Slide 1

CMGT/441 Intro. to Information Systems Security Management Information Technology University of Phoenix Kapolei Learning Center Week #4 1 Hacking Wireless Networks Philip Robbins December 19, 2013

Slide 2

2 Hacking Wireless Networks Topics Understanding Wireless Technology & Standards Tools Hacking WEP, WPA, WPA2 Uncovering SSIDs Bypassing MAC Address Filtering De-Authentication & Mis-Association Review Q&A Quiz #4

Slide 3

3

Slide 4

4 Understanding Wireless Standards IEEE 802.11 IEEE came up the 802.11 standard for wireless ethernet. OSI Layers 1 & 2 79 channels, 2.4 to 2.4835 GHz (USA) Half Duplex CSMA/CA (Avoidance) v.s. CSMA/CD (Detection) Modulation Techniques

Slide 5

5 Understanding Wireless Standards Center Frequency & Channels for 2.4 GHz

Slide 6

6 Understanding Wireless Standards 4 Way Handshake

Slide 7

7 Understanding Wireless Standards 802.11 Standards

Slide 8

8

Slide 9

9 Tools Alfa AWUSO36H WiFi Network Adapter

Slide 10

10 Tools Alfa AWUSO36H WiFi Network Adapter

Slide 11

11 Tools Alfa AWUSO36H WiFi Network Adapter 30dBm = 1W

Slide 12

12 Tools Netgear Wireless Router

Slide 13

13 Tools Netgear Wireless Router TARGET AP

Slide 14

14 Tools Netgear Wireless Router TARGET 192.168.1.1

Slide 15

15 Tools / Configuration password

Slide 16

16 Tools / Configuration Forgot the password for your router? or your neighbors?

Slide 17

17 Tools / Configuration password WEP CONFIGURATION

Slide 18

18 Tools / Configuration

Slide 19

19 Tools / Configuration Authentication?

Slide 20

20 Tools / Configuration WPA CONFIGURATION

Slide 21

21 Tools / Configuration

Slide 22

22 Tools / Configuration password

Slide 23

23 Tools Backtrack 5r3 Ubuntu Linux Distribution providing a comprehensive collection of security-related tools for digital forensics and pen testing use. http://www.backtrack-linux.org/downloads/ 1 2 3 4

Slide 24

24 Tools

Slide 25

25 Tools

Slide 26

26 Tools

Slide 27

27 Tools

Slide 28

28 Tools AirSnort replacement.

Slide 29

29 Understanding Wireless Technology Wi-Fi Protected Access (WPA) Touted as a step up from WEP Weak passphrases renders the protection inadequate False sense of security Network Sniffers TKIP v.s. AES

Slide 30

30 Cracking WPA

Slide 31

31 Cracking WPA

Slide 32

32 Cracking WPA

Slide 33

33 r Cracking WPA

Slide 34

34 r Cracking WPA

Slide 35

35 Cracking WPA

Slide 36

36 r Cracking WPA

Slide 37

37 r Cracking WPA

Slide 38

38 Cracking WPA

Slide 39

39 r Cracking WPA

Slide 40

40 r Cracking WPA

Slide 41

41 Cracking WPA

Slide 42

42 Cracking WPA

Slide 43

43 Cracking WPA Can take a few hours to go through 1+ million keys

Slide 44

44 Cracking WPA

Slide 45

45 Cracking WPA

Slide 46

46 Understanding Wireless Technology Wired Equivalent Privacy (WEP)

Slide 47

47 Understanding Wireless Technology Wired Equivalent Privacy (WEP) Confidentiality Access Control Data Integrity In reality, none of these are actually enforced!

Slide 48

48 Understanding Wireless Technology Wired Equivalent Privacy (WEP) Stream Cipher using XOR Keystream 64-bit Keyspace (2^64 keys) 128-bit Keyspace (2^128 keys) 40 bits24 bits

Slide 49

49 Understanding Wireless Technology Wired Equivalent Privacy (WEP)

Slide 50

50 Understanding Wireless Technology Wired Equivalent Privacy (WEP)

Slide 51

51 Understanding Wireless Technology Wired Equivalent Privacy

Slide 52

52 Cracking WEP

Slide 53

53 Cracking WEP

Slide 54

54 Cracking WEP

Slide 55

55 Cracking WEP

Slide 56

56 Cracking WEP

Slide 57

57 Cracking WEP

Slide 58

58 Cracking WEP 1 2 3

Slide 59

59 Bypassing MAC filtering

Slide 60

60 Review Questions Question #1 Which IEEE standard defines authentication and authorization in wireless networks? a.802.11 b.802.11a c.802.11b d.802.11X

