CWSP Guide to Wireless Security Enterprise Wireless Hardware Security.
Wireless Security-25 Juni 2008
-
Upload
flipsingadji -
Category
Documents
-
view
6 -
download
4
description
Transcript of Wireless Security-25 Juni 2008
![Page 1: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/1.jpg)
Yosia Suherman ([email protected])
Professional Service Dept.Professional Service Dept.Professional Service Dept.Professional Service Dept.
Wireless Wireless Wireless Wireless SecuritySecuritySecuritySecurityWireless Wireless Wireless Wireless SecuritySecuritySecuritySecurity
Securityupdate
![Page 2: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/2.jpg)
11 Domains of ISO 27001 & 2700211 Domains of ISO 27001 & 2700211 Domains of ISO 27001 & 2700211 Domains of ISO 27001 & 27002
![Page 3: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/3.jpg)
Why Attacks Are IncreasingWhy Attacks Are IncreasingWhy Attacks Are IncreasingWhy Attacks Are Increasing
![Page 4: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/4.jpg)
HighlightsHighlightsHighlightsHighlights• Fact about Wifi ?
• Top 10 Wireless Attack
• How they do that
• Prevention
![Page 5: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/5.jpg)
Fact about WifiFact about WifiFact about WifiFact about Wifi
http://www.theregister.co.uk/2005/08/19/finnish_wifi_bank_hack/
![Page 6: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/6.jpg)
Fact about WifiFact about WifiFact about WifiFact about Wifi
http://www.securityfocus.com/brief/273
![Page 7: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/7.jpg)
Fact about WifiFact about WifiFact about WifiFact about Wifi
![Page 8: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/8.jpg)
Fact about WifiFact about WifiFact about WifiFact about Wifi
![Page 9: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/9.jpg)
Wifi DeploymentWifi DeploymentWifi DeploymentWifi Deployment• Shell
• D’cost
![Page 10: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/10.jpg)
Hotspot AnywhereHotspot AnywhereHotspot AnywhereHotspot Anywhere
![Page 11: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/11.jpg)
Hotspot DetectionHotspot DetectionHotspot DetectionHotspot Detection
![Page 12: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/12.jpg)
Top 10 Wireless AttackTop 10 Wireless AttackTop 10 Wireless AttackTop 10 Wireless Attack1. Reveal SSID2. MAC Address Spoofing3. Encryption Attack4. Authentication5. Eavesdropping6. MITM ( Man in The Middle) Attack 7. Wireless Denial Of Service8. Roque Access Point9. Client to client Attack10. Physical damage or theft
![Page 13: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/13.jpg)
HowHowHowHow
Find Find Find Find TargetTargetTargetTarget
War ChalkingWar ChalkingWar ChalkingWar ChalkingWar DrivingWar DrivingWar DrivingWar Driving
ToolsToolsToolsTools SuccessSuccessSuccessSuccess
![Page 14: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/14.jpg)
Find TargetFind TargetFind TargetFind Target1. Mall / Shopping Center
2. Office
3. Hospital
4. Internet Public Access
5. Airport
6. School / Campus
7. Hotels
![Page 15: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/15.jpg)
War ChalkingWar ChalkingWar ChalkingWar Chalking• Wireless Hotspot Sign Indicator
![Page 16: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/16.jpg)
War WardrivingWar WardrivingWar WardrivingWar Wardriving• Wardriving is the act of searching for Wi-Fi wireless
networks by a person in a moving vehicle using such items as a laptop or a PDA.
![Page 17: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/17.jpg)
EquipmentEquipmentEquipmentEquipment• Antenna
– Omni
– Bidirectional
![Page 18: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/18.jpg)
ResultResultResultResult
![Page 19: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/19.jpg)
ToolsToolsToolsTools1. Netstumbler/Kismet/KisMac
2. Mac Changer
3. Aircrack
4. AirSnort
5. Wireshark
6. Void
7. Airpawn
…..etc
![Page 20: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/20.jpg)
Top 3 AttackTop 3 AttackTop 3 AttackTop 3 Attack1. Reveal SSID2. MAC Address Spoofing3. Encryption Attack4. Authentication5. Eavesdropping6. MITM ( Man in The Middle) Attack 7. Wireless Denial Of Service8. Roque Access Point9. Client to client Attack10. Physical damage or theft
![Page 21: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/21.jpg)
Reveal SSIDReveal SSIDReveal SSIDReveal SSID
• Many Access Point use this protection to hide SSID
• To reveal SSID you can use : Kismet or Aircrack
![Page 22: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/22.jpg)
• Filtering access to the access point allows only those MAC addresses specified in the list the ability to access the wireless network.
• To bypass this protection you can use : MAC Changer
MAC SpoofingMAC SpoofingMAC SpoofingMAC Spoofing
![Page 23: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/23.jpg)
Encryption AttackEncryption AttackEncryption AttackEncryption Attack
• Enabling WEP Encrytion for secure data transmission.
• Other encryption WPA, WPA2
To crack WEP encryption can use : AirCrack
![Page 24: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/24.jpg)
OthersOthersOthersOthers AttackAttackAttackAttack• 1. Reveal SSID• 2. MAC Address Spoofing• 3. Encryption Attack• 4. Authentication• 5. Eavesdropping• 6. MITM ( Man in The Middle) Attack • 7. Wireless Denial Of Service• 8. Roque Access Point• 9. Client to client Attack• 10. Physical damage or theft
More
details
in tra
ining
![Page 25: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/25.jpg)
PreventionPreventionPreventionPrevention
TechnologyProcess
People
![Page 26: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/26.jpg)
PeoplePeoplePeoplePeople� Security Awareness (Seminar, Workshop, Security Update)
� Training for improvement skill
![Page 27: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/27.jpg)
ProcessProcessProcessProcess• Security Policy Enforcement
• Monitoring (log/traffic/signal)
• Regular Audit/Assessment
• ISO 27001
![Page 28: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/28.jpg)
TechnologyTechnologyTechnologyTechnology• OSI Layer Protection
– Layer 2 (Data Link Layer) :
• WEP - Enterprise Encryption Gateways
• Tunneling Protocol (L2TP)
• 802.1x /EAP
– Layer 3 :
• Point to Point Tunneling Protocol (PPTP)
• IP Security (IPSec)
– Layer 7 :
• Secure Shell (SSH)
• Secure Shell Version 2 (SSH2)
![Page 29: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/29.jpg)
• Client (Mobile Client (Mobile Client (Mobile Client (Mobile Unit)Unit)Unit)Unit)• Personal Firewall
• VPN
• Antivirus
TechnologyTechnologyTechnologyTechnology
![Page 30: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/30.jpg)
Wireless Security SuiteWireless Security SuiteWireless Security SuiteWireless Security Suite
![Page 31: Wireless Security-25 Juni 2008](https://reader037.fdocuments.us/reader037/viewer/2022110204/563db83d550346aa9a91e2b7/html5/thumbnails/31.jpg)
Q & AQ & AQ & AQ & A