CWNA Guide to Wireless LANs, Second Edition - PowerPoint PPT Presentation

1 / 41
About This Presentation
Title:

CWNA Guide to Wireless LANs, Second Edition

Description:

Title: Linux+ Guide to Linux Certification Subject: Chapter One Created Date: 9/27/2002 11:29:22 PM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:186
Avg rating:3.0/5.0
Slides: 42
Provided by: cmsu2Ucmo
Category:

less

Transcript and Presenter's Notes

Title: CWNA Guide to Wireless LANs, Second Edition


1
CWNA Guide to Wireless LANs, Second Edition
  • Chapter Eight
  • Wireless LAN Security and Vulnerabilities

2
Objectives
  • Define information security
  • Explain the basic security protections for IEEE
    802.11 WLANs
  • List the vulnerabilities of the IEEE 802.11
    standard
  • Describe the types of wireless attacks that can
    be launched against a wireless network

3
Security Principles What is Information Security?
  • Information security Task of guarding digital
    information
  • Ensures protective measures properly implemented
  • Protects confidentiality, integrity, and
    availability (CIA) on the devices that store,
    manipulate, and transmit the information through
    products, people, and procedures

4
Security Principles What is Information
Security? (continued)
Figure 8-1 Information security components
5
Security Principles Challenges of Securing
Information
  • Trends influencing increasing difficultly in
    information security
  • Speed of attacks
  • Sophistication of attacks
  • Faster detection of weaknesses
  • Day zero attacks
  • Distributed attacks
  • The many against one approach
  • Impossible to stop attack by trying to identify
    and block source

6
Security Principles Categories of Attackers
  • Six categories of attackers
  • Hackers
  • Not malicious expose security flaws
  • Crackers
  • Script kiddies
  • Spies
  • Employees
  • Cyberterrorists

7
Security Principles Categories of Attackers
(continued)
Table 8-1 Attacker profiles
8
Security Principles Security Organizations
  • Many security organizations exist to provide
    security information, assistance, and training
  • Computer Emergency Response Team Coordination
    Center (CERT/CC)
  • Forum of Incident Response and Security Teams
    (FIRST)
  • InfraGard
  • Information Systems Security Association (ISSA)
  • National Security Institute (NSI)
  • SysAdmin, Audit, Network, Security (SANS)
    Institute

9
Basic IEEE 802.11 Security Protections
  • Data transmitted by a WLAN could be intercepted
    and viewed by an attacker
  • Important that basic wireless security
    protections be built into WLANs
  • Three categories of WLAN protections
  • Access control
  • Wired equivalent privacy (WEP)
  • Authentication
  • Some protections specified by IEEE, while others
    left to vendors

10
Access Control
  • Intended to guard availability of information
  • Wireless access control Limit users admission
    to AP
  • Filtering
  • Media Access Control (MAC) address filtering
    Based on a nodes unique MAC address

Figure 8-2 MAC address
11
Access Control (continued)
Figure 8-4 MAC address filtering
12
Access Control (continued)
  • MAC address filtering considered to be a basic
    means of controlling access
  • Requires pre-approved authentication
  • Difficult to provide temporary access for guest
    devices

13
Wired Equivalent Privacy (WEP)
  • Guard the confidentiality of information
  • Ensure only authorized parties can view it
  • Used in IEEE 802.11 to encrypt wireless
    transmissions
  • Scrambling

14
WEP Cryptography
  • Cryptography Science of transforming information
    so that it is secure while being transmitted or
    stored
  • scrambles data
  • Encryption Transforming plaintext to ciphertext
  • Decryption Transforming ciphertext to plaintext
  • Cipher An encryption algorithm
  • Given a key that is used to encrypt and decrypt
    messages
  • Weak keys Keys that are easily discovered

15
WEP Cryptography (continued)
Figure 8-5 Cryptography
16
WEP Implementation
  • IEEE 802.11 cryptography objectives
  • Efficient
  • Exportable
  • Optional
  • Reasonably strong
  • Self-synchronizing
  • WEP relies on secret key shared between a
    wireless device and the AP
  • Same key installed on device and AP
  • Private key cryptography or symmetric encryption

17
WEP Implementation (continued)
Figure 8-6 Symmetric encryption
18
WEP Implementation (continued)
  • WEP shared secret keys must be at least 40 bits
  • Most vendors use 104 bits
  • Options for creating WEP keys
  • 40-bit WEP shared secret key (5 ASCII characters
    or 10 hexadecimal characters)
  • 104-bit WEP shared secret key (13 ASCII
    characters or 16 hexadecimal characters)
  • Passphrase (16 ASCII characters)
  • APs and wireless devices can store up to four
    shared secret keys
  • Default key used for all encryption

19
WEP Implementation (continued)
Figure 8-8 Default WEP keys
20
WEP Implementation (continued)
Figure 8-9 WEP encryption process
21
WEP Implementation (continued)
  • When encrypted frame arrives at destination
  • Receiving device separates IV from ciphertext
  • Combines IV with appropriate secret key
  • Create a keystream
  • Keystream used to extract text and ICV
  • Text run through CRC
  • Ensure ICVs match and nothing lost in
    transmission
  • Generating keystream using the PRNG is based on
    the RC4 cipher algorithm
  • Stream Cipher

