University at Albany, School of Business - PowerPoint PPT Presentation

About This Presentation
Title:

University at Albany, School of Business

Description:

Session Hijacking. Exploit Demonstration. University at Albany, ... Session Hijacking. Protection/Detection. Additional protection at the Data Link Layer: ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 19
Provided by: mba3
Learn more at: https://www.albany.edu
Category:

less

Transcript and Presenter's Notes

Title: University at Albany, School of Business


1
Wireless Security
2
Wireless SecurityExplosion of Devices
  • Spectrums 802.11x, Bluetooth, Infrared,
    Cellular, Radio, Microwave, Satellite

3
Wireless SecurityWireless Cities
  • August 21, 2004 BBC News
  • New York set for citywide wireless. In exchange
    for being able to mount up to 18,000 new lamp
    post-based antennas, to strengthen coverage
    around the five boroughs, the companies will pay
    the city government around 25m each year. "This
    is something that makes sense," he added. "The
    companies are anxious to do it, and we think it
    will improve service for New Yorkers."
  • There is already one patch of midtown Manhattan
    that provides an ideal glimpse of what a more
    wireless-friendly New York will be like.
  • Bryant Park has been providing a free service to
    any laptop user who wants access for many months
    now.
  • Source http//news.bbc.co.uk/2/hi/technology/35
    78982.stm

4
Wireless SecurityAlbany, NY Wireless
  • August 21, 2004 Times Union
  • Internet hot spots popping up. On Tuesday,
    Lemery Greisler LLC will celebrate the first
    free, public wireless Internet hot spot in
    downtown Albany. But Omni Plaza, a brick
    courtyard across the street from the law firm's
    offices at 50 Beaver St., is just the centerpiece
    of the ground-up effort to blanket downtown with
    wireless Internet coverage.
  • "What we're unveiling is the pilot," said Scott
    Almas, a Lemery Greisler associate and driving
    force behind the effort. "There's a better
    mousetrap than these little access points. My
    vision was Throw out some cheese, draw in the
    mouse and then put in a better mousetrap. That
    would be universal, ubiquitous coverage."
  • Earlier this year, Intel Corp. released a
    ranking of American cities with the best wireless
    access. Despite its Tech Valley moniker, the
    Albany-Schenectady-Troy area ranked 71st, behind
    regions such as Wichita, Kan., and Worcester,
    Mass. The as-yet-unnamed downtown effort is an
    attempt to change that.
  • "At some point this will be part of the
    municipal infrastructure," Almas said. "But until
    the mice come out, nobody has any interest in
    putting in a better trap."
  • Source Times Union

5
Wireless SecurityAlbany, NY Access Points
Empire State Plaza
War Driving in Albany
6
Wireless SecurityAccess to Wireless Data
  • July 1, 2004 CNN.com
  • Report Homeland Security vulnerable to wireless
    hackers. WASHINGTON (CNN) -- Although charged
    with making the nation more secure, the
    Department of Homeland Security has not taken the
    steps needed to secure its own wireless
    communications, according to a report from the
    department's Inspector General.
  • Wireless messaging services played a critical
    role following the September 11, 2001 terrorist
    attacks. While cellular telephone service was
    out, key personnel remained in contact using
    messaging services.
  • But wireless technology can facilitate
    unauthorized access to wired networks and data
    through eavesdropping or theft. Those
    vulnerabilities increase the need for strong
    security controls.
  • The report concludes that Homeland Security
    cannot ensure that its sensitive information
    about terrorist threats and security is not being
    monitored, accessed, and misused.
  • Source Times Union

7
Wireless SecurityWireless Concerns
  • Security is the top issue with Wireless Ethernet
  • A larger percentage of government respondents
    rated this as an issue compared to industry
    respondents.

Source 2003 Wireless LAN Benefits Study, Cisco
Systems
8
Wireless SecurityWireless Attacks
  • Denial of Service
  • Jamming (by using a device which will flood
    spectrum with noise and traffic)
  • Spoofing identity (through cloning MAC address of
    and setting strength of signal to greater than
    other user)
  • Spoofed access points (clients are usually
    configured to associate with the access point
    with the strongest signal)
  • ARP poisoning
  • Attacker can get packets and frames from the air
    by poisoning caches of MAC/IP combinations of
    two hosts connected to the physical network.
  • Sleep Deprivation Attacks
  • People run programs on wireless devices to drain
    all its power

Source Wireless Attacks and Penetration Testing
part 1, June 3, 2002
9
Session Hijacking Exploit Demonstration
  • Vulnerability
  • Inherent weaknesses in underlying protocols used
    on computer networks today
  • e.g. ARPs protocol lack of authentication and
    limited table entries.
  • Attack Scenario
  • Start hunt and identify active sessions.
  • Passively monitor session.
  • Hijack the session.
  • Perform malicious activity.
  • Terminate the session.

