wireless LAN vulnerabilities

Plus de détails

F748 Red McCombs

par Carl Walker

Map IEC/ISO 27001:2013 Annex A - English

par Grandt Grandt

F414 Car sales of south Florida

par Mark Nees

MY PLE

par Abdullah SAYKILI

wireless LAN vulnerabilities

WEP(wired equivalent privacy)

• WEP implementation – WEP was designed to meet the following criteria: • Efficient • Exportable • Optional • Reasonably strong • Self-synchronizing – WEP relies on a secret key shared between a wireless client device and the access point • Private key cryptography or symmetric encryption • WEP implementation (continued) – Options for creating keys • 64-bit key • 128-bit key • Passphrase – APs and devices can hold up to four shared secret keys • One of which must be designated as the default key

Wired Equivalent Privacy (WEP) • Intended to guard confidentiality – Ensures that only authorized parties can view the information • WEP accomplishes confidentiality by “scrambling” the wireless data as it is transmitted – Used in IEEE 802.11 to encrypt wireless transmissions • Cryptography – Science of transforming information so that it is secure while it is being transmitted or stored

Access point

– Contains an antenna and a radio transmitter/receiver • And an RJ-45 port – Acts as central base station for the wireless network • Almost all wireless APs implement access control – Through Media Access Control (MAC) address filtering • Implementing restrictions – A device can be permitted into the network – A device can be prevented from the network • MAC address filtering should not be confused with access restrictions – Access restrictions can limit user access to Internet

Access control

• MAC address filtering – Considered a basic means of controlling access – Requires pre-approved authentication – Makes it difficult to provide temporary access for “guest” devices

- Method of restricting access to resources - Intended to guard the availability of information (By making it accessible only to authorized users ) – Accomplished by limiting a device’s access to the access point (AP)

Example: 00-50-F2-7C-62-E1 blue: organizationally unique identifier(OUI) white: individual address block(IAB)

Authentication

Open system authentication vulnerabilities (continued) – Not always possible or convenient to turn off beaconing the SSID • Prevents wireless devices from freely roaming – Roaming facilitates movement between cells • When using Microsoft Windows XP – Device will always connect to the AP broadcasting its SSID • SSID can be easily discovered even when it is not contained in beacon frames – It is transmitted in other management frames sent by the AP • Shared key authentication vulnerabilities – Key management can be very difficult when it must support a large number of wireless devices • Attacker can “shoulder surf” the key from an approved device – Types of attacks • Brute force attack • Dictionary attack – Attacker can capture the challenge text along with the device’s response (encrypted text and IV) • Can then mathematically derive the keystream

• Open system authentication vulnerabilities – Authentication is based on a match of SSIDs – Several ways that SSIDs can be discovered – Beaconing • At regular intervals the AP sends a beacon frame – Scanning • Wireless device is set to look for those beacon frames – Beacon frames contain the SSID of the WLAN – Wireless security sources encourage users to disable SSID broadcast • Open system authentication vulnerabilities – Authentication is based on a match of SSIDs – Several ways that SSIDs can be discovered – Beaconing • At regular intervals the AP sends a beacon frame – Scanning • Wireless device is set to look for those beacon frames – Beacon frames contain the SSID of the WLAN – Wireless security sources encourage users to disable SSID broadcast

• Devices connected to a wired network are assumed to be authentic • Wireless authentication requires the wireless device to be authenticated – Prior to being connected to the network • Types of authentication supported by 802.11 – Open system authentication – Shared key authentication

Address filtering

• Managing a larger number of MAC addresses can pose significant challenges – Does not provide a means to temporarily allow a guest user to access the network – MAC addresses are initially exchanged in plaintext • Attacker can easily see the MAC address of an approved device and use it – MAC address can be “spoofed” or substituted

WEP2

Kerberos – Developed by Massachusetts Institute of Technology – Used to verify the identity of network users – Based on tickets WEP2 was no more secure than WEP itself

Attempted to overcome the limitations of WEP by adding two new security enhancements – Shared secret key was increased to 128 bits • To address the weakness of encryption – Kerberos authentication system was used

Dynamic WEP

Solves the weak initialization vector (IV) problem – By rotating the keys frequently Uses different keys for unicast traffic and broadcast traffic Advantage – Can be implemented without upgrading device drivers or AP firmware – Deploying dynamic WEP is a no-cost solution with minimal effort Dynamic WEP is still only a partial solution