Myths of Wireless Security - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Myths of Wireless Security

Description:

Myths of Wireless Security. Wireless LANs use radio signals ... Net Stumbler www.netstumbler.com. Air Defense www.airdefense.net. Air Magnet www.airmagnet.com ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 24
Provided by: dgr46
Category:

less

Transcript and Presenter's Notes

Title: Myths of Wireless Security


1
Myths of Wireless Security
2
Tapping Wireless Networks
  • Wireless LANs use radio signals
  • Radio signals travel in unguided medium
  • Difficult to control where they travel
  • Radio signals can penetrate walls
  • Signals can be picked up outside building

3
Tapping Wireless Networks (cont.)
  • Tap signal in car in parking lot
  • Park out on street or just drive by
  • Public space inside building
  • On floor above or below, out of your control

4
Who Knows About your Wireless Network?
  • War driving
  • Maps of WLANs on Internet
  • Tagging building/sidewalk
  • You MUST implement security on your WLAN
  • Exception Java Daves, Starbucks, etc.

5
802.11b
  • Original 802.11 limited to 1 and 2 Mbps
  • 802.11b developed for 1, 2, 5.5 and 11 Mbps
  • Most widely deployed
  • Uses ISM band, 2.4 GHz
  • Being called Wi-Fi (not really correct)

6
802.11a
  • Newer than 802.11b
  • Not as widely deployed
  • Higher data rates up to 54 Mbps
  • Subrates 6, 9, 12, 18, 24, 36 and 48 Mbps
  • Uses 5 GHz UNII band
  • Cannot interoperate with 802.11b
  • Not backward compatible

7
802.11g
  • Latest and greatest?
  • Like 802.11a, capable of 54 Mbps operation
  • But uses 2.4 GHz ISM band (like 802.11b)
  • Radio is backward compatible with 802.11b
  • Dual mode (802.11b/g) access points

8
Interference
  • The 2.4 GHz ISM band is prone to interference
  • Microwave ovens
  • Cordless telephones
  • Bluetooth
  • All use 2.4 GHz ISM frequencies
  • Cordless telephones problem when in use

9
b,a,g Wars
10
Wireless Security
  • The wireless link is open for observation
  • In most cases, others can see it
  • Best solution is to encrypt the wireless link
  • WEP - Wired Equivalent Privacy
  • WPA - Wi-Fi Protected Access
  • IEEE 802.11i efforts

11
Wireless Security
  • Difficult to manage keys
  • WEP has static keys
  • WEP keys must be manually changed
  • Original WEP key only 40 bits long

12
802.11i
  • Uses 128 bit AES
  • Called WPA2 (Wi-Fi Alliance name)
  • Requires new equipment
  • Comparatively, its wonderful!

13
Jamming
  • Massive interference
  • Receivers cannot detect intended transmissions
  • Could easily jam 802.11 channels
  • Presents real threat to rescue, police,
    firefighters
  • Many hospitals using 802.11
  • Can easily be detected if prepared!

14
Wireless Security
  • A firewall costing thousands of dollars can be
    completely compromised by a single incorrectly
    configured access point, even when the access
    point is behind a brick wall.
  • Networking Computing, October 2001

15
Wireless Truths
  • Wireless changes all the rules!
  • Wireless is a layer 2 problem not layer 3
  • Traditional Layer 3 security controls do not
    protect against wireless attacks!
  • Denial-of-Service
  • MAC spoofing
  • SSID broadcast
  • WEP insecurities
  • AP spoofing
  • Wireless to wireless attacks

16
Wireless Myths
  • Turning off broadcast SSID will prevent attackers
    form finding your access point
  • You can restrict access to your wireless network
    by turning on MAC address filtering
  • WEP The E stands for encryption

17
Wireless Myths
  • Turning off broadcast SSID will prevent attackers
    form finding your access point
  • Net Stumbler www.netstumbler.com
  • Air Defense www.airdefense.net
  • Air Magnet www.airmagnet.com

18
Wireless Myths
  • You can restrict access to your wireless network
    by turning on MAC address filtering
  • MAC Makeup
  • http//www.gorlani.com/publicpri/macmakeup/macmake
    up.asp

19
Wireless Myths
  • WEP The E stands for encryption
  • Improper use of IV makes protocol vulnerable
  • Uses RC4 encryption, known weak keys
  • Static keys or management of rotating key scheme
  • AirSnort, WEP Crack and similar tools available
  • Dwepcrack
  • http//www.dackb0den.com/projects/dwepcrack.html

20
WEP Encryption
21
WEP Decryption
22
Deployment Best Practices
  • Use Wireless Gateway
  • Layer 2 GW for maximum security
  • Layer 3 GW for clientless operation
  • Deploy Wireless IDS
  • Rogue detection
  • Known attacks
  • Separate WLANs for trusted and untrusted users

23
Link Layer Security
24
Security Strategies
  • Layer your security
  • Use wireless gateways
  • Wireless is a layer 2 problem!
  • Infrastructure and security are two different
    things
  • Identify business needs for wireless
  • Treat wireless as untrusted

25
References
  • www.vigilar.com
  • www.802.11-planet.com
  • www.netstumbler.com
  • http//802.11ninja.net
  • www.ethereal.com
  • www.drizzle.com
  • www.airshare.org
  • www.dachb0den.com
  • www.kismetwireless.net
  • http//hostap.epitest.fi
  • www.wireless.ittoolbox.com
  • www.packetatteck.com
  • www.wlana.org
  • www.airmagnet.com
  • www.wildpackets.com
  • www.airdefense.net
  • www.bluesocket.com
Write a Comment
User Comments (0)
About PowerShow.com