WI-FI Security in Jersey 2011
1 like408 views
The document discusses Wi-Fi security, outlining various encryption types and their associated risks, including the vulnerabilities of WEP and WPA. It presents survey results indicating a significant percentage of access points are either unencrypted or poorly secured, particularly from Netgear. Recommendations for secure usage include employing WPA2 with AES encryption, disabling WPS, and ensuring strong, non-dictionary passwords.
WI-FI Security in Jersey 2011
- 1. WI-FI Security Jersey 2011 Date: 23 March 2011 By: Paul Dutot
- 2. 2 About Me Work at Air Traffic Engineering Incorporated Engineer Chartered IT Professional Interested in Ethical Hacking Interested in Information Security MCTS / MCSE / Solaris / Security + ‘Pentest with Backtrack’ course Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 3. 3 WI-FI Security Agenda Surveying Equipment Surveying Process & Legal Issues Data Manipulation. WI-FI Encryption types and the risks Recent News : State of WPS Survey Results / Mapping How to be a secure Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 4. 4 WI-FI Security Surveying Equipment GlobalSat ND100 Gps IP65 Weather Dongle Proof Housing with Alfa Networks Card Laptop PSU USB extension Cables Backtrack 5 Kismet Alfa Networks Card in Monitor 300 W 12v to 240v Inverter WI-FI Card in Monitor Mode | GPSD = location information | Kismet = Beacon Frames only !! Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 5. 5 Surveying Process & Legal Issues Computer Misuse (Jersey) Law 1995 We survey passively so therefore we are not connectin to access points Data Protection (Jersey) Law 2005 Registered with Data Protection Law for lecture purposes Regulation of Investigatory Powers (Jersey) Law 2005 Obtained ‘Lawful Authority’ to survey with SoJP and parish connetables. SoJP control room informed when surveying taking place Paul Dutot Les Mouettes, 4 La Rue De Maupertuis IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 6. 6 WI-FI Security Data Manipulation Paul Dutot Les Mouettes,4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 7. 7 WI-FI Security No Encryption : The Risks No specialist knowledge Internet required Unauthorised Bandwidth theft Theft of digital material Identity fraud Authorised MPIA / RIAA letter Download of prohibited material Difficulty : Paul Dutot Les Mouettes, 4 La Rue De Maupertuis , J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 8. 8 WI-FI Security WEP Encryption : The Risks Medium difficulty Internet Unauthorised YouTube videos available No client connection required Same risks as no encryption once bypassed Authorised Good chance of success Difficulty : Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IENG MIET MBCS CITP T: + (0) 7797 741 392 44
- 9. 9 WI-FI Security WPA Encryption : The Risks Specialist knowledge Internet required Unauthorised Encryption secure with non dictionary word 4 way handshake capture required Authorised Client connection required Low chance of success Difficulty : Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741392 44
- 10. 10 WI-FI Security WI-FI Protected Security - WPS Designed to be an easy method to connect wireless devices Key cryptography = Good 8 digit number +128 bit Nonce Protocol for key validity = Bad / 4 digits / 3 digits + checksum Identified by Stefan Viehbock Routers should go into ‘lockdown’ after 3 invalid attempts but not all do !! Reaver exploitation tool freely available Vulnerability renders WPA / WPA 2 security useless SOLUTION: disable WPS and only enable when adding new devices Paul Dutot Les Mouettes, 4 La Rue De Maupertuis , J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 11. 11 WI-FI Security Survey Results Survey carried out 12-15th December Representative survey of 13,168 access points 13.9 % (1835) = no encryption 19.37% (2551) = WEP 33.27 % (4386) are insecure i.e. WEP or No Encryption 53.9% (7097) are made by Netgear 29.1% (2066) of Netgear routers are insecure Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 12. 12 WI-FI Security Encryption by Type 3539 3301 2550 1835 1790 87 43 13 3 1 2 1 None WPA+AES-CCM Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 13. 13 WI-FI Security Distribution by Channel 1% 2% 0% Channel 0 24% Channel 1 Channel 2 Channel 3 Channel 4 35% Channel 5 Channel 6 Channel 7 2% Channel 8 3% Channel 9 Channel 10 2% Channel 11 2% Channel 12 Channel 13 2% 2% 2% 2% 20% Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 14. 14 WI-FI Security Manufacturer Top Ten 2% 2% 3% 3% Netgear 7097 4% Netgear ThomsonT 729 4% ThomsonT Cisco 700 Cisco ZygateCo 429 4% ZygateCo 3com 390 3com BelkinIn 390 BelkinIn AskeyCom 323 6% AskeyCom ZyxelCom 319 ZyxelCom Tp-LinkT 268 Tp-LinkT Cisco-Li 254 7% Cisco-Li 65% Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 15. 15 WI-FI Security Jersey WI-FI Map Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 16. 16 WI-FI Security Encryption = None Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IENG MIET MBCS CITP T: + (0) 7797 741 392 44
- 17. 17 WI-FI Security Encryption = WEP Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741 392 44
- 18. 18 WI-FI Security How to be a secure home user Use WPA2 + AES encryption Internet with non dictionary password Good password on access point management interfaces Disable WI-FI Protected Setup (WPS) Authorised WPA+TKIP then WEP for legacy devices Check your WPA/WPA2 password at http://wpacracker.com Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741392 44
- 19. 19 WI-FI Security How to be a secure small business – Server 2003 Internet SNMP Network Access Control Mixed Environment Implement BYOD Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741392 44
- 20. 20 WI-FI Security How to be a secure business – Server 2008 Use Network Access Protection Not available before Windows Server 2008 Significant infrastructure Difficult to implement BYOD ‘Windows’ only infrastructure Mixed environments use Packet Fence or similar product Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741392 44
- 21. Secure your router guide and PDF version of survey http://w ww.cyberkryption.com Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey IEng MIET MBCS CITP T: + (0) 7797 741392 44