802.11 Insecurities


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • With the optional WEP enabled, the wireless NIC will encrypt the body (not header) of each frame before transmission using a common key, and the receiving station will decrypt the frame upon receipt using the common key. The 802.11 standard specifies a 40-bit key and no key distribution method, which makes 802.11 wireless LANs vulnerable to eavesdroppers.
  • With the optional WEP enabled, the wireless NIC will encrypt the body (not header) of each frame before transmission using a common key, and the receiving station will decrypt the frame upon receipt using the common key. The 802.11 standard specifies a 40-bit key and no key distribution method, which makes 802.11 wireless LANs vulnerable to eavesdroppers.
  • 802.11 Insecurities

    1. 1. Wireless News <ul><li>'BlueBag' PC sniffs out Bluetooth flaws </li></ul><ul><ul><li>In just under 23 hours of travel, BlueBag was able to spot more 1,400 devices with which it could have connected </li></ul></ul><ul><ul><li>If you happened to fly through Milan's Malpensa Airport last March, your mobile phone may have been scanned by the BlueBag. </li></ul></ul>
    2. 2. Wireless News <ul><li>Next generation wireless is new, nifty, but not yet standard </li></ul><ul><ul><li>The good news is that there's a new generation of wireless networking products on the horizon, products that feature about four times as much coverage and more than 10 times faster access than traditional WiFi networks. </li></ul></ul><ul><ul><li>The bad news is that this new-and-improved wireless standard doesn't actually exist yet, even though there's no shortage of retailers who are more than willing to sell it to you right now. </li></ul></ul>
    3. 3. Wireless News <ul><li>A team of researchers from Research Triangle Institute successfully tested a paint-on antenna for high-altitude airships on June 21, in the Nevada desert. </li></ul>
    4. 4. Misbehaving with WiFi Chapter Eight Wireless LAN Security and Vulnerabilities
    5. 5. Topics <ul><li>Snake oil access control </li></ul><ul><li>MAC layers lacks per frame authentication </li></ul><ul><li>The spoofing problems which result </li></ul><ul><li>802.1X issues related to spoofing </li></ul><ul><li>WEP (dead horse, I’ll discuss it briefly) </li></ul><ul><li>Attacks against these schemes </li></ul><ul><li>Recommendations </li></ul><ul><li>Wireless tools you can mess with </li></ul><ul><li>WEP Crack Demo </li></ul>
    6. 6. Terminology <ul><li>SSID – Service Set ID </li></ul><ul><ul><li>A text string used to identify sets of APs </li></ul></ul><ul><li>Spoofing </li></ul><ul><ul><li>Illegitimate generation of network traffic </li></ul></ul><ul><ul><ul><li>Fake packets all together </li></ul></ul></ul><ul><ul><ul><li>Insert traffic into a stream </li></ul></ul></ul><ul><li>WEP – Wired Equivalent Privacy </li></ul><ul><ul><li>Broken 802.11 encryption scheme </li></ul></ul><ul><ul><li>Should be “ W hat on E arth does this P rotect?” </li></ul></ul>
    7. 7. Terminology (continued) <ul><li>Access point </li></ul><ul><ul><li>Device serving as wireless-to-wired bridge </li></ul></ul><ul><li>Association request </li></ul><ul><ul><li>Wireless stations ‘associate’ with an AP </li></ul></ul><ul><ul><li>Follows rudimentary authentication procedure </li></ul></ul><ul><li>Per Frame Authentication </li></ul><ul><ul><li>Every Frame authenticity information </li></ul></ul><ul><ul><li>Should be used with initial auth. exchange </li></ul></ul>
