Security standard
- 1. War Driving ◦ Driving around scanning for unsecured networks to gain free Internet access or access network hosts and resources. Just because you can, does not mean its legal or ethical to do so Hackers (Crackers) ◦ Exploiting weak security measures (such as WEP and defaults) to gain access with malicious intent Rogue Access Points ◦ An access point installed by an employee (or contractor) without authorisation. Typically does not conform to enterprise security policy or configurations and becomes a weak link. Man in Middle Attack ◦ Software can be used to capture wireless traffic such as authentication and association requests. Security keys can be discovered and used for malicious activity ◦ Counter with intrusion prevention systems that monitor the RF band and scan for rogue access points, ad-hoc connections and other activity DOS Denial of Service ◦ Signal interference from sources such as cordless phones, microwaves can cause noise on channels and prevent frames from reaching their destinations ◦ Flooding the BSS with CTS or disassociate messages which cause collisions and disrupt operations
- 2. WEP ◦ Wired Equivalent Privacy which uses a WEP key as the secret and RC4 as the cipher to encrypt the data ◦ WEP was the first standard. The WEP key can now be easily discovered using a tool. ◦ This method should NO LONGER be used WPA ◦ WIFI protected access based on the draft 802.11i standard ◦ Interim security standard while developing WPA 2 WPA2 ◦ WIFI protected access 2 that implements the ratified 802.11i standard ◦ This is the current security standard used to certify new devices WPS ◦ WiFI Protected Setup was intended to simplify security with a push button and pin. ◦ Major security flaw discovered late 2011 and this method should be disabled 802.1x /EAP extensions ◦ A method that keeps wireless logical ports closed until the user authenticates. (not covered here – its in the Diploma course)
- 3. WiFi Protected Access ◦ WiFi alliance security certified protocol ◦ Interim protocol while IEEE 802.11i standard developed Uses the TKIP Temporal Key Integrity Protocol ◦ TKIP uses the RC4 cipher (which WEP uses) ◦ 3 features added to fix the flaws in WEP and prevent discovery of the secret key ◦ Michael – MIC message integrity code to prevent tampering and replay attacks MIC – message integrity code added to the frame and encrypted with the data A replay attack captures an authentication exchange and attempts to resend the packets at a later time to get access without knowing the key
- 4. WiFi Protected Access 2 ◦ WPA 2 implements the IEEE 802.11i security standard but is certified and tested as WPA2 WPA2 implements ◦ TKIP as the key management protocol for older devices ◦ Michael message integrity code (MIC) ◦ Uses CCMP encryption protocol with a new cipher: AES Advanced Encryption Standard AES requires AES capable hardware, TKIP is used for encryption for older equipment Authentication methods ◦ Pre-shared Key PSK ◦ Enterprise (EAP/Radius/TLS protocols) which do not allow data frames through the AP port until the user has successfully authenticated. This can be integrated with Active Directory network accounts
- 5. WiFi Protected Setup ◦ Created to allow easy security setup for adding new devices to the Wlan ◦ Uses a PIN, Push button, near field communications or USB configuration transfer ◦ Can be broken easily by brute-force attack (Dec 2011) Solution ◦ Disable WPS by applying a firmware update