null Pune meet - Wireless Security


Published on

null Pune meet - Wireless Security – By Rohit Srivastwa

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • IV provides more randomness to the encryption process, to avoid pattern recognition in the ciphertext
  • null Pune meet - Wireless Security

    1. 1. Wireless Security The breaking and fixing
    2. 2. History
    3. 3. Types of Security <ul><li>OPEN : No security configured X </li></ul><ul><ul><li>Obviously not advised </li></ul></ul><ul><ul><li>Data is in the air in plain text and anyone can read it </li></ul></ul><ul><li>WEP : Wired Equivalent privacy X </li></ul><ul><ul><li>Was broken years ago and takes 15 min to break in </li></ul></ul><ul><ul><li>Very week and not recommended </li></ul></ul><ul><ul><li>Accepts only hexadecimal password </li></ul></ul>
    4. 4. Types of Security… <ul><li>WPA: Wi-Fi Protected Access  </li></ul><ul><ul><li>Much better than WEP </li></ul></ul><ul><ul><li>Accept long password and with all possible combinations </li></ul></ul><ul><ul><li>Easy to setup, as easy as WEP </li></ul></ul><ul><ul><li>Available in all the common wi-fi routers </li></ul></ul><ul><ul><li>A must for all home users </li></ul></ul><ul><ul><li>Will take a looong time to break in </li></ul></ul>
    5. 5. Types of Security… <ul><li>WPA2: Advance Wi-Fi Protected Access  </li></ul><ul><ul><li>Better than WPA </li></ul></ul><ul><ul><li>Takes little more pain to setup </li></ul></ul><ul><ul><li>Advised in corporate environments </li></ul></ul><ul><ul><li>Strong encryption and authentication support </li></ul></ul>
    6. 6. Wireless Security Standards
    7. 7. Description of WEP Protocol <ul><li>WEP relies on a shared secret key (64 bit/128 bit) which is shared between the sender (client) and the receiver (Access Point). </li></ul><ul><li>Secret Key - to encrypt packets before they are transmitted </li></ul><ul><li>Integrity Check - to ensure packets are not modified in transit. </li></ul><ul><li>The standard does not discuss how shared key is established. In practice, most installations use a single key which is shared between all mobile stations and access points. </li></ul>
    8. 8. CHAP Authentication © ClubHack Supplicant Authenticator username challenge response Accept/reject
    9. 9. How WEP works IV RC4 key IV encrypted packet original unencrypted packet checksum
    10. 10. WEP Cracking Demo
    11. 11. Immediate Solution <ul><li>WPA </li></ul><ul><ul><li>Easy to configure </li></ul></ul><ul><ul><li>Every home router has this </li></ul></ul><ul><ul><li>No special hardware or software required </li></ul></ul><ul><ul><li>Boost security level to a comfortable level </li></ul></ul>
    12. 12. How to configure WPA <ul><li>Open the configuration of your wi-fi device </li></ul><ul><li>Go to wireless setting </li></ul><ul><li>Under security option, select any one </li></ul><ul><ul><li>WPA </li></ul></ul><ul><ul><li>WPA-PSK </li></ul></ul><ul><ul><li>WPA-Personal </li></ul></ul><ul><ul><li>WPA2-Personal </li></ul></ul><ul><li>Set a complex password </li></ul><ul><li>Change the login password of the wireless router. </li></ul><ul><li>Done </li></ul>
    13. 13. Example : Linksys
    14. 14. Example : Netgear
    15. 15. Example : ZyXEL
    16. 16. Look for this
    17. 17. Further Advised <ul><li>Change the router login password frequently </li></ul><ul><ul><li>Atleast once a month </li></ul></ul><ul><li>Change the wireless WPA password also </li></ul><ul><ul><li>Atleast once a month </li></ul></ul><ul><li>Avoid temptation to connect to open wireless just looking for free internet. </li></ul>
    18. 18. What’s next (added security) <ul><li>We can configure DHCP more tightly. </li></ul><ul><ul><li>Lets not keep an open pool where any one can connect </li></ul></ul><ul><ul><li>Example </li></ul></ul><ul><ul><ul><ul><li>I have 3 machines in my home (desktop/laptop/phone) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>I’ll create a IP pool of 3 IPs only </li></ul></ul></ul></ul><ul><ul><ul><ul><li>I’ll do DHCP reservation using the MAC of these 3 IP </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Effectively I’m not allowing any outsider machine to connect </li></ul></ul></ul></ul>
    19. 19. What’s next (added security) … <ul><li>We can configure MAC binding. </li></ul><ul><ul><li>Allow only MY machines to connect </li></ul></ul><ul><ul><li>Many access points support MAC binding </li></ul></ul><ul><ul><li>Any other machine will not be able to connect to my Wi-Fi </li></ul></ul>
    20. 20. Not only terrorism, what else <ul><li>Connected to open network?? </li></ul><ul><ul><li>Attacker can read your mails </li></ul></ul><ul><ul><li>Attacker can see your password (even gmail) </li></ul></ul><ul><ul><li>Attacker can see your credit card numbers </li></ul></ul><ul><ul><li>Attacker can access confidential information on your computer </li></ul></ul><ul><ul><li>Attacker can chat with your girlfriend posing as you. </li></ul></ul>
    21. 21. So… <ul><li>6 easy steps to counter 95% of attack on your wi-fi </li></ul><ul><li>Secure your wi-fi today. </li></ul>
    22. 22. Q & 42 ? <ul><li>Rohit Srivastwa </li></ul><ul><li>Founder, Club Hack </li></ul><ul><li>[email_address] </li></ul>member