    8. 8. Terminology (continued) <ul><li>Snake oil is a Traditional Chinese medicine used for joint pain. However, the most common usage is as a derogatory term for medicines to imply that they are fake, fraudulent, and usually ineffective. The expression is also applied metaphorically to any product with exaggerated marketing but questionable or unverifiable quality. </li></ul><ul><li>(borrowed from Wikipedia) </li></ul>
    9. 9. Ted’s Hacker TED’S HACKER
    10. 10. Auth. in the 802.11 MAC Layer <ul><li>Two types </li></ul><ul><ul><li>Open System </li></ul></ul><ul><ul><ul><li>No authentication </li></ul></ul></ul><ul><ul><ul><li>Gratuitous access </li></ul></ul></ul><ul><ul><li>Shared Key </li></ul></ul><ul><ul><ul><li>Uses WEP – broken scheme </li></ul></ul></ul><ul><ul><ul><li>Key distribution and usage issues </li></ul></ul></ul><ul><li>No per frame auth. </li></ul><ul><ul><li>frame spoofing is easy </li></ul></ul><ul><ul><li>If a authentication scheme is to be effective, it needs to be per frame </li></ul></ul><ul><li>No AP auth. – allows impersonation of APs </li></ul><ul><li>MAC layer does leave room for other auth. schemes </li></ul><ul><ul><li>None presently implemented </li></ul></ul><ul><ul><li>New schemes which conform to standard still can’t be per frame </li></ul></ul><ul><ul><li>Per frame authentication </li></ul></ul>
    11. 11. Other Forms of Access Control <ul><li>SSID hiding (complete snake oil) </li></ul><ul><ul><li>SSID often beaconed by APs </li></ul></ul><ul><ul><li>APs can be configured to stop beaconing </li></ul></ul><ul><li>MAC address filtering (snake oil) </li></ul><ul><ul><li>DHCP servers </li></ul></ul><ul><ul><li>AP ACLs </li></ul></ul><ul><li>802.1X (spoofing issues) </li></ul><ul><ul><li>Takes places following MAC layer auth. and assoc. to AP </li></ul></ul><ul><ul><li>Controls access only to world beyond AP via EAP </li></ul></ul><ul><ul><li>Does allow for more robust authentication (Kerberos, others) </li></ul></ul><ul><ul><li>Doesn’t solve per packet auth. problem </li></ul></ul><ul><ul><li>No clients for all OS’s which all use the same auth. scheme </li></ul></ul>
    12. 12. WEP, the “Sweet & Low” of 802.11 <ul><li>Passive listening </li></ul><ul><ul><li>Numerous documented attacks </li></ul></ul><ul><ul><li>Attacks widely implemented </li></ul></ul><ul><ul><li>Key can be recovered at worst in a few hours of passive listening </li></ul></ul><ul><li>Only encrypts data frames </li></ul><ul><ul><li>Management, control frames sent in the clear </li></ul></ul><ul><ul><li>We can still spoof these frame types without a key </li></ul></ul><ul><li>Key management issues </li></ul><ul><ul><li>If key changes all devices must change it at the very same time, so short key periods won’t help much </li></ul></ul><ul><ul><li>Employee leaves with key in hand </li></ul></ul><ul><ul><li>Basically Broken </li></ul></ul>
    13. 13. Sniffing the SSID - easy Assoc. Request (…, SSID ‘Paris’, …) Regular User Station being innocent AP w/ SSID ‘Paris’ Mischievous Station Running NetStumbler or similar Sniff, sniff, sniff…
    14. 14. Beating MAC Address Filters - easy <ul><li>Sniff legitimate MAC Addresses </li></ul><ul><li>Wait for a station to leave </li></ul><ul><li>Set your MAC to a legitimate address </li></ul><ul><ul><li>linux# ifconfig wlan0 hwaddr 00:00:de:ad:be:ef </li></ul></ul><ul><ul><li>openbsd# wicontrol wi0 –m b5:db:5d:b5:db:5d </li></ul></ul><ul><li>You can now authenticate and associate </li></ul><ul><li>MAC filtered by DHCP server? </li></ul><ul><ul><li>Sniff addresses and set your IP statically </li></ul></ul>
    15. 15. Cracking WEP – easy, time consuming WEP encrypted Data Frames (A1%h8#/?e$! ...) Regular User Station being innocent Access Point Mischievous Station Running AirSnort or similar Sniff, sniff… CRACK!
