Access Point Client Station (User)

Signal Generator(YDI PSG-1)

Physical Layer DoS

MAC Layer DoS

DoS Against a AP: shutdown the target AP from communicating with any deviceDoS Against a Station: shutdown the Station from communicating with any device.Broadcast: shutdown any network devices

Data flooding

Jamming signal



24



WiFi Protocol Attack

25

BSSID = 00:1A:70:E5:E1:91ESSID = linksysWEP = aa:bb:cc:dd:ee

Attacker MAC STA = 06:14:A4:27:FB:12

Fake Authentication Attack

ARP Request Replay Attack


WiFi Protocol Attack (cont’d)

26Copyright © 2014 CyberSecurity Malaysia

27

WiFi Protocol Attack (cont’d)


28




Wireless Man-in-the-Middle Attack


Wireless DoS Against WiFi Client

• Against a AP: Keeps all traffic from communicating with the rest of the network• Against a Station: Keeps the Station from Communicating with any device.• Broadcast: All network devices including some Internal networks shutdown• Injected Traffic: Spanning Tree, Routing Information, Typical DoS

Target (User) AP1

2

ORIGINAL MAC: 00 12 2D 50 43 1E

NEW MAC: 00 02 2D 50 D1 4E

MAC: 00 02 2D 50 D1 4E

3

3. Send Disassoc & Deauth frames

2. Impersonate AP by spoofing the MAC

1. User enjoying good connection


Windows Preferred Network List

Attack against personal anonymity Wireless technology is inherently chatty and often uniquely tied to the user Wireless cards will periodically search for their preferred networks by name Attacker can eavesdrop on this conversation to identify unique names Can associate location to network name



32



Choose Right Hardware


Detected WiFi Network @ Putrajaya


WiFi Traffic Decryption Method

35

BSSID = 00:1A:70:E5:E1:91ESSID = linksysWEP = f0:00:f0:D0:f0

Attacker MAC STA = 06:14:A4:27:FB:12

Victim MAC STA = 00:13:E8:27:EF:C1


WiFi Traffic Decryption Method


WiFi Hackers Can See Your Password

37

WiFi Hackers Can See Your Email


WiFi Hackers Can See Your IM Chat



40



Best Practices

Client Station

Keep systems’ software up to date

Must have personal firewall installed

Must have antivirus installed

Educate the wireless user on the proper usage and security issues


Summary

• WiFi hacking tools are available freely and …..anyone can run them.• WiFi attacks are getting more dangerous, in what they can do!• We must change the way we think about WiFi security


Copyright © 2013 CyberSecurity Malaysia 43

Date post:	22-Aug-2015
Category:	Internet
Upload:	ministry-of-education-malaysia
View:	243 times
Download:	2 times