protecting wireless networks aka wireless hacking
TRANSCRIPT
Protecting Wireless Networks aka Hacking Wireless
Saptha Wanniarachchi MBCS,MCSE,MCITP
Twitter @sapthasaptha.com
Wired Vs Wireless Hacking
r i m e i s a l l a r o u n d u s .C
In theory, wireless LANs are less secure than
wired LANs, because wireless communication
signals travel through the air and can easily be
intercepted.
Types Of Wireless Networks
Unfortunately, turning off the broadcast of the
SSID may lead to a false sense of security. The
method discourages only casual wireless
snooping, but does not stop a person trying to
attack the network.
Scanning for Access Points• Access points periodically transmit beacon
frames (SSID, data rate, etc.)
• Client scans frequencies and picks an access
point based on SSID, signal strength, ...
• Client switches to assigned channel and
establishes an association
How dose the war diving looks
WIFI Authentication
WEP
WPA
WPA1. Pre-Shared Key
2. Enterprise
Summary of authentication
Open Network
WEP
WPA
How to Attack
Scan -> Test Injection Capability
Use sniffing tools and collect IV’s
Try Fake authentication and MAC spoofing
When you have enough IV’s use cracking tool
to extract password
Or try MIM Attack and inject packets
Source: Consumer Reports
MisconfigurationMisconfiguration possibilitiespossibilities
•• no encryption usedno encryption used
•• weak (guessable) password weak (guessable) password
used to generate keyused to generate key
•• weak protection of encryption weak protection of encryption
key on client machinekey on client machine
•• weak protection of weak protection of
management interface for management interface for
access pointaccess point
Tools
Tools
Tools
Tools
Tools
Tools
Tools
Tools
Recommendations: WLAN Security
• WEP (fair)
• enable wireless frame encryption
• use longest key
• change the WEP key regularly (manually)
• 802.1X and WPA (user authentication + dynamic
keys) (better)
• use as soon as practical and stable
• set rekeying to occur every few hours
• 802.11i (best)
• upgrade / use when available and supported
Q&A