    16. 16. Back to the Spoofing <ul><li>Spoofing allows lots of naughty behavior </li></ul><ul><ul><li>Station disassociation DoS </li></ul></ul><ul><ul><ul><li>Disrupt wireless station’s access </li></ul></ul></ul><ul><ul><li>Access point saturation DoS </li></ul></ul><ul><ul><ul><li>MAC level limit the number of associated stations to ~2000 </li></ul></ul></ul><ul><ul><ul><li>Implementation limits set lower to prevent congestion </li></ul></ul></ul><ul><ul><ul><li>Prevent new stations from authenticating to an AP </li></ul></ul></ul><ul><ul><li>Hijacking of legitimately authenticated sessions </li></ul></ul><ul><ul><li>Man in the middle attacks </li></ul></ul><ul><ul><ul><li>Old ARP cache poisoning, DNS spoofing affect 802.11 too </li></ul></ul></ul><ul><ul><ul><li>Impersonate AP to a client, tamper with traffic, pass it along </li></ul></ul></ul>
    17. 17. Tools for Spoofing Frames challenging, getting easier <ul><li>Libradiate makes it easy </li></ul><ul><ul><li>No longer supported </li></ul></ul><ul><li>AirSnarf </li></ul><ul><ul><li>mimics a legitimate access point </li></ul></ul><ul><li>DoS Tools ( disassoc , AP saturate , etc) </li></ul><ul><li>THC-RUT </li></ul><ul><ul><li>combines detection, spoofing, masking, and cracking into the same tool </li></ul></ul><ul><li>Hotspotter </li></ul><ul><ul><li>deauthenticate frame sent to a MS Windows XP user’s computer that would cause the victim’s wireless connection to be switched to a non-preferred connection, AKA a rouge AP. </li></ul></ul>
    18. 18. Disassociating a Wireless Station – easy after implementation! Disassociate Frame (SANTA’S MAC, AP BSSID, DISASSOC, …) Regular User Station being innocent Access Point Mischievous Station running dis2 Sniff, sniff… DISASSOC! General Wireless Traffic (MGMT, CRTL, DATA)
    19. 19. Session Hijacking MITM (Man-In –The-Middle) <ul><li>The wireless advantage: easy access to medium! </li></ul><ul><li>Hijacking a wireless session </li></ul><ul><ul><li>Known network/transport layer attacks – easy w/ implementations </li></ul></ul><ul><ul><li>MAC level hijacking </li></ul></ul><ul><ul><li>Simple combination of disassociation and MAC spoofing </li></ul></ul><ul><ul><li>Can beat 802.1X, if hijacking after EAP Success received by station </li></ul></ul><ul><li>MITM </li></ul><ul><ul><li>SSH, SSL – easy w/ sshmitm , webmitm (dsniff package) </li></ul></ul><ul><ul><ul><li>ARP Poisoning, DNS redirect still work (may need retooling for 802.11 MAC) </li></ul></ul></ul><ul><ul><ul><li>Same issues that go along with these attacks on wired medium exist here </li></ul></ul></ul><ul><ul><li>AP impersonate MITM – doable, challenging </li></ul></ul><ul><ul><li>Could be detectable </li></ul></ul>
    20. 20. Main Points <ul><li>Wireless medium is an inherently insecure </li></ul><ul><li>The 802.11 MAC poorly compensates </li></ul><ul><li>MAC layer needs stronger authentication </li></ul><ul><li>Per packet auth. could solve many issues </li></ul><ul><li>802.1X exchange comes too late </li></ul><ul><li>Spoofing attacks will become public </li></ul>
