wireless network hackingrowdysites.msudenver.edu/~fustos/cis4500/pdf/chapter07.pdf · wireless...
TRANSCRIPT
.
1
Wireless Network Hacking
Chapter #7:
CIS 4500
Outline
n Describe wireless network architecture and terminology
n Identify wireless network types and forms of authentication
n Describe wireless encryption algorithms
n Identify wireless hacking methods and tools
n Describe mobile platform attacks
n Identify Mobile Device Management
Wireless Network Hacking 2
CIS 4500
Standards
n Packetized data over radio waves in the 2.4 GHz band
n Multiple-rate Ethernet
n ‘b’ operates at rates of 1 Mbps, 2 Mbps, 5.5 Mbps, and 11
Mbps (2.4 GHz)
n ‘a’ data traffic up to 54 Mbps in the 5 GHz spectrum
n ‘g’ uses the 2.4 GHz band and achieves 54 Mbps data rates
n bands that are “unlicensed” by the FCC
n anybody can use them – possible interferences
Wireless Network Hacking 3 CIS 4500
Wireless Design/Operations
Wireless Network Hacking 4
n Antenna placement and geometry
n power level control
n antenna types
n MAC Filtering
n Channels
.
2
CIS 4500
Connection
n Authentication: handshake when attempting to “associate”
to the AP
n Association is the process needed before the AP will allow
the client to talk to the network
n Association occurs only if the client has all the correct
parameters needed
n service set identifier (SSID)
n should limit access to only the authorized users of the wireless
network Wireless Network Hacking 5 CIS 4500
Authentication
n Authentication can happen in a frame sent to an AP with SSID
n Unique 32-character identifier attached to the header of the
packet
n SSID is sent in plaintext in the packets
n Operating systems will display a list of SSIDs active in the
area
n since it is part of every package it is discoverable
Wireless Network Hacking 6
CIS 4500
802.11 Security
n Challenge/request scenario: with the AP verifying a
decrypted “key” for authentication.
n Solutions: Open System Authentication Process or Shared
Key Authentication Process.
n You can also use an authentication server (RADIUS)
Wireless Network Hacking 7 CIS 4500
Wireless Encryption
n WEP is the 802.11 protocol’s method for ensuring confidentiality and
authentication
n WEP encrypts the data with an RC4 stream cipher
n Depends on the client and the access point having a shared secret
“key”
n WEP supports three key lengths: 40, 104, and 232 bits (referred to as
64, 128 and 256 bits)
n 24 bits of the overall key length are for the initialization vector
n The IV is the primary reason for the weaknesses
Wireless Network Hacking 8
.
3
CIS 4500
WPA and WPA2
n WPA
n Temporary standard between WEP and WPA2
n Uses TKIP – 128 bit key
n WPA2
n AES block cipher
n Personal or enterprise
Wireless Network Hacking 9 CIS 4500
802.1X Protocol
n Can support a wide variety of authentication methods
n Fits well into existing authentication systems such as
RADIUS and LDAP, VPN and/or dial-up RAS
n Four common ways of implementing 802.1X:
n EAP-TLS – Extensible Auth. Prot.–Transport Layer Security
n EAP-TTLS – EAP–Tunneled TLS Protocol
n EAP-MD5 – using the MD5 encryption protocol
n EAP – Cisco Wireless, or LEAP
Wireless Network Hacking 10
CIS 4500
Access Control
Wireless Network Hacking 11 CIS 4500
Enterprise Wireless Access Point
Wireless Network Hacking 12
.
4
CIS 4500
Wireless Hacking - Discovery
n wigle.net – downloadable app for war driving
n AirPcap – USB wireless adapter
n NetStumbler – finding access points
n Kismet (KisMAC) – wireless sniffer
n WiFi Pineapple – full auditing platform
Wireless Network Hacking 13
Stay Alert!
There is no 100 percent secure system,
and there is nothing that is foolproof!