Wireless Security Attack and Defense - PowerPoint PPT Presentation

About This Presentation
Title:

Wireless Security Attack and Defense

Description:

Stock Allocation (Higher Growth, Lower Valuation) Investment Process. Top-Down (Asset, Style, Sector) Bottom-Up (Industry, Stock, Trading) ... – PowerPoint PPT presentation

Number of Views:143
Avg rating:3.0/5.0
Slides: 21
Provided by: MischelKw
Category:

less

Transcript and Presenter's Notes

Title: Wireless Security Attack and Defense


1
Wireless SecurityAttack and Defense
  • Mischel Kwon, Director Wireless Information
    Assurance
  • Office of the CIO, E-Gov
  • USDOJ

2
Agenda
  • Wirelesswhat is it?
  • Wireless - it is a new world
  • 802.11
  • Whose WAP are you using
  • War walking
  • Securing wireless at work
  • Securing 802.11 at home
  • Bluetooth
  • IrDA
  • EvDO
  • Summary

3
Wireless
4
Yesterday and Today
  • Last Year
  • The NO Wireless Policy
  • WEP
  • Captive Portals
  • This Year
  • Face it you have wireless Policy
  • WPA2 Authentication
  • VPN
  • Firewall/Policy Enforcement
  • Bluetooth in everything
  • Fake Access Points
  • WiMax
  • EvDO

5
Whose WAP are you Connected To Anyway?
Who are you connected to?
6
War Driving
  • Equipment (the rig)
  • Laptop --- 1399
  • Wireless card --- 67
  • Antenna --- 10 (homebrew)
  • Scanning Software ---Free
  • GPS (optional)

7
Equipment
  • Antennas
  • Omni-directional
  • Mast mount
  • Semi-directional
  • Yagi
  • Highly-Directional
  • Grid
  • Parabolic
  • Home Brew Antennas

8
Equipment
  • Laptops
  • Windows
  • Linux
  • Mac OS X
  • Handhelds
  • HP iPaq
  • Sharp Zaurus

9
Equipment
  • Scanning Software
  • Net Stumbler
  • www.netstumber.com
  • Airopeek
  • www.wildpackets.com
  • Wellenreiter
  • www.remote-exploit.org
  • KISMET
  • www.kismetwireless.net
  • AirSnort
  • airsnort.shmoo.org

10
Wi-Finders
http//www.kensington.com/html/3720.html
11
Securing Wireless at Work
  • The Security Policy
  • Authentication
  • Authorization
  • VPN
  • DMZ
  • Wireless on their own VLAN
  • Hardened wireless gateway
  • Device policy enforcement
  • Passwords on devices
  • Auto erase on devices when password
    authentication fails a set number of times
  • Disable, remove, scratch IrDA ports not needed
  • Physical examination of site regularly
  • Wireless Audits
  • IDS

12
Secure 802.11 at Home
  • WEP
  • RC4
  • 64 bit
  • 128 bit more secure (bit slower speed)
  • Pass phrase
  • WPA
  • Pre-shared keys
  • TKIP
  • Temporal Key Integrity Protocol. TKIP utilizes a
    stronger encryption method and incorporates
    Message Integrity Code (MIC) to provide
    additional protection. Still RC4.
  • AES
  • Advanced Encryption System, which utilizes a
    symmetric 128-Bit block data encryption.
  • Pre-shared keys with Radius
  • RADIUS uses an external RADIUS server to perform
    user authentication.

13
More Home Security
  • Mac Filtering
  • SSID
  • VPN
  • Best Practiceswhat not to do on your wireless
    segment
  • DMZ
  • Firewalls

14
Bluetooth
  • Cars
  • Phones
  • PDAs
  • Not on my laptop
  • Printers
  • Earpieces
  • Keyboard, mice
  • Coke Machines
  • EKG

15
Blue Sniffing and
  • Smurf
  • MeetingPoint
  • BTScanner
  • BlueSweep
  • BlueWatch (not free)
  • Blue Jack

16
The Blue Attack
  • Hooking up?
  • Open Microphone
  • Dialing for dollars
  • Contacts, Notes, Email

17
Securing Bluetooth
  • PIN
  • Dont be promiscuous
  • Turn it off

18
IrDA
  • Laptop
  • Phone
  • Blackberry
  • PDA
  • Keyboards/Mice
  • Is yours enabled?
  • Easy transfer
  • Banana sticker

19
EvDO
  • Evolution Data Only, Evolution Data Optimized
  • High speed
  • Always on
  • 2.4 mbps bandwidth
  • Supported by some cell phones
  • PCMCIA cards

20
Recommended References
  • NIST 800-48
  • Wireless Security Implementation Guide, Defense
    Information Systems Agency
  • Wireless Security Checklist, Defense Information
    Systems Agency
  • Open-Source Security Testing Methodology Manual,
    Institute for Security and Open Methodologies
  • Wi-Foo The Secrets of Wireless Hacking
  • Real 802.11 Security Wi-Fi Protected Access and
    802.11i
  • Wireless Security Ensuring Compliance with
    HIPAA, GLBA, SOX, DoD 8100.2 and Enterprise
    Policy, AirDefense, www.airdefense.com
  • Weaknesses in the Temporal Key Hash of WPA,
    Vebjorn Moen, Havard Raddum, Kjell Hole,
    University of Bergen, Norway
  • Security Flaws in 802.11 Data Link Protocols,
    Nancy Cam-Winget, Russ Housley, David Wagner,
    Jesse Walker
  • Securing a Wireless Network, Jon Allen, Jeff
    Wilson
  • Securing Wireless Data System Architecture
    Challenges, Ravi, Raghunathan, Potlapally,
    Computer and Communications Research Labs NEC
    USA
  • Solving the Puzzling Layers of 802.11 Security,
    Mischel Kwon
  • 802.11 Security, Praphul Chandra
  • NIST Wireless Network Security 802.11, Bluetooth
    and Handheld Devices, Tom Karygiannis, Les Owens
  • Cisco SAFE Wireless LAN Security in Depth
Write a Comment
User Comments (0)
About PowerShow.com