Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Wifi Hacking 100228163648 Phpapp01

    Enviado por

    NaveenKumarReddy
    74 visualizações22 páginas
    h

    Título original

    wifi-hacking-100228163648-phpapp01

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    h

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    74 visualizações22 páginas

    Wifi Hacking 100228163648 Phpapp01

    Enviado por

    NaveenKumarReddy
    h

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 22

    WI-FI SECURITY

    A gentle introduction to Hacking Wi-Fi

    Thursday, February 25, 2010

    PRESENTED BY

    Paul Gillingwater, CISSP, CISM


    Adjunct Professor of Computer Science
    Webster University Vienna
    http://security-risk.blogspot.com
    Working in IT Security 20+ years

    Thursday, February 25, 2010

    A BRIEF OVERVIEW
    Wi-Fi has been around more than 12 years -originally, it lacked any form of security
    Since 2001, Wireless Encryption Protocol (WEP) has
    been successfully attacked -- in 2007, it takes no more
    than 90,000 packets to break keys (due to weaknesses
    in RC4) -- time to crack less than 1 minute
    Since 2004, Wi-Fi Protected Access (WPA & WPA2)
    were introduced to address WEPs failure -- but even
    this is not quite enough for full security

    Thursday, February 25, 2010

    WI-FI HISTORY
    Originally offered as IEEE 802.11 in 1997 -- security
    limited due to export restrictions of certain
    governments
    Implements Wireless LAN access over 2.4 and 5 GHz
    bands -- former with 3 channels (and shared with
    Amateur Radio and Cordless Phones), latter with 19
    Initial systems 1-2 Mbps, later increased to 11 Mbps
    with 802.11b, then up to 802.11n with 54-600 Mbps
    possible (since 2009)

    Thursday, February 25, 2010

    WIRELESS SIGNALS
    Any wireless signal can be received by suitable
    equipment
    Key-sharing is fundamental issue -- and the more
    often a key is used, the easier it is to find it due to
    mathematics of encryption
    In addition to receiving packets, we can also inject
    packets -- e.g., ARP or de-auth to create traffic

    Thursday, February 25, 2010

    SECURING WI-FI
    In my view, only reliable method for securing Wi-Fi is
    to run a VPN on top (e.g., OpenVPN)
    WEP and WPA are easily broken (WPA TKIP cracked
    in less than 1 minute by Japanese researchers in 2009)
    WPA is TKIP -- WPA2 is CCMP, which is better (AES)
    WPA2 is probably secure enough for home usage -but there is still risk of impersonation

    Thursday, February 25, 2010

    TRAFFIC MONITORING
    On OSX, from command line (with sudo):
    /System/Library/PrivateFrameworks/
    Apple80211.framework/Versions/A/
    Resources/airport
    Specify en1 sniff 1 as parameters to capture
    packets into /tmp/airportSniffxxxx.cap file
    WireShark is free utility for Windows, OSX or Linux
    that captures and displays packets

    Thursday, February 25, 2010

    HOW WPA WORKS


    WPA tried to fix WEP problems, while WPA2 was a
    new approach to solving security problem
    802.1X port access control is key to successful use
    This Enterprise approach depends on separate
    RADIUS authentication server -- each new session
    gets a fresh key, good for a short time
    Home networks dont use RADIUS, so a Pre Shared
    Key (PSK) is used

    Thursday, February 25, 2010

    WPA KEY HANDSHAKE

    Thursday, February 25, 2010

    COW PATTY ATTACK


    Where 802.1X not available, PSK may be sniffed from
    other authenticating stations
    KisMac and coWPAtty use dictionary and other
    attacks to guess the PSK from captured packets
    Packet injection can force re-connects to capture
    coWPAtty with Rainbow Tables (pre-calculated
    hashes) can test >18,000 pass-phrases per second

    Thursday, February 25, 2010

    WPA CRACKER
    Regular WPA-PSK cracking on business grade
    hardware can take up to two weeks
    WPA Cracker is a commercial service using cloudbased computing with 400 nodes, which can crack a
    WPA key in 20 minutes for $34
    This is based on 135 million word dictionary attack -therefore a strong password can defeat this class
    Businesses now know the price of security