Slide 61

61 Review Questions Question #1 Which IEEE standard defines authentication and authorization in wireless networks? a.802.11 b.802.11a c.802.11b d.802.11X

Slide 62

62 Review Questions Question #2 Which IEEE standard defines wireless technology? a.802.3 b.802.5 c.802.11 d.All 802 standards

Slide 63

63 Review Questions Question #2 Which IEEE standard defines wireless technology? a.802.3 b.802.5 c.802.11 d.All 802 standards

Slide 64

64 Review Questions Question #3 Which wireless encryption standard offers the best security? a.WPA2 b.WEP c.SSL d.WPA

Slide 65

65 Review Questions Question #3 Which wireless encryption standard offers the best security? a.WPA2 b.WEP c.SSL d.WPA

Slide 66

66 Review Questions Question #4 What information can be gathered by wardriving? a.SSIDs of wireless networks b.Whether encryption is enabled c.Whether SSL is enabled d.Signal strength

Slide 67

67 Review Questions Question #4 What information can be gathered by wardriving? a.SSIDs of wireless networks b.Whether encryption is enabled c.Whether SSL is enabled d.Signal strength

Slide 68

68 Review Questions Question #5 What is a known weakness of wireless SSIDs? a.Theyre broadcast in cleartext b.Theyre difficult to configure c.They use large amounts of bandwidth d.They consume an excessive amount of computer memory

Slide 69

69 Review Questions Question #5 What is a known weakness of wireless SSIDs? a.Theyre broadcast in cleartext b.Theyre difficult to configure c.They use large amounts of bandwidth d.They consume an excessive amount of computer memory

Slide 70

70 Review Questions Question #6 Wi-Fi Protected Access (WPA) was introduced in which IEEE 802 standard? a.802.11a b.802.11b c.802.11i d.802.11

Slide 71

71 Review Questions Question #6 Wi-Fi Protected Access (WPA) was introduced in which IEEE 802 standard? a.802.11a b.802.11b c.802.11i d.802.11

Slide 72

72 Review Questions Question #7 What protocol was added to 802.11i to address WEPs encryption vulnerability? a.MIC b.TKIP c.TTL d.EAP-TLS

Slide 73

73 Review Questions Question #7 What protocol was added to 802.11i to address WEPs encryption vulnerability? a.MIC b.TKIP c.TTL d.EAP-TLS

Slide 74

74 Review Questions Question #8 Disabling SSID broadcasts must be configured on the computer and the AP. True or False? a.TRUE b.FALSE

Slide 75

75 Review Questions Question #8 Disabling SSID broadcasts must be configured on the computer and the AP. True or False? a.TRUE b.FALSE

Slide 76

76 Review Questions Question #9 The operating frequency range of 802.11a is 2.4 GHZ. True or False? a.TRUE b.FALSE

Slide 77

77 Review Questions Question #9 The operating frequency range of 802.11a is 2.4 GHZ. True or False? a.TRUE b.FALSE

Slide 78

78 Review Questions Question #10 What TKIP enhancement addressed the WEP vulnerability of forging packets? a.Extended Initialization Vector (IV) with sequencing rules b.Per-packet key mixing c.Rekeying mechanism d.Message Integrity Check (MIC)

Slide 79

79 Review Questions Question #10 What TKIP enhancement addressed the WEP vulnerability of forging packets? a.Extended Initialization Vector (IV) with sequencing rules b.Per-packet key mixing c.Rekeying mechanism d.Message Integrity Check (MIC)

Slide 80

80 Review Questions Question #11 Which EAP method requires installing digital certificates on both the server and client? a.EAP-TLS b.PEAP c.EAP-SSL d.EAP-CA

Slide 81

81 Review Questions Question #11 Which EAP method requires installing digital certificates on both the server and client? a.EAP-TLS b.PEAP c.EAP-SSL d.EAP-CA

Slide 82

82 Review Questions Question #12 (last one) Which spread spectrum method divides bandwidth into a series of frequencies called tones? a.Frequency-hopping spread spectrum (FHSS) b.Direct sequence spread spectrum (DSSS) c.Spread spectrum frequency tonation (SSFT) d.Orthogonal frequency division multiplexing (OFDM)

Slide 83

83 Review Questions Question #12 (last one) Which spread spectrum method divides bandwidth into a series of frequencies called tones? a.Frequency-hopping spread spectrum (FHSS) b.Direct sequence spread spectrum (DSSS) c.Spread spectrum frequency tonation (SSFT) d.Orthogonal frequency division multiplexing (OFDM)

Slide 84

84 Questions? philiprobbins@email.phoenix.edu www2.hawaii.edu/~probbins https://www.dorkatron.com/docs/CMGT441/