SlideShare a Scribd company logo

Auditing a Wireless Network and Planning for a Secure WLAN Implementation

CARMEN ALCIVAR, profile picture
CARMEN ALCIVAR

The document is a lab assignment summarizing an audit of a wireless network. The student found that the network was vulnerable due to a lack of encryption. Using tools like aircrack-ng, the student was able to capture login credentials and other data in clear text. The student then used a dictionary attack to crack the WPA key and gain unauthorized access to the network. In their recommendations, the student emphasizes using strong encryption methods like WPA2 and multifactor authentication to secure the wireless network and prevent unauthorized access.

1 of 8
Downloaded 63 times
1
2
3
Most read
4
Most read
5
Most read
6
7
8
<Carmen Alcivar> NORTHEASTERN UNIVERSITY 360 Huntington Ave, Boston, MA. LAB ASSIGNMENT 9– FOUNDATIONS OF INFORMATION ASSURANCE (IA5010)
Contents Lab #18: Auditing a Wireless Network and Planning for a Secure WLAN Implementation .......2 a. Assessment Sheet........................................................................................................................2 c. Screenshots: ................................................................................................................................4
Lab #18: Auditing a Wireless Network and Planning for a Secure WLAN Implementation a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <3/20/16> Lab Assessment Questions & Answers 1. What functions do these WLAN applications and tools perform on WLANs: airmon-ng, airodumpng, aircrack-ng, and aireplay-ng? The airmon-ng tool is used to enable the monitor mode on wireless LAN interfaces. It may also be used to toggle between the monitor mode and the managed mode. Entering the airmon-ng command without parameters will show the interface's status on the WLAN. The airodump-ng tool is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP initialization vectors with the intent of using them with aircrack-ng. The aireplay-ng tool is used to inject frames. The primary function of this injection is to generate traffic that aircrack-ng will use later for cracking the WEP and WPA-PSK keys. There are different attacks that can cause de-authentications for capturing WPA handshake data, fake authentications, interactive packet replay, handcrafted ARP request injection, and ARP-request reinjection The aircrack-ng tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. 2. Why is it critical to use encryption techniques on a wireless LAN? Which encryption method is best for use on a WLAN (WEP, WPA, WPA2)? WPA2 is best. It is critical to use encryption techniques on wireless LAN because that information can be easily found by hackers. 3. What security countermeasures can you enable on your wireless access point (WAP) as part of a layered security solution for WLAN implementations?  Enabling MAC address filtering on the WAPs. These addresses can be spoofed.  Disabling SSID broadcast. The SSID can still be found through other means.  Limiting the amount of available IP host addresses on the WLAN DHCP server to prevent unauthorized DHCP leases.  Enabling WPA2 to maximize encryption and ensure data transmission confidentiality. WPA2-Enterprise utilizes additional IT infrastructure such as a RADIUS server that helps authenticate and secure against unauthorized access.  Utilizing hashing for data transmissions and emails through WLANs to ensure data integrity.
4. Why is it so important for organizations, including homeowners, to properly secure their wireless network? It is important to protect wireless networks to avoid improper and unauthorized access to their networks. 5. What risks, threats, and vulnerabilities are prominent with WLAN infrastructures? With the advent of wireless connections, more risks, threats and vulnerabilities have emerged. In the case of WLAN infrastructures, among the risks, threats and vulnerabilities we can cite: - An employee could plug in a wireless access point to the network jack at his or her desk and allow an unauthorized user to access the network and, possibly, unauthorized systems. - Some WLANs are implemented with no encryption, while others use only WEP (Wired Equivalent Privacy) which uses only a weak 40-bits of encryption. - Users frequently share passwords to allow others access to the WLAN. - Most users unknowingly broadcast their SSID (Service Set Identifier) information, their network's name, in clear text. Without the use of VPN or encryption technology, this information is easily captured by readily- available scanners. 