guerilla warfare balakumar balasubramanian. security issues in wireless/mobile networking

20
Guerilla Warfare Balakumar Balasubramanian

Upload: lucinda-harrington

Post on 26-Dec-2015

215 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Guerilla Warfare

Balakumar Balasubramanian

Page 2: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Security Issues In Wireless/Mobile Networking

Page 3: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

AENDA

Faces of wireless Who are Cyber Guerillas Who are at Risk…What do they do Pitfalls Combating Techniques Personal Observations

Page 4: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Many Faces of Wireless Wireless Personal Area Networks (WPANs) use very

short-range wireless technology to replace cables connecting PCs with peripherals, phones with headsets, etc.

Wireless Local Area Networks (WLANs) use short-range wireless to reach at least 300 feet, at speeds up to 11 Mbps (IEEE 802.11b) and 54 Mbps (802.11a/g). WLANs connect computers-desktops, laptops, PDAs and Pocket PC-enabled phones-to each other and to adjacent networks via wireless access points or gateways.

Page 5: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

…… Wireless Metropolitan Area Networks (WMANs) use very

high-speed wireless for site-to-site connections-for example, a five-mile point-to-point uplink from a subscriber's office to a service provider's network access center. WMAN technologies include LMDS, MMDS, and IEEE 802.16 fixed broadband wireless.

Wireless Wide Area Networks (WWANs) are long-range radio networks that deliver mobile voice and data to subscriber devices like cellphones, pagers, smart phones, voice-enabled PDAs and Blackberries.

Page 6: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Cyber Guerillas

Cyber Guerillas are the newest breed of hackers. They love to hunt and sniff the air for signals emitted from the Wireless Handheld devices that you use to connect to the WLAN

Page 7: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Who are cyber guerillas?

Wireless Network hackers Deny or destroy wireless services for

legitimate user. They search for signals in the spectrums

and uses hacking tools to decrypt the transmission.

More dangerous than regular hacker.

Page 8: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Who are at Risk?

A Business Traveler closing a multi million dollar deal

Military Personal receiving military alerts Hotspot Users Any body using a wireless device.

Page 9: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

What do they do? Cyber Guerillas eavesdrop , grab passwords , valid station

identifiers and network address( Particularly default ones the system administrator forgot to change).

Steal internet bandwidth , user your network as a spring board to attack others

Use sniffing tool to search for signals from wireless mobile devices .

After successfully intercepting the signals , they divert those signal to high speed connection and then target wireless vulnerabilities.

Page 10: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Our Pitfalls Frequency Channel Overlapping - The space between channel

can be so narrow that one frequency might overlap with another. Wi-Fi Implementation incompatibility Hotspots in public places. Unauthorized workstations. System defaults that haven’t been changed. Immature or inadequate wireless standards.

Page 11: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Being Prepared What can an intruder see on the target systems? What can an intruder do with that information? Does anyone at the target notice the intruder's attempts or

successes?

1. What are you trying to protect?

2. Who are you trying to protect against?

3. How much time, effort, and money are you willing to expend to obtain adequate protection?

Page 12: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Prevention is Better If you don't know what you're defending and why, your

security measures are just shots in the dark.

Who needs access to what and when?

Once assets have been identified, enumerate threats and quantify risks. Security is always a balancing act, weighing risk against cost.

the trick then is to monitor your network's health to keep it safe.

Page 13: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Preparing for Combat

Authentication VPN Firewalls Cryptography Biometrics

Page 14: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Authentication Authenticate a message senders identity. PKI-Public Key Infrastructure

Mechanism provides a set of technologies that relies on certificates. Certificates are messages attachments ,issued by certificate authority

that authenticate a senders identity and provide encryption keys. Public key cryptography – use a single algorithm to create a public

and private key. Challenges – Wireless devices have a low throughput and

computational power. WPKI – Wireless PKI Smart cards inserted into a device – mounted reader.

Page 15: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

IEEE 802.11 Security The 802.11 standard's security is composed of authentication

and encryption.

When shared-key authentication is enabled, stations can associate with the AP only if they have a 40- or 128-bit key known to both parties.

Only stations that possess the shared key can join the WLAN

Authentication of individual stations not possible with 802.11

802.11i standard's Temporal Key Integrity Protocol (TKIP) provides for more robust encryption.

Page 16: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Virtual Private Network

Provide security by creating an encrypted tunnel through public internet.

Reduces cost by eliminating the need for companies to build secure private networks.

Once a handheld device’s VPN client obtains an IP address by connecting to the internet , it can authenticate itself to company’s VPN server.

Page 17: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

VPN Deployment

Page 18: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Firewalls / Biometrics A WAP gateway can serve as the single point of entry for

an enterprise’s wireless system. Companies can secure and monitor the gateway as they do

a traditional firewall. Use of a person’s unique physical characteristics. Finger

Prints ,voice patterns, facial geometry or retinal images. Biometrics are too costly for small wireless devices.

Page 19: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Personal Observation

Wireless networks are widely used .

SEPTA – Market East Station

PWD – Water Treatment plant

Security Industry

Page 20: Guerilla Warfare Balakumar Balasubramanian. Security Issues In Wireless/Mobile Networking

Suggestions?