CMNIT - Wireless Awarenessx - CamisGroup.org

klapdorothypondΚινητά – Ασύρματες Τεχνολογίες

23 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

74 εμφανίσεις

WIRELESS
AWARENESS

PREPARED FOR: CAMIS GROUP

07/2012

BIOGRAPHY

Clint
Lentner
, MCSE, MCITP: EA


Netgain

Datacenter Deployment Specialist


Designing technical solutions
around a
wide variety
of
applications
--
from complex enterprise to simple and specialty
-
-
in order to provide a seamless end
-
user
experience.


Actively engaged in developing the local IT community
through free education opportunities to build networking and
enhance technical abilities.



Specialties


Active Directory, Windows Server, Security and Task
Automation

NETGAIN


National
eHealth

solutions provider


Provide
complete IT infrastructure solutions in

hosted or on
-
site
environments.


Design
solutions to deliver
standards compliant security
, five
nine’s availability and the flexibility to meet the changing
needs of healthcare organizations
.


Simplify
the healthcare IT environment while improving
efficiencies and increasing security.


INTRODUCTION

WIRELESS AWARENESS:
INTRODUCTION

Wireless Communication:


Defined as “
the transfer of information between two

or
more points that are not physically connected
.”


802.11:


Set
of standards created and maintained by the IEEE
LAN/MAN
Standards Committee (IEEE 802) for
implementing
W
ireless
L
ocal
A
rea
N
etwork
(WLAN)
computer
communication in the 2.4, 3.6 and 5

GHz
frequency bands.


These
standards provide the basis for wireless
network
products using the Wi
-
Fi brand name.


WIRELESS AWARENESS:
INTRODUCTION

Wi
-
Fi Alliance:


Founded
by six companies: 3Com,
Aironet
,
Intersil
, Lucent
Technologies
, Nokia and Symbol
Technologies in 1999 to
promote wireless LAN standard of 802.11



Wi
-
Fi vs. IEEE 802.11, 802.11, or WLAN



Commonly mistaken for “
Wireless Fidelity”,
Wi
-
Fi is a
nonsensical word.



WIRELESS AWARENESS:
802.11 MODES OF OPERATION

Ad
-
Hoc Mode


Defined by 802.11 as Independent
Basic Service
Set (IBSS)


Clients communicate
directly with
other IBSS clients within
transmission range, creating a peer
-
to
-
peer network.



WIRELESS AWARENESS:
802.11
MODES OF OPERATION

Infrastructure
Mode


Defined by 802.11 as Basic Service Set (
BSS)


Clients
communicate with a central station, or access point
(AP), which acts as an Ethernet bridge onto another
network.





WIRELESS AWARENESS:
DEMO










http
://www.nirsoft.net/utils/wireless_network_view.html

WIRELESS AWARENESS:
INTRODUCTION

WIRELESS AWARENESS:
INTRODUCTION

WIRELESS AWARENESS:
INTRODUCTION


IMPLIED TRUST

WIRELESS AWARENESS:
IMPLIED TRUST

WIRELESS AWARENESS
:
IMPLIED TRUST

Wireless users are very trusting


Users need access to the
Internet


Users tend to assume wireless is safe.


Wi
-
Fi is magic! Turn on the device, select your Wi
-
Fi network,
maybe enter a password, and you’re done!


Users are unknowingly trusting…


The Access Point is safe


The Access Point is who it says it is


Other users on that Access
P
oint are safe


The Network beyond the Access Point is safe


Wi
-
Fi enabled devices are safe


WIRELESS AWARENESS:
IMPLIED TRUST














All
roads to the Internet are safe.. Right?


