Title: University at Albany, School of Business
1Wireless Security
2Wireless SecurityExplosion of Devices
- Spectrums 802.11x, Bluetooth, Infrared,
Cellular, Radio, Microwave, Satellite
3Wireless SecurityWireless Cities
- August 21, 2004 BBC News
- New York set for citywide wireless. In exchange
for being able to mount up to 18,000 new lamp
post-based antennas, to strengthen coverage
around the five boroughs, the companies will pay
the city government around 25m each year. "This
is something that makes sense," he added. "The
companies are anxious to do it, and we think it
will improve service for New Yorkers." - There is already one patch of midtown Manhattan
that provides an ideal glimpse of what a more
wireless-friendly New York will be like. - Bryant Park has been providing a free service to
any laptop user who wants access for many months
now. -
- Source http//news.bbc.co.uk/2/hi/technology/35
78982.stm
4Wireless SecurityAlbany, NY Wireless
- August 21, 2004 Times Union
- Internet hot spots popping up. On Tuesday,
Lemery Greisler LLC will celebrate the first
free, public wireless Internet hot spot in
downtown Albany. But Omni Plaza, a brick
courtyard across the street from the law firm's
offices at 50 Beaver St., is just the centerpiece
of the ground-up effort to blanket downtown with
wireless Internet coverage. - "What we're unveiling is the pilot," said Scott
Almas, a Lemery Greisler associate and driving
force behind the effort. "There's a better
mousetrap than these little access points. My
vision was Throw out some cheese, draw in the
mouse and then put in a better mousetrap. That
would be universal, ubiquitous coverage." - Earlier this year, Intel Corp. released a
ranking of American cities with the best wireless
access. Despite its Tech Valley moniker, the
Albany-Schenectady-Troy area ranked 71st, behind
regions such as Wichita, Kan., and Worcester,
Mass. The as-yet-unnamed downtown effort is an
attempt to change that. - "At some point this will be part of the
municipal infrastructure," Almas said. "But until
the mice come out, nobody has any interest in
putting in a better trap." - Source Times Union
5Wireless SecurityAlbany, NY Access Points
Empire State Plaza
War Driving in Albany
6Wireless SecurityAccess to Wireless Data
- July 1, 2004 CNN.com
- Report Homeland Security vulnerable to wireless
hackers. WASHINGTON (CNN) -- Although charged
with making the nation more secure, the
Department of Homeland Security has not taken the
steps needed to secure its own wireless
communications, according to a report from the
department's Inspector General. - Wireless messaging services played a critical
role following the September 11, 2001 terrorist
attacks. While cellular telephone service was
out, key personnel remained in contact using
messaging services. - But wireless technology can facilitate
unauthorized access to wired networks and data
through eavesdropping or theft. Those
vulnerabilities increase the need for strong
security controls. - The report concludes that Homeland Security
cannot ensure that its sensitive information
about terrorist threats and security is not being
monitored, accessed, and misused. - Source Times Union
7Wireless SecurityWireless Concerns
- Security is the top issue with Wireless Ethernet
- A larger percentage of government respondents
rated this as an issue compared to industry
respondents.
Source 2003 Wireless LAN Benefits Study, Cisco
Systems
8Wireless SecurityWireless Attacks
- Denial of Service
- Jamming (by using a device which will flood
spectrum with noise and traffic) - Spoofing identity (through cloning MAC address of
and setting strength of signal to greater than
other user) - Spoofed access points (clients are usually
configured to associate with the access point
with the strongest signal) - ARP poisoning
- Attacker can get packets and frames from the air
by poisoning caches of MAC/IP combinations of
two hosts connected to the physical network. - Sleep Deprivation Attacks
- People run programs on wireless devices to drain
all its power
Source Wireless Attacks and Penetration Testing
part 1, June 3, 2002
9Session Hijacking Exploit Demonstration
- Vulnerability
- Inherent weaknesses in underlying protocols used
on computer networks today - e.g. ARPs protocol lack of authentication and
limited table entries. - Attack Scenario
- Start hunt and identify active sessions.
- Passively monitor session.
- Hijack the session.
- Perform malicious activity.
- Terminate the session.
10Session Hijacking Protection/Detection
- Protection
- Use encryption.
- Use strong authentication.
- Configure appropriate spoof rules on gateways.
- Monitor for ARP cache poisoning.
- Additional protection at the Data Link Layer
- Use port security feature on Ethernet
switches. - Hard code ARP tables on your critical servers
and turn - off ARP on your network interfaces.
