Upload
chandrak-trivedi
View
213
Download
0
Embed Size (px)
Citation preview
WLAN ATTACKS and PROTECTION
By,
101015275_Chandrak Trivedi
Learning Objectives
Understand the issues related to WLAN
Identify WLAN attacks and vulnerabilities
Describe existing WLAN security solution
Explain how WLAN are protected
Scanning and tools used for WLAN attacks
101015275_Chandrak 2
Introduction
WLANs are more flexibility, mobility, easy installation and low cost relative to wired networks.
The Standard security requirements in WLANs have achieved on two levels, frame security level, and RF security level.
Frame security level is concerned about how to transmit packets through the air securely. Use a strong encryption and a strong authentication.
RF security level is concerned about monitoring and scanning the air for detecting the illegal hotspots and the rogue access points.
101015275_Chandrak 3
ISSUES
Issue1: Unlike a wired network, a WLAN uses radio frequency transmission as the medium for communication.
Issue2: Our inability to effectively contain radio signals makes the WLAN vulnerable to a different set of attacks.
Issue3: MAC address filtering can be configured in an access point in order to allow only the authorized client in the network.
Issue4: SSID is an identification that allows the clients to communicate with the appropriate access point.
101015275_Chandrak 4
Types of WLAN Attacks
Confidentiality Attacks
Access Control Attacks
Integrity Attacks
Availability Attacks
Authentication Attacks
101015275_Chandrak 5
Attack Description Security ElementMan in the middleattack (MITM)
If data are unprotected, hackers can
intercept data.
Confidentiality
Integrity
Dictionary attack Programs that try large passwords to get
the correct one.
Authentication
Access control
Bit-flipping A cryptanalytic attack that can be used
against any encrypted data.Integrity
Handshake stole The attacker uses the role of theauthorized client to steal the handshake
between access point and client.
Authentication
Unauthorized clientaccess
If a network has a weak userauthentication, it is very easy for a hacker
to achieve access and take information.
Access control
DoS (Denial of Service) Congesting a network resource with more
requests.Availability
Rogue Access Points An unauthorized access point that hasbeen connected to the wired network,which can provide malicious orunauthorized users with open access to
the LAN.
Availability
IP Spoofing / MAC Address Spoofing If the hacker has a rogue access pointenabled DHCP, it can effect on the main
DHCP in the network.
Availability
101015275_Chandrak 6
Existing WLAN Security Solutions
Wired Equivalent Protocol (WEP)
Wi-Fi Protected Access (WPA)/ Temporal Key Integrity Protocol (TKIP)
WPA2 / Advanced Encryption Standard (AES)
WPA2 using 802.1x servers
101015275_Chandrak 7
Attack on WEP
Bit-flipping attack can make ciphertext XOR and key give the plain text easily.
Cyclic redundancy code (CRC) is not cryptographically strong.
It uses the 24-bit long initialization vector (IV) that is clear text added to the packet.
101015275_Chandrak 8
Attack on WPA/WPA2
Dictionary attacks and WPA handshake capture are the most popular attacks on WPA and WPA2 protocols.
Wi-Fi protected setup (WPS) are also connected to access point, but it can be hacked and attacked by the Reaver tool or Wifite tool (brute force attack).
101015275_Chandrak 9
https://www.youtube.com/watch?v=o5MmMBBC4BY
WLAN Protection
The Frame Level Security
Data confidentiality and Integrity - WPA2/AES provides the strongest wireless encryption.
Authentication and Access control - authentication scheme based on the IEEE 802.1x model.
The RF Security Level
Wireless Intrusion Detection System (Wireless IDS)
Wireless Intrusion Prevention System (Wireless IPS) 101015275_Chandrak 10
Tools
Aircrack, AirSnort, Kismet, Cain & Able, WireShark, Fern WifiWireless Cracker, CoWPAtty, Airjack, WepAttack, NetStumbler, Wifiphisher, Reaver, and Wifite.
http://resources.infosecinstitute.com/20-popular-wireless-hacking-tools-updated-for-2016/
101015275_Chandrak 11
Conclusion
The WEP protocol does not achieve the standard security requirements.
The proposed solution incorporates AES encryption, in conjunction with 802.1x authentication Free RADIUS server, provides a required frame security level for WLANs.
Detecting and preventing attackers are the best solution to achieve the RF security level.
Granting different privileges to the users in VLANs, isolating VLANs help with ease putting security policies and control users.
101015275_Chandrak 12
101015275_Chandrak 13