WiFi Network Security

Internet and Computer Security Awareness Wireless Network Security
Copyright 2012 CyberSecurity Malaysia
Introduction
WiFi networks are everywhere!

The popularity of wireless networks are due to the cost effectives in deployment, no cabling required compared to wired network and easy to use as well as flexible deployment.
Goals
After completion of this lesson, our wireless communication will never be the same as we will the potential threats associated to the wireless network. Beware of invisible wireless hacker!
Objectives
WiFi Network Fundamentals Wired Network vs. WiFi Network Common Problem and WiFi Threats WiFi Protocol Attacks WiFi Client Attacks WiFi Data Disclosure End Words
The Invisible Hacker: WiFi Hackers
WiFi Network Architecture & Principle

1 Station Infrastructure (STA) Access Point (AP) SSID 4
Managed Mode
Monitor Mode
Master Mode
Ad Hoc Mode Station (STA)
MAC Address 2 Station (STA) Ad-hoc
BSSID = AP MAC Address 5 Station (STA)
Access Point (AP) SSID
MAC Address
Attacker/ Auditor 3 Station (STA)
ESSID
Access Point (AP) Access Point (AP) Access Point (AP)
00-04-5a-03-3c-0f
OUI
Vendor Cisco (Aironet) Agere (Orinoco)
OUI 00-04-96 00-02-2D 00-e0-03 00-04-5a
(Organizationally Unique Identifier)
Nokia Linksys
http://standards.ieee.org/regauth/oui/index.shtml
WiFi Operation Modes

1 Station (STA) 2 Access Point (AP) SSID
Managed Mode
Master Mode
Monitor Mode 3 Station (STA) Station (STA)
Ad Hoc Mode
Ad Hoc Mode
WiFi Networking
1 Station Probes
3 Station Probes Request Probes Response
Access Point
2 Beacons Access Point
Station
Probe Request Probe Response AUTH Request AUTH Response Assoc Request Assoc Response
Access Point
Wired Network: Possible Attacks

Attackers SECURE ENTERPRISE PERIMETER Server INTERNET
INTRANET
Virus & Malware Desktop Inside Threat
Data Theft
10
Wireless Network: Possible Attacks

6 Wi-Fi Phishing
Legitimate Wi-Fi AP Evil Twin
1 Rogue AP Connected
to Network
Hacker
2 Leaked Wired Traffic

& Insertion
Server Mobile User AP

INTERNET INTRANET
Laptop
Desktop
Wi-Fi Network aggravates Threats to Enterprise Networks
3 Non-Compliant AP
5 Users Bypassing Network

Security Controls
Public Wi-Fi AP
4 Neighboring AP
11
12
WiFi Hacking Highlights

Wireless hacking bust in Michigan
Home Improvement Store
A North Carolina Medical Consulting Firm

Broke into the computer system of a local medical consulting firm & illegally accessed information of hundreds of patients, including checks and insurance forms
Two Michigan men repeatedly cracked Lowes nationwide network from a 1995 Pontiac Grand Prix parked outside a suburban Detroit store. Charged with penetrating and intentionally damaging a Lowes system. First hopped onto the Wi-Fi network at the store to access the companys central data center at Lowes headquarters. Deployed hacking software, in one case crashing the point of sale terminals.
Security causes electronics giant register ban

Best Buy banned the use of wireless cash registers at its 492 stores after learning a hacker may have intercepted a customers credit card number.
A Texas County Court

Hackers accessed information filed by the clerk of courts by using only a laptop & wireless card
Electronics Retailer
A Wholesale club
Major Wholesale Store
A California Public School District

Unprotected WLAN allowed full unauthorized access to sensitive files & enabled hackers to upload their own files into servers
Hacked via wireless network at a store location, credit card data was stolen AND used to the tune of $20M. The lax security found by the FTC to be an unfair trade practice; now under 9 years of probation and have to institute security measures and hire 3rd party auditor
13
WiFi Problem: Uncontrolled Medium

With a single access point, provide walls come tumbling The walls of the facility a solid line of down defense against Ethernet now extends to the intruders parking lot! intruders
The walls of the facility provide a solid line of defense against
Attacker
t 2
Attacker
Server
Server
Server
Computer
RF in the AIR is uncontrolled

14
WiFi Problem: RF Signal Propagation
THIS IS THE ATTACK SURFACE
15
WiFi Problem: Extending Antenna

A Dual-Use Homebrew Product Pringles Cans
http://www.oreillynet.com/lpt/wlg/448
Yagi Antenna
Omni Antenna
16
WiFi Problem: Free WiFi Hacking Tools
WiFi Problem: WiFi Communication

Employee Station Legit Association Access Point Malicious Association Workstation Company Access Point
Evolving to
Hacker / Soft AP Rogue Access Point Ad Hoc Network
Neighbor Station
Rogue Access Point Employee AP Neighbor AP
WiFi Threat: Soft Access Points
WiFi Threat: Weak Configuration

Common Mistakes in Wireless Implementations Descriptive SSID e.g. BANK_NAME SSID Vulnerable Encryption Setting e.g. WEP Encryption Access Points Coverage Areas e.g. A very good quality of access point signal from across the road
WiFi Threat: Factory Configuration
WiFi Threat: Connecting to WiFi Network
Dont You Know?

accidental association
malicious association malicious access points vulnerable access points
22
WiFi Threat: WiFi DoS

Data flooding
MAC Layer DoS
Hacker Station (CommView, Aircrack-ng)
Access Point
Client Station (User)
Physical Layer DoS

