Download man-in-the-middle - Personal.kent.edu

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Document related concepts

Computer network wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

Computer security wikipedia , lookup

Network tap wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Wi-Fi wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
WIRELESS
NETWORK
SECURITY
Hackers
• Ad-hoc networks
• War Driving
• Man-in-the-Middle
• Caffe Latte attack
AD-HOC networks
WAR DRIVING
• Searching
for Wi-Fi
by person
in moving
vehicle
MAN-IN-THE-MIDDLE
• Hotspots have little security
• Entices computers to log into soft Access
Point
• Hacker connects to real AP – offers steady
flow of traffic
• Hacker sniffs the traffic
• Forces you to loose connection +
reconnect within the hackers AP.
CAFFE LATTE ATTACK
• Targets the Windows wireless stack
• Possible to obtain the WEP key from a
remote client
• Sends flood of encrypted ARP
requests
• Attacker can obtain the WEP key
within minutes
Wireless Intrusion
Prevention System (WIPS)
• Robust way to counteract wireless
security risks
• PCI Security Standard Council
published guidelines for large
organizations
WEP: Wired Equivalent
Privacy
1999
• Secret Keys [Codes
to Encrypt Data]
• Secondary Goal :
Control Network Access
WEP
• 64,128, 256 bit key
• 24 bits used for Initialization
Vector
• Each packet includes integrity
check
Stream Ciphers
• RC4 is a stream cipher
• Expands a key into an infinite
pseudo-random keystream
What about IVs?
• RC4 keystream should not be reused.
• Use initialization vector to generate
different keystream for each packet by
augmenting the key
• IV reuse(24 bits)=>16.7 million variations
• Same shared key in both directions
• Encryption is vulnerable to collision-based
attacks.
Linear Checksum
• Encrypted CRC-32 used as integrity
check
• Fine for random errors, but not
deliberate ones
• CRC is linear
• Can maliciously flip bits in the
packet
• Can replay modified packets!
WEP
• Problem #1:
• No Limit on using the same IV Value
more than once.This makes the
encryption vulnerable to collisionbased attacks.
• Problem #2
• The IV is only 24 bits, there are only
16.7 million possible variations.
WEP
• Problem: #3:
• Master Keys are used directly, when they
should be used to generate other
temporary keys.
• Problem #4:
• Users don’t change their keys very often
on most networks, giving attackers ample
time to try various techniques.
802.11i
• TKIP [Temporal Key Integrity
Protocol]
• AES is a cryptographic algorithm
- new hardware may be required
• 802.1X: used for authentication
802.1X
• Keeps the network port
disconnected until
authentication is complete.
• The port is either made
available or the user is denied
access to the network.
WPA: Wifi Protected
Access
• Subset of 802.11i
• Master keys are never directly
used.
• Better key management.
• Impressive message integrity
checking.
WPA: Wifi Protected
Access
• Advantages:
• IV length has increased to 48 bits,
over 500 trillion possible key
combinations
• IVs better protected through the
use of TKIP sequence counter,
helping to prevents reuse of IV
keys.
WPA: Wifi Protected
Access
• Master keys are never directly
used
• Better key management
• Impressive message integrity
checking.
802.11i
WPA2
• WPA2 uses AES (Advanced Encryption
Standard) to provide stronger encryption.
• Enterprise uses IEEE 802.1X and EAP to
provide authentication. Consumer uses a
pre-shared key, or password.
• New session Keys for every associationunique to that client.
• Avoids reuse.
• WPA =
TKIP + 802.1X
To get a Robust Secure Network,
the hardware must use CCMP
[Counter Mode CBC MAC
Protocol]
WPA2 = CCMP+802.1X
TIPS
• Change default Administrator
Passwords for router.
• Turn on WPA/WEP
Encryption
• Change the Default SSID
• Enable Mac Address Filtering
TIPS
• Disable SSID Broadcast
• Do Not Auto-Connect to Open
Wi-Fi Networks
• Assign Static IP Addresses to
Devices Turn off DHCP on the
router access point
TIPS
Ensure firewall is
enabled on your
router and also each
computer connected.
TIPS
• Position the router or Access
Point Safely
• Turn Off the Network during
Extended Periods of Non-Use.
Questions ?
Related documents
Wireless Networking & Security
Wireless Networking & Security
Wireless Network Security
Wireless Network Security
Strawcutter
Strawcutter
Document
Document
Maintaining Balance in Organisms
Maintaining Balance in Organisms
WLAN - GVSU School of Computing an Information Systems
WLAN - GVSU School of Computing an Information Systems
Data Structures (810:052) Lab 11 Name:_________________
Data Structures (810:052) Lab 11 Name:_________________
War Driving
War Driving
Data Structures (CS 1520 ) Lab 11 Name:_________________
Data Structures (CS 1520 ) Lab 11 Name:_________________
table
table
LECTURE NOTES #5
LECTURE NOTES #5
Wireless Security By Neeraj Poddar Advanced
Wireless Security By Neeraj Poddar Advanced