Driveby Hacking - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Driveby Hacking

Description:

... Force on AP password. Encryption Attacks ... These communicate back to Access Ports (AP), or Wireless Bridges ... Web reference of www.computing.co.uk/News ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 24
Provided by: shekhar
Category:
Tags: driveby | hacking

less

Transcript and Presenter's Notes

Title: Driveby Hacking


1
Drive-by Hacking
ECE 578 COMPUTER NETWORK AND SECURITY A TERM
PAPER ON
Shekhar shinde Shinde_at_engr.orst.edu Oregon State
University.
2
Contents
  • Background
  • Problem of drive by hacking
  • Wireless security options
  • Challenges
  • Types of attacks
  • Internet scanner
  • Real life solution to the problem
  • Conclusion
  • References

3
Background
  • WLAN technology is making its way into
    organizations, but
  • Authorized deployments are hindered by security
    concerns.
  • Unauthorized (rogue) deployments put the
    corporate network at risk.
  • Top concerns
  • Where are the access points?
  • Are they vulnerable to attack?
  • Where is the network perimeter?

4
Market
5
The Problem Drive By Hacking
The Building
If the distance from the Access Port to the
street outside is 1500 feet or less, then a
Hacker could also get access while sat outside
6
Wireless LAN Security Options
  • MAC address filtering
  • Vendor specific authentication
  • SSID/Network ID
  • Wired Equivalent Privacy (WEP)
  • Emerging IEEE 802.11x

7
Or in other words
The Problem ??Totally proprietary technology,
and therefore vendor specific and the initial
broadcast keys can still be sniffed
1. User runs client software and enters User name
Password
Valid only for session
Valid only for session
3. When device wants to connect to a different
AP, a new session is created, with a different
unique set of keys
2. The request is sent to the RADIUS/EAP Server,
RADIUS authenticates the session and sends unique
session keys to device AP
8
The Challenges
  • Rogues Access Points
  • Due to low cost, users setting up their own Aps
    without IT knowledge (ie boardrooms)
  • DHCP
  • One of the advantages of WLAN is the ability to
    move around the building, therefore moving
    between IP subnets therefore DHCP is needed,
    but very abuse able !!
  • 803.11xx and other technologies (such as
    Bluetooth WAP) are all new and so no standards
    exist, so very vendor specific

9
Types of Attacks
  • Insertion Attacks
  • Interception and unauthorised monitoring
  • Jamming
  • Client to Client Attacks
  • Brute Force on AP password
  • Encryption Attacks
  • Mis-configurations

10
Types of Attacks
  • Insertion
  • Deploying un-authorised devices or creating new
    wireless networks without prior knowledge of IT
  • Interception and Unauthorised Monitoring
  • As with wire networks it is possible to sniff
    the network, but where monitoring agents are
    required, with WLAN you can get everything.
  • Jamming
  • As name suggests this is a Denial of Service
    Attack floods the 2.4Ghz range, used by these and
    other devices, so nothing can communicate

11
Types of Attacks
  • Client to Client Attacks
  • Once Windows is configured to support Wireless it
    can be contacted by any other wireless device
    so all the usual File Sharing and TCP service
    attacks work
  • Brute Force on Access Point password
  • The APs use simple usernames and passwords which
    can be easily brute forced, and key management is
    not easy
  • Encryption Attacks
  • Although 802.11 has WEP, vulnerabilities have
    already been found and the keys can easily be
    cracked
  • Mis-configurations
  • All major vendors make their units easy to
    deploy, so they come with insecure, well known
    pre-configurations, which are rarely changed when
    installed

12
WLAN Security Challenges
  • How to Defend against WLAN Threat
  • WLAN Security is similar to the Wired network.
  • Just represents an extension of wired networks
  • Another potential un-trusted entry point into the
    wired network.
  • Multi-Layer Security Approach
  • Protect WLAN holistically at the network, system,
    and application layer for clients, access points,
    and the back-end servers.
  • Apply traditional wired security
    countermeasures.

13
WLAN Discovery / Assessment/ Monitoring Tools
  • Internet Scanner 6.2, the market leading network
    vulnerability assessment tool, was the first to
    assess many 802.11b security checks. 802.11
    checks are in several X-Press Updates (XPU 4.9
    and 4.10).
  • RealSecure 6.5, the market leading IDS, was the
    first to monitor many 802.11b attacks. Recommend
    to make sure you are up to the latest X-Press
    Updates. 802.11 checks for IDS were in XPU 3.1.

14
Internet Scanner
1. Finds the Holes
2. Finds Rogue Access Points or Devices
15
Real Secure
Kill !!
Kill !!
16
The Solution
  • Wireless Scanner 1.0 is the solution for this
    problem
  • Identify 802.11b access points.
  • Assess the implementation of available security
    features.
  • Laptop-based for mobility.
  • Wireless Scanner provides automated detection
    and security assessment of WLAN access points and
    clients.

17
Target Market
  • Primary market of Wireless Scanner 1.0
  • Enterprise customers
  • SMB customers
  • Security consultants / auditors
  • These customers want to
  • Implement a WLAN without compromising their
    existing security measures.
  • Protect network from unauthorized APs.

18
How it works ..
  • Each device has a WLAN adapter
  • These communicate back to Access Ports (AP), or
    Wireless Bridges
  • The technology works like old ethernet bridges by
    simply passing data on
  • So anyone with a wireless device could,
    theoretically, connect to your network.

19
Features Detection
  • Wireless Scanner detects access points

and active clients.
20
Features Security Assessment
  • Wireless Scanner probes access points to
    determine their vulnerability to connection and
    attack by unauthorized users.

21
Features Reporting
  • Multi-level reporting
  • Export options
  • New Access Points report highlights new 802.11b
    devices discovered in scan.

22
Features Flexibility
  • Mobile users can scan while walking
  • User configurable
  • Filters
  • Alarms and notifications
  • Encryption keys for scanning
  • Configurations can be saved and loaded

23
References
  • Wireless scanner a white paper by stephen
    schmid.
  • Cryptography and Network Security Principles and
    Practice, Second Edition by William Stallings
  • Web reference of www.computing.co.uk/News/
  • Cryptography and network security, third edition
    by William Stallings
  • Fundamentals Of Computer Security Technology by
    Edward G. Amoroso. 
  • Network Security by Mario Devargas. 
  • LAN Times Guide To Security And Data Integrity by
    Marc Farley, Tom Stearns, And Jeffrey Hsu. 
  • Computer System And Network Security by Gregory
    B. White, Eric A. Fisch, Udo W. Pooch.
Write a Comment
User Comments (0)
About PowerShow.com