Wireless Network Vulnerabilities - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

Wireless Network Vulnerabilities

Description:

... is attached to the internet, MSN messenger will automatically attempt to log in. ... Netstumbler and captured a username and password using Ethereal, ... – PowerPoint PPT presentation

Number of Views:141
Avg rating:3.0/5.0
Slides: 50
Provided by: specialage7
Category:

less

Transcript and Presenter's Notes

Title: Wireless Network Vulnerabilities


1
Wireless Intrusion Vulnerabilities
SA Timothy Allen, Dallas FO
2
Wireless Access Point (WAP)
Available at any office supply store for under
100. Legitimate uses when businesses/homeowners
dont want to pay for installing cable.
Convenient because there are no wires. Range is
hundreds or thousands of feet, depending on
environ- mental and external factors.
Think of it as just a wireless extension cord for
computer network cables. EXCEPT, that since it
is wireless, the data travelling between points
is not kept in the wire, but can be caught in
the air.
3
Location of a Wireless Access Point
4
Wireless Network Vulnerabilities
  • Scenarios
  • Physical Protection
  • Terrorism
  • Critical Infrastructure Protection
  • Espionage
  • Blackmail
  • Required Equipment
  • Hardware
  • Software
  • Internet Resources
  • Practical Applications
  • Proactive Response

5
Hotels
Scenario Either a WAP is placed on a hotel
network or an existing WAP is utilized. Alarms,
elevators, cameras, etc., can now be controlled
by an unauthorized entity from anywhere within
range of the WAP(s). Would you let someone from
off the street sit at a workstation connected to
the hotel network? This is essentially that
same thing.
6
Hospitals
  • Scenario
  • Unauthorized entity sniffs network traffic and
    is able to glean patient data.
  • More worrisome is the potential for someone to
    intrude on the network and change medications or
    medical data.

7
Espionage
  • Scenario
  • Individual(s) sniff data from wireless traffic
    and are able to get proprietary data.
  • Corporate offices or T-Mobile Hotspots (ie
    Starbucks airports) are places to sniff.

8
Blackmail
  • Scenario
  • Within range of a residential users WAP that is
    using a home network, the blackmailer logs onto
    an HTTP based email provider and emails an
    attachment containing child pornography. Next,
    the blackmailer places child pornography on the
    targets computer. The IP address is traced to
    the target and a search conducted on the now
    seized computers.

9
Critical Infrastructure Protection
  • Banks
  • Emergency Response
  • Hospitals
  • Telecom industry
  • Energy facilities
  • Businesses
  • Airports
  • Cafes

10
Best Buy
11
Terrorism
  • Free wireless networks
  • Covert Communication Systems

12
Required Hardware
  • A PDA or notebook computer
  • 500

13
Required Equipment
  • Wireless 802.11b card - 99 (any office supply
    store)

14
Required Equipment
  • Omni directional Antennae 50 in parts

15
Required Equipment
  • Directional Antennae 8 in parts

16
Required Equipment
  • WAP
  • (Wireless Access Point)
  • 100

17
Optional Equipment
  • GPS - 250

18
Required Software (MS Windows)
  • Netstumbler - FREE

19
Required Software (MS Windows)
  • Netstumbler - FREE

20
Required Software (MS Windows)
  • Netstumbler - FREE

21
Optional Software (MS Windows)
  • Mapping software - 30

22
Required Software (MS Windows)
  • Ethereal - FREE

23
Microsoft XP
  • Microsoft XP is configured by default to attach
    to the closest wireless network!
  • Insert the PCMCIA wireless card and default
    drivers will automatically install. If you are
    near a WAP that is attached to the internet, MSN
    messenger will automatically attempt to log in.

24
TOTAL COST
  • 600 for a mobile hacking package

25
Internet Resources
26
Internet Resources
27
Internet Resources
28
Internet Resources
29
Internet Resources
30
Practical Applications
Small business/residential network
31
Practical Applications
Governmental/business network
32
Practical Applications
Potentially misconfigured governmental/business
network
33
Practical Applications
  • Eavesdropping

34
Practical Applications - Eavesdropping
Locate WAPS using NetStumbler
35
Practical Applications - Eavesdropping
36
Practical Applications - Eavesdropping
  • DHCP Request
  • (computer logging
  • on to network)

37
Practical Applications - Eavesdropping
NetStumbler Packet
38
Practical Applications - Eavesdropping
Transferring a file over network using MS
Networking
39
Practical Applications - Eavesdropping
Deleting a file over network using MS Networking
40
Practical Applications - Eavesdropping
Logging on to a news server retrieving post
41
Practical Applications - Eavesdropping
Checking POP mail via HTTP interface
42
Practical Applications - Eavesdropping
Username Password captured in plain text. MS
Outlook used, but is the same for Netscape
Messenger and most other popular email programs.
43
Practical Applications - Eavesdropping
Complete email captured from MS Outlook, but
could just as well be Netscape. This email also
had an attachment that can be read.
44
Practical Applications - Eavesdropping
Attachments email are easily captured and read.
45
Practical Applications
  • Intrusion

46
Practical Applications - Intrusion
Having previously found a access point and the
SSID from using Netstumbler and captured a
username and password using Ethereal, all you
have to do is get in range, change your SSID to
match theirs, and log in using the username and
password. You now have access to whatever the
owner of that username has access to.
OR. Install
an access point on a network. Using a stolen
username and password, get in range and log on.
47
Proactive Response
427 wireless networks were found in the North
Texas area surrounding the Dallas Field Office.
Most of the wireless networks belonged to
businesses, since they were found within areas
close to major thoroughfares and not in
residential areas. 93 Wireless networks had
default installations. Of those 427, only 112
were using encryption. It is unknown how many of
those 112 were using the default encryption keys,
which are published on the Internet. The
802.11b encryption is flawed. Even if encryption
is enabled, it is still vulnerable. Think of it
as instead of the door being open, its just
closed, but not locked.
48
Proactive Response
  • How is this problem fixed? Education
  • Update software, firmware, and hardware
  • Disable SSID broadcasting
  • Use encryption and/or MAC authentication (easily
    spoofed or broken)
  • Use Virtual Private Networking (VPN)
  • Place antennaes away from windows and in the
    center of the building
  • Routinely scan offices/businesses for
    unauthorized Wireless Access Points
  • Routinely change WEP keys
  • Do not use 802.11b wireless equipment. Wait for
    next generation hardware

49
The END
  • Timothy Allen
  • Special Agent
  • Dallas Field Office
  • United States Secret Service
  • 972-868-3119
  • tallen_at_usss.treas.gov
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Wireless Network Vulnerabilities" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!