    21. 21. Recommendations <ul><li>The first rule is… </li></ul><ul><ul><li>Secure your network protocols </li></ul></ul><ul><ul><li>SECURE NETWORK PROTOCOLS </li></ul></ul><ul><ul><li>SECURE NETWORK PROTOCOLS </li></ul></ul><ul><li>wireless only makes attacks easier </li></ul><ul><li>Snake oil can provide hurdles for the casual </li></ul><ul><li>Treat wireless the way you treat remote traffic </li></ul><ul><li>High security environments: no wireless allowed </li></ul>
    22. 22. Wireless Tools for your Tinkering <ul><li>Windows </li></ul><ul><ul><li>Netstumbler – find APs and their SSIDs </li></ul></ul><ul><ul><li>Airopeek – wireless frame sniffer </li></ul></ul><ul><li>Linux </li></ul><ul><ul><li>Airsnort (and other WEP tools) </li></ul></ul><ul><ul><li>Airtraf (Netstumbler-like) </li></ul></ul><ul><ul><li>Kismet (Netstumbler-like, WEP capture, other stuff) </li></ul></ul>
    23. 23. WEP Cracking Demo <ul><li>Cracking WEP in 10 Minutes </li></ul><ul><li>http://www.hackingdefined.com/movies/see-sec-wepcrack.zip </li></ul><ul><li>This is a demo from a distro called Woppix which later became BackTrack </li></ul>
    24. 24. Wireless Security <ul><li>“ The nice thing about standards is that there are so many to choose from.” </li></ul><ul><li>- Andrew S. Tannenbaum </li></ul>
    25. 25. Wireless Security – Obviously Many Don’t Bother
    26. 26. Wireless Security Problems <ul><li>Common Techniques to Compromise Wireless Data Networks: </li></ul><ul><ul><li>Rogue Access Point Insertion </li></ul></ul><ul><ul><li>Traffic Sniffing </li></ul></ul><ul><ul><li>Traffic Data Insertion </li></ul></ul><ul><ul><li>ARP-Snooping (via “Dsniff”) – trick wired network to pass data over wireless </li></ul></ul>
    27. 27. Approximate Wireless Ranges
    28. 28. 802.11b/g Wireless Radio Channels (USA) Note: Only using channels 1, 6, and 11 incur the least amount of adjacent radio channel interference.
    29. 29. Security Overview Authentication <ul><li>Determines: </li></ul><ul><ul><li>If you are who you say you are </li></ul></ul><ul><ul><li>If (and What) access rights are granted </li></ul></ul><ul><li>Examples are: </li></ul><ul><ul><li>“ Smart Card” - SecureId ® Server/Cards </li></ul></ul><ul><ul><li>S/Key – One time password </li></ul></ul><ul><ul><li>Digital Certificates </li></ul></ul>
    30. 30. Examples of “Smart Cards” http:// www.rsasecurity.com
    31. 31. Wireless Security Overview <ul><li>Data Encryption </li></ul><ul><ul><li>WEP – Wired Equivalent Privacy (No Authentication) </li></ul></ul><ul><ul><li>WPA – WiFi Protected Access </li></ul></ul><ul><ul><li>Note: Due to computational overhead, almost all data encryption techniques impose an Access Point performance / throughput penalty. </li></ul></ul><ul><ul><li>Average Throughput Reduction Example – (Relative to No Encryption@34.028Mbps w/Linksys WRT54gs): </li></ul></ul><ul><ul><li>WPA-PSK w/AES (29.005Mbps) = ~14.8% slower </li></ul></ul><ul><ul><li>WPA-PSK w/TKIP (28.464Mbps) = ~16.4% slower </li></ul></ul><ul><ul><li>WEP-128 (22.265Mbps) = ~34.6% slower </li></ul></ul><ul><li>http://www.tomsnetworking.com/Reviews/images/scrnshots/linksys_wrt54gs_security.png </li></ul>