11Conclusions
12Computer SecurityLayered Approach to Security
- Do not underestimate internal network threats.
- Apply industry best practices in day-to-day work.
- Use layered approach with information security.
- Take a proactive approach with information
security. - Do not wait for an incident to happen and react
when it may be too little, too late.
13AcknowledgementsOrganizations/People
- Thanks to the support of
- NY State Center for Information Forensics and
Assurance, UAlbany - NY State Office for Cyber Security and Critical
Infrastructure Coordination - New York State Police
- Thanks to Damira Pon, CIFA for assistance in
preparing this presentation - Thanks to Sandy Schuman and Steve Walter for
organizing the Korean Executive talk
14Additional Material
15AppendixSecurity Tools
Tool Name General Use OS Available From
Ettercap Sniffer Linux http//ettercap.sourceforge.net
Hunt Sniffer/Hijacking Linux http//lin.fsid.cvut.cz/kra
Ethereal Sniffer Linux Windows http//www.ethereal.com/download.html
RPCScan2 Scanner Windows http//www.foundstone.com
dcom2_scanner.c Scanner Linux http//packetstormsecurity.com
Netcat Scanner-Multipurpose Linux Windows http//www.hack-box.info/bruteforce.html
John the Ripper Password Cracker Linux Windows http//www.openwall.com
Linux Kernel Patch Kernel Security Patch Linux http//www.openwall.com/linux
BufferShield 1.01a Kernel Security Patch Windows http//www.sys-manage.com/index10.htm
OverflowGuard Kernel Security Patch Windows http//www.datasecuritysoftware.com
StackDefender Kernel Security Patch Windows http//www.ngsec.com/ngproducts
Juggernaut Sniffer/Hijacking Linux http//packetstormsecurity.com/
TTY Watcher Sniffer/Hijacking Linux http//www.cerias.purdue.edu
IP Watcher Sniffer/Hijacking Linux http//www.engrade.com
16AppendixWireless Protocols
Name Description
CDPD (Cellular Digital Packet Data) Supports wireless access to Internet from cell phone networks.
HSCSD (High Speed Circuit Switched Data) Enables data transfer from GSM networks.
PDC-P (Packet Data Cellular) Packet switching message system used in Japan
GPRS (General Packet Radio Service) Specification for transfer on GSM/TDMS networks.
CDMA (-2000 1xRTT) Radio Transmission Technology
Bluetooth Specification for short distance wireless communication between two devices
IrDA Infrared light communication between two devices.
LMDS (Local Multipoint Distribution Service) Broadband wireless point to multipoint using microwave communications
MMDS (Multichannel Multipoint Distribution Service)
802.11x Wi-Fi (for wireless Ethernet) 802.11/a/b/g/i
17Wireless SecurityTerms
- WEP (Wired Equivalent Privacy)
- WEP is an authentication scheme (not required)
- Only good for data between access points
- Uses 24 bits for initialization vector (same
vector can be used for different packets) and
leads to possible duplication. - Hackers only have to collect data frames by using
a network monitoring tool and then run a program
called WEPCrack. - War Driving
- Needs global positioning system (GPS), wireless
laptop, and software - Software keeps track of position and access point
configuration. - Data uploaded to internet databases of wireless
access point maps. - War Spamming
- Exploiting wireless networks in the process of
war driving to spend spam.
Source Security Focus, Infocus, Wireless
Attacks and Penetration Testing part 1 , June
3, 2002 Silicon.com, Can
Spammers Really Exploit Wireless Networks,
September 8, 2004
18Wireless SecurityNew Security Technologies
- 802.11i
- Upgrade of other wireless 802.11a/b/g standards.
Fixes WEP problems. - Use of WPA, WPA2 and AES
- Ability to use RADIUS-based authentication of
users - WPA (Wi-Fi Protected Access)
- Rekeying of global encryption keys is required
(unlike WEP) - Requires TKIP (Temporal Key Integrity Protocol)
which replaces WEP encryption - Needs specific hardware and software
- For home and small business users
- WPA2
- For enterprise
- Incorporates 802.1X
- AES (Advanced Encryption Standard)
- Meet the needs for the Federal Information
Processing Standard (FIPS) 140-2 specification
(required by many government agencies) - Needs a dedicated chip to handle encryption and
decryption
Source http//www.wi-fiplanet.com/news/article.ph
p/3373441