Security+All-In-One Edition

Chapter 10 – Wireless Security

Brian E. Brzezicki

WirelessLook No Wires!

Wireless

Attempt at communication using non-physical links. Examples

• Radio Waves

• Light Pulses

Often used for networking, but can be used simply to eliminate wires for device to device communication.

Wireless LAN protocols

802.11 standard

• Wireless LAN networking

• Data Link layer specifications

• Components– Access point (a type of bridge)– Wireless Card– SSID

802.11 family• 802.11b

– 11Mbs– 2.4Ghz (same as common home devices)

• 802.11a – 54Mbps– 5Ghz (not as commonly used, however absorbed by walls,

yielding less range possibly)• 802.11g

– 54Mbs– 2.4Ghz– Cards are generally backwards compatible and can serve as

802.11b or 802.11a• 802.11n

– Uses Multiple Input Multiple Output (MIMO)– 100Mbs– 2.4G or 5Ghz

Wireless Problems

• Easy to get access to airwaves, hard to restrict!

Talk about the attacks next.

Wireless Attacks

Wireless Attacks• War driving

– Wireless scanners– Netstumber (see next slide)

• Warchalking (2 slides)

(more)

NetStumbler

War chalking symbols

Man in the Middle

• Airsnarfing, put up a fake access point get people to connect with you.

Evesdropping and attaining non-authorized acess

• Evesdropping – Kismit – Air Snort – breaks WEP retrieves encryption keys

(security+ exam reference airsnort, even thought it’s no longer developed)

– aircrack-ng – breaks WEP and WPA-psk

Wireless Countermeasures

• Turn off SSID broadcasts (problems?)

• Enable MAC filtering (problems?)

• Use Encryption (we’ll talk about this next)

• Use Enterprise Mode for authentication

Transmission encryptionThere are many different types of wireless

encryption protocols• WEP

– Shared passwords (why is this bad?)– 64/40 or 128/104 bit key– Uses RC4– Easily crack able (due to key reuse)– Only option for 802.11b

(more)

Transmission Encryption• WPA PSK

– Shared password– Uses TKIP normally

• RC4 with changing keys

– Can use AES (not certified)• 128 bit key

• WPA2 PSK– Uses AES (normally)

• 128 bit key

– Can use TKIP• RC4 with changing keys

(more)

Transmission Encryption

• WPA or WPA2 in Enterprise Mode– Uses 802.1X authentication to have individual

passwords for individual users

• RADIUS – what was radius again?

• 802.11i – the official IEEE wireless security spec, officially supports WPA2

Wireless Device to Device Communication

Bluetooth

Bluetooth• What is Bluetooth

• What is the purpose of Bluetooth, is it networking?

• Bluetooth Modes– Discovery Mode– Automatic Pairing

Bluetooth Attacks

• Bluejacking – Sending forged message to nearby bluetooth devices– Need to be close– Victim phone must be in “discoverable” mode

• Bluesnarfing– Copies information off of remote devices

• Bluebugging– More serious– Allows full use of phone– Allows one to make calls– Can eavesdrop on calls

Bluetooth Countermeasures

• Disable it if your not using it

• Disable auto-discovery

• Disable auto-pairing

WAP

WAPWireless Application Protocol – a protocol developed

mainly to allow wireless devices (cell phones) access to the Internet.

• Requires a Gateway to translate WAP <-> HTML (see visual)

• Uses WTLS to encrypt data (modified version of TLS)

• Uses HMAC for message authentication• WAP GAP problem (see visual and explain)• A lot of wireless devices don’t need WAP anymore…

why?

WAP

WAP GAP

As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications

Chapter 10 – Review QuestionsQ. What encryption protocol does WEP use

Q. What 2 key lengths does WEP support

Q. What encryption protocol does WPA2 use?

Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security?

Q. What does WAP use for security?

Chapter 10 – Review QuestionsQ. What is the WAP GAP

Q. Define how to accomplish a MiM attack on a wireless network

Q. What type of authentication concept would help against the attack above?

Q. What is one way office users could use wireless to violate network security?

Q. What is Bluetooth used for?

Q. What is Bluesnarfing?

Wireless security

• Access control– Turn off SSID broadcasts (problems)– MAC filtering (problems)

• Encryption– Discussed later

• Authentication– Use Radius and 802.1X

• Isolation– VLANs over wireless