The document discusses the challenges and misconceptions surrounding wireless security, particularly highlighting the vulnerabilities of common protocols like WEP and WPA. It emphasizes the need for robust encryption, such as WPA2, and the importance of wireless intrusion prevention systems (WIPS) to protect against various threats, including eavesdropping and denial of service attacks. The overall message stresses that standard security measures may not suffice, necessitating comprehensive protective strategies in enterprise networks.

1. Wireless Security: A False Sense of SecurityBarCamp Melaka – 14th November 2009

2. IntroductionA false sense of security is worse than a true sense of insecurity

3. MeAhmad Siddiqb. MohdAdnanCCNA, MCSE, Red Hat Trainer. Asia Talk Sdn. Bhd.Guide young Jedi’s how to deal with cables, switches and servers

4. IEEE 802.11 IntroductionWireless Security: A False Sense of Security

5. How 802.11 WorksDesigned to integrate easily with existing wired networks802.11 uses CSMA/CA to access the mediumEach device has a unique 48bit MAC address just like the 802.3 Ethernet

6. 802.11 Modes of CommunicationInfrastructureAll client adapters associate with the Access point.Each client adapter only communicates with the Access Point Ad-HocWireless client adapters communicate with each other directly

7. Nature of The MediumUnlike on wired networks, all communications are essentially broadcastsThis makes passive sniffing and MITM easierTherefore encryption of data is key to secure communication

8. WiFiProfilerationSource: WiFi Alliance, www.wifialliance.org

9. Attack HierarchyAttacksPassiveActiveDenial Of ServiceEavesdroppingReplayMasqueradeTraffic AnalysisMessage Modification

10. Securi..what?Wireless Security: A False Sense of Security

11. Wi-Fi is No ExceptionWi-Fi throws new pieces in the information security puzzleSignal spillage outside building

12. Threats operative below Layer 3

13. Wired firewalls, IDS/IPS, anti-virus ineffective against Wi-Fi threatsIncorrect Views of Wi-Fi SecurityDude check this shit out. I have this cool Cisco hardware firewall and some slick IDS installed on my LAN. I also have some kind of Anti-Virus installed, and hence I am already been protected.

14. 802.11 Inbuilt SecurityWired Equivalent Privacy (WEP)Uses RC4 Stream cipher for encryptionWiFi Protected Access (WPA or TKIP)Uses RC4 Stream cipher for encryptionWPA2Uses AES Block cipher for encryption

15. Wired Equivalent Privacy (WEP)So damn popular in MalaysiaWEP implementation has many flawsWEP encryption is easily brokenClient side attacks on WEP make it even easier

16. Wireless SecurityA False sense of SecurityDemo 1: WEP key pwnage within a few minutes

17. Wi-Fi Protected Access (WPA)WPA or TKIP is more secure than WEP WPA-PSK is the easiest to implement WPA-PSK is susceptible to an offline brute-force attack WPA2 uses AES and is so far considered secure

18. Cracking Exploits

19. Most Obvious Wi-Fi ThreatSolution: Use of strong wireless authentication and encryption in Wi-FiOPEN and WEP are a BIG NOWPA can be used, but not enterprise grade. Use WPA2 which is enterprise graded.SSID and MAC access control can be evaded

20. Wi-Fi or No Wi-Fi Cannot Address Unmanaged DevicesThreats From Unmanaged Devices

21. Rogue APsUnmanaged APs attached to the network(Logically) LAN jacks hanging out from the windowMalicious intent or simply an unwitting, impatient employee

22. Provides direct access to wired network from the areas of spillage

23. Steal data on wire

24. Scan network for vulnerabilities

25. Firewall, anti-virus, WPA2 do not see thisAd-hoc connectionsEmployees may use ad-hoc connection to share contentReduce productivityLeak sensitive dataInadvertent ad-hoc connectionCompromise laptopBridge to enterprise network

26. Ad-hoc Bridge to Wired NetworkUsers may bridge wired and Wi-Fi network on their laptops

27. MisassociationPolicy violationGmail, IM, banned websites, banned contentMIM attack

28. Password stealing, data interception

29. Growing number of hack tools: KARMETASPLOIT, SSLstrip, Airbase Wi-Fi Device Driver SecurityWi-Fi device drivers may be vulnerable to remote exploits and DOSMay allow remote code execution at kernel mode (XSS, CR;LF, etc)One must always use the latest versions of hardware drivers.

30. WiFi HotspotsHotspots offer unencrypted connectivityMITM & sniffing is very easily implementedTools like SSL strip can nullify HTTPS protection (lol)Use of VPN or higher layer encryption is recommended

31. DoS AttacksWireless DoS attacks are inevitable for WiFiSpoofed disconnectsSpoofed connection floodsHogging wireless mediumEven Cisco MFP and 802.11w are vulnerable to DoS attacksGoogle “Auto immunity disorder in Wireless LANs”

32. WPA-2 is Essential, But Not Enough!No-WiFi is Also Not Enough!