Wireless Network

Security

FORESEC Academy Security

Essentials (I) :

Networking Concepts

Wireless Advantages
Wiring

takes time and money; wireless drastically

reduces these costs
Users can access the network from anywhere
Mobility and connectivity
Usable in environments where wiring is difficult
- Historic buildings
- Factories, assembly lines, warehouse floors,
hospitals, and financial trading floors
-Temporary networks, such as exhibitions

Popular Wireless Devices

Pagers
Personal

Digital Assistants (PDA)

Cellular Phones
Handheld Computers
Laptops

Vertical Markets
Healthcare

Financial
Academia

Factories/Industrial
Retail

and Restaurants

Wireless in Restaurants

Wireless Protocols
WAP

Bluetooth
802.11

WiFi

Ad-Hoc

Networks
Infrastructure Networks

Wireless Application Protocol (WAP)

WAP

forum formally approved WAP 2.0

Operates over a multitude of different
wireless technologies:
-Cellular Digital Packet Data (CDPD), Code Division Multiple
Access (CDMA), and Global System Mobile (GSM)

Enables

a multitude of wireless devices,

including cell phones and PDAs, to have
common access to the Internet
Built-in security at the transport layer

Wireless Application
Protocol
(WAP)

The WAP Gap

WTLS: Wireless Transport Layer Security

Used in version before WAP 2.0
Requires WAP gateway to decrypt WTLS transmission, and then
re-encrypt as TLS/SSL
Sensitive data is exposed as it traverses the gateway

Protecting Gateways
Ensure

that WAP gateway never stores

decrypted content on secondary media
Implement additional security at higher
protocol layers
Physically secure the WAP gateway
Limit remote administrative access to the
WAP gateway to inside the corporate
firewall boundary
Add WAP devices to your PKI

Bluetooth
Used

to connect disparate devices

- Laptops, PDAs, and cell phones
Maximum bandwidth: 1 Mbps
No line-of-sight requirement
Supports data, voice, and content-centric
applications
High degree of interference immunity
Up to seven simultaneous connections

Bluetooth Security
End

user utilizes a PIN that is 4-16 bytes

in length between multiple devices
Bluetooth uses the pin and its MAC
address to generate security keys
Keys are used to authenticate
Bluetooth peers and to encrypt
transmission data

Bluetooth Security Issues

Susceptible

to eavesdropping
Encryption mechanisms are often
weak
Simple PIN numbers are often poorly
selected and inadequate security
Tools such as RedFang and BlueSniff
are designed to locate Bluetooth
networks

802.11 Wireless
Supports

ad-hoc and infrastructure networks

Supports roaming, fragmentation and
reliable data delivery (positive
acknowledgement)
Branched into:

802.11a supports up to 54 Mbps @ 5 GHz

802.11b supports up to 11 Mbps @ 2.4 GHz
802.11g supports up to 56 Mbps @ 2.4 GHz
802.11n supports up to 600 Mbps @ 2.4 GHz and 5 GHz

Ad-Hoc Networks

Ad-Hoc Architecture
Peer-to-peer

networking
Unstructured connectivity
Used for LANs or PANs
Typically short-lived in duration
Often used for point connectivity

Ad-Hoc Architecture

Infrastructure Networks

Infrastructure Architecture
Uses

centralized access point or base

station
Centralized authority for access to the
medium
Typically responsible for security
Communicates with other centralized
peers for roaming

Wireless Signal

WiFi Pineapple

22

10/17/2012

Evil twin
Evil

twin is a term for a rogue Wi-Fi access point that

appears to be a legitimate one offered on the
premises, but actually has been set up by a hacker
to eavesdrop on wireless communications among
Internet surfers

WEP

WEP Security Issues

WEP

has proven to be an insecure encryption

mechanism
Shared secrets do not remain secretive
Inability to rotate WEP keys produced
stagnant shared secret implementations
Flaws in WEP implementation permit recovery
of shared secrets statistical methods
Accelerated WEP cracking becoming
common

Tools used by attackers

WEPCrack

AirSnort
dwepcrack

Tools used by attackers

Aircrack-ng

wnet/reinj

WEPWedgie

often resulting an attacker's ability to

recover a shared secret from a
network using WEP in one hour or
less.

Improved 802.11 Security

IEEE

802.11i and 802.1x committees tasked

with securing WLANs
802.1X protocols improve WLAN security, but
are still fallible
WPA-I protocol is better, but still has
weaknesses that can be exploited
dictionary attack (aircrack-ng)
Future 802.11i/AES encryption has positive
outlook

Common Misconceptions
General

misconceptions
Technical misconceptions
Risk misconceptions

General Misconceptions
I

dont need to worry about security

because we arent using wireless for
sensitive data
We dont have any wireless