Download Hands-On Ethical Hacking and Network Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
Document related concepts

Extensible Authentication Protocol wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Computer network wikipedia , lookup

Wi-Fi wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

IEEE 802.11 wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

Wireless security wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Hands-On Ethical Hacking
and Network Defense
Chapter 11
Hacking Wireless Networks
Objectives
•
•
•
•
•
Explain wireless technology
Describe wireless networking standards
Describe the process of authentication
Describe wardriving
Describe wireless hacking and tools used
by hackers and security professionals
Hands-On Ethical Hacking and Network Defense
2
Understanding Wireless
Technology
• For a wireless network to function, you must
have the right hardware and software
• Wireless technology is part of our lives
•
•
•
•
•
•
•
•
Baby monitors
Cell and cordless phones
Pagers
GPS
Remote controls
Garage door openers
Two-way radios
Wireless PDAs
Hands-On Ethical Hacking and Network Defense
3
Components of a Wireless
Network
• A wireless network has only three basic
components
• Access Point (AP)
• Wireless network interface card (WNIC)
• Ethernet cable
Hands-On Ethical Hacking and Network Defense
4
Access Points
• An access point (AP) is a transceiver that
connects to an Ethernet cable
• It bridges the wireless network with the wired
network
• Not all wireless networks connect to a wired network
• Most companies have WLANs that connect to
their wired network topology
• The AP is where channels are configured
• An AP enables users to connect to a LAN
using wireless technology
• An AP is available only within a defined area
Hands-On Ethical Hacking and Network Defense
5
Hands-On Ethical Hacking and Network Defense
6
Service Set Identifiers
(SSIDs)
• Name used to identify the wireless local
area network (WLAN)
• The SSID is configured on the AP
• Unique 1- to 32-character alphanumeric name
• Name is case sensitive
• Wireless computers need to configure the
SSID before connecting to a wireless
network
• SSID is transmitted with each packet
• Identifies which
belongs
Hands-Onnetwork
Ethical Hacking andthe
Networkpacket
Defense
7
Hands-On Ethical Hacking and Network Defense
8
Service Set Identifiers
(SSIDs) (continued)
• Many vendors have SSIDs set to a default
value that companies never change
• An AP can be configured to not broadcast
its SSID until after authentication
• Wireless hackers can attempt to guess the
SSID
• Verify that your clients or customers are
not using a default SSID
Hands-On Ethical Hacking and Network Defense
9
Hands-On Ethical Hacking and Network Defense
10
Configuring an Access Point
• Configuring an AP varies depending on the
hardware
• Most devices allow access through any Web browser
• Steps for configuring a D-Link wireless router
• Enter IP address on your Web browser and provide
your user logon name and password
• After a successful logon you will see the device’s main
window
• Click on Wireless button to configure AP options
• SSID
• Wired Equivalent Privacy (WEP) keys
Hands-On Ethical Hacking and Network Defense
11
Hands-On Ethical Hacking and Network Defense
12
Hands-On Ethical Hacking and Network Defense
13
Hands-On Ethical Hacking and Network Defense
14
Configuring an Access Point
(continued)
• Steps for configuring a D-Link wireless
router (continued)
• Turn off SSID broadcast
• Disabling SSID broadcast is not enough to
protect your WLAN
• You must also change your SSID
Hands-On Ethical Hacking and Network Defense
15
Hands-On Ethical Hacking and Network Defense
16
Wireless NICs
• For wireless technology to work, each node or
computer must have a wireless NIC
• NIC’s main function
• Converting the radio waves it receives into digital
signals the computer understands
• There are many wireless NICs on the market
• Choose yours depending on how you plan to use it
• Some tools require certain specific brands of NICs
Hands-On Ethical Hacking and Network Defense
17
Understanding Wireless
Network Standards
• A standard is a set of rules formulated by an
organization
• Institute of Electrical and Electronics Engineers
(IEEE)
• Defines several standards for wireless networks
Hands-On Ethical Hacking and Network Defense
18
Institute of Electrical and
Electronics Engineers (IEEE)
Standards
• Working group (WG)
• A group of people from the electrical and electronics
industry that meet to create a standard
• Sponsor Executive Committee (SEC)
• Group that reviews and approves proposals of new
standards created by a WG
• Standards Review Committee (RevCom)
• Recommends proposals to be reviewed by the IEEE
