Scribd Logo
Upload

Welcome to Scribd!

  • Wireless Security Presentation

    Uploaded by

    Muhammad Zia Shahid
    373 views21 pages
    uploaded by Muhammad Zia Shahid You can get more presentation on my scribd store

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    uploaded by Muhammad Zia Shahid You can get more presentation on my scribd store

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    373 views21 pages

    Wireless Security Presentation

    Uploaded by

    Muhammad Zia Shahid
    uploaded by Muhammad Zia Shahid You can get more presentation on my scribd store

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Wireless LAN Security Risks and Solutions

    Presented to: Sir Waseem Iqbal


    Term Paper Supervisor

    Researcher :
    Muhammad Zia Shahid M.C.s 3rd semester

    Contents
    } } } Overview of Wireless Technology. Security and Privacy issues in Wireless Network. Wireless Security Protocols.
    } } } Wireless Equivalent Privacy (WEP). Wireless Equivalent Privacy (WEP2). Wireless Equivalent Privacy plus (WEP+). Wi-Fi Protected Access (WPA).
    } } Temporal Key Integrity Protocol (TKIP). WPA Pre Shared Key (WPA-PSK).

    Wi-Fi Protected Access (WPA2).


    } Counter-Mode with CBC-MAC Protocol (CCMP).

    Wireless Network Threats.


    } } } } } } } } Traffic Analysis. Passive Eavesdropping. Active Eavesdropping. Unauthorized Access. Man-in-the-middle Session High-Jacking Replay Denial of service (DoS)

    Contents
    } Methodologies of free Wireless Hacking tools over the internet.
    NetStumbler Kismet Wellenreiter THC-RUT Ethereal AirSnort HostAP AirSnarf SMAC Aircrack Aircrack-ng WepAttack WEPCrack.

    OVERVIEW OF WIRELESS TECHNOLOGY.


    The wireless networks are based on the IEEE standards belonging to the 802 family. Following list is a simple overview of the 802.11 family:

    802.11b
    o Most widespread o 11Mb maximum, 2.4 GHZ band 802.11a o Next generation o 54MB maximum, 5GHZ band 802.11g o 54MB maximum, 2.4 GHZ band o Compatible with 802.11b 802.11X o Uses Extensible Authentication Protocol (EAP) o Supports RADIUS 802.11i

    Security and Privacy issues in Wireless Network.

    End users are not security experts, and may not be aware of the risks posed by wireless LANs. Nearly all of the access points running with default configurations have not activated WEP. Most of the users does not change access points default key used by all the vendor's products out of the box. The Wireless Access Points who are enabled with WEP can be cracked easily.

    Wireless Equivalent Privacy (WEP)

    WEP is a protocol that adds security to wireless local area networks (WLANs) based on the 802.11 Wi-Fi standard. WEP algorithm is used to protect wireless communication from eavesdropping and to prevent unauthorized access to a wireless network. The original implementations of WEP supported so-called 40-bit encryption, having a key of length 40 bits and 24 additional bits of systemgenerated data (64 bits total).

    Wireless Equivalent Privacy (WEP) (Cont.)


    40-bit WEP encryption is too easy to decode. 128-bit encryption (key length of 104 bits, not 128 bits). WEP relies on a secret key. WEP uses the RC4 encryption algorithm, which is known as a stream cipher. stream cipher operates by expanding a short key into an infinite pseudo-random key stream.

    Wireless Equivalent Privacy (WEP2)

    A stopgap enhancement to WEP, implement able on some (not all) hardware not able to handle WPA/WPA2, based on:

    Enlarged IV value. Enforced 128-bit encryption

    WEP2 remains vulnerable to known WEP attacks. Keystream for corresponding IV is obtained 1500 bytes for each of the 224 possible IVs 24GB to construct a full table, which would enable the attacker to immediately decrypt each subsequent ciphertext

    WPA (Wi-Fi Protected Access)


    It is also known as WEP+. WEPplus enhances WEP security by avoiding "weak IVs. It is only completely effective when WEPplus is used at both ends of the wireless connection. It remains serious limitation. WPA use Temporal Key Integrity Protocol (TKIP) to addresses the encryption weaknesses of WEP. Key component of WPA is built-in authentication that WEP does not offer. WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

    WPA (Wi-Fi Protected Access) (Cont.)

    One variation of WPA is called WPA Pre Shared Key or WPA-PSK. To use WPA-PSK, a person sets a static key or "passphrase" as with WEP. By using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them. WPA uses the RC4 cipher. Keys are rotated frequently, and the packet counter prevents packet replay or packet reinjection attacks.

    WPA2 (Wi-Fi Protected Access)

    WPA2 (Wi-Fi Protected Access 2) gives wireless networks both confidentiality and data integrity. The Layer 2-based WPA2 better protects the network. WPA2 uses a new encryption method called CCMP (Counter-Mode with CBC-MAC Protocol). CCMP is based on Advanced Encryption Standard (AES). AES is stronger algorithm then RC4.

    Wireless Network Threats


    Traffic Analysis. Passive Eavesdropping. Active Eavesdropping. Unauthorized Access. Man-in-the-middle Session High-Jacking Replay Denial of service (DoS)

    Traffic Analysis
    Traffic analysis allows the attacker to obtain three forms of information.
    The attacker preliminary identify that there is activity on the network. The identification and Physical location of the Wireless Access Point (AP). The type of protocol being used during the transmission.

    Passive Eavesdropping
    Passive Eavesdropping allows the attacker to obtain two forms of information.
    The attacker can read the data transmitted in the session. The attacker can read the information i.e source, destination, size, number and time of transmission.

    Target

    Attacker

    Active Eavesdropping
    Active Eavesdropping allows the attacker inject the data into the communication to decipher the payload. Active Eavesdropping can take into two forms.
    The attacker can modify the packet. The attacker can inject complete packet into the data.

    The WEP by using CRC only check the integrity of the data into the packet.

    Unauthorized Access
    Due to physical properties of the WLAN, the attacker will always have access to the Wireless components of the network. If attacker become successful to get unauthorized access to the network by using brute force attack, man in the middle and denial of service attack, attacker can enjoy the whole network services.

    Man-in-the-Middle

    Session Hi-Jacking

    Methodologies of free Wireless Hacking tools over the internet.

    NetStumbler Kismet Wellenreiter THC-RUT Ethereal AirSnort WEPCrack. coWPAtty

    HostAP WEPWedgie AirSnarf SMAC Aircrack Aircrack-ng WepAttack

            

    Changing Administrator Passwords and Usernames Upgrading your Wifi Encryption Changing the Default System ID MAC Address Filtering Stop Publicly Broadcasting your Network Auto-Connect to Open Wifi Networks? You've got a built-in firewall, so use it Positioning of the Router or Access Point When to Turn Off the Network

    q & a session

    You might also like