    32. 32. WEP (Wired Equivalent Privacy) <ul><li>RC4 (Rivest Cipher 4 / Ron’s Code 4) Encryption Algorithm < http://www.cebrasoft.co.uk/encryption/rc4.htm > </li></ul><ul><li>Shared (but static ) secret 64 or 128-bit key to encrypt and decrypt the data </li></ul><ul><ul><li>24-bit ‘initialization vector’ (semi-random) leaving only 40 or 104 bits as the ‘real key’ </li></ul></ul><ul><li>WEP Key Cracking Software </li></ul><ul><ul><li>WEPCrack / AirSnort / Aircrack (as well as others) </li></ul></ul><ul><ul><li>Cracking Time: 64-bit key = 2 seconds </li></ul></ul><ul><ul><ul><li>128-bit key = ~ 3-10 minutes </li></ul></ul></ul><ul><ul><li>www.netcraftsmen.net/welcher/papers/wlansec01.html and www.tomsnetworking.com/Sections-article111-page4.php </li></ul></ul>
    33. 33. WEP Attack Approaches <ul><li>Traffic (Packet) Collection Techniques </li></ul><ul><ul><li>High Traffic Access Points (APs) </li></ul></ul><ul><ul><ul><li>Simple/passive traffic sniffing / capture </li></ul></ul></ul><ul><ul><li>Low Traffic Access Points </li></ul></ul><ul><ul><ul><li>Have client ‘deauth’ to disassociate from the AP </li></ul></ul></ul><ul><ul><ul><ul><li>(Forces traffic when AP re-associates to the AP) </li></ul></ul></ul></ul><ul><ul><ul><li>Replay captured ‘arp’ requests to the AP </li></ul></ul></ul><ul><ul><ul><li>Sniff / capture resulting packets for analysis </li></ul></ul></ul>
    34. 34. WPA and WPA2 (WiFi Protected Access) <ul><li>Created by the Wi - Fi Alliance industry group due to excessive delays in 802.11i approval </li></ul><ul><li>WPA and WPA2 designed to be backward compatible with WEP </li></ul><ul><li>Closely mirrors the official IEEE 802.11i standards but with EAP (Extensible Authentication Protocol) </li></ul><ul><li>Contains both authentication and encryption components </li></ul>
    35. 35. Wireless Authentication <ul><li>802.11i </li></ul><ul><ul><li>EAP – Extensible Authentication Protocol </li></ul></ul><ul><ul><ul><li>Currently ~40 different EAP authentication methods </li></ul></ul></ul><ul><li>PEAP (Protected EAP) = EAP + RADIUS Server </li></ul><ul><ul><ul><li>RADIUS = Remote Authentication Dial-In User Service </li></ul></ul></ul><ul><li>Kerberos </li></ul><ul><ul><li>Provided as Part of Win2K+ UNIX Server Platforms </li></ul></ul><ul><li>IPSec (IP Security) / VPN’s </li></ul><ul><ul><li>End-to-End Encryption </li></ul></ul>
    36. 36. RADIUS Authentication <ul><li>Remote User </li></ul><ul><ul><li>Desktop / Client </li></ul></ul><ul><li>NAS Client (Network Access Server) </li></ul><ul><ul><li>Access desired to this Client/Server </li></ul></ul><ul><li>AAA (RADIUS) Server </li></ul><ul><ul><li>Authentication, Authorization, and Accounting </li></ul></ul>http://www.wi-fiplanet.com/img/tutorial-radius-fig1.gif
    37. 37. Kerberos (a.k.a. “Fluffy”) End-to-End Authentication <ul><li>Kerberos is a widely used authentication server in an open environment. </li></ul><ul><li>Kerberos tickets have a limited life – generally configured to be 8 hours. </li></ul>Client Authentication Server (AS) Ticket-granting Server (TGS) Kerberos User secret keys Request a ticket for TGS Ticket for TGS Request a ticket for Service Ticket for Service Service Request Service http:// www.cs.dartmouth.edu/~minami/Presentations/security.ppt The name Kerberos comes from Greek mythology; it is the three-headed dog that guarded the entrance to Hades. http://www.faqs.org/faqs/kerberos-faq/general/section-4.html
