Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Wireless Security

siDz
siDz

Wireless Security : A False Sense of Security @ BarCamp Melaka. Made/Presented by Ahmad Siddiq b. Mohd Adnan

Related slideshows

Wireless Lan Security
Wireless Lan SecurityWireless Lan Security
Wireless Lan Security
 
Security & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case StudySecurity & Privacy in WLAN - A Primer and Case Study
Security & Privacy in WLAN - A Primer and Case Study
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
1 of 32
Wireless Security: A False Sense of SecurityBarCamp Melaka – 14th November 2009
IntroductionA false sense of security is worse than a true sense of insecurity
MeAhmad Siddiqb. MohdAdnanCCNA, MCSE, Red Hat Trainer. Asia Talk Sdn. Bhd.Guide young Jedi’s how to deal with cables, switches and servers
IEEE 802.11 IntroductionWireless Security: A False Sense of Security
How 802.11 WorksDesigned to integrate easily with existing wired networks802.11 uses CSMA/CA to access the mediumEach device has a unique 48bit MAC address just like the 802.3 Ethernet
802.11 Modes of CommunicationInfrastructureAll client adapters associate with the Access point.Each client adapter only communicates with the Access Point Ad-HocWireless client adapters communicate with each other directly
Nature of The MediumUnlike on wired networks, all communications are essentially broadcastsThis makes passive sniffing and MITM easierTherefore encryption of data is key to secure communication
WiFiProfilerationSource: WiFi Alliance, www.wifialliance.org
Attack HierarchyAttacksPassiveActiveDenial Of ServiceEavesdroppingReplayMasqueradeTraffic AnalysisMessage Modification
Securi..what?Wireless Security: A False Sense of Security
Wi-Fi is No ExceptionWi-Fi throws new pieces in the information security puzzleSignal spillage outside building
Threats operative below Layer 3
Wired firewalls, IDS/IPS, anti-virus ineffective against Wi-Fi threatsIncorrect Views of Wi-Fi SecurityDude check this shit out. I have this cool Cisco hardware firewall and some slick IDS installed on my LAN. I also have some kind of Anti-Virus installed, and hence I am already been protected.
802.11 Inbuilt SecurityWired Equivalent Privacy (WEP)Uses RC4 Stream cipher for encryptionWiFi Protected Access (WPA or TKIP)Uses RC4 Stream cipher for encryptionWPA2Uses AES Block cipher for encryption
Wired Equivalent Privacy (WEP)So damn popular in MalaysiaWEP implementation has many flawsWEP encryption is easily brokenClient side attacks on WEP make it even easier
Wireless SecurityA False sense of SecurityDemo 1: WEP key pwnage within a few minutes
Wi-Fi Protected Access (WPA)WPA or TKIP is more secure than WEP WPA-PSK is the easiest to implement WPA-PSK is susceptible to an offline brute-force attack WPA2 uses AES and is so far considered secure
Cracking Exploits
Most Obvious Wi-Fi ThreatSolution: Use of strong wireless authentication and encryption in Wi-FiOPEN and WEP are a BIG NOWPA can be used, but not enterprise grade. Use WPA2 which is enterprise graded.SSID and MAC access control can be evaded
Wi-Fi or No Wi-Fi Cannot Address Unmanaged DevicesThreats From Unmanaged Devices
Rogue APsUnmanaged APs attached to the network(Logically) LAN jacks hanging out from the windowMalicious intent or simply an unwitting, impatient employee
Provides direct access to wired network from the areas of spillage
Steal data on wire
Scan network for vulnerabilities
Firewall, anti-virus, WPA2 do not see thisAd-hoc connectionsEmployees may use ad-hoc connection to share contentReduce productivityLeak sensitive dataInadvertent ad-hoc connectionCompromise laptopBridge to enterprise network
Ad-hoc Bridge to Wired NetworkUsers may bridge wired and Wi-Fi network on their laptops
MisassociationPolicy violationGmail, IM, banned websites, banned contentMIM attack
Password stealing, data interception
Growing number of hack tools: KARMETASPLOIT, SSLstrip, Airbase Wi-Fi Device Driver SecurityWi-Fi device drivers may be vulnerable to remote exploits and DOSMay allow remote code execution at kernel mode (XSS, CR;LF, etc)One must always use the latest versions of hardware drivers.
WiFi HotspotsHotspots offer unencrypted connectivityMITM & sniffing is very easily implementedTools like SSL strip can nullify HTTPS protection (lol)Use of VPN or higher layer encryption is recommended
DoS AttacksWireless DoS attacks are inevitable for WiFiSpoofed disconnectsSpoofed connection floodsHogging wireless mediumEven Cisco MFP and 802.11w are vulnerable to DoS attacksGoogle “Auto immunity disorder in Wireless LANs”
WPA-2 is Essential, But Not Enough!No-WiFi is Also Not Enough!

