7/2/2016

FreeEBook&TipsTrik:Wirelessnetworksecurity
0

Mehr NchsterBlog

Blogerstellen Anmelden

FreeEBook&TipsTrik

Kategori
TipsTricksPowerPoint2007(2)

BlogArchive
2009(11)
Juli(11)

Sabtu,25Juli2009

Wirelessnetworksecurity
Inthecurrentglobalizationera,theuseoftheInternetisgrowingrapidly,wecanseethatin
almostallofthishemisphereareconnectedtheinternet.FirsttoconnecttotheInternetmost
peopleusethecable,butthistimefortheconnectiontotheInternetisalreadyabletouse
wireless.Comparedwithusingthemediacable,wirelessadvantageamongmanyuserscan

HowtofindtheurlofaYoutube
video?

connecttheinternetwheneverandwherevertheoriginisstillinthescopeofhotspot,otherthan

Howtosetupawirelesshome
networkwithallcom...

wirelesshasmoreweaknessesthanthecable,especiallyintermsofsecurity.

HowfindtheIPAddressofyour
routertoconfigur...

smartphoneorPDA.MobilephoneandPDAdevicesisaveryflexible,practicalandeasilycarriedto

Howtouseandshowall
keyboardshortcutsinWord...

information.Thetoolisalsoequippedwithamethodofwirelessnetworksystemsthatcanaccess

Wirelessnetworksecurity
StartMenuofWindowsXP,
WindowsVistastyle

thatintermsofdevelopmentcosts,wirelessismuchcheaperwhencomparedtocable.However,
Wirelessnotonlycanbeaccessedthroughanycomputer,wirelesscanalsobeaccessedthrougha
goeverywhere(diviceportable)andeasytouseasatoolthatcansaveanumberofdata/

JULY|2016

theinternetwithoutbeingrestrictedbydistance,timeandplace.butthetoolisstillvulnerableto
thecodethat,becausethetoolisbasicallydesignedinthedesignandnotequippedwithany
protectionorsecuritythatcanprotectdata/informationtobestored.Sothatthetoolisstill
essentialmethodofoperatingsystemthatcanprotectboththedata/informationtobestored
andnirkabelnyanetwork.

WiththeStartButtonStartKiller
3.0

Sincewirelesscommunicationusesamoreamoreopentomediaandcommunicationdigunakanlah

SohowQuickindexedintheBlog
SearchEngine

Security(WTLS)toensurethesecurityofawirelesscomputernetwork.

ATICatalyst9.7,Driver
'integrationist'andVist...

ofwirelesstechnologyisverysignificantinlinewiththeneedsofmobileinformationsystems.Many

ChangingtheDefaultStorage
Location

thewirelessnetworkoneach,butverylittleattentiontothesecurityofdatacommunicationson

SettheNumberofRecent
Documents

Calendar

wiredequivalentPripacy(WEP),WifiProtectedAccess(WPA,WPA2)andWirelessTranspotLayer
Wirelessnetworkshavemoreweaknessthanwiththecablenetwork.Currently,thedevelopment
wirelessserviceproviderssuchascommercialhotspot,ISP,Warnet,campusesandofficesareusing
thenetworkiswireless.Thismakesthehackerbeinterestedtomengexplorekeamampuannyato
performvariousactivitiesthatareusuallyillegaltousewifi.
Manywirelesshackersorthebeginnerindoingwardrivingusingvarioustypesofactivitiesand
methods.Wardrivingisanactivityoreventtogetinformationonawifinetworkandgetaccessto
thewirelessnetwork.Generallyaimstogetinternetconnection,butalsomanythatdoforthe

AboutMe

purposesofaparticularstartfeelingkeingintahuan,trytry,research,jobpraktikum,andother
crimes.