6. What is the risk of logging onto access points in airports or other public places? An attacker can enable a rogue wireless access point to capture credentials and other data while an unsuspecting user connects to the Internet using a free WLAN connection 7. Why is it important to have a wireless access policy and to conduct regular site surveys and audits? It is important to have a wireless access policy and to conduct regular site surveys and audits. Improperly configured WLANs can provide unrestricted access to an organization's entire network environment. 8. What is a risk of using your mobile cell phone or external WLAN as a WiFi connection point? Using the mobile cell phone or external WLAN as a WiFi connection point poses great risks because it could allow others to bypass internal corporate security solutions, if those have not been properly set up. b. Challenge Question As a field representative for your company, you are used to traveling and working from hotels on the road. You always stay in a hotel with free WiFi so that you work and check your email, as well as Skype with your family. What are the risks of using a public WiFi? Using public WiFi poses high risks to organizations or even individuals, because it is an open door for hackers to bypass to internal corporate security solutions.
Short of finding a more secure network, what could you do to use this wireless network in a more secure fashion? What options do you have if you are traveling for personal reasons, and not as an employee? The same security measures apply to individuals when traveling for personal reasons as they would like to protect their personal information. Try not to use those that are for free and check on the security specifications. c. Screenshots: Part 3: [Deliverable Lab Step 4]: screen shot displaying the key found It took 06 min and 23 secs to find the key “darkobsidian” an 128728 keys were tested. WLAN security implementation plan (Draft) a. Summary of findings from the lab The computer with IP address 172.30.0.19 was accessed due to a vulnerability exploited based on the lack of use of encryptions as a measure of security on WLAN, log in information was showing in clear text. The intruder used the Aircrack-ng suite to capture and manipulate network information. Airmon –ng was used to create a directory that stored information captured. It was done without being authenticated, the mon0 directory was created to monitor all wireless traffic and found weak point that was used to carry out the attack. This process overpassed any type of authentication in the network.
Aircrack-ng tool was used to capture network information which was displayed in clear text as can be seen in screen below. The item with number 18 was used to carry the attack. Then the attacker run a DoS attack by using the tool airplay –ng, first injected 5 packages and then 10 more, this totaled 15 which in overall caused a DoS attack. This way the administrator was forced to re-authenticate, since the attacker was in, then it was easier to the attacker to obtain credentials. b. Critical risks, threats, and vulnerabilities on the WLAN The fact that the WLAN information was not encrypted posed a high level of risk and vulnerability to the threat of intercepting passwords and network information. The Silentvalor WLAN network was identified for the attack. It displayed in clear text. Then the attacker used the Aircrack-ng command and ran the wordlist dictionary file against the captured file in order to crack the WPA key. This process took just few minutes to find the key.
Once the key was found, it was easy to access to the WLAN. c. Assessment of the overall security of this WLAN This WLAN was vulnerable to exploitation due to lack of encryption of WLAN key and password information. Log in information was been displayed in clear text. d. Security recommendations Use of encryption on wireless LAN for all the data payload within IP packets, including logons, passwords, and privacy data because otherwise they will show in clear text to intruders. As demonstrated above, protocol capturing tools such as the Aircrack-ng suite have the capability to capture IP packets from unsecured WLANs and can compromise systems by stealing logons and passwords along with privacy data elements. There are three encryption methods are available for use on a WLAN and each of them have different levels of strength depending on the bits of encryption: 1. WEP (Wired Equivalent Privacy) - 40-bits of encryption. 2. WPA (WiFi Protected Access) - 128-bits of encryption, subset of IEEE 802.11i. 3. WPA2 (WiFi Protected Access 2) - 256-bits of encryption, full implementation of IEEE 802.11i. Though vulnerable, this is the best encryption method for use on a WLAN. Also according to the NIST attack monitoring and vulnerability monitoring are also needed (Guidelines for Securing Wireless Local Area Networks. http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf)
SANS recommends stronger user authentication such as user’s ID’s and passwords, smart cards and security token, this will prevent access to unauthorized parties to private networks.