More Related Content

Wireless Security

  • 1. Wireless Security: A False Sense of SecurityBarCamp Melaka – 14th November 2009
  • 2. IntroductionA false sense of security is worse than a true sense of insecurity
  • 3. MeAhmad Siddiqb. MohdAdnanCCNA, MCSE, Red Hat Trainer. Asia Talk Sdn. Bhd.Guide young Jedi’s how to deal with cables, switches and servers
  • 4. IEEE 802.11 IntroductionWireless Security: A False Sense of Security
  • 5. How 802.11 WorksDesigned to integrate easily with existing wired networks802.11 uses CSMA/CA to access the mediumEach device has a unique 48bit MAC address just like the 802.3 Ethernet
  • 6. 802.11 Modes of CommunicationInfrastructureAll client adapters associate with the Access point.Each client adapter only communicates with the Access Point Ad-HocWireless client adapters communicate with each other directly
  • 7. Nature of The MediumUnlike on wired networks, all communications are essentially broadcastsThis makes passive sniffing and MITM easierTherefore encryption of data is key to secure communication
  • 9. Attack HierarchyAttacksPassiveActiveDenial Of ServiceEavesdroppingReplayMasqueradeTraffic AnalysisMessage Modification
  • 10. Securi..what?Wireless Security: A False Sense of Security
  • 11. Wi-Fi is No ExceptionWi-Fi throws new pieces in the information security puzzleSignal spillage outside building
  • 13. Wired firewalls, IDS/IPS, anti-virus ineffective against Wi-Fi threatsIncorrect Views of Wi-Fi SecurityDude check this shit out. I have this cool Cisco hardware firewall and some slick IDS installed on my LAN. I also have some kind of Anti-Virus installed, and hence I am already been protected.
  • 14. 802.11 Inbuilt SecurityWired Equivalent Privacy (WEP)Uses RC4 Stream cipher for encryptionWiFi Protected Access (WPA or TKIP)Uses RC4 Stream cipher for encryptionWPA2Uses AES Block cipher for encryption
  • 15. Wired Equivalent Privacy (WEP)So damn popular in MalaysiaWEP implementation has many flawsWEP encryption is easily brokenClient side attacks on WEP make it even easier
  • 16. Wireless SecurityA False sense of SecurityDemo 1: WEP key pwnage within a few minutes
  • 17. Wi-Fi Protected Access (WPA)WPA or TKIP is more secure than WEP WPA-PSK is the easiest to implement WPA-PSK is susceptible to an offline brute-force attack WPA2 uses AES and is so far considered secure
  • 19. Most Obvious Wi-Fi ThreatSolution: Use of strong wireless authentication and encryption in Wi-FiOPEN and WEP are a BIG NOWPA can be used, but not enterprise grade. Use WPA2 which is enterprise graded.SSID and MAC access control can be evaded
  • 20. Wi-Fi or No Wi-Fi Cannot Address Unmanaged DevicesThreats From Unmanaged Devices
  • 21. Rogue APsUnmanaged APs attached to the network(Logically) LAN jacks hanging out from the windowMalicious intent or simply an unwitting, impatient employee
  • 22. Provides direct access to wired network from the areas of spillage
  • 24. Scan network for vulnerabilities
  • 25. Firewall, anti-virus, WPA2 do not see thisAd-hoc connectionsEmployees may use ad-hoc connection to share contentReduce productivityLeak sensitive dataInadvertent ad-hoc connectionCompromise laptopBridge to enterprise network
  • 26. Ad-hoc Bridge to Wired NetworkUsers may bridge wired and Wi-Fi network on their laptops
  • 27. MisassociationPolicy violationGmail, IM, banned websites, banned contentMIM attack
  • 28. Password stealing, data interception
  • 29. Growing number of hack tools: KARMETASPLOIT, SSLstrip, Airbase Wi-Fi Device Driver SecurityWi-Fi device drivers may be vulnerable to remote exploits and DOSMay allow remote code execution at kernel mode (XSS, CR;LF, etc)One must always use the latest versions of hardware drivers.
  • 30. WiFi HotspotsHotspots offer unencrypted connectivityMITM & sniffing is very easily implementedTools like SSL strip can nullify HTTPS protection (lol)Use of VPN or higher layer encryption is recommended
  • 31. DoS AttacksWireless DoS attacks are inevitable for WiFiSpoofed disconnectsSpoofed connection floodsHogging wireless mediumEven Cisco MFP and 802.11w are vulnerable to DoS attacksGoogle “Auto immunity disorder in Wireless LANs”
  • 32. WPA-2 is Essential, But Not Enough!No-WiFi is Also Not Enough!
  • 33. 24x7 Comprehensive Protection with Wireless Intrusion Prevention System (WIPS)Wireless DOS
  • 34. WIPS Providers in the Market
  • 35. Wireless SecurityA False sense of SecurityDemo 2: Cuz I’m a Man In The Mirror
  • 36. ConclusionWi-Fi warrants new security controls in enterprise networksFor both Wi-Fi and no Wi-Fi networksPerceived as high priority item todayAlso a regulatory compliance requirementsStrong authorization and encryption (WPA2) is essential for authorized Wi-FiPrevents eavesdropping and unauthorized accessAnother layer of security in the form of WIPS (Wireless Intrusion Prevention System) is essential for comprehensive protectionPrevents Rogue AP’s, ad-hoc connection, misassociations, cracking exploits, DoS attacksCompliance monitoringPerformance monitoring and troubleshooting as added benefits
  • 37. Questions?I don’t bring my name card. I love trees.email: mysiddiq@gmail.comThanks for listeningMay your next day be more secure