Brian Pelletier Tyler Technologies 4B – ROLE BASED SECURITY - PAYROLL KASBO Spring 2015.
Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.
-
Upload
kimberly-bentley -
Category
Documents
-
view
215 -
download
0
Transcript of Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.
![Page 1: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/1.jpg)
Security+All-In-One Edition
Chapter 10 – Wireless Security
Brian E. Brzezicki
![Page 2: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/2.jpg)
WirelessLook No Wires!
![Page 3: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/3.jpg)
Wireless
Attempt at communication using non-physical links. Examples
• Radio Waves
• Light Pulses
Often used for networking, but can be used simply to eliminate wires for device to device communication.
![Page 4: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/4.jpg)
Wireless LAN protocols
![Page 5: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/5.jpg)
802.11 standard
• Wireless LAN networking
• Data Link layer specifications
• Components– Access point (a type of bridge)– Wireless Card– SSID
![Page 6: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/6.jpg)
802.11 family• 802.11b
– 11Mbs– 2.4Ghz (same as common home devices)
• 802.11a – 54Mbps– 5Ghz (not as commonly used, however absorbed by walls,
yielding less range possibly)• 802.11g
– 54Mbs– 2.4Ghz– Cards are generally backwards compatible and can serve as
802.11b or 802.11a• 802.11n
– Uses Multiple Input Multiple Output (MIMO)– 100Mbs– 2.4G or 5Ghz
![Page 7: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/7.jpg)
Wireless Problems
• Easy to get access to airwaves, hard to restrict!
Talk about the attacks next.
![Page 8: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/8.jpg)
Wireless Attacks
![Page 9: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/9.jpg)
Wireless Attacks• War driving
– Wireless scanners– Netstumber (see next slide)
• Warchalking (2 slides)
(more)
![Page 10: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/10.jpg)
NetStumbler
![Page 11: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/11.jpg)
War chalking symbols
![Page 12: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/12.jpg)
Man in the Middle
• Airsnarfing, put up a fake access point get people to connect with you.
![Page 13: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/13.jpg)
Evesdropping and attaining non-authorized acess
• Evesdropping – Kismit – Air Snort – breaks WEP retrieves encryption keys
(security+ exam reference airsnort, even thought it’s no longer developed)
– aircrack-ng – breaks WEP and WPA-psk
![Page 14: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/14.jpg)
Wireless Countermeasures
• Turn off SSID broadcasts (problems?)
• Enable MAC filtering (problems?)
• Use Encryption (we’ll talk about this next)
• Use Enterprise Mode for authentication
![Page 15: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/15.jpg)
Transmission encryptionThere are many different types of wireless
encryption protocols• WEP
– Shared passwords (why is this bad?)– 64/40 or 128/104 bit key– Uses RC4– Easily crack able (due to key reuse)– Only option for 802.11b
(more)
![Page 16: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/16.jpg)
Transmission Encryption• WPA PSK
– Shared password– Uses TKIP normally
• RC4 with changing keys
– Can use AES (not certified)• 128 bit key
• WPA2 PSK– Uses AES (normally)
• 128 bit key
– Can use TKIP• RC4 with changing keys
(more)
![Page 17: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/17.jpg)
Transmission Encryption
• WPA or WPA2 in Enterprise Mode– Uses 802.1X authentication to have individual
passwords for individual users
• RADIUS – what was radius again?
• 802.11i – the official IEEE wireless security spec, officially supports WPA2
![Page 18: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/18.jpg)
Wireless Device to Device Communication
![Page 19: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/19.jpg)
Bluetooth
![Page 20: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/20.jpg)
Bluetooth• What is Bluetooth
• What is the purpose of Bluetooth, is it networking?
• Bluetooth Modes– Discovery Mode– Automatic Pairing
![Page 21: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/21.jpg)
Bluetooth Attacks
• Bluejacking – Sending forged message to nearby bluetooth devices– Need to be close– Victim phone must be in “discoverable” mode
• Bluesnarfing– Copies information off of remote devices
• Bluebugging– More serious– Allows full use of phone– Allows one to make calls– Can eavesdrop on calls
![Page 22: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/22.jpg)
Bluetooth Countermeasures
• Disable it if your not using it
• Disable auto-discovery
• Disable auto-pairing
![Page 23: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/23.jpg)
WAP
![Page 24: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/24.jpg)
WAPWireless Application Protocol – a protocol developed
mainly to allow wireless devices (cell phones) access to the Internet.
• Requires a Gateway to translate WAP <-> HTML (see visual)
• Uses WTLS to encrypt data (modified version of TLS)
• Uses HMAC for message authentication• WAP GAP problem (see visual and explain)• A lot of wireless devices don’t need WAP anymore…
why?
![Page 25: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/25.jpg)
WAP
![Page 26: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/26.jpg)
WAP GAP
As the gateway decrypts from WTLS and encrypts as SSL/TLS, the data is plaintext. If someone could access the gateway, they could capture the communications
![Page 27: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/27.jpg)
Chapter 10 – Review QuestionsQ. What encryption protocol does WEP use
Q. What 2 key lengths does WEP support
Q. What encryption protocol does WPA2 use?
Q. Why is MAC filtering or turning off SSID broadcasting not sufficient security?
Q. What does WAP use for security?
![Page 28: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/28.jpg)
Chapter 10 – Review QuestionsQ. What is the WAP GAP
Q. Define how to accomplish a MiM attack on a wireless network
Q. What type of authentication concept would help against the attack above?
Q. What is one way office users could use wireless to violate network security?
Q. What is Bluetooth used for?
Q. What is Bluesnarfing?
![Page 29: Security+ All-In-One Edition Chapter 10 – Wireless Security Brian E. Brzezicki.](https://reader035.fdocuments.us/reader035/viewer/2022062618/55143b2f5503462d4e8b4665/html5/thumbnails/29.jpg)
Wireless security
• Access control– Turn off SSID broadcasts (problems)– MAC filtering (problems)
• Encryption– Discussed later
• Authentication– Use Radius and 802.1X
• Isolation– VLANs over wireless