    38. 38. WPA / WPA2 Encryption <ul><li>WPA </li></ul><ul><ul><li>Mandates TKIP (Temporal Key Integrity Protocol) </li></ul></ul><ul><ul><ul><li>Scheduled Shared Key Change (i.e.; every 10,000 data packets) </li></ul></ul></ul><ul><ul><li>Optionally specifies AES (Advanced Encryption Standard) capability </li></ul></ul><ul><ul><li>WPA will essentially fall back to WEP-level security if even a single device on a network cannot use WPA </li></ul></ul><ul><li>WPA2 </li></ul><ul><ul><li>Mandates both TKIP and AES capability </li></ul></ul><ul><li>WPA / WPA2 networks will drop any altered packet or shut down for 30 seconds whenever a message alteration attack is detected. </li></ul>
    39. 39. WPA / WPA2 (Cont’d) Encryption Method Authentication Method Temporal Key Integrity Protocol Pre-Shared Key WPA SOHO / Personal Advanced Encryption Standard 802.1X / Extensible Authentication Protocol WPA2 Enterprise Advanced Encryption Standard Pre-Shared Key WPA2 SOHO /Personal Temporal Key Integrity Protocol 802.1X / Extensible Authentication Protocol WPA Enterprise
    40. 40. WPA / WPA2 (Cont’d) <ul><li>Personal Pre-shared Key </li></ul><ul><ul><li>User–entered 8 – 63 ASCII Character Passphrass Produces a 256-bit Pre-Shared Key </li></ul></ul><ul><ul><li>To minimize/prevent key cracking, use a minimum of 21 characters for the passphase </li></ul></ul><ul><ul><li>Key Generation </li></ul></ul><ul><ul><ul><li>passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits </li></ul></ul></ul><ul><li>WPA Key Cracking Software </li></ul><ul><ul><li>coWPAtty / WPA Cracker (as well as others) </li></ul></ul>
    41. 41. WPA Authentication (Before Extended EAP-May 2005) <ul><li>Personal Mode = Pre-Shared Key </li></ul><ul><li>Enterprise Mode = EAP-TLS </li></ul><ul><ul><li>(Transport Layer Security) </li></ul></ul>
    42. 42. WPA / WPA2 Authentication (Since Extended EAP-May 2005) <ul><li>Now Five WPA / WPA2 Enterprise Standards </li></ul><ul><ul><li>EAP-TLS </li></ul></ul><ul><ul><ul><li>Original EAP Protocol </li></ul></ul></ul><ul><ul><ul><li>Among most secure but seldom implemented as it needs a Client-side certificate ie; smartcard (SecurId Key Fob http://www. securid .com/ ) </li></ul></ul></ul>
    43. 43. WPA / WPA2 Authentication (Since Extended EAP-May 2005) <ul><li>EAP-TTLS/MSCHAPv2 </li></ul><ul><ul><li>Better than #1, as username and password not in clear text </li></ul></ul><ul><ul><li>(Tunneled Transport Layer Security) </li></ul></ul><ul><li>PEAPv0/EAP-MSCHAPv2 </li></ul><ul><ul><li>Commonly referred to as “PEAP” </li></ul></ul><ul><ul><li>Most Widely Supported EAP Standard </li></ul></ul>
    44. 44. WPA / WPA2 Authentication (Since Extended EAP-May 2005) <ul><li>PEAPv1/EAP-GTC </li></ul><ul><ul><li>Created by Cisco as alternative to #3. Cisco’s LEAP or EAP-FAST standard not frequently used as it can be cracked. </li></ul></ul><ul><ul><li>This standard is rarely used </li></ul></ul><ul><li>EAP-SIM </li></ul><ul><ul><li>Used by GSM mobile telecom industry with SIM card authentication </li></ul></ul>
    45. 45. Other Security Techniques <ul><li>The following techniques may provide marginal additional security, but may also make network administration tasks more difficult: </li></ul><ul><li>The six dumbest ways to secure a wireless LAN </li></ul><ul><ul><li>MAC Address Filtering </li></ul></ul><ul><ul><li>Disabling SSID Broadcasts </li></ul></ul><ul><ul><li>Disabling Access Point’s DHCP server (so new client addresses are not automatically issued) </li></ul></ul><ul><ul><li>Cisco LEAP / EAP-FAST </li></ul></ul><ul><ul><li>Use 802.11a / Bluetooth </li></ul></ul><ul><ul><li>Antenna type, placement, direction, and transmitted power levels - Effective Isotropic Radiated Power (EIRP) </li></ul></ul><ul><ul><ul><li>http://www.netstumbler.com/2002/11/13/antenna_to_boost_wireless_security/ </li></ul></ul></ul>
    46. 46. Security Configuration Recommendations <ul><li>Enterprise </li></ul><ul><ul><li>WPA2 – RADIUS / Kerberos </li></ul></ul><ul><ul><li>WPA2 – Pre-shared Key </li></ul></ul><ul><ul><li>(Continue With SOHO / Personal Options) </li></ul></ul><ul><li>SOHO / Personal </li></ul><ul><ul><li>WPA with AES </li></ul></ul><ul><ul><li>WPA with TKIP </li></ul></ul><ul><ul><li>WEP with 128-bit key </li></ul></ul><ul><ul><li>WEP with 64-bit key </li></ul></ul><ul><ul><li>No Encryption </li></ul></ul>
    47. 47. Security Configuration <ul><li>When configuring a wireless router / access point, always use a ‘wired’ connection! </li></ul><ul><ul><li>(Don’t cut ‘the branch you’re standing on’!) </li></ul></ul><ul><li>When changing a configuration option, always make the change on the router / access point first , then make the compatible change on your local wireless network card / configuration! </li></ul>
    48. 48. Security Configuration Options
    49. 49. Security Configuration Options
    50. 50. Security Configuration Options
    51. 51. Security Configuration Options
    52. 52. Security Configuration Options
    53. 53. Security Configuration Options
    54. 54. Security Configuration Options
    55. 55. Security Configuration Options
    56. 56. Security Configuration Options
    57. 57. Other Firmware Options <ul><li>Cisco/Linksys WRT54G/GS wireless router /access point utilizes some Open Source (Linux) code. </li></ul><ul><li>Cisco released the firmware source code in July, 2003 – Additional branches of firmware are now available. </li></ul>
    58. 58. Sources Of Other Firmware <ul><li>Sveasoft </li></ul><ul><ul><li>http://www.sveasoft.com/ </li></ul></ul><ul><li>DD-WRT (I use this) </li></ul><ul><ul><li>http://www.dd-wrt.org </li></ul></ul><ul><li>Earthlink </li></ul><ul><li>Sputnik </li></ul><ul><li>LinksysInfo </li></ul><ul><li>WRT54G.net </li></ul>
    59. 59. Other Firmware Options Support / Provide: <ul><li>VPN Services </li></ul><ul><li>VoIP Services </li></ul><ul><li>Configure as a repeater / bridge </li></ul><ul><li>A Managed ‘Hot Spot’ with RADIUS Support </li></ul><ul><li>Manage bandwidth per protocol </li></ul><ul><li>Control traffic shaping </li></ul><ul><li>Support IPv6 </li></ul><ul><li>Boost antenna power </li></ul><ul><li>Remotely access router logs </li></ul><ul><li>Use router as a low power PC running Linux Applications </li></ul><ul><li>Bad firmware flash recovery: </li></ul><ul><ul><li>WRT54G Revival Guide </li></ul></ul><ul><ul><li>http://www.wi-fiplanet.com/tutorials/article.php/3562391 </li></ul></ul>
    60. 60. Miscellaneous Links <ul><li>WEP Cracking Article </li></ul><ul><ul><li>http://www.securityfocus.com/infocus/1814 </li></ul></ul><ul><li>SecureDVD </li></ul><ul><ul><li>http://securedvd.org/screenshots.html </li></ul></ul>