Upload
magdalene-greene
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
University at Albany, School of BusinessCenter for Information Forensics and Assurance
1
Wireless Security
University at Albany, School of BusinessCenter for Information Forensics and Assurance
2
Wireless SecurityExplosion of Devices
• Spectrums: 802.11x, Bluetooth, Infrared, Cellular, Radio, Microwave, Satellite
University at Albany, School of BusinessCenter for Information Forensics and Assurance
3
August 21, 2004 BBC NewsNew York set for citywide wireless. In exchange for being able to mount up to 18,000 new lamp post-based antennas, to strengthen coverage around the five boroughs, the companies will pay the city government around $25m each year. "This is something that makes sense," he added. "The companies are anxious to do it, and we think it will improve service for New Yorkers."
There is already one patch of midtown Manhattan that provides an ideal glimpse of what a more wireless-friendly New York will be like.
Bryant Park has been providing a free service to any laptop user who wants access for many months now.
Source: http://news.bbc.co.uk/2/hi/technology/3578982.stm
Wireless SecurityWireless Cities
University at Albany, School of BusinessCenter for Information Forensics and Assurance
4
August 21, 2004 Times Union
Internet hot spots popping up. On Tuesday, Lemery Greisler LLC will celebrate the first free, public wireless Internet hot spot in downtown Albany. But Omni Plaza, a brick courtyard across the street from the law firm's offices at 50 Beaver St., is just the centerpiece of the ground-up effort to blanket downtown with wireless Internet coverage.
"What we're unveiling is the pilot," said Scott Almas, a Lemery Greisler associate and driving force behind the effort. "There's a better mousetrap than these little access points. My vision was: Throw out some cheese, draw in the mouse and then put in a better mousetrap. That would be universal, ubiquitous coverage."
Earlier this year, Intel Corp. released a ranking of American cities with the best wireless access. Despite its Tech Valley moniker, the Albany-Schenectady-Troy area ranked 71st, behind regions such as Wichita, Kan., and Worcester, Mass. The as-yet-unnamed downtown effort is an attempt to change that.
"At some point this will be part of the municipal infrastructure," Almas said. "But until the mice come out, nobody has any interest in putting in a better trap."
Source: Times Union
Wireless SecurityAlbany, NY Wireless
University at Albany, School of BusinessCenter for Information Forensics and Assurance
5
Wireless SecurityAlbany, NY Access Points
War Driving in
Albany
Empire State Plaza
University at Albany, School of BusinessCenter for Information Forensics and Assurance
6
July 1, 2004 CNN.com
Report: Homeland Security vulnerable to wireless hackers. WASHINGTON (CNN) -- Although charged with making the nation more secure, the Department of Homeland Security has not taken the steps needed to secure its own wireless communications, according to a report from the department's Inspector General.
Wireless messaging services played a critical role following the September 11, 2001 terrorist attacks. While cellular telephone service was out, key personnel remained in contact using messaging services.
But wireless technology can facilitate unauthorized access to wired networks and data through eavesdropping or theft. Those vulnerabilities increase the need for strong security controls.
The report concludes that Homeland Security cannot ensure that its sensitive information about terrorist threats and security is not being monitored, accessed, and misused.
Source: Times Union
Wireless SecurityAccess to Wireless Data
University at Albany, School of BusinessCenter for Information Forensics and Assurance
7
• Security is the top issue with Wireless Ethernet• A larger percentage of government respondents
rated this as an issue compared to industry respondents.
Wireless SecurityWireless Concerns
Source: 2003 Wireless LAN Benefits Study, Cisco Systems
University at Albany, School of BusinessCenter for Information Forensics and Assurance
8
• Denial of Service – Jamming (by using a device which will flood spectrum
with noise and traffic)– Spoofing identity (through cloning MAC address of and
setting strength of signal to greater than other user)– Spoofed access points (clients are usually configured to
associate with the access point with the strongest signal)
• ARP poisoning– Attacker can get packets and frames from the air by
“poisoning” caches of MAC/IP combinations of two hosts connected to the “physical” network.
• Sleep Deprivation Attacks– People run programs on wireless devices to drain all its
power
Wireless SecurityWireless Attacks
Source: Wireless Attacks and Penetration Testing part 1, June 3, 2002
University at Albany, School of BusinessCenter for Information Forensics and Assurance
9
• Vulnerability:– Inherent weaknesses in underlying protocols
used on computer networks today – e.g. ARP’s protocol lack of authentication
and limited table entries. • Attack Scenario:
– Start hunt and identify active sessions.– Passively monitor session.– Hijack the session.– Perform malicious activity.– Terminate the session.
Session Hijacking Exploit Demonstration
University at Albany, School of BusinessCenter for Information Forensics and Assurance
10
• Protection: – Use encryption.– Use strong authentication.– Configure appropriate spoof rules on gateways.– Monitor for ARP cache poisoning.
Session Hijacking Protection/Detection
• Additional protection at the Data Link Layer:
– Use port security feature on Ethernet switches.– Hard code ARP tables on your critical servers and turn off ARP on your network interfaces.
