Scribd Logo
Upload

Welcome to Scribd!

  • Wify Security

    Uploaded by

    jrgtony
    35 views14 pages
    wify

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    wify

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views14 pages

    Wify Security

    Uploaded by

    jrgtony
    wify

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Attack and

    Defense in
    Wireless Networks
    Presented by Aleksandr Doronin
    Outline

    Wireless Networks and Security


    Attacking and defending WEP
    Attacking and defending WPA/WPA2
    Common defense techniques
    Summary
    Wireless Networks and
    Security
    1) What are Wireless Networks?
    A wireless network is the way that a computer is
    connected to a router without a physical link.
    2) Why do we need?
    Facilitates mobility You can use lengthy wires
    instead, but someone might trip over them.
    3) Why security?
    Attacker may hack a victims personal computer
    and steal private data or may perform some
    illegal activities or crimes using the victims
    machine and ID. Also there's a possibility to read
    wirelessly transferred data (by using sniffers)
    Wireless Networks and
    Security
    Three security approaches:

    1. WEP (Wired Equivalent Privacy)


    2. WPA (Wi-Fi Protected Access)
    3. WPA2 (Wi-Fi Protected Access, Version
    2)

    WPA also has two generations named


    Enterprise and Personal.
    WEP (Wired Equivalent
    Privacy)
    Encryption:
    40 / 64 bits
    104 / 128 bits
    24 bits are used for IV (Initialization vector)

    Passphrase:
    Key 1-4
    Each WEP key can consist of the letters "A" through "F"
    and the numbers "0" through "9". It should be 10 hex or
    5 ASCII characters in length for 40/64-bit encryption
    and 26 hex or 13 ASCII characters in length for
    104/128-bit encryption.
    WPA/WPA2 Personal

    Encryption:
    TKIP
    AES

    Pre-Shared Key:
    A key of 8-63 characters

    Key Renewal:
    You can choose a Key Renewal period, which
    instructs the device how often it should change
    encryption keys. The default is 3600 seconds
    Attacking WEP
    iwconfig a tool for configuring wireless adapters. You
    can use this to ensure that your wireless adapter is in
    monitor mode which is essential to sending fake ARP
    (Address Resolution Protocol) requests to the target
    router
    macchanger a tool that allows you to view and/or
    spoof (fake) your MAC address
    airmon a tool that can help you set your wireless
    adapter into monitor mode (rfmon)
    airodump a tool for capturing packets from a wireless
    router (otherwise known as an AP)
    aireplay a tool for forging ARP requests
    aircrack a tool for decrypting WEP keys
    How to defend when using
    WEP
    Use longer WEP encryption keys, which makes the data analysis
    task more difficult. If your WLAN equipment supports 128-bit WEP
    keys.
    Change your WEP keys frequently. There are devices that support
    "dynamic WEP" which is off the standard but allows different WEP
    keys to be assigned to each user.
    Use a VPN for any protocol, including WEP, that may include
    sensitive information.
    Implement a different technique for encrypting traffic, such as
    IPSec over wireless. To do this, you will probably need to install
    IPsec software on each wireless client, install an IPSec server in
    your wired network, and use a VLAN to the access points to the
    IPSec server.
    Attacking WPA
    macchanger a tool that allows you to view and/or
    spoof (fake) your MAC address
    airmon a tool that can help you set your wireless
    adapter into monitor mode (rfmon)
    airodump a tool for capturing packets from a wireless
    router (otherwise known as an AP)
    aireplay a tool for forging ARP requests
    Capture WPA/WPA2 handshakes by forcing clients to
    reauthenticate
    Generate new Initialization Vectors
    aircrack a tool for decrypting WEP keys (should be
    used with dictionary)
    How to defend when using
    WPA
    Passphrases the only way to crack WPA is to
    sniff the password PMK associated with the
    handshake authentication process, and if this
    password is extremely complicated it will be
    almost impossible to crack

    Passphrase Complexity select a random


    passphrase that is not made up of dictionary
    words. Select a complex passphrase of a
    minimum of 20 characters in length and
    change it at regular intervals
    Common defense techniques
    Change router default user name and password
    Change the internal IP subnet if possible
    Change default name and hide broadcasting of the SSID
    (Service Set Identier)
    None of the attack methods are faster or effective
    when a larger passphrase is used.
    Restrict access to your wireless network by filtering
    access based on the MAC (Media Access Code) addresses
    Use Encryption
    Summary

    Change all possible default router settings


    Use encryption (WPA/WPA2)
    Use long and complex keys/passphrases
    Thank you!
    References

    http://www.backtrack-linux.org/
    http://www.aircrack-ng.org/
    http://www.youtube.com/results?
    search_query=cracking+WEP+and+WPA+with+backtrack&
    oq=cracking+WEP+and+WPA+with+backtrack&aq=f&aqi=
    &aql=1&gs_sm=e&gs_upl=1621l12434l0l12642l47l46l0l30
    l0l0l412l4248l0.3.8.3.2l16l0

    You might also like