Jamming signal
Signal Generator (YDI PSG-1)
Access Point
Client Station (User)
DoS Against a AP: DoS Against a Station: Broadcast:
shutdown the target AP from communicating with any device shutdown the Station from communicating with any device. shutdown any network devices
23
24
WiFi Protocol Attack
Fake Authentication Attack
ARP Request Replay Attack
Attacker MAC STA = 06:14:A4:27:FB:12
BSSID = 00:1A:70:E5:E1:91 ESSID = linksys WEP = aa:bb:cc:dd:ee
25
WiFi Protocol Attack (contd)
26
WiFi Protocol Attack (contd)
27
28
Wireless Man-in-the-Middle Attack
Wireless DoS Against WiFi Client

Against a AP: Keeps all traffic from communicating with the rest of the network Against a Station: Keeps the Station from Communicating with any device. Broadcast: All network devices including some Internal networks shutdown Injected Traffic: Spanning Tree, Routing Information, Typical DoS
Target (User)
1. User enjoying good connection 2. Impersonate AP by spoofing the MAC 3. Send Disassoc & Deauth frames
AP
MAC: 00 02 2D 50 D1 4E
2
NEW MAC: 00 02 2D 50 D1 4E ORIGINAL MAC: 00 12 2D 50 43 1E
Windows Preferred Network List
Attack against personal anonymity Wireless technology is inherently chatty and often uniquely tied to the user Wireless cards will periodically search for their preferred networks by name Attacker can eavesdrop on this conversation to identify unique names Can associate location to network name
32
Choose Right Hardware
33
Detected WiFi Network @ Putrajaya
WiFi Traffic Decryption Method
Victim MAC STA = 00:13:E8:27:EF:C1
BSSID = 00:1A:70:E5:E1:91 ESSID = linksys WEP = f0:00:f0:D0:f0
Attacker MAC STA = 06:14:A4:27:FB:12

35
WiFi Traffic Decryption Method
36
WiFi Hackers Can See Your Password
37
WiFi Hackers Can See Your Email
38
WiFi Hackers Can See Your IM Chat
39
40
Best Practices
Educate the wireless user on the proper usage and security issues
Keep systems software up to date
Must have personal firewall installed
Client Station
Must have antivirus installed
Summary
WiFi hacking tools are available freely and ..anyone can run them. WiFi attacks are getting more dangerous, in what they can do! We must change the way we think about WiFi security
Corporate Office:
CyberSecurity Malaysia, Level 8, Block A, Mines Waterfront Business Park, No 3 Jalan Tasik, The Mines Resort City, 43300 Seri Kembangan, Selangor Darul Ehsan, Malaysia. T +603 8946 0999 F +603 8946 0888
www.cybersecurity.my
43

WiFi Network Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WiFi Network Security

Uploaded by

Copyright:

Available Formats

Internet and Computer Security Awareness Wireless Network Security

Copyright 2012 CyberSecurity Malaysia

WiFi networks are everywhere!

Copyright 2012 CyberSecurity Malaysia

Copyright 2012 CyberSecurity Malaysia

Copyright 2012 CyberSecurity Malaysia

The Invisible Hacker: WiFi Hackers

Copyright 2012 CyberSecurity Malaysia

WiFi Network Architecture & Principle

MAC Address 2 Station (STA) Ad-hoc

BSSID = AP MAC Address 5 Station (STA)

Access Point (AP) SSID

Access Point (AP) Access Point (AP) Access Point (AP)

Vendor Cisco (Aironet) Agere (Orinoco)

OUI 00-04-96 00-02-2D 00-e0-03 00-04-5a

(Organizationally Unique Identifier)

WiFi Operation Modes

Monitor Mode 3 Station (STA) Station (STA)

Copyright 2012 CyberSecurity Malaysia

3 Station Probes Request Probes Response

2 Beacons Access Point

Copyright 2012 CyberSecurity Malaysia

The Invisible Hacker: WiFi Hackers

Copyright 2012 CyberSecurity Malaysia

Wired Network: Possible Attacks

Copyright 2012 CyberSecurity Malaysia

Wireless Network: Possible Attacks

2 Leaked Wired Traffic

Server Mobile User AP

Wi-Fi Network aggravates Threats to Enterprise Networks

5 Users Bypassing Network

The Invisible Hacker: WiFi Hackers

Copyright 2012 CyberSecurity Malaysia

WiFi Hacking Highlights

A North Carolina Medical Consulting Firm

Security causes electronics giant register ban

A Texas County Court

Major Wholesale Store

A California Public School District

Copyright 2012 CyberSecurity Malaysia

WiFi Problem: Uncontrolled Medium

The walls of the facility provide a solid line of defense against

RF in the AIR is uncontrolled

WiFi Problem: RF Signal Propagation

THIS IS THE ATTACK SURFACE

Copyright 2012 CyberSecurity Malaysia

WiFi Problem: Extending Antenna

WiFi Problem: Free WiFi Hacking Tools

Copyright 2012 CyberSecurity Malaysia

WiFi Problem: WiFi Communication

Rogue Access Point Employee AP Neighbor AP

WiFi Threat: Soft Access Points

WiFi Threat: Weak Configuration

Copyright 2012 CyberSecurity Malaysia

WiFi Threat: Factory Configuration

Copyright 2012 CyberSecurity Malaysia

WiFi Threat: Connecting to WiFi Network

Dont You Know?

Copyright 2012 CyberSecurity Malaysia

WiFi Threat: WiFi DoS

MAC Layer DoS

Hacker Station (CommView, Aircrack-ng)

Client Station (User)