More Related Content

PDF
example of sql injection
CARMEN ALCIVAR
 
PDF
encryption and hash algorithms
CARMEN ALCIVAR
 
PDF
27.2.12 lab interpret http and dns data to isolate threat actor
Freddy Buenaño
 
PDF
Denial of Service Attacks
Pascal Flöschel
 
PPTX
Cyber security
Sachith Lekamge
 
PDF
Siber Güvenlik Kış Kampı'18 Soruları
BGA Cyber Security
 
PPTX
Cyber kill chain
Ankita Ganguly
 
PDF
OWASP Top 10 for Mobile
Appvigil - Mobile App Security Scanner
 
example of sql injection
CARMEN ALCIVAR
 
encryption and hash algorithms
CARMEN ALCIVAR
 
27.2.12 lab interpret http and dns data to isolate threat actor
Freddy Buenaño
 
Denial of Service Attacks
Pascal Flöschel
 
Cyber security
Sachith Lekamge
 
Siber Güvenlik Kış Kampı'18 Soruları
BGA Cyber Security
 
Cyber kill chain
Ankita Ganguly
 
OWASP Top 10 for Mobile
Appvigil - Mobile App Security Scanner
 

What's hot (20)

PPT
Cyber crime
Nitin Kanaujia
 
PDF
Cybercrime Research Paper
Whitney Bolton
 
PPTX
DVWA(Damn Vulnerabilities Web Application)
Soham Kansodaria
 
PDF
Cybersecurity risk management 101
Srinivasan Vanamali
 
PDF
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
PPTX
Trojans and backdoors
Gaurav Dalvi
 
PDF
Zararlı Yazılım Analizi Eğitimi Lab Kitabı
BGA Cyber Security
 
PPTX
Network Security Architecture
InnoTech
 
PPTX
NetsecTR "Her Yönüyle Siber Tehdit İstihbaratı"
BGA Cyber Security
 
PDF
Microsoft threat modeling tool 2016
Rihab Chebbah
 
PDF
Client-Side Penetration Testing Presentation
Chris Gates
 
PPTX
Cyber Crime
Ramesh Upadhaya
 
PDF
Web Uygulama Pentest Eğitimi
BGA Cyber Security
 
PDF
Web Application Penetration Testing
Priyanka Aash
 
PDF
Sızma Testlerinde Armitage Kullanımı
BGA Cyber Security
 
PDF
Security Onion - Introduction
n|u - The Open Security Community
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Cyber security
vishakha bhagwat
 
PPTX
Android Hacking + Pentesting
Sina Manavi
 
PPT
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Cyber crime
Nitin Kanaujia
 
Cybercrime Research Paper
Whitney Bolton
 
DVWA(Damn Vulnerabilities Web Application)
Soham Kansodaria
 
Cybersecurity risk management 101
Srinivasan Vanamali
 
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
Trojans and backdoors
Gaurav Dalvi
 
Zararlı Yazılım Analizi Eğitimi Lab Kitabı
BGA Cyber Security
 
Network Security Architecture
InnoTech
 
NetsecTR "Her Yönüyle Siber Tehdit İstihbaratı"
BGA Cyber Security
 
Microsoft threat modeling tool 2016
Rihab Chebbah
 
Client-Side Penetration Testing Presentation
Chris Gates
 
Cyber Crime
Ramesh Upadhaya
 
Web Uygulama Pentest Eğitimi
BGA Cyber Security
 
Web Application Penetration Testing
Priyanka Aash
 
Sızma Testlerinde Armitage Kullanımı
BGA Cyber Security
 
Security Onion - Introduction
n|u - The Open Security Community
 
Introduction to penetration testing
Nezar Alazzabi
 
Cyber security
vishakha bhagwat
 
Android Hacking + Pentesting
Sina Manavi
 
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Ad

Similar to Auditing a Wireless Network and Planning for a Secure WLAN Implementation (20)

PDF
White paper - Building Secure Wireless Networks
Altaware, Inc.
 
DOC
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Chema Alonso
 
PDF
Analysis Of Security In Wireless Network
Steven Wallach
 
PDF
Viable means using which Wireless Network Security can be Jeopardized
IRJET Journal
 
PPT
Wireless Device and Network level security
Chetan Kumar S
 
PDF
Wireless Network Security_ A Modern Imperative for Digital Safety.pdf
Enterprise Wired
 
PDF
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
PDF
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
PPTX
Device (Wi-Fi) Security Study HKCERT.pptx
Yousef Al-Mutayeb
 
PPTX
Wireless Pentesting: It's more than cracking WEP
Joe McCray
 
PPT
chapter 7 -wireless network security.ppt
abenimelos
 
DOCX
Protect Your Data_ Understanding Wireless Network Attacks PEN-210.docx
Oscp Training
 
DOCX
Protect Your Data_ Understanding Wireless Network Attacks PEN-210.docx
Oscp Training
 
PDF
Research Inventy : International Journal of Engineering and Science
inventy
 
PPTX
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
PPTX
Wireless hacking
Mihir Shah
 
PDF
Wireless Security Needs For Enterprises
shrutisreddy
 
PPT
Security Issues of 802.11b
guestd7b627
 
PPT
Security Issues of IEEE 802.11b
Sreekanth GS
 
PPTX
A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptx
Yousef Al-Mutayeb
 
White paper - Building Secure Wireless Networks
Altaware, Inc.
 