University at Albany, School of BusinessCenter for Information Forensics and Assurance
11
Conclusions
University at Albany, School of BusinessCenter for Information Forensics and Assurance
12
• Do not underestimate internal network threats.
• Apply industry best practices in day-to-day work.
• Use layered approach with information security.
• Take a proactive approach with information security. – Do not wait for an incident to happen and react
when it may be too little, too late.
Computer SecurityLayered Approach to Security
University at Albany, School of BusinessCenter for Information Forensics and Assurance
13
• Thanks to the support of:– NY State Center for Information Forensics and
Assurance, UAlbany– NY State Office for Cyber Security and Critical
Infrastructure Coordination– New York State Police
• Thanks to Damira Pon, CIFA for assistance in preparing this presentation
• Thanks to Sandy Schuman and Steve Walter for organizing the Korean Executive talk
AcknowledgementsOrganizations/People
University at Albany, School of BusinessCenter for Information Forensics and Assurance
14
Additional Material
University at Albany, School of BusinessCenter for Information Forensics and Assurance
15
Tool Name General Use OS Available From
Ettercap Sniffer Linux http://ettercap.sourceforge.net
Hunt Sniffer/Hijacking Linux http://lin.fsid.cvut.cz/~kra
Ethereal Sniffer Linux Windows
http://www.ethereal.com/download.html
RPCScan2 Scanner Windows http://www.foundstone.com
dcom2_scanner.c
Scanner Linux http://packetstormsecurity.com
Netcat Scanner-Multipurpose
Linux Windows
http://www.hack-box.info/bruteforce.html
John the Ripper Password Cracker
Linux Windows
http://www.openwall.com
Linux Kernel Patch
Kernel Security Patch
Linux http://www.openwall.com/linux
BufferShield 1.01a
Kernel Security Patch
Windows http://www.sys-manage.com/index10.htm
OverflowGuard Kernel Security Patch
Windows http://www.datasecuritysoftware.com
StackDefender Kernel Security Patch
Windows http://www.ngsec.com/ngproducts
Juggernaut Sniffer/Hijacking Linux http://packetstormsecurity.com/
TTY Watcher Sniffer/Hijacking Linux http://www.cerias.purdue.edu
IP Watcher Sniffer/Hijacking Linux http://www.engrade.com
AppendixSecurity Tools
University at Albany, School of BusinessCenter for Information Forensics and Assurance
16
AppendixWireless Protocols
Name Description
CDPD (Cellular Digital Packet Data) Supports wireless access to Internet from cell phone networks.
HSCSD (High Speed Circuit Switched Data) Enables data transfer from GSM networks.
PDC-P (Packet Data Cellular) Packet switching message system used in Japan
GPRS (General Packet Radio Service) Specification for transfer on GSM/TDMS networks.
CDMA (-2000 1xRTT) Radio Transmission Technology
Bluetooth Specification for short distance wireless communication between two devices
IrDA Infrared light communication between two devices.
LMDS (Local Multipoint Distribution Service) Broadband wireless point to multipoint using microwave communications
MMDS (Multichannel Multipoint Distribution Service)
802.11x Wi-Fi (for wireless Ethernet) 802.11/a/b/g/i
University at Albany, School of BusinessCenter for Information Forensics and Assurance
17
• WEP (Wired Equivalent Privacy)– WEP is an authentication scheme (not required)– Only good for data between access points– Uses 24 bits for initialization vector (same vector can be
used for different packets) and leads to possible duplication. – Hackers only have to collect data frames by using a network
monitoring tool and then run a program called WEPCrack.
• War Driving– Needs global positioning system (GPS), wireless laptop, and
software– Software keeps track of position and access point
configuration.– Data uploaded to internet databases of wireless access
point maps.
• War Spamming– Exploiting wireless networks in the process of war driving
to spend spam.
Wireless SecurityTerms
Source: Security Focus, Infocus, “Wireless Attacks and Penetration Testing part 1” , June 3, 2002 Silicon.com, “Can Spammers Really Exploit Wireless Networks”, September 8, 2004
University at Albany, School of BusinessCenter for Information Forensics and Assurance
18
• 802.11i – Upgrade of other wireless 802.11a/b/g standards. Fixes
WEP problems.– Use of WPA, WPA2 and AES– Ability to use RADIUS-based authentication of users
• WPA (Wi-Fi Protected Access)– Rekeying of global encryption keys is required (unlike WEP)– Requires TKIP (Temporal Key Integrity Protocol) which
replaces WEP encryption– Needs specific hardware and software– For home and small business users
• WPA2– For enterprise– Incorporates 802.1X
• AES (Advanced Encryption Standard)– Meet the needs for the Federal Information Processing
Standard (FIPS) 140-2 specification (required by many government agencies)
– Needs a dedicated chip to handle encryption and decryption
Wireless SecurityNew Security Technologies
Source: http://www.wi-fiplanet.com/news/article.php/3373441