Agenda - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Agenda

Description:

Hands-on experience with Windows 2000 or Windows. Server 2003 ... Orinoco driver. Netstumbler software. Results. 65 % Networks not encrypted. 55 % NO access controls ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 29
Provided by: downloadM
Category:
Tags: agenda | orinoco

less

Transcript and Presenter's Notes

Title: Agenda


1
Agenda
  • 1000 1100 Securing wireless networks
  • 1100 1115 Break
  • 1115 1200 Patch Management in the Enterprise
  • 1200 100 Lunch
  • 100 230 Network Isolation using IPSec and
    Group Policies
  • 230 215 Break
  • 215 330 Detecting the Hacker
  • 330 QA

2
Wireless LAN Security
  • Paul Hogan
  • Ward Solutions

3
Session Prerequisites
  • Hands-on experience with Windows 2000 or Windows
    Server 2003
  • Working knowledge of networking, including basics
    of security
  • Basic knowledge of WLANS

Level 300
4
This sessions are about
  • about operational security
  • The easy way is not always the secure way
  • Networks are usually designed in particular ways
  • In many cases, these practices simplify attacks
  • In some cases these practices enable attacks
  • In order to avoid these practices it helps to
    understand how an attacker can use them

5
This sessions are NOT
  • a hacking tutorial
  • Hacking networks you own can be enlightening
  • HACKING NETWORKS YOU DO NOT OWN IS ILLEGAL
  • demonstrating vulnerabilities in Windows
  • Everything we show stems from operational
    security or custom applications
  • Knowing how Windows operates is critical to
    avoiding problems
  • for the faint of heart

6
The Sessions
7
The Network
8
Why Does Network Security Fail?
Network security fails in several common areas,
including
  • Human awareness
  • Policy factors
  • Hardware or software misconfigurations
  • Poor assumptions
  • Ignorance
  • Failure to stay up-to-date

9
Session Agenda
  • WLANs and WLAN issues
  • WLAN Deployment models
  • Out-of-box
  • Block SSID / MAC address filtering
  • WEP
  • WPA (WPA-PSK)
  • WLAN and Windows Server 2003

10
Wireless LAN Good News
Cheap, easy to deploy, high performance radio
based technology that does not respect the
physical parameters of a building.
11
Wireless LAN Bad News
Cheap, easy to deploy, high performance radio
based technology that does not respect the
physical parameters of a building.
12
Wireless LAN
  • By 2006, 60 of Fortune 1000 companies will be
    deploying wireless networks
  • By 2010, the majority of Fortune 2000 companies
    will be heavily dependent on wireless networks.

Gartner Group 2003
13
Wireless Network
And Now a Warning..Corporations turning to
wireless, for operational flexibility without
considering the security issues, may be
carelessly sacrificing the integrity of their
systems
14
Lets go for a drive Drive by hacking
  • Ward Solutions independent analysis
  • Completely non obtrusive
  • Tools
  • Laptop
  • WiFi PCM network card
  • Orinoco driver
  • Netstumbler software
  • Results
  • 65 Networks not encrypted
  • 55 NO access controls
  • 45 Broadcasting network name

15
What can be done
  • Interception
  • Monitoring
  • Insertion
  • Packet Analysis
  • Broadcast Monitoring
  • Access Point Cloning
  • Jamming
  • Denial of Service
  • Brute Force
  • Reconfiguration

16
WLAN Deployment Toaster Install
  • Out of Box
  • Connected to Network
  • Default SSID
  • No Security configurations
  • Could this be happening to you

17
WLAN Deployment SSID / Mac Filtering
  • So I blocked SSID and have MAC locking
  • Limitations of MAC Address Filtering
  • Scalability - Must be administered and propagated
    to all APs. List may have a size limit.
  • No way to associate a MAC to a username.
  • User could neglect to report a lost card.
  • Attacker could spoof an allowed MAC address.
  • SSIDs can be determined even if blocked

18
WLAN Deployment WEP
  • Limitations of Wired Equivalent Privacy (WEP)
  • WEP is inherently weak to due poor key exchange.
  • WEP keys are not dynamically changed and
    therefore vulnerable to attack.
  • No method for provisioning WEP keys to clients.
  • Generations of WEP
  • APs that filter weak IVs
  • Change keys frequently
  • WEP Cracking tools
  • Airsnort
  • Dwepcrack
  • Aircrack aireplay

19
Possible Solutions
  • VPN Connectivity
  • PPTP
  • L2TP
  • Third Party
  • IPSec
  • Many vendors
  • Password-based Layer 2 Authentication
  • Cisco LEAP
  • RSA/Secure ID
  • IEEE 802.1x PEAP/MSCHAP v2
  • Certificate-based Layer 2 Authentication
  • IEEE 802.1x EAP/TLS

20
WLAN Security Comparisons
21
802.1X
  • Defines port-based access control mechanism
  • Works on anything, wired and wireless
  • Access point must support 802.1X
  • No special encryption key requirements
  • Allows choice of authentication methods using EAP
  • Chosen by peers at authentication time
  • Access point doesnt care about EAP methods
  • Manages keys automatically
  • No need to preprogram wireless encryption keys

22
Wi-Fi Protected Access (WPA)
  • A specification of standards-based, interoperable
    security enhancements that strongly increase the
    level of data protection and access control for
    existing and future wireless LAN systems
  • Goals
  • Enhanced Data Encryption (TKIP)
  • Provide user authentication (802.1x)
  • Be forward compatible with (802.11i)
  • Provide non-RADIUS solution for Small/Home
    offices WPA-PSK
  • Typically a software upgrade and Wi-Fi Alliance
    began certification testing for interoperability
    on Wi-Fi Protected Access products in February
    2003
  • WPA2

23
Wi-Fi Protected Access (WPA)
  • WEPs IV only 24 bits and so are repeated every
    few hours ? WPA increased IV to 24 bits repeated
    900 years
  • WPA alters values acceptable as IVs
  • Protects against forgery and replay attacks
  • IV formed MAC address
  • TSC
  • TKIP New password generated every 10,000 packets
  • WPA-PSK ? Passphrase
  • WPA 802.ii1 recommend 20-character password
  • Crack is brute force based

24
802.1x and PEAP
25
WLAN - 802.1X using EAP/TLS
RADIUS (IAS)
Server Certificate
Domain User/Machine Certificate
3, 5, 7
1, 2, 6
EAP Connection
4
Certification Authority
Laptop
Domain Controller
DHCP
Exchange
File Server
26
Best Practices
  • Use 802.1x authentication
  • Organize wireless users and computers into groups
  • Apply wireless access policies using Group Policy
  • Use EAP/TLS and 128 bit WEP 802.1x PEAP
  • Set clients to force user authentication as well
    as machine authentication
  • Develop a method to manage rogue APs such as LAN
    based 802.1x authentication and wireless
    sniffers.
  • Microsoft
  • Securing a wireless LAN Security Strategy
  • Securing wireless LANs with PEAP and Passwords

27
(No Transcript)
28
Questions and Answers
Write a Comment
User Comments (0)
About PowerShow.com