10
Session Hijacking Protection/Detection
  • Protection
  • Use encryption.
  • Use strong authentication.
  • Configure appropriate spoof rules on gateways.
  • Monitor for ARP cache poisoning.
  • Additional protection at the Data Link Layer
  • Use port security feature on Ethernet
    switches.
  • Hard code ARP tables on your critical servers
    and turn
  • off ARP on your network interfaces.

11
Conclusions
12
Computer SecurityLayered Approach to Security
  • Do not underestimate internal network threats.
  • Apply industry best practices in day-to-day work.
  • Use layered approach with information security.
  • Take a proactive approach with information
    security.
  • Do not wait for an incident to happen and react
    when it may be too little, too late.

13
AcknowledgementsOrganizations/People
  • Thanks to the support of
  • NY State Center for Information Forensics and
    Assurance, UAlbany
  • NY State Office for Cyber Security and Critical
    Infrastructure Coordination
  • New York State Police
  • Thanks to Damira Pon, CIFA for assistance in
    preparing this presentation
  • Thanks to Sandy Schuman and Steve Walter for
    organizing the Korean Executive talk

14
Additional Material
15
AppendixSecurity Tools
Tool Name General Use OS Available From
Ettercap Sniffer Linux http//ettercap.sourceforge.net
Hunt Sniffer/Hijacking Linux http//lin.fsid.cvut.cz/kra
Ethereal Sniffer Linux Windows http//www.ethereal.com/download.html
RPCScan2 Scanner Windows http//www.foundstone.com
dcom2_scanner.c Scanner Linux http//packetstormsecurity.com
Netcat Scanner-Multipurpose Linux Windows http//www.hack-box.info/bruteforce.html
John the Ripper Password Cracker Linux Windows http//www.openwall.com
Linux Kernel Patch Kernel Security Patch Linux http//www.openwall.com/linux
BufferShield 1.01a Kernel Security Patch Windows http//www.sys-manage.com/index10.htm
OverflowGuard Kernel Security Patch Windows http//www.datasecuritysoftware.com
StackDefender Kernel Security Patch Windows http//www.ngsec.com/ngproducts
Juggernaut Sniffer/Hijacking Linux http//packetstormsecurity.com/
TTY Watcher Sniffer/Hijacking Linux http//www.cerias.purdue.edu
IP Watcher Sniffer/Hijacking Linux http//www.engrade.com
16
AppendixWireless Protocols
Name Description
CDPD (Cellular Digital Packet Data) Supports wireless access to Internet from cell phone networks.
HSCSD (High Speed Circuit Switched Data) Enables data transfer from GSM networks.
PDC-P (Packet Data Cellular) Packet switching message system used in Japan
GPRS (General Packet Radio Service) Specification for transfer on GSM/TDMS networks.
CDMA (-2000 1xRTT) Radio Transmission Technology
Bluetooth Specification for short distance wireless communication between two devices
IrDA Infrared light communication between two devices.
LMDS (Local Multipoint Distribution Service) Broadband wireless point to multipoint using microwave communications
MMDS (Multichannel Multipoint Distribution Service)
802.11x Wi-Fi (for wireless Ethernet) 802.11/a/b/g/i
17
Wireless SecurityTerms
  • WEP (Wired Equivalent Privacy)
  • WEP is an authentication scheme (not required)
  • Only good for data between access points
  • Uses 24 bits for initialization vector (same
    vector can be used for different packets) and
    leads to possible duplication.
  • Hackers only have to collect data frames by using
    a network monitoring tool and then run a program
    called WEPCrack.
  • War Driving
  • Needs global positioning system (GPS), wireless
    laptop, and software
  • Software keeps track of position and access point
    configuration.
  • Data uploaded to internet databases of wireless
    access point maps.
  • War Spamming
  • Exploiting wireless networks in the process of
    war driving to spend spam.

Source Security Focus, Infocus, Wireless
Attacks and Penetration Testing part 1 , June
3, 2002 Silicon.com, Can
Spammers Really Exploit Wireless Networks,
September 8, 2004
18
Wireless SecurityNew Security Technologies
  • 802.11i
  • Upgrade of other wireless 802.11a/b/g standards.
    Fixes WEP problems.
  • Use of WPA, WPA2 and AES
  • Ability to use RADIUS-based authentication of
    users
  • WPA (Wi-Fi Protected Access)
  • Rekeying of global encryption keys is required
    (unlike WEP)
  • Requires TKIP (Temporal Key Integrity Protocol)
    which replaces WEP encryption
  • Needs specific hardware and software
  • For home and small business users
  • WPA2
  • For enterprise
  • Incorporates 802.1X
  • AES (Advanced Encryption Standard)
  • Meet the needs for the Federal Information
    Processing Standard (FIPS) 140-2 specification
    (required by many government agencies)
  • Needs a dedicated chip to handle encryption and
    decryption

Source http//www.wi-fiplanet.com/news/article.ph
p/3373441
Write a Comment
User Comments (0)
About PowerShow.com