Raviraj Doshi - 802.11 Wireless Networks: Threats and Mitigation - Interop Mumbai 2009


Published on

Wireless is the order of the day. From the measly speed of 1 Mbps we are now using speeds up to 100 Mbps on W-LANS and W-WANS. The nature of wireless transmission exposes it to major threats of passive as well as active attacks. After explaining the theoretical aspects of wireless communication, the session will describe some major hacks against wireless networks by showing step-by-step screen videos and trace the vulnerabilities exploited by the hackers. The session will conclude by describing practical approaches for risk mitigation against wireless threats.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Raviraj Doshi - 802.11 Wireless Networks: Threats and Mitigation - Interop Mumbai 2009

  1. 1. 802.11 Wireless Networks THREATS & MITIGATION Raviraj Doshi MIEL- Labs MIEL e-Security Pvt. Ltd.
  2. 2. Agenda: 802.11 primer 802.11 security mechanisms & flaws Wi-Fi device driver flaws Wi-Fi hotspot threats MIEL e-Security Pvt. Ltd.
  3. 3. What is 802.11? 802.11 is a family of standards set forth by the IEEE that define the specifications for Wireless Local Area Networks 802.11 was established in 1997 802.11 covers following OSI layers: The Datalink Layer The Physical Layer MIEL e-Security Pvt. Ltd.
  4. 4. 802.11 standards 802.11a Data rate: up to 54Mbps Frequency: 5Gz 802.11b Data rate: up to 11Mbps Frequency: 2.4Gz 802.11g Data rate: up to 54Mbps Frequency: 2.4Gz 802.11n Data rate: up to 600Mbps Frequency: 2.4 / 5Gz MIEL e-Security Pvt. Ltd.
  5. 5. 802.11 hardware consists of: Wireless Client Adapters PCI Adapter • PCMCIA Adapter • USB Adapter Access Point MIEL e-Security Pvt. Ltd.
  6. 6. How 802.11 works 802.11Designed to integrate easily with existing wired networks 802.11 uses CSMA/CA to access the medium Each device has a unique 48bit MAC address just like 802.3 Ethernet MIEL e-Security Pvt. Ltd.
  7. 7. 802.11 modes of communication Infrastructure All client adapters associate with the Access point. Each client adapter only communicates with the Access Point Ad-Hoc Wireless client adapters communicate with each other directly MIEL e-Security Pvt. Ltd.
  8. 8. Nature of the medium Unlike on wired networks, all communications are essentially broadcasts This makes passive sniffing and MITM easier Therefore encryption of data is key to secure communication MIEL e-Security Pvt. Ltd.
  9. 9. 802.11 inbuilt security Wired Equivalent Privacy (WEP) Uses RC4 Stream cipher for encryption WiFi Protected Access (WPA or TKIP) Uses RC4 Stream cipher for encryption WPA2 Uses AES Block cipher for encryption MIEL e-Security Pvt. Ltd.
  10. 10. Wired Equivalent Privacy WEP implementation has many flaws WEP encryption is easily broken Client side attacks on WEP make it even easier MIEL e-Security Pvt. Ltd.
  11. 11. Wi-Fi Protected Access WPA or TKIP is more secure than WEP WPA-PSK is the easiest to implement WPA-PSK is susceptible to an offline brute-force attack WPA2 uses AES and is so far considered secure MIEL e-Security Pvt. Ltd.
  12. 12. Wi-Fi device driver security Wi-Fi device drivers may be vulnerable to remote exploits and DOS May allow remote code execution at kernel mode One must always use the latest versions of hardware drivers. MIEL e-Security Pvt. Ltd.
  13. 13. Wi-Fi Hotspots Hotspots offer unencrypted connectivity MITM & sniffing is very easily implemented Tools like SSL strip can nullify HTTPS protection Use of VPN or higher layer encryption is recommended MIEL e-Security Pvt. Ltd.
  14. 14. Thank you