FreeAllEBookTipsTrik
Lihatprofillengkapku

Theweaknessofwirelessnetworksingeneralcanbedividedinto2types,ie,weakness,and
weaknessintheconfigurationonthetypeofencryptionused.Oneexampleoftheweaknessinthe
configurationbecauseatthistimetobuildawirelessnetworkiseasy.Manyvendorsprovidea
facilitythatallowsusersornetworkadminsooftenfoundthatwirelessisstillusingthedefault
wirelessconfigurationdefaultvendor.Writersoftenfindthatwirelessisinstalledonthenetworkis
stillusingthedefaultsettingssuchasvendordefaultSSID,IPAddress,remotemanagement,DHCP
enable,channelfrequency,evenwithoutencryptionuser/passwordforthewirelessadministration.
Variouseffortsinthesecurityofwirelessnetworks
1.HideSSID
ManyadministratorshideServicesSetId(SSID)wirelessnetworkwiththeintentionthattheyonly
knowtheSSIDcanbeconnectedtotheirnetwork.Thisisnotcorrect,becausetheSSIDisnotable
disembuyikanperfectly.Atacertaintime,orespeciallywhentheclientisconnected(assosiate)or
whenitwilldecideitself(deauthentication)ofawirelessnetwork,theclientwillstillsendtheSSIDin
theformofplaintext(evenifusingencryption),soifweintendmenyadapnya,canbeeasytofind
information.SometoolsthatcanbeusedtoobtaintheSSIDdihiddenamongothers,kismet
(kisMAC),ssid_jack(airjack),aircrack,void11andmanymore.

2.Wirelesssecuritywiththemethodswiredequivalentprivacy(WEP)
WEPisastandardsecurity&encryptionusedonthefirstwireless,WEP(wiredequivalentprivacy)is
amethodofsecuringawirelessnetwork,alsocalledtheSharedKeyAuthentication.SharedKey
AuthenticationistheauthenticationmethodthatrequirestheuseofWEP.WEPusesencryption
keysthatareentered(bytheadministrator)totheclientandaccesspoint.Thiskeymustmatch
fromagivenaccesspointtotheclient,theclientisincludedforauthentikasitheaccesspoint,and
haveastandard802.11bWEP.
SharedKeyAuthenticationProcess:
1.clientassociationrequesttoaccesspoint,thisstepisthesameastheOpenSystem
http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html