VULNERABILITIES

UNDERSTANDING WI
-
FI

WIRELESS
AWARENESS:
UNDERSTANDING
WI
-
FI


Eavesdropping/Traffic Analysis


Data
Mining


Masquerading Clients/Access
Points


Promiscuous Access
Points


Man
-
in
-
the
-
Middle


Compromising
Security


Message Injection, Deletion, and
Interception


Session
Hijacking


Denial
-
of
-
Service

WIRELESS AWARENESS
:
UNDERSTANDING
WI
-
FI

Authentication
and
Association


Network Discovery


Authentication


Association



NETWORK
DISCOVERY

WIRELESS AWARENESS:
NETWORK DISCOVERY

Beacons


Broadcast by Access Points, advertising various
properties:


Encryption type


Service Set
IDentifier

(SSID)


Transmission Rate, etc…


Clients continually scan
\
listen for beacons to
determine which
access
points are available.

Probes


Broadcast by clients, searching for Access Points
and their properties. Similar to information
contained in beacons.


Broadcast by clients, searching for a specific Access
Point SSID

WIRELESS AWARENESS:
DEMO





http://www.wireshark.org

802.11 NETWORK
DISCOVERY: METHOD 1

AP: Broadcasts
Beacons


SSID: Linksys


BSSID: 08
-
86
-
3b
-
1c
-
be
-
ef


Encryption: WPA2


Authentication: PSK


Transfer Rate: 54
Mbps








Client: Listens for
beacon and
generates list of
available APs

802.11 NETWORK
DISCOVERY:
METHOD 2

Client: Broadcasts
Probe for any
available AP





AP: Sends probe
response



SSID: Linksys


BSSID: 08
-
86
-
3b
-
1c
-
be
-
ef


Encryption: WPA2


Authentication: PSK


Transfer Rate: 54
Mbps

802.11 NETWORK
DISCOVERY:
METHOD 3

Client: Broadcasts
Probe for SSID

LinkSys






AP: Sends probe
response if SSID =
“Linksys”


SSID: Linksys


BSSID: 08
-
86
-
3b
-
1c
-
be
-
ef


Encryption: WPA2


Authentication: PSK


Transfer Rate: 54
Mbps


DATA MINING

WIRELESS AWARENESS:
DATA MINING

Wi
-
Fi Client


Basic Service Set
Identification (BSSID)


Make/Model


SSID


Encryption/Authentication

Wi
-
Fi Access Point


Basic Service Set Identification (BSSID)


Make/Model


SSID


Encryption/Authentication


WIRELESS AWARENESS:
DEMO






http://aircrack
-
ng.org

WIRELESS AWARENESS:
DATA MINING

Windows
wireless probe issues


Prior to XP SP3, connecting to an AP with a hidden SSID
via
Wireless Zero
Configuration (WZC) had to be set to “automatically
reconnect”, as there was no way to manually connect.


Affected Versions


Windows XP, pre Service
Pack
3


Windows
Server®
2003, pre Service
Pack
2


Technet

Article


http
://
technet.microsoft.com/en
-
us/library/bb726942.aspx


Other Wi
-
Fi
enabled devices


This isn’t just a Microsoft problem

WIRELESS AWARENESS:
DATA MINING

Pre
-
SP3

SP3/Vista/Win7

WIRELESS AWARENESS:
DATA
MINING

How can this data be used?

Access Point


BSSID/SSID


Geolocation

Mapping with GPS (
WarDriving
)


WIGLE.net


Wi
-
Fi Triangulation


Skyhook,
Placelabs
,
Navizon


Encryption/Authentication Type


Identify easy targets for free Wi
-
Fi, or malicious intent


Open, WEP, or WPA/WPA2 with a common SSID


BSSID/Transfer Rate, Etc…


Statistical Usage Analysis

WIRELESS AWARENESS:
DEMO










http://wigle.net







WIRELESS AWARENESS:
DATA
MINING

How can this data be used?

Client


SSID


Establish profile of locations via
Geolocation

Mapping


BSSID


Wi
-
Fi probe tracking

WIRELESS AWARENESS:
DATA MINING

Why Do I Care?


Cellular carriers/smartphone vendors already track users
24/7


Cell tower triangulation


GPS


Users grant apps access to location services


Users enable GPS

and keep it enabled without
understanding consequences


Stalking produces similar results


Analyzing/Tracking Wi
-
Fi beacons requires zero user
interaction and is completely available to anyone who
wishes to “listen”





WIRELESS AWARENESS:
DATA MINING

Security in Layers


Do
you…


Have a front door? Close your front door?


Lock
your front door
?

Reinforce your front door?



Do you…


Have windows? Close your windows?


Lock your windows? Reinforce your windows?



Do you…


Have locks? Use your locks?


Have reinforced locks? Keep your keys secured?


WIRELESS
AWARENESS:
UNDERSTANDING
WI
-
FI


Eavesdropping/Traffic Analysis


Data
Mining


Masquerading Clients/Access
Points


Promiscuous Access
Points


Man
-
in
-
the
-
Middle


Compromising
Security


Message Injection, Deletion, and
Interception


Session
Hijacking


Denial
-
of
-
Service


MiTM

(Man in
T
he Middle)

WIRELESS AWARENESS:
MAN IN THE MIDDLE

Man
-
in
-
the
-
middle Attack


“A
form of active eavesdropping in which the attacker
makes independent connections with the victims and
relays messages between them, making them believe that
they are talking directly to each other over a private
connection, when in fact the entire conversation is
controlled by the attacker
.”

WIRELESS AWARENESS:
MAN IN THE MIDDLE

WIRELESS AWARENESS:
MAN IN THE MIDDLE

MitM

Attacks:


Collecting clear
-
text communications


Email


Chat


…Anything not encrypted


Collecting Usernames/Passwords


Session
-
Jacking


Manipulating the Internet experience


Redirection to fake/malicious websites


Manipulated webpage results


Manipulated certificate/SSL requests


Anything else you can think of

you
are

the router.

802.11 NETWORK
DISCOVERY:
METHOD 3

Client: Broadcasts
Probe for SSID

LinkSys






AP: Sends probe
response if SSID =
“Linksys”


SSID: Linksys


BSSID: 08
-
86
-
3b
-
1c
-
be
-
ef


Encryption: WPA2


Authentication: PSK


Transfer Rate: 54
Mbps

WIRELESS AWARENESS:
DEMO






http://aircrack
-
ng.org

WIRELESS AWARENESS:
MAN IN THE MIDDLE

Anyone can do it…


Hak5, a popular hacking community, assisted in
developing and selling a small, battery
-
powered wireless
router which acts as a inconspicuous, promiscuous access
point.


Built
-
in penetration tools makes this device a
serious

threat
to any Wi
-
Fi environment


Extremely popular, very easy to use.


Only $
99.95!...or make your own for around half.

WIRELESS AWARENESS:
MAN IN THE MIDDLE

WIRELESS AWARENESS:
MAN IN THE MIDDLE









https
://
www.youtube.com/watch?v=yr5upPHqhlA


MITIGATION

WIRELESS AWARENESS:
MITIGATION

User Awareness


Consequences of connecting to public Wi
-
Fi


Consequences of configuring
“auto
-
connect”


Discourage use of sensitive information sites via Wi
-
Fi if possible


Disable Wi
-
Fi when not in use


Wi
-
Fi Configuration


Manually connect to APs with hidden SSIDs


Require same authentication/encryption type for reconnecting to APs
(software specific)


Prevent users from accessing open APs (Solutions?? Anyone??)


Whitelist acceptable APs (via Windows GPO)


Obfuscate SSID names


Utilize cellular wireless communication if possible


Utilize VPNs to secure Wi
-
Fi sessions.


WIRELESS AWARENESS:
MITIGATION

Administrator Awareness


Understanding why Wi
-
Fi vulnerabilities pose a REAL risk:


Malicious tools are relatively easy to acquire and setup


Targets are very easy to acquire


Attackers are difficult to track


Attacks are difficult to detect, especially when targeting
non
-
technical users


Wi
-
Fi enabled devices can be
anything


Because Wi
-
Fi is popular!


Educating
\
Reeducating
Users


Eliminate Wi
-
Fi apathy! Don’t implicitly trust Wi
-
Fi!
Vulnerabilities are a real threat!


THANK YOU!


http://centralmnit.com