done by : ahmad al-asmar wireless lan security risks and solutions
TRANSCRIPT
Overview of Wireless Technology.
Security and Privacy issues in Wireless Network.
Wireless Security Protocols.
Wireless Equivalent Privacy (WEP).
Wireless Equivalent Privacy (WEP2).
Wireless Equivalent Privacy plus (WEP+).
Wi-Fi Protected Access (WPA). Temporal Key Integrity Protocol (TKIP).
WPA Pre Shared Key (WPA-PSK).
Wi-Fi Protected Access (WPA2). Counter-Mode with CBC-MAC Protocol (CCMP).
Wireless Network Threats.
Traffic Analysis.
Passive Eavesdropping.
Active Eavesdropping.
Unauthorized Access.
Man-in-the-middle
Session High-Jacking
Replay
Denial of service (DoS)
Contents
The wireless networks are based on the IEEE standards belonging to the 802 family.
Following list is a simple overview of the 802.11 family:• 802.11bo Most widespreado 11Mb maximum, 2.4 GHZ band• 802.11ao Next generationo 54MB maximum, 5GHZ band• 802.11go 54MB maximum, 2.4 GHZ bando Compatible with 802.11b• 802.11Xo Uses Extensible Authentication Protocol (EAP)o Supports RADIUSm
OVERVIEW OF WIRELESS TECHNOLOGY.
Security and Privacy issues in Wireless Network.
End users are not security experts, and may not be aware of the risks posed by wireless LANs.
Nearly all of the access points running with default configurations have not activated WEP.
Most of the users does not change access point’s default key used by all the vendor's products out of the box.
The Wireless Access Points who are enabled with WEP can be cracked easily.
Wireless Equivalent Privacy (WEP) WEP is a protocol that adds security to
wireless local area networks (WLANs) based on the 802.11 Wi-Fi standard.
WEP algorithm is used to protect wireless communication from eavesdropping and to prevent unauthorized access to a wireless network.
The original implementations of WEP supported so-called 40-bit encryption, having a key of length 40 bits and 24 additional bits of system-generated data (64 bits total).
40-bit WEP encryption is too easy to decode.
WEP relies on a secret key.
WEP uses the RC4 encryption algorithm, which is known as a stream cipher.
Wireless Equivalent Privacy (WEP) (Cont.)
Wireless Equivalent Privacy (WEP2) A stopgap enhancement to WEP,
implement able on some (not all) hardware not able to handle WPA/WPA2, based on:
Enforced 128-bit encryption
WEP2 remains vulnerable to known WEP attacks.
24GB to construct a full table, which would enable the attacker to immediately decrypt each subsequent ciphertext
WPA (Wi-Fi Protected Access) It is also known as WEP+. WEP plus enhances WEP security by
avoiding . It is only completely effective when WEP
plus is used at both ends of the wireless connection.
It remains serious limitation. WPA use Temporal Key Integrity Protocol
(TKIP)to addresses the encryption weaknesses of WEP.
Key component of WPA is built-in authentication that WEP does not offer.
WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.
WPA (Wi-Fi Protected Access) (Cont.) One variation of WPA is called WPA Pre
Shared Key or WPA-PSK. To use WPA-PSK, a person sets a static
key or "passphrase" as with WEP. By using TKIP, WPA-PSK automatically
changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them.
WPA uses the RC4 cipher. Keys are rotated frequently, and the
packet counter prevents packet replay or packet re-injection attacks.
WPA2 (Wi-Fi Protected Access) WPA2 (Wi-Fi Protected Access 2) gives
wireless networks both confidentiality and data integrity.
The Layer 2-based WPA2 better protects the network.
WPA2 uses a new encryption method called CCMP (Counter-Mode with CBC-MAC Protocol).
CCMP is based on Advanced Encryption Standard (AES).
AES is stronger algorithm then RC4.
Wireless Network Threats Traffic Analysis.
Passive Eavesdropping.
Active Eavesdropping.
Unauthorized Access.
Man-in-the-middle
Session High-Jacking
Traffic Analysis
Traffic analysis allows the attacker to obtain three forms of information.
The attacker preliminary identify that there is activity on the network.
The identification and Physical location of the Wireless Access Point (AP).
The type of protocol being used during the transmission.
Passive Eavesdropping
Attacker
Target
Passive Eavesdropping allows the attacker to obtain two forms of information.
The attacker can read the data transmitted in the session.
The attacker can read the information i.e source, destination, size, number and time of transmission.
Active Eavesdropping
Active Eavesdropping allows the attacker inject the data into the communication to decipher the payload.
Active Eavesdropping can take into two forms.
The attacker can modify the packet.
The attacker can inject complete packet into the data.
The WEP by using CRC only check the integrity of the data into the packet.
Unauthorized Access
Due to physical properties of the WLAN, the attacker will always have access to the Wireless components of the network.
If attacker become successful to get unauthorized access to the network by using brute force attack, man in the middle and denial of service attack, attacker can enjoy the whole network services.
Methodologies of free Wireless Hacking tools over the internet. NetStumbler
Kismet
Wellenreiter
THC-RUT
Ethereal
AirSnort
HostAP
AirSnarf
SMAC
Aircrack
Aircrack-ng
WepAttack
WEPCrack.
Contents