1/4

7/2/2016

FreeEBook&TipsTrik:Wirelessnetworksecurity
1.clientassociationrequesttoaccesspoint,thisstepisthesameastheOpenSystem
Authentication.
2.accesspointsendschallengetexttotheclienttransparently.
3.clientwillencrypttheresponsewiththechallengetextusingtheWEPkeyandsendbacktothe
accesspoint.
4.accesspointtogiveresponsetoclientfeedback,accesspointwilldotodecryptencrypted
responsesfromtheclienttoverifythatthechallengetextisencryptedusingtheWEPkeyis
appropriate.Intheprocess,theaccesspointwilldetermineiftheclientalreadyprovidesthe
appropriateWEPkey.IftheWEPkeyprovidedbytheclientiscorrect,thentheaccesspointwill
respondpositivelyanddirectlytoauthentikasiclient.However,iftheWEPkeyisenteredtheclientis
incorrect,thentheaccesspointwillrespondnegativelyandtheclientwillnotbeauthentikasi.Thus,
theclientwillnotterauthentikasiandnotterasosiasi.
AccordingtoAriefHamdaniGunawan,DataCommunicationviatheIEEE802.11,SharedKey
AuthenticationseemstobemoresecurefromtheOpenSystemAuthentication,butnotinreality.
SharedKeyevenopenthedoorforitorcracker.Itisimportanttounderstandtworoadsusedby
theWEP.WEPcanbeusedtoverifytheidentityoftheclientduringtheprocessofauthentikasi
sharedkey,butcanalsobeusedformendecryptionofdatasentbytheclientthroughtheaccess
point.
WEPhasmanyweaknesses,amongothers:
Issueaweakkey,theRC4algorithmusedcanbesolved.
WEPkeyusingastatic
Problemsinitializationvector(IV)WEP
messageintegrityissuesCyclicredundancycheck(CRC32)
WEPhastwolevels,namely64bitkey,and128bits.InfactthekeytothesecretWEPkey64bit
only40bit,and24bitistheinitialisationvector(IV).Likewiseinthe128bitWEPkey,secretkey
consistsof104bit.
AttacksontheweaknessofWEPare:
Theattackontheweaknessesinitializationvector(IV),oftencalledfmSattack.FmSabbreviation
ofthenameofthethirdweaknessIVinventorofFluhrer,Mantin,andShamir.Theattackiscarried
outbycollectingtheweakIVasmuchaspossible.ThemoretheweakIV,quicklyfoundthekeythat
isused
ObtainIVisuniquethroughthepacketdatatobeprocessedfortheprocessofcrackingtheWEP
keymorequickly.Thisiscalledchoppingattack,wasfirstfoundbyh1kari.Thistechniqueonly
requiresauniqueIVwillreducetheneedofIVintheweakWEPcracking.
Boththeattackandtakeoverthepacketenough,toshortenthetime,thehackersusuallydo
trafficinjection.TrafficInjectionthatisoftendonewiththewaytheARPpacketandsendbackto
theaccesspoint.Thisresultedintheinitialcollectionvectorsmoreeasilyandquickly.Unlikethefirst
andsecondattack,theattacktrafficforinjection,requiredspecificationoftoolsandapplications
thatstartrarelyfoundinshops,fromthechipset,firmwareversion,anddriverversion,andnot
infrequentlyhadtodothepatchingofthedriverandapplication.
3.WirelesssecuritywiththemethodsofWIFIProtectedAccsess(WPA)
IsasecretifWEP(wiredequivalentprivacy)isnolongerabletoprovidereliablewirelessconnection
(wireless)ulahsafefromtheusilorwanttotakeadvantageofwhatwehavewiththejargon
knownhackers.NotlongaftertheprocessofWEP,thefragilityinthecryptographyaspectsofthe
show.
VarietyofresearchhasbeendoneabouttheWEPandtheconclusionisthatalthoughawireless
networkprotectedbyWEP,thirdparties(hackers)canstillenterbreak.Ahackerwhohasa
wirelessequipmentpickupandsoftwareequipmentusedtocollectandanalyzeenoughdata,can
knowtheencryptionkeyisused.
TheweaknessoftheWEP,hasdevelopedanewtechniquecalledsecurityasWPA(WiFiProtected
Access).TechnicalWPAiscompatiblewiththemodelspecificationdraftIEEE802.11istandard.This
techniquehasseveralgoalsinthedesign,namelysolid,interoperasi,abletobeusedtoreplace
WEP,canbeimplementedinthehomeorcorporateuser,andisavailabletothepublicassoonas
possible.TheexistenceoftheWPA"replace"WPE,whethertruefeelingsof"calm"isobtained?
Therearealotofresponsesproandcontraaboutit.Therearesomewhosay,WPAencryption
mechanismhasastronger.However,therearepessimisticbecausetheflowofcommunicationthat
isusedisnotsafe,wherethetechnicalmaninthemiddlecanbeusedtoseekaprocessofdata.
WPAsothatthegoalisreached,atleasttwoofthemainsecurityarrangements.WPAwas
establishedtechniquestoprovideencryptionofdatathatpointtobeweakWEP,andprovidesuser
authenticationthatseemslostonthedevelopmentoftheconceptofWEP.
TechniquesdesignedWPAreplacesWEPsecuritymethod,whichusesstatickeysecurity,usingTKIP
(TemporalKeyIntegrityProtocol)whichisabletodynamicallychangeafter10,000packetsofdata
transmitted.TKIPprotocolwilltakethekeyasastartingpointandthenchangedregularlysothere
isnoencryptionkeyisusedtwice.Backgroundprocessisdoneautomaticallywithouttheuser.Do
withtheencryptionkeyregenerationapproximatelyeveryfiveminutes,aWiFinetworkusingWPA
hasslowedtheworkofhackerstryingtomakekeycrackingtools.
Whileusingthestandardencryption64and128bits,suchasthetechnologyWEP,WPATKIPmake
tobecomemoreeffectiveasanencryptionmechanism.However,problemssuchasadecreasein
throughputdikeluhkanbytheuser,suchaswirelessnetworkdoesnotmeetthestandardanswer
fromthedocumentyouarelookingfor.For,theproblemsassociatedwiththethroughputisvery
dependentonthehardware,themorespecificisthechipsetused.Contentionatthistime,ifthe
decreaseinthroughputoccurredintheimplementationofWEP,thelevelofreductionwillbemuch
greateriftheWPAandTKIPimplementedalthoughsomeclaimthattheproducthasbeena
decreaseinthroughput,withtheuseofthechipsetgreatercapacityandcapability.

