Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wireless Security


Published on

Wireless Security : A False Sense of Security @ BarCamp Melaka. Made/Presented by Ahmad Siddiq b. Mohd Adnan

Published in: Technology

Wireless Security

  1. 1. Wireless Security: A False Sense of Security<br />BarCamp Melaka – 14th November 2009<br />
  2. 2. Introduction<br />A false sense of security is worse than a true sense of insecurity<br />
  3. 3. Me<br />Ahmad Siddiqb. MohdAdnan<br />CCNA, MCSE, Red Hat Trainer. Asia Talk Sdn. Bhd.<br />Guide young Jedi’s how to deal with cables, switches and servers<br />
  4. 4. IEEE 802.11 Introduction<br />Wireless Security: A False Sense of Security<br />
  5. 5. How 802.11 Works<br />Designed to integrate easily with existing wired networks<br />802.11 uses CSMA/CA to access the medium<br />Each device has a unique 48bit MAC address just like the 802.3 Ethernet<br />
  6. 6. 802.11 Modes of Communication<br />Infrastructure<br />All client adapters associate with the Access point.<br />Each client adapter only communicates with the Access Point<br /> Ad-Hoc<br />Wireless client adapters communicate with each other directly<br />
  7. 7. Nature of The Medium<br />Unlike on wired networks, all communications are essentially broadcasts<br />This makes passive sniffing and MITM easier<br />Therefore encryption of data is key to secure communication<br />
  8. 8. WiFiProfileration<br />Source: WiFi Alliance,<br />
  9. 9. Attack Hierarchy<br />Attacks<br />Passive<br />Active<br />Denial Of Service<br />Eavesdropping<br />Replay<br />Masquerade<br />Traffic Analysis<br />Message Modification<br />
  10. 10. Securi..what?<br />Wireless Security: A False Sense of Security<br />
  11. 11. Wi-Fi is No Exception<br />Wi-Fi throws new pieces in the information security puzzle<br /><ul><li>Signal spillage outside building
  12. 12. Threats operative below Layer 3
  13. 13. Wired firewalls, IDS/IPS, anti-virus ineffective against Wi-Fi threats</li></li></ul><li>Incorrect Views of Wi-Fi Security<br />Dude check this shit out. I have this cool Cisco hardware firewall and some slick IDS installed on my LAN. I also have some kind of Anti-Virus installed, and hence I am already been protected.<br />
  14. 14. 802.11 Inbuilt Security<br />Wired Equivalent Privacy (WEP)<br />Uses RC4 Stream cipher for encryption<br />WiFi Protected Access (WPA or TKIP)<br />Uses RC4 Stream cipher for encryption<br />WPA2<br />Uses AES Block cipher for encryption<br />
  15. 15. Wired Equivalent Privacy (WEP)<br />So damn popular in Malaysia<br />WEP implementation has many flaws<br />WEP encryption is easily broken<br />Client side attacks on WEP make it even easier<br />
  16. 16. Wireless Security<br />A False sense of Security<br />Demo 1: WEP key pwnage within a few minutes<br />
  17. 17. Wi-Fi Protected Access (WPA)<br />WPA or TKIP is more secure than WEP<br /> WPA-PSK is the easiest to implement<br /> WPA-PSK is susceptible to an offline brute-force attack<br /> WPA2 uses AES and is so far considered secure<br />
  18. 18. Cracking Exploits<br />
  19. 19. Most Obvious Wi-Fi Threat<br />Solution: Use of strong wireless authentication and encryption in Wi-Fi<br />OPEN and WEP are a BIG NO<br />WPA can be used, but not enterprise grade. Use WPA2 which is enterprise graded.<br />SSID and MAC access control can be evaded<br />
  20. 20. Wi-Fi or No Wi-Fi Cannot Address Unmanaged Devices<br />Threats From Unmanaged Devices<br />
  21. 21. Rogue APs<br />Unmanaged APs attached to the network<br />(Logically) LAN jacks hanging out from the window<br /><ul><li>Malicious intent or simply an unwitting, impatient employee
  22. 22. Provides direct access to wired network from the areas of spillage
  23. 23. Steal data on wire
  24. 24. Scan network for vulnerabilities
  25. 25. Firewall, anti-virus, WPA2 do not see this</li></li></ul><li>Ad-hoc connections<br />Employees may use ad-hoc connection to share content<br />Reduce productivity<br />Leak sensitive data<br />Inadvertent ad-hoc connection<br />Compromise laptop<br />Bridge to enterprise network<br />
  26. 26. Ad-hoc Bridge to Wired Network<br />Users may bridge wired and Wi-Fi network on their laptops<br />
  27. 27. Misassociation<br />Policy violation<br />Gmail, IM, banned websites, banned content<br /><ul><li>MIM attack
  28. 28. Password stealing, data interception
  29. 29. Growing number of hack tools: KARMETASPLOIT, SSLstrip, Airbase </li></li></ul><li>Wi-Fi Device Driver Security<br />Wi-Fi device drivers may be vulnerable to remote exploits and DOS<br />May allow remote code execution at kernel mode (XSS, CR;LF, etc)<br />One must always use the latest versions of hardware drivers.<br />
  30. 30. WiFi Hotspots<br />Hotspots offer unencrypted connectivity<br />MITM & sniffing is very easily implemented<br />Tools like SSL strip can nullify HTTPS protection (lol)<br />Use of VPN or higher layer encryption is recommended<br />
  31. 31. DoS Attacks<br />Wireless DoS attacks are inevitable for WiFi<br />Spoofed disconnects<br />Spoofed connection floods<br />Hogging wireless medium<br />Even Cisco MFP and 802.11w are vulnerable to DoS attacks<br />Google “Auto immunity disorder in Wireless LANs”<br />
  32. 32. WPA-2 is Essential, But Not Enough!No-WiFi is Also Not Enough!<br />
  33. 33. 24x7 Comprehensive Protection with Wireless Intrusion Prevention System (WIPS)<br />Wireless DOS<br />
  34. 34. WIPS Providers in the Market<br />
  35. 35. Wireless Security<br />A False sense of Security<br />Demo 2: Cuz I’m a Man In The Mirror<br />
  36. 36. Conclusion<br />Wi-Fi warrants new security controls in enterprise networks<br />For both Wi-Fi and no Wi-Fi networks<br />Perceived as high priority item today<br />Also a regulatory compliance requirements<br />Strong authorization and encryption (WPA2) is essential for authorized Wi-Fi<br />Prevents eavesdropping and unauthorized access<br />Another layer of security in the form of WIPS (Wireless Intrusion Prevention System) is essential for comprehensive protection<br />Prevents Rogue AP’s, ad-hoc connection, misassociations, cracking exploits, DoS attacks<br />Compliance monitoring<br />Performance monitoring and troubleshooting as added benefits<br />
  37. 37. Questions?<br />I don’t bring my name card. I love trees.<br />email:<br />Thanks for listening<br />May your next day be more secure<br />