Professional Documents
Culture Documents
The command will capture a file contain IVs packet (e.g ivdump.ivs) until certain number IVs.
IVs data is an arbitrary number or nonce to be used along with secret/shared key for data encryption. Ivs is NOT a random numbers IV used only once in any session, prevent repetition sequences in encryption text In order to decrypt the WEP, we need to used IVs for reverse the process of encryption.
IV
CR32
IV Used
CR32
64 bits RC4
Original Text
IV
IV Used
NO
NO NO RC4
YES
YES YES AES
WPA: 1. Increases the level of over-the-air data protection and access control on existing and future wireless networks 2. WPA uses the Temporal Key Integrity Protocol (TKIP) for encryption and employs 802.1X authentication with one of the standard Extensible Authentication Protocol (EAP) types available today. WPA2: 1. Pre-authentication information will be relayed from the access point the client is currently using to the target access point. Enabling this feature can help speed up authentication for roaming clients who connect to multiple access points. 2. Provides the Advanced Encryption Standard (AES). AES is defined in counter cipher-block chaining mode (CCM). 3. Supports the Independent Basic Service Set (IBSS) to enable security between client workstations operating connected wirelessly without a wireless router.
Passive Eavesdropping
Attacker monitor the WLAN traffic but does not modify
Solution
IPSec Encrypted Tunnel on Layer 3 L2TP - Encrypted Tunnel on Layer 2
Layer 3 Encrypted
Fram e Hr
IP Hr
IP Heade r
TCP Head er
Mess ages
802.1 1 Head er
Layer 2 Encrypted
IP Hr
IP Heade r
TCP Head er
Mess ages
Attacks
Unauthorized Access
Attacker spoof victims MAC address and use it to login as a legitimate user.
Centralised detection. Will monitor any rogue AP AirMagnet, Air Defence, Aruba TCP Port Scanning. Examine packet sent to/from particular port Port Scanner,Open Port Scanner
Mutual Authentication Both AP and client will need to prove their identities before exchanging any data. Used EAP protocol
MITM is an attack to the connection between two systems. MITM intercepts a communication between system A and system B. For example, in HTTP transaction the target is TCP connection between client and server. MITM technique is able to read, insert and change the data before the server receive the data.
Summary of Attack
CIA TYPE ATTACK WEAKNESS COUNTERMEASURE
C Confidential
Traffic Analysis
Passive Eavesdropping Rouge AP
Network announce them self to the public WEP is vulnerabilities Lack physical security protection
No firewall between wireless LAN and wired LAN MAC address sent in clear Lack authentication mechanism
IPSec, L2TP
IPSec, SSH, TLS Centralized Monitoring, Port Scanning firewall Firewall Mutual Authentication, EAP EAP, Per Frame auth. EAP, Per Frame auth. Firewall
I Integrity
A Availability
DOS
Issues on Mobile
Storing confidential information such as bank account, password and etc. Exposed to open Wi-Fi network that may risk the access to the network. MITM attack, WEP cracking. Malware risk on the application downloaded to the mobile. The malware could steal your private information/picture without your permission. Data are not encrypted. May risk if someone steal your mobile. Bluetooth vulnerabilities.
Bluetooth Attack
Vulnerabilities
Discoverable
Lack of encryption Lack of authentication Wide range
Attacks
BlueSnaft : Browse the phonebook and calender using Bluemaho Bluetooth FTP : To FTP data using Bluediving BlueBug : Make phone call using Bluebugger
Solutions
Configured non-discoverable device Do not enter pairing PIN in public
WiMAX
WiMAX is the much-anticipated broadband wireless access mechanism for delivering highspeed connectivity over long distances, making it attractive to Internet and telecommunications service providers. Potential attacks
Rogue Base Stations DoS Attacks Man-in-the-Middle Attacks Network manipulation with spoofed management frames