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks
Chema Alonso
 
Analysis Of Security In Wireless Network
Steven Wallach
 
Viable means using which Wireless Network Security can be Jeopardized
IRJET Journal
 
Wireless Device and Network level security
Chetan Kumar S
 
Wireless Network Security_ A Modern Imperative for Digital Safety.pdf
Enterprise Wired
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
Device (Wi-Fi) Security Study HKCERT.pptx
Yousef Al-Mutayeb
 
Wireless Pentesting: It's more than cracking WEP
Joe McCray
 
chapter 7 -wireless network security.ppt
abenimelos
 
Protect Your Data_ Understanding Wireless Network Attacks PEN-210.docx
Oscp Training
 
Protect Your Data_ Understanding Wireless Network Attacks PEN-210.docx
Oscp Training
 
Research Inventy : International Journal of Engineering and Science
inventy
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
Wireless hacking
Mihir Shah
 
Wireless Security Needs For Enterprises
shrutisreddy
 
Security Issues of 802.11b
guestd7b627
 
Security Issues of IEEE 802.11b
Sreekanth GS
 
A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).pptx
Yousef Al-Mutayeb
 
Ad

Auditing a Wireless Network and Planning for a Secure WLAN Implementation

  • 1. <Carmen Alcivar> NORTHEASTERN UNIVERSITY 360 Huntington Ave, Boston, MA. LAB ASSIGNMENT 9– FOUNDATIONS OF INFORMATION ASSURANCE (IA5010)
  • 2. Contents Lab #18: Auditing a Wireless Network and Planning for a Secure WLAN Implementation .......2 a. Assessment Sheet........................................................................................................................2 c. Screenshots: ................................................................................................................................4
  • 3. Lab #18: Auditing a Wireless Network and Planning for a Secure WLAN Implementation a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <3/20/16> Lab Assessment Questions & Answers 1. What functions do these WLAN applications and tools perform on WLANs: airmon-ng, airodumpng, aircrack-ng, and aireplay-ng? The airmon-ng tool is used to enable the monitor mode on wireless LAN interfaces. It may also be used to toggle between the monitor mode and the managed mode. Entering the airmon-ng command without parameters will show the interface's status on the WLAN. The airodump-ng tool is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP initialization vectors with the intent of using them with aircrack-ng. The aireplay-ng tool is used to inject frames. The primary function of this injection is to generate traffic that aircrack-ng will use later for cracking the WEP and WPA-PSK keys. There are different attacks that can cause de-authentications for capturing WPA handshake data, fake authentications, interactive packet replay, handcrafted ARP request injection, and ARP-request reinjection The aircrack-ng tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. 2. Why is it critical to use encryption techniques on a wireless LAN? Which encryption method is best for use on a WLAN (WEP, WPA, WPA2)? WPA2 is best. It is critical to use encryption techniques on wireless LAN because that information can be easily found by hackers. 3. What security countermeasures can you enable on your wireless access point (WAP) as part of a layered security solution for WLAN implementations?  Enabling MAC address filtering on the WAPs. These addresses can be spoofed.  Disabling SSID broadcast. The SSID can still be found through other means.  Limiting the amount of available IP host addresses on the WLAN DHCP server to prevent unauthorized DHCP leases.  Enabling WPA2 to maximize encryption and ensure data transmission confidentiality. WPA2-Enterprise utilizes additional IT infrastructure such as a RADIUS server that helps authenticate and secure against unauthorized access.  Utilizing hashing for data transmissions and emails through WLANs to ensure data integrity.
  • 4. 4. Why is it so important for organizations, including homeowners, to properly secure their wireless network? It is important to protect wireless networks to avoid improper and unauthorized access to their networks. 5. What risks, threats, and vulnerabilities are prominent with WLAN infrastructures? With the advent of wireless connections, more risks, threats and vulnerabilities have emerged. In the case of WLAN infrastructures, among the risks, threats and vulnerabilities we can cite: - An employee could plug in a wireless access point to the network jack at his or her desk and allow an unauthorized user to access the network and, possibly, unauthorized systems. - Some WLANs are implemented with no encryption, while others use only WEP (Wired Equivalent Privacy) which uses only a weak 40-bits of encryption. - Users frequently share passwords to allow others access to the WLAN. - Most users unknowingly broadcast their SSID (Service Set Identifier) information, their network's name, in clear text. Without the use of VPN or encryption technology, this information is easily captured by readily- available scanners. 