22
WEP Implementation (continued)
Figure 8-10 Stream cipher
23
Authentication
  • IEEE 802.11 authentication Process in which AP
    accepts or rejects a wireless device
  • Open system authentication
  • Wireless device sends association request frame
    to AP
  • Carries info about supported data rates and
    service set identifier (SSID)
  • AP compares received SSID with the network SSID
  • If they match, wireless device authenticated

24
Authentication (continued)
  • Shared key authentication Uses WEP keys
  • AP sends the wireless device the challenge text
  • Wireless device encrypts challenge text with its
    WEP key and returns it to the AP
  • AP decrypts returned result and compares to
    original challenge text
  • If they match, device accepted into network

25
Vulnerabilities of IEEE 802.11 Security
  • IEEE 802.11 standards security mechanisms for
    wireless networks have fallen short of their goal
  • Vulnerabilities exist in
  • Authentication
  • Address filtering
  • WEP

26
Open System Authentication Vulnerabilities
  • Inherently weak
  • Based only on match of SSIDs
  • SSID beaconed from AP during passive scanning
  • Easy to discover
  • Vulnerabilities
  • Beaconing SSID is default mode in all APs
  • Not all APs allow beaconing to be turned off
  • Or manufacturer recommends against it
  • SSID initially transmitted in plaintext
    (unencrypted)

27
Open System Authentication Vulnerabilities
(continued)
  • Vulnerabilities (continued)
  • If an attacker cannot capture an initial
    negotiation process, can force one to occur
  • SSID can be retrieved from an authenticated
    device
  • Many users do not change default SSID
  • Several wireless tools freely available that
    allow users with no advanced knowledge of
    wireless networks to capture SSIDs

28
Open System Authentication Vulnerabilities
(continued)
Figure 8-12 Forcing the renegotiation process
29
Shared Secret Key Authentication Vulnerabilities
  • Attackers can view key on an approved wireless
    device (i.e., steal it), and then use on own
    wireless devices
  • Brute force attack Attacker attempts to create
    every possible key combination until correct key
    found
  • Dictionary attack Takes each word from a
    dictionary and encodes it in same way as
    passphrase
  • Compare encoded dictionary words against
    encrypted frame

30
Shared Secret Key Authentication Vulnerabilities
(continued)
  • AP sends challenge text in plaintext
  • Attacker can capture challenge text and devices
    response (encrypted text and IV)
  • Mathematically derive keystream

31
Shared Secret Key Authentication Vulnerabilities
(continued)
Table 8-2 Authentication attacks
32
Address Filtering Vulnerabilities
Table 8-3 MAC address attacks
33
WEP Vulnerabilities
  • Uses 40 or 104 bit keys
  • Shorter keys easier to crack
  • WEP implementation violates cardinal rule of
    cryptography
  • Creates detectable pattern for attackers
  • APs end up repeating IVs
  • Collision Two packets derived from same IV
  • Attacker can use info from collisions to initiate
    a keystream attack

34
WEP Vulnerabilities (continued)
Figure 8-13 XOR operations
35
WEP Vulnerabilities (continued)
Figure 8-14 Capturing packets
36
WEP Vulnerabilities (continued)
  • PRNG does not create true random number
  • Pseudorandom
  • First 256 bytes of the RC4 cipher can be
    determined by bytes in the key itself

Table 8-4 WEP attacks
37
Other Wireless Attacks Man-in-the-Middle Attack
  • Makes it seem that two computers are
    communicating with each other
  • Actually sending and receiving data with computer
    between them
  • Active or passive

Figure 8-15 Intercepting transmissions
38
Other Wireless Attacks Man-in-the-Middle Attack
(continued)
Figure 8-16 Wireless man-in-the-middle attack
39
Other Wireless Attacks Denial of Service (DoS)
Attack
  • Standard DoS attack attempts to make a server or
    other network device unavailable by flooding it
    with requests
  • Attacking computers programmed to request, but
    not respond
  • Wireless DoS attacks are different
  • Jamming Prevents wireless devices from
    transmitting
  • Forcing a device to continually dissociate and
    re-associate with AP

40
Summary
  • Information security protects the
    confidentiality, integrity, and availability of
    information on the devices that store,
    manipulate, and transmit the information through
    products, people, and procedures
  • Significant challenges in keeping wireless
    networks and devices secure
  • Six categories of attackers Hackers, crackers,
    script kiddies, computer spies, employees, and
    cyberterrorists

41
Summary (continued)
  • Three categories of default wireless protection
    access control, wired equivalent privacy (WEP),
    and authentication
  • Significant security vulnerabilities exist in the
    IEEE 802.11 security mechanisms
  • Man-in-the-middle attacks and denial of service
    attacks (DoS) can be used to attack wireless
    networks
Write a Comment
User Comments (0)
About PowerShow.com