Standards Board
• IEEE Standards Board
• Approves proposals to become new standards
Hands-On Ethical Hacking and Network Defense
19
The 802.11 Standard
• The first wireless technology standard
• Defined wireless connectivity at 1 Mbps and 2
Mbps within a LAN
• Applied to layers 1 and 2 of the OSI model
• Wireless networks cannot detect collisions
• Carrier sense multiple access/collision avoidance
(CSMA/CA) is used instead of CSMA/CD
• Wireless LANs do not have an address
associated with a physical location
• An addressable unit is called a station (STA)
Hands-On Ethical Hacking and Network Defense
20
The Basic Architecture of
802.11
• 802.11 uses a basic service set (BSS) as its
building block
• Computers within a BSS can communicate with each
others
• To connect two BSSs, 802.11 requires a
distribution system (DS) as an intermediate layer
• An access point (AP) is a station that provides
access to the DS
• Data moves between a BSS and the DS through
the AP
Hands-On Ethical Hacking and Network Defense
21
Hands-On Ethical Hacking and Network Defense
22
The Basic Architecture of
802.11 (continued)
• IEEE 802.11 also defines the operating
frequency range of 802.11
• In the United States, it is 2.400 to 2.4835 GHz
• Each frequency band contains channels
• A channel is a frequency range
• The 802.11 standard defines 79 channels
• If channels overlap, interference could occur
Hands-On Ethical Hacking and Network Defense
23
The Basic Architecture of
802.11 (continued)
• Other terms
•
•
•
•
•
Wavelength
Frequency
Cycle
Hertz or cycles per second
Bands
Hands-On Ethical Hacking and Network Defense
24
Hands-On Ethical Hacking and Network Defense
25
An Overview of Wireless
Technologies
• Infrared (IR)
• Infrared light can’t be seen by the human eye
• IR technology is restricted to a single room or
line of sight
• IR light cannot penetrate walls, ceilings, or floors
• Narrowband
• Uses microwave radio band frequencies to
transmit data
• Popular uses
• Cordless phones
• Garage door openers
Hands-On Ethical Hacking and Network Defense
26
An Overview of Wireless
Technologies (continued)
• Spread Spectrum
• Modulation defines how data is placed on a
carrier signal
• Data is spread across a large-frequency
bandwidth instead of traveling across just one
frequency band
• Methods
• Frequency-hopping spread spectrum (FHSS)
• Direct sequence spread spectrum (DSSS)
• Orthogonal frequency division multiplexing (OFDM)
Hands-On Ethical Hacking and Network Defense
27
IEEE Additional 802.11 Projects
• 802.11a
• Created in 1999
• Operating frequency range changed from 2.4 GHz
to 5 GHz
• Throughput increased from 11 Mbps to 54 Mbps
• Bands or frequencies
• Lower band—5.15 to 5.25 GHz
• Middle band—5.25 to 5.35 GHz
• Upper band—5.75 to 5.85 GHz
Hands-On Ethical Hacking and Network Defense
28
IEEE Additional 802.11 Projects
(continued)
• 802.11b
•
•
•
•
Operates in the 2.4 GHz range
Throughput increased from 1 or 2 Mbps to 11 Mbps
Also referred as Wi-Fi (wireless fidelity)
Allows for 11 channels to prevent overlapping
signals
• Effectively only three channels (1, 6, and 11) can be used
in combination without overlapping
• Introduced Wired Equivalent Privacy (WEP)
Hands-On Ethical Hacking and Network Defense
29
IEEE Additional 802.11 Projects
(continued)
• 802.11e
• It has improvements to address the problem of
interference
• When interference is detected, signals can jump to
another frequency more quickly
• 802.11g
• Operates in the 2.4 GHz range
• Uses OFDM for modulation
• Throughput increased from 11 Mbps to 54 Mbps
Hands-On Ethical Hacking and Network Defense
30
IEEE Additional 802.11 Projects
(continued)
• 802.11i
• Introduced Wi-Fi Protected Access (WPA)
• Corrected many of the security vulnerabilities of
802.11b
• 802.15
• Addresses networking devices within one person’s
workspace
• Called wireless personal area network (WPAN)
• Bluetooth is a common example
Hands-On Ethical Hacking and Network Defense
31
IEEE Additional 802.11 Projects
(continued)
• 802.16
• Addresses the issue of wireless metropolitan area
networks (MANs)
• Defines the WirelessMAN Air Interface
• It will have a range of up to 30 miles
• Throughput of up to 120 Mbps
• 802.20
• Addresses wireless MANs for mobile users who are
sitting in trains, subways, or cars traveling at
speeds up to 150 miles per hour
Hands-On Ethical Hacking and Network Defense
32
IEEE Additional 802.11 Projects
(continued)
• Bluetooth
• Defines a method for interconnecting portable
devices without wires
• Maximum distance allowed is 10 meters
• It uses the 2.45 GHz frequency band
• Throughput of up to 12 Mbps
• HiperLAN2
• European WLAN standard
• It is not compatible with 802.11 standards
Hands-On Ethical Hacking and Network Defense
33
Hands-On Ethical Hacking and Network Defense
34
Understanding Authentication
• An organization that introduces wireless
technology to the mix increases the potential for
security problems
Hands-On Ethical Hacking and Network Defense
35
The 802.1X Standard
• Defines the process of authenticating and
authorizing users on a WLAN
• Addresses the concerns with authentication
• Basic concepts
•
•
•
•
Point-to-Point Protocol (PPP)
Extensible Authentication Protocol (EAP)
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Hands-On Ethical Hacking and Network Defense
36
Point-to-Point Protocol (PPP)
• Many ISPs use PPP to connect dial-up or DSL
users
• PPP handles authentication by requiring a user
to enter a valid user name and password
• PPP verifies that users attempting to use the
link are indeed who they say they are
Hands-On Ethical Hacking and Network Defense
37
Extensible Authentication
Protocol (EAP)
• EAP is an enhancement to PPP
• Allows a company to select its authentication
method
• Certificates
• Kerberos
• Certificate
• Record that authenticates network entities
• It contains X.509 information that identifies the owner,
the certificate authority (CA), and the owner’s public key
Hands-On Ethical Hacking and Network Defense
38
Extensible Authentication
Protocol (EAP) (continued)
• EAP methods to improve security on a wireless
networks
• Extensible Authentication Protocol-Transport Layer
Security (EAP-TLS)
• Protected EAP (PEAP)
• Microsoft PEAP
• 802.1X components
• Supplicant
• Authenticator
• Authentication server
Hands-On Ethical Hacking and Network Defense
39
Hands-On Ethical Hacking and Network Defense
40
Wired Equivalent Privacy (WEP)
• Part of the 802.11b standard
• It was implemented specifically to encrypt data
that traversed a wireless network
• WEP has many vulnerabilities
• Works well for home users or small businesses
when combined with a Virtual Private Network
(VPN)
Hands-On Ethical Hacking and Network Defense
41
Wi-Fi Protected Access (WPA)
• Specified in the 802.11i standard
• It is the replacement for WEP
• WPA improves encryption by using
Temporal Key Integrity Protocol (TKIP)
• TKIP is composed of four enhancements
• Message Integrity Check (MIC)
• Cryptographic message integrity code
• Main purpose is to prevent forgeries
• Extended Initialization Vector (IV) with
sequencing rules
• Implemented to prevent replays
Hands-On Ethical Hacking and Network Defense
42
Wi-Fi Protected Access (WPA)
(continued)
• TKIP enhancements (continued)
• Per-packet key mixing
• It helps defeat weak key attacks that occurred in WEP
• MAC addresses are used in creating an intermediate key
• Rekeying mechanism
• It provides fresh keys that help prevent attacks that relied
on reusing old keys
• WPA also adds an authentication mechanism
implementing 802.1X and EAP
Hands-On Ethical Hacking and Network Defense
43
Understanding Wardriving
• Hackers use wardriving
• Driving around with inexpensive hardware and
software that enables them to detect access points
that haven’t been secured
• Wardriving is not illegal
• But using the resources of these networks is illegal
• Warflying
• Variant where an airplane is used instead of a car
Hands-On Ethical Hacking and Network Defense
44
How It Works
• An attacker or security tester simply drives
around with the following equipment
•
•
•
•
Laptop computer
Wireless NIC
An antenna
Software that scans the area for SSIDs
• Not all wireless NICs are compatible with
scanning programs
• Antenna prices vary depending on the quality
and the range they can cover
Hands-On Ethical Hacking and Network Defense
45
How It Works (continued)
• Scanning software can identify
• The company’s SSID
• The type of security enabled
• The signal strength
• Indicating how close the AP is to the attacker
Hands-On Ethical Hacking and Network Defense
46
NetStumbler
• Shareware tool written for Windows that
enables you to detect WLANs
• Supports 802.11a, 802.11b, and 802.11g
standards
• NetStumbler was primarily designed to
• Verify your WLAN configuration
• Detect other wireless networks
• Detect unauthorized APs
• NetStumbler is capable of interface with a
GPS
• Enabling a security tester or hacker to map out
locations of all the WLANs the software detects
Hands-On Ethical Hacking and Network Defense
47
Hands-On Ethical Hacking and Network Defense
48
NetStumbler (continued)
• NetStumbler logs the following information
•
•
•
•
•
•
SSID
MAC address of the AP
Manufacturer of the AP
Channel on which it was heard
Strength of the signal
Encryption
• Attackers can detect APs within a 350-foot
radius
• But with a good antenna, they can locate APs a
couple of miles away
Hands-On Ethical Hacking and Network Defense
49
Hands-On Ethical Hacking and Network Defense
50
Hands-On Ethical Hacking and Network Defense
51
Kismet
•
•
•
•
Another product for conducting wardriving attacks
Written by Mike Kershaw
Runs on Linux, BSD, MAC OS X, and Linux PDAs
Kismet is advertised also as a sniffer and IDS
• Kismet can sniff 802.11b, 802.11a, and 802.11g traffic
• Kismet features
• Ethereal- and Tcpdump-compatible data logging
• AirSnort compatible
• Network IP range detection
Hands-On Ethical Hacking and Network Defense
52
Kismet (continued)
• Kismet features (continued)
•
•
•
•
Hidden network SSID detection
Graphical mapping of networks
Client-server architecture
Manufacturer and model identification of APs and
clients
• Detection of known default access point
configurations
• XML output
• Supports 20 card types
Hands-On Ethical Hacking and Network Defense
53
Understanding Wireless
Hacking
• Hacking a wireless network is not much
different from hacking a wired LAN
• Techniques for hacking wireless networks
• Port scanning
• Enumeration
Hands-On Ethical Hacking and Network Defense
54
Tools of the Trade
• Equipment
•
•
•
•
Laptop computer
A wireless NIC
An antenna
Sniffers
• Wireless routers that perform DHCP functions
can pose a big security risk
• Tools for cracking WEP keys
• AirSnort
• WEPCrack
Hands-On Ethical Hacking and Network Defense
55
AirSnort
• Created by Jeremy Bruestle and Blake Hegerle
• It is the tool most hackers wanting to access
WEP-enabled WLANs use
• AirSnort limitations
• Runs only on Linux
• Requires specific drivers
• Not all wireless NICs function with AirSnort
Hands-On Ethical Hacking and Network Defense
56
WEPCrack
• Another open-source tool used to crack WEP
encryption
• WEPCrack was released about a week before
AirSnort
• It also works on *NIX systems
• WEPCrack uses Perl scripts to carry out
attacks on wireless systems
• Future versions are expected to include features for
attackers to conduct brute-force attacks
Hands-On Ethical Hacking and Network Defense
57
Countermeasures for Wireless
Attacks
• Consider using anti-wardriving software to make it
more difficult for attackers to discover your
wireless LAN
• Honeypots
• Fakeap
• Black Alchemy Fake AP
• Limit the use of wireless technology to people
located in your facility
• Allow only predetermined MAC addresses and IP
addresses to have access to the wireless LAN
Hands-On Ethical Hacking and Network Defense
58
Countermeasures for Wireless
Attacks (continued)
• Consider using an authentication server instead of
relying on a wireless device to authenticate users
• Consider using EAP, which allows different
protocols to be used that enhance security
• Consider placing the AP in the demilitarized zone
(DMZ)
• If you use WEP, consider using 104-bit encryption
rather than 40-bit encryption
• Assign static IP addresses to wireless clients
instead of using DHCP
Hands-On Ethical Hacking and Network Defense
59
Summary
• IEEE’s main purpose is to create standards
for LANs and WANs
• 802.11 is the IEEE standard for wireless
networking
• Wireless technology defines how and at
what frequency data travels over carrier
sound waves
• Three main components of a wireless
network
• Access Points (APs)
Hands-On Ethical Hacking and Network Defense
60
Summary (continued)
• A service set identifier (SSID) assigned to
an AP
• Represents the wireless segment of a network
for which the AP is responsible
• Data must be modulated over carrier
signals
• DSSS, FHSS, and OFDM are the most
common modulations for wireless networks
• Wardriving and warflying
• WLANs can be attacked with many of the
Hands-On Ethical Hacking and Network Defense
61
Summary (continued)
• Countermeasures include
•
•
•
•
•
Disabling SSID broadcast
Renaming default SSIDs
Using an authentication server
Placing the AP in the DMZ
Using a router to filter any unauthorized MAC
and IP address from network access
Hands-On Ethical Hacking and Network Defense
62
Related documents
Growth Hacking - Roy Povarchik
Growth Hacking - Roy Povarchik
What can “Economics of Information Security” offer for SMEs
What can “Economics of Information Security” offer for SMEs
computer science technology
computer science technology
Challenges of Strategic Communication
Challenges of Strategic Communication
Trade: Free or Coerced?
Trade: Free or Coerced?
9781435486096_PPT_ch05
9781435486096_PPT_ch05
FOUR TOUGH ETHICAL DILEMMAS  RIGHT vs RIGHT DECISIONS  By RUSHWORTH KIDDER  HOW GOOD PEOPLE MAKE TOUGH CHOICES 
FOUR TOUGH ETHICAL DILEMMAS  RIGHT vs RIGHT DECISIONS  By RUSHWORTH KIDDER  HOW GOOD PEOPLE MAKE TOUGH CHOICES 
What Makes a Leader? - Bishop Kearney SharePoint
What Makes a Leader? - Bishop Kearney SharePoint
(P1) How networks communicate
(P1) How networks communicate
Chapter 5
Chapter 5
Ethics
Ethics