    Thursday, February 25, 2010

    BOGUS HOTSPOTS
    Any computer can also be a Wireless Access Point
    Windows 7 has new feature SoftAP -- which can be
    used for Internet Connection Sharing (use Connectify
    for example -- http://connectify.me/)
    However, the bad guys can capture all of the
    packets which pass through their system, even if they
    connect to you with WEP or WPA
    Bad guys can use similar names, e.g., Webster-Wi-Fi

    Thursday, February 25, 2010

    MAC SPOOFING

    Some Access Points allow restriction based on the


    MAC (Media Access Control) address
    This is good basic security, but not reliable -- because
    attackers can simply sniff for trusted address and
    use that in their own systems
    802.1x makes this more difficult for attackers

    Thursday, February 25, 2010

    SUPPRESSING SSID

    Most Wi-Fi networks broadcast


    their network name -- called the SSID
    Security may be improved by disabling this feature
    for a home or business network
    However, experienced hackers will simply monitor
    authorized connections to learn the SSID

    Thursday, February 25, 2010

    MAN IN THE MIDDLE

    A MITM attack means intruder pretends to be


    authorized gateway, but intercepts and can change
    packets (this was used by Japanese team with TKIP)
    Example: Video of Cain tool, with packet capture
    and WEP cracking
    cracking-wep-with-airpcap-packet-injection-and-cain-and-abel.wmv

    Thursday, February 25, 2010

    BYPASSING AIRPORT WI-FI


    Frequent airport travelers know about airport Wi-Fi
    Such systems intercept HTTP, redirect to a login page
    before allowing access (e.g., Boingo Hotspot)
    Most airport Wi-Fi allows DNS lookups -- some direct,
    and some via DNS relay
    If port 53 is allowed, then you can run OpenVPN using
    UDP port 53 to your home system
    If DNS relayed, then use DNS tunnel (Linux mostly)

    Thursday, February 25, 2010

    AIRPORT RISKS
    Free Wi-Fi hotspots in an airport or cafe might
    belong to a hacker, who is capturing traffic -including, potentially, user names & passwords
    Hackers can also relay HTTPS -- so dont assume
    your password is safe at a public Hot Spot
    Most hotspots dont use WEP or WPA -- so most
    traffic is not encrypted (unless SSH or SSL is used)

    Thursday, February 25, 2010

    WI-FI SECURITY ADVICE


    Avoid WEP and WPA/TKIP, use WPA2 or WPA/AES
    If using in a business, use 802.1X -- otherwise make
    sure you have PSK length > 20 characters
    Use MAC access control (restrict connecting devices
    based on their internal address)
    Use VPN for truly sensitive information

    Thursday, February 25, 2010

    COMMERCIAL RISKS
    TJ Maxx is classic example of Wi-Fi vector: resulted in
    loss of 45 million customer records (Credit Card details)
    The weakness was the use of WEP to secure a LAN, which was
    exploited by the hackers
    This breach cost the company $12 million in direct costs, not
    including the subsequent remedial work and loss of PCI
    compliance
    Average cost of a Data Breach rose to $200 per customer record in
    2009, according to Ponemon Institute study -- average total cost
    rose to $6.75m

    Thursday, February 25, 2010

    LEGAL ASPECTS
    In many countries, hacking others Wi-Fi is illegal -therefore, do any tests using your OWN gear
    See NCSL web site for summary of States laws
    Unauthorized access can attract serious
    prosecutions, fines and criminal charges
    Within Webster University, unauthorized Wi-Fi
    access could be grounds for expulsion

    Thursday, February 25, 2010

    LATEST WI-FI TRENDS


    Passive-Aggressive SSIDs now used by some... e.g.:
    YOURDOGPOOPSINMYYARD
    TURNTHEMUSICDOWN
    CAITLINSTOPUSINGOURINTERNET
    WECANHEARYOUHAVINGSEX
    OBAMAISASOCIALIST

    Thursday, February 25, 2010

    THANK YOU!

    Any questions?
    Comments?
    Discussion....

    Thursday, February 25, 2010

    Você também pode gostar