6. What is the risk of logging onto access points in airports or other public places? An attacker can enable a rogue wireless access point to capture credentials and other data while an unsuspecting user connects to the Internet using a free WLAN connection 7. Why is it important to have a wireless access policy and to conduct regular site surveys and audits? It is important to have a wireless access policy and to conduct regular site surveys and audits. Improperly configured WLANs can provide unrestricted access to an organization's entire network environment. 8. What is a risk of using your mobile cell phone or external WLAN as a WiFi connection point? Using the mobile cell phone or external WLAN as a WiFi connection point poses great risks because it could allow others to bypass internal corporate security solutions, if those have not been properly set up. b. Challenge Question As a field representative for your company, you are used to traveling and working from hotels on the road. You always stay in a hotel with free WiFi so that you work and check your email, as well as Skype with your family. What are the risks of using a public WiFi? Using public WiFi poses high risks to organizations or even individuals, because it is an open door for hackers to bypass to internal corporate security solutions.
  • 5. Short of finding a more secure network, what could you do to use this wireless network in a more secure fashion? What options do you have if you are traveling for personal reasons, and not as an employee? The same security measures apply to individuals when traveling for personal reasons as they would like to protect their personal information. Try not to use those that are for free and check on the security specifications. c. Screenshots: Part 3: [Deliverable Lab Step 4]: screen shot displaying the key found It took 06 min and 23 secs to find the key “darkobsidian” an 128728 keys were tested. WLAN security implementation plan (Draft) a. Summary of findings from the lab The computer with IP address 172.30.0.19 was accessed due to a vulnerability exploited based on the lack of use of encryptions as a measure of security on WLAN, log in information was showing in clear text. The intruder used the Aircrack-ng suite to capture and manipulate network information. Airmon –ng was used to create a directory that stored information captured. It was done without being authenticated, the mon0 directory was created to monitor all wireless traffic and found weak point that was used to carry out the attack. This process overpassed any type of authentication in the network.
  • 6. Aircrack-ng tool was used to capture network information which was displayed in clear text as can be seen in screen below. The item with number 18 was used to carry the attack. Then the attacker run a DoS attack by using the tool airplay –ng, first injected 5 packages and then 10 more, this totaled 15 which in overall caused a DoS attack. This way the administrator was forced to re-authenticate, since the attacker was in, then it was easier to the attacker to obtain credentials. b. Critical risks, threats, and vulnerabilities on the WLAN The fact that the WLAN information was not encrypted posed a high level of risk and vulnerability to the threat of intercepting passwords and network information. The Silentvalor WLAN network was identified for the attack. It displayed in clear text. Then the attacker used the Aircrack-ng command and ran the wordlist dictionary file against the captured file in order to crack the WPA key. This process took just few minutes to find the key.
  • 7. Once the key was found, it was easy to access to the WLAN. c. Assessment of the overall security of this WLAN This WLAN was vulnerable to exploitation due to lack of encryption of WLAN key and password information. Log in information was been displayed in clear text. d. Security recommendations Use of encryption on wireless LAN for all the data payload within IP packets, including logons, passwords, and privacy data because otherwise they will show in clear text to intruders. As demonstrated above, protocol capturing tools such as the Aircrack-ng suite have the capability to capture IP packets from unsecured WLANs and can compromise systems by stealing logons and passwords along with privacy data elements. There are three encryption methods are available for use on a WLAN and each of them have different levels of strength depending on the bits of encryption: 1. WEP (Wired Equivalent Privacy) - 40-bits of encryption. 2. WPA (WiFi Protected Access) - 128-bits of encryption, subset of IEEE 802.11i. 3. WPA2 (WiFi Protected Access 2) - 256-bits of encryption, full implementation of IEEE 802.11i. Though vulnerable, this is the best encryption method for use on a WLAN. Also according to the NIST attack monitoring and vulnerability monitoring are also needed (Guidelines for Securing Wireless Local Area Networks. http://csrc.nist.gov/publications/drafts/800-153/Draft-SP800-153.pdf)
  • 8. SANS recommends stronger user authentication such as user’s ID’s and passwords, smart cards and security token, this will prevent access to unauthorized parties to private networks.