Категории: Все - access - encryption - vulnerabilities - authentication

по nursyafeera azeera 11 лет назад

569

wireless LAN vulnerabilities

Wireless LANs are susceptible to multiple vulnerabilities, necessitating robust access control measures to safeguard information. Access control involves restricting resource availability to authorized users, typically achieved by limiting device access to the access point (

wireless LAN vulnerabilities

wireless LAN vulnerabilities

WEP(wired equivalent privacy)

• WEP implementation – WEP was designed to meet the following criteria: • Efficient • Exportable • Optional • Reasonably strong • Self-synchronizing – WEP relies on a secret key shared between a wireless client device and the access point • Private key cryptography or symmetric encryption • WEP implementation (continued) – Options for creating keys • 64-bit key • 128-bit key • Passphrase – APs and devices can hold up to four shared secret keys • One of which must be designated as the default key
Wired Equivalent Privacy (WEP) • Intended to guard confidentiality – Ensures that only authorized parties can view the information • WEP accomplishes confidentiality by “scrambling” the wireless data as it is transmitted – Used in IEEE 802.11 to encrypt wireless transmissions • Cryptography – Science of transforming information so that it is secure while it is being transmitted or stored

Access point

– Contains an antenna and a radio transmitter/receiver • And an RJ-45 port – Acts as central base station for the wireless network • Almost all wireless APs implement access control – Through Media Access Control (MAC) address filtering • Implementing restrictions – A device can be permitted into the network – A device can be prevented from the network • MAC address filtering should not be confused with access restrictions – Access restrictions can limit user access to Internet

Access control

• MAC address filtering – Considered a basic means of controlling access – Requires pre-approved authentication – Makes it difficult to provide temporary access for “guest” devices
- Method of restricting access to resources - Intended to guard the availability of information (By making it accessible only to authorized users ) – Accomplished by limiting a device’s access to the access point (AP)
Example: 00-50-F2-7C-62-E1 blue: organizationally unique identifier(OUI) white: individual address block(IAB)

Authentication

Open system authentication vulnerabilities (continued) – Not always possible or convenient to turn off beaconing the SSID • Prevents wireless devices from freely roaming – Roaming facilitates movement between cells • When using Microsoft Windows XP – Device will always connect to the AP broadcasting its SSID • SSID can be easily discovered even when it is not contained in beacon frames – It is transmitted in other management frames sent by the AP • Shared key authentication vulnerabilities – Key management can be very difficult when it must support a large number of wireless devices • Attacker can “shoulder surf” the key from an approved device – Types of attacks • Brute force attack • Dictionary attack – Attacker can capture the challenge text along with the device’s response (encrypted text and IV) • Can then mathematically derive the keystream
• Open system authentication vulnerabilities – Authentication is based on a match of SSIDs – Several ways that SSIDs can be discovered – Beaconing • At regular intervals the AP sends a beacon frame – Scanning • Wireless device is set to look for those beacon frames – Beacon frames contain the SSID of the WLAN – Wireless security sources encourage users to disable SSID broadcast • Open system authentication vulnerabilities – Authentication is based on a match of SSIDs – Several ways that SSIDs can be discovered – Beaconing • At regular intervals the AP sends a beacon frame – Scanning • Wireless device is set to look for those beacon frames – Beacon frames contain the SSID of the WLAN – Wireless security sources encourage users to disable SSID broadcast
• Devices connected to a wired network are assumed to be authentic • Wireless authentication requires the wireless device to be authenticated – Prior to being connected to the network • Types of authentication supported by 802.11 – Open system authentication – Shared key authentication

Address filtering

• Managing a larger number of MAC addresses can pose significant challenges – Does not provide a means to temporarily allow a guest user to access the network – MAC addresses are initially exchanged in plaintext • Attacker can easily see the MAC address of an approved device and use it – MAC address can be “spoofed” or substituted

WEP2

Kerberos – Developed by Massachusetts Institute of Technology – Used to verify the identity of network users – Based on tickets WEP2 was no more secure than WEP itself
Attempted to overcome the limitations of WEP by adding two new security enhancements – Shared secret key was increased to 128 bits • To address the weakness of encryption – Kerberos authentication system was used

Dynamic WEP

Solves the weak initialization vector (IV) problem – By rotating the keys frequently Uses different keys for unicast traffic and broadcast traffic Advantage – Can be implemented without upgrading device drivers or AP firmware – Deploying dynamic WEP is a no-cost solution with minimal effort Dynamic WEP is still only a partial solution