http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html

2/4

7/2/2016

FreeEBook&TipsTrik:Wirelessnetworksecurity
AuthenticationprocessusingWPAand802.1xEAP(ExtensibleAuthenticationProtocol).
Simultaneously,theimplementationwillprovideastrongframeworkintheprocessofuser
Authentication.FrameworkwilltakeautilizationAuthenticationcentralizedserver,suchasRadius,
Authenticationuserstodobeforejoiningthewirelessnetwork.Alsoappliedtomutual
authentification,thewirelessnetworksousersdonotdeliberatelytojoinanothernetworkthatmay
bestealingtheidentityoftheirnetwork.
MechanismAESencryption(AdvancedEncryptionStandard)adoptedseemsakanWPA
Authenticationmechanismwiththeuser.However,AEShasnotseemnecessarybecauseTKIP
predictedaframeworkabletoprovideverystrongencryptionisnotyetknownthoughforhowlong
cansurviveketangguhannya.
Technologyforthewirelessuser,thequestionisnotdititikberatkantheunderstanding
bahwaWPAadalahbetterthanWEP,butismoreefficienttoimprovisationthatiscapableof
completewirelesssecurityproblemsatthistime.Inthefuture,wewillholdtheuserisking.Whatis
requiredoftheuser'swirelesstechnologyiseasytousethattechnology.Tobeabletousethe
"excess"oftheWPA,theusermusthavethehardwareandsoftwarecompatiblewiththestandard.
Fromthehardwareside,itmeansthatthewirelessaccesspointsandwirelessNIC(Network
InterfaceCard)thatisusedmustrecognizeWPAstandard.Unfortunately,somehardware
manufacturerswillnotsupportWPAviafirmwareupgrade,sousersareforcedtobuyasanew
wirelesshardwaretouseWPA.
Fromthesoftware,noWindowsoperatingsystemthatsupportsWPAbydefault.Computersthat
useWindowsoperatingsystemwithhardwarecompatiblewiththeWPAstandardcanimplement
aftertheWPAclient.WPAclientcanworkonthenewoperatingsystemWindowsServer2003and
WindowsXP.Fortheotheroperatingsystemusershavenotyetfoundinformationaboutthe
possibilityofimplementingtheWPA.
TomigratetheimplementationofhardwareandWPAcanbethoughtofasaverybigjob.
Fortunately,itisnotsomethingthatshouldbedoneatthesametime.WirelessAccessPointscan
supportWPAandWEPatthesametime.ThisallowsmigrationtoslowimplementationoftheWPA.
Inthewirelessnetworksthatrequireahighlevelofsecuritylevel,variationsinthesystemmadefor
additionalproprietarystandardWiFitransmission.Ondevelopment,somemanufacturershave
developedaWiFiencryptiontechnologytoaccommodatetheneedsofthesecurityofwireless
networks.
4.MACFiltering
AlmosteverywirelessaccesspointorrouterwithsecurityfacilitatedMACFiltering.Thisisnot
actuallymuchhelptosecurethewirelesscommunication,becausetheMACaddressiseasy
dispoofingorevenamended.ToolsifconfiginOSLinux/Unixoravarietyofnetworktoolssptutilitis,
regedit,smac,machangeonwindowsOSwitheasytouseforchangingorspoofingtheMAC
address.TheauthorisstilloftenfindwifiintheofficeandeventheISP(whichisusuallyusedby
warnetwarnet)thatonlyuseMACFilteringprotection.Byusingwardrivingapplicationslikekismet/
aircrackorkisMACtools,informationcanbeobtainedbytheMACaddressofeachclientthatare
connectedtoanAccessPoint.Aftergettingthisinformation,wecanconnecttotheAccesspointto
changewiththeMACinaccordancewiththeclientearlier.Inthewirelessnetwork,MACaddress
duplicationdoesnotleadtoconflict.OnlyneedadifferentIPtotheclientbeforethat.
5.Captiveportal
Captiveportalinfrastructureoriginallydesignedforacommunitythatallowsallpeoplecanconnect
(opennetwork).Captiveportalengineisactuallyarouterorgatewaythatdoesnotprotectorallow
theusertraffictomakearegistration/authentication.Here'showworkplacecaptiveportal:
userswithwirelessclientallowedtoconnectwirelesstogettheIPaddress(DHCP).
blockalltrafficexceptforthecaptiveportal(Registration/WebbasedAuthentication),whichis
locatedonthecablenetwork.
belokkanorredirectallwebtraffictothecaptiveportal
aftertheuserperformregistrationorlogin,allowaccesstothenetwork(internet)
Somethingstonote,thatthecaptiveportalonlyperformtrackingbasedontheIPconnectionclient
and MAC address after authentication. This makes possible for the captive portal is used for
authenticationwithoutIPandMACaddresscandispoofing.AttackswithIPspoofingandMAC.MAC
addressspoofing,asalreadydescribedinsection4above.MediumtoIPspoofing,whichrequired
moreeffortthatisusingtheARPcachepoisoning,wecanredirecttrafficfromaclientthathas
beenconnectedbefore.AttacksthatarequiteeasytodousingtheRogueAP,AccessPointthatis
setup(usuallyusingