super barcode training camp - motorola airdefense wireless security presentation
DESCRIPTION
Motorola Wireless Security Concerns. Visit http://www.systemid.com/symbol/ for barcode equipmentsTRANSCRIPT
1MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
THE THREAT OF WIRELESS AND EMERGING ATTACKS FEB 23, 2011
AIRDEFENSE SOLUTIONS, MOTOROLA SOLUTIONSAIRDEFENSE SOLUTIONS, MOTOROLA SOLUTIONS
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
2
AGENDA
COMMON WIRELESS NETWORK RISKS
EMERGING THREATS
RECOMMENDATIONS
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
3
INTERNET
Server
Network Edge Blurred
New AttackVectors ‘Behind’
the Firewall
WIRELESS SECURITY CONCERNS
1Rogue AP Connected to Network(Network Breach)Hacker
3Leaked Wired Traffic & Insertion(Data Leakage)
Hotspot Evil Twin
Mobile User2Hotspot Phishing(Data Leakage)
5Users Bypassing Network Security Controls(Data Leakage/Network Backdoor)
4Non-Compliant AP(Network Breach/Data Leakage/Data Compromise)
Muni Wi-Fi or Neighbors
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
4
MOBILE WORKERSVULNERABILITIES
Do I have wired & wireless on at the same time?
Is my laptop probing for SSIDs not on the safe list?
Are my employees using Municipal Wi-Fi?
Am I connected to an insecure access point?
Am I connected to a real hotspot connection?
Am I connected to someone nearby in ad-hoc mode?
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
5
HOTSPOT PHISHING/ EVIL TWIN & MORE
Attack Vector: Any Wi-Fi Enabled Device
New Hotspot Phishing(Data Leakage):
PalmPre with Hacked Mobile Hotspot
+ Mobile Devices
Direct attacks on Wireless Clients using Cellphone
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
6
COMPARING PACKETSComparing packets from Access Points versus Wireless Clients
3Naïve user Associates with Fake AP
Laptop sends Probe Request
AP provides IP address to User
Scan laptop for vulnerabilities & compromise it
5
Use station as a launch pad6
User Station
Co
rpo
rate
Net
wo
rk
Intruder Laptop
2Fake AP responds with Probe Response
PalmPre sending beacons & probe responses
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
7
Type Attacks Tools
Reconnaissance Rogue APs Open/Misconfigured APs Ad Hoc stations
Netstumbler, Kismet, Wellenrighter
Sniffing WEP, WPA, LEAP cracking Dictionary attacks Leaky APs
AirSnort, Wepcrack, Cowpatty, Wireshark, Cain, Ettercap
Masquerade MAC spoofing AirSnarf/HotSpot attacks Evil Twin/Wi-Phishing attacks
AirSnarf, Hotspotter, HostAP, SMAC
Insertion Multicast/Broadcast injection Routing cache poisoning Man in the Middle attack
Airpwn, WepWedgie, ChopChop, Vippr, irpass, CDPsniffer
Denial-of-Service Disassociation Duration field spoofing RF jamming
AirJack, void11, Bugtraq, IKE-crack
SUMMARY OF 802.11 VULNERABILITIES
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
8
CAPTIVE PORTAL BYPASS – GUEST ACCESS
What can I do with access to the
local network? Scan and target other users of the
wireless network Exploit laptops and steal credentials
for other wireless networks Validate if portal ACL rules are
properly prohibiting access Ping, ssh, telnet, ftp, etc. without
EVER authenticating to the portal
WAN
Appsvr1.corp.com 10.5.1.15
IP: 192.168.1.45
DNS: 10.5.1.10
Appsvr1.corp.com
Credit card system exposed to the wireless network!
!
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
9
EMERGING ATTACK VECTORS
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
10
PINPAD SWAPPING: BLUETOOTH
Bluetooth Specs:
All Bluetooth devices operate at the 2.4 GHz band
Bluetooth defines 79 channels for communication on the 2.4 GHz band each channel being separated by 1 MHz
The frequency range 2.402 GHz - 2.480 GHz
Allows for 1600 frequency hops per second
Class
Maximum Permitted PowerRange(approximate)mW dBm
Class 1 100 20 ~100 meters
Class 2 2.5 4 ~10 meters
Class 3 1 0 ~1 meters
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
11
WINDOWS 7 VIRTUAL WI-FI Setup at the DOS Prompt & Share either a Wired or Wireless connection The user can share their own desktop (like an ad-hoc network) & the user can share their network connection with others Wireless network may use authentication and encryption, BUT the user can share that connection with others, allowing those users to connect to the corporate network with weaker authentication & encryption
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
12
Comparing packets from Access Points versus Wireless Clients
2Win7 responds with Probe Response
Laptop sends Probe Request1
Win7 provides IP address to User3
Intruder on Network4
Intruder Laptop User Station
Co
rpo
rate
Net
wo
rkWINDOWS 7 – COMPARING PACKETS
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
13
Historical
Device logs/syslog
Firewall logs (Wireless Switches, APs, Wired Firewall)
Wireless IDS alarms, events, logs
Wired IDS alarms, events, logs
Remnants on wireless clients (registry, saved wireless networks, etc.)
Live
Wired Sniffing
Wireless Sniffing
Spectrum Analysis
Bluetooth
RF Analysis, Heat Maps/Location Tracking
Live analysis on IPS, WIPS, Firewalls, etc.
Roaming behavior (AP to AP, or client to client )
Others…
INCIDENT RESPONSE & FORENSIC ANALYSIS
Sources for Analyzing Wireless Attacks
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
14
Ensure Security and Comply with
Regulatory & Industry Requirements
Centrally Control and Monitor WLAN Infrastructure with One
Management Console
Solutionsfor AnyWLAN
Allows Remote Troubleshooting and Proactive Analysis of Wireless Issues
MOTOROLA AIRDEFENSE SOLUTION
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. © Motorola, Inc. 2010. All rights reserved.
15
THANK YOU…