Post on 12-Jan-2016
Wireless Networking Concepts
By: Forrest Finkler
Computer Science 484 Networking Concepts
Summary
• What is a Wireless Network
• Methods of Securing Wireless Networks• WEP (Wired Equivalent Privacy)• WPA (Wi-Fi Protected Access)• MAC (Media Access Control) Address Filtering
• Security Flaws of Wireless Data Networks
• How to Bypass Security
What is a wireless network
• Wireless Networks Connect Computers Together and Allow Data to Travel Wirelessly Between an Access Point and a Client
What is a wireless network
• Wireless Networks Use Access Points and Clients to Communicate With Each Other
• Radio Communications
• 2.4 GHz (b, g, n) or 5 GHz(a, n) band
• 11Mbps (b), 54Mbps (g, a)128 Mbps (n)
• Allows for movement (roaming) between access points
Securing Wireless Networks
• WEP (Introduced in 1999)• 64 or 128 bit• 64 Bit
• Uses a 40 bit key• 10 Hexadecimal Numbers “F2C7BB35B9”• 10 Hex * 4 bits per number = 40 bits• 40 bits + 24 IV = 64 bits
• 128 Bit• Uses a 104 bit key• 24 Hexadecimal Numbers “2B204A3F1042643E480FDD655E”• 24 Hex * 4 bits per number = 108 bits• 104 bits + 24 IV = 128 bits
Securing Wireless Networks
• Wi-Fi Protected Access• WPA or WPA2• WPA
• 128-bit key and a 48-bit IV• Uses Temporal Key Integrity Protocol (TKIP)
• Better Security Through Dynamic Keys• Based on 802.11i Draft Standards
• WPA2• 128-bit key and a 48-bit IV• Uses Advanced Encryption Standard (AES)
• Uses a Matrix of Bits and Rounds (mathematical operations) to Authenticate Clients
• Based on 802.11i
Securing Wireless Networks
• Media Access Control Address Filtering• MAC Addresses• MAC Addresses are 48 bits and are Unique to Each NIC• Typical MAC Address “00:0F:66:2A:A5:D5”
• Weaknesses• MAC Addresses are Easily Spoofed Using Software• A Very Weak Security Measure Only Should be Used in
Conjunction With WEP or WPA
How to bypass WLAN security
• MAC Address Spoofing (<20 seconds)• ifdown eth0
• ifconfig eth0 hw ether 00:80:FF:FF:98:F5
• ifup eth0
• WEP Cracking (2 min-30 min)• Kismet (captures raw packets(need 20,000 to 500,000 IV’s))
• Aircrack (decrypts packets and finds WEP key)
• WPA Cracking (15 min-∞)• Only Crackable if Using a PSK
• Brute Force Attack
QUESTIONS?