WI-FI Security in Jersey 2011

375 views

Published on

A lecture given by Cyberkryption founder Paul Dutot to the British Computer Society on the state of WI-FI security in Jersey based on a survey of 13,168 access points during December 2011

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
375
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

WI-FI Security in Jersey 2011

  1. 1. WI-FI Security Jersey 2011Date: 23 March 2011 By: Paul Dutot
  2. 2. 2 About Me Work at Air Traffic Engineering Incorporated Engineer Chartered IT Professional Interested in Ethical Hacking Interested in Information Security MCTS / MCSE / Solaris / Security + ‘Pentest with Backtrack’ coursePaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  3. 3. 3 WI-FI Security Agenda Surveying Equipment Surveying Process & Legal Issues Data Manipulation. WI-FI Encryption types and the risks Recent News : State of WPS Survey Results / Mapping How to be a securePaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  4. 4. 4 WI-FI Security Surveying Equipment GlobalSat ND100 Gps IP65 Weather Dongle Proof Housing with Alfa Networks Card Laptop PSU USB extension Cables Backtrack 5 Kismet Alfa Networks Card in Monitor 300 W 12v to 240v Inverter WI-FI Card in Monitor Mode | GPSD = location information | Kismet = Beacon Frames only !!Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  5. 5. 5 Surveying Process & Legal Issues Computer Misuse (Jersey) Law 1995 We survey passively so therefore we are not connectin to access points Data Protection (Jersey) Law 2005 Registered with Data Protection Law for lecture purposes Regulation of Investigatory Powers (Jersey) Law 2005 Obtained ‘Lawful Authority’ to survey with SoJP and parish connetables. SoJP control room informed when surveying taking placePaul Dutot Les Mouettes, 4 La Rue De MaupertuisIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  6. 6. 6 WI-FI Security Data ManipulationPaul Dutot Les Mouettes,4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  7. 7. 7 WI-FI Security No Encryption : The Risks No specialist knowledge Internet required Unauthorised Bandwidth theft Theft of digital material Identity fraud Authorised MPIA / RIAA letter Download of prohibited material Difficulty :Paul Dutot Les Mouettes, 4 La Rue De Maupertuis , J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  8. 8. 8 WI-FI Security WEP Encryption : The Risks Medium difficulty Internet Unauthorised YouTube videos available No client connection required Same risks as no encryption once bypassed Authorised Good chance of success Difficulty :Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIENG MIET MBCS CITP T: + (0) 7797 741 392 44
  9. 9. 9 WI-FI Security WPA Encryption : The Risks Specialist knowledge Internet required Unauthorised Encryption secure with non dictionary word 4 way handshake capture required Authorised Client connection required Low chance of success Difficulty :Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741392 44
  10. 10. 10 WI-FI Security WI-FI Protected Security - WPS Designed to be an easy method to connect wireless devices Key cryptography = Good 8 digit number +128 bit Nonce Protocol for key validity = Bad / 4 digits / 3 digits + checksum Identified by Stefan Viehbock Routers should go into ‘lockdown’ after 3 invalid attempts but not all do !! Reaver exploitation tool freely available Vulnerability renders WPA / WPA 2 security useless SOLUTION: disable WPS and only enable when adding new devicesPaul Dutot Les Mouettes, 4 La Rue De Maupertuis , J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  11. 11. 11 WI-FI Security Survey Results Survey carried out 12-15th December Representative survey of 13,168 access points 13.9 % (1835) = no encryption 19.37% (2551) = WEP 33.27 % (4386) are insecure i.e. WEP or No Encryption 53.9% (7097) are made by Netgear 29.1% (2066) of Netgear routers are insecurePaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  12. 12. 12 WI-FI Security Encryption by Type 3539 3301 2550 1835 1790 87 43 13 3 1 2 1 None WPA+AES-CCMPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  13. 13. 13 WI-FI Security Distribution by Channel 1% 2% 0% Channel 0 24% Channel 1 Channel 2 Channel 3 Channel 4 35% Channel 5 Channel 6 Channel 7 2% Channel 8 3% Channel 9 Channel 10 2% Channel 11 2% Channel 12 Channel 13 2% 2% 2% 2% 20%Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  14. 14. 14 WI-FI Security Manufacturer Top Ten 2% 2% 3% 3% Netgear 7097 4% Netgear ThomsonT 729 4% ThomsonT Cisco 700 Cisco ZygateCo 429 4% ZygateCo 3com 390 3com BelkinIn 390 BelkinIn AskeyCom 323 6% AskeyCom ZyxelCom 319 ZyxelCom Tp-LinkT 268 Tp-LinkT Cisco-Li 254 7% Cisco-Li 65%Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  15. 15. 15 WI-FI Security Jersey WI-FI MapPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  16. 16. 16 WI-FI Security Encryption = NonePaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIENG MIET MBCS CITP T: + (0) 7797 741 392 44
  17. 17. 17 WI-FI Security Encryption = WEPPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741 392 44
  18. 18. 18 WI-FI Security How to be a secure home user Use WPA2 + AES encryption Internet with non dictionary password Good password on access point management interfaces Disable WI-FI Protected Setup (WPS) Authorised WPA+TKIP then WEP for legacy devices Check your WPA/WPA2 password at http://wpacracker.comPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741392 44
  19. 19. 19 WI-FI Security How to be a secure small business – Server 2003 Internet SNMP Network Access Control Mixed Environment Implement BYODPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741392 44
  20. 20. 20 WI-FI Security How to be a secure business – Server 2008 Use Network Access Protection Not available before Windows Server 2008 Significant infrastructure Difficult to implement BYOD ‘Windows’ only infrastructure Mixed environments use Packet Fence or similar productPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741392 44
  21. 21. Secure your router guide and PDF version of survey http://w ww.cyberkryption.comPaul Dutot Les Mouettes, 4 La Rue De Maupertuis, J erseyIEng MIET MBCS CITP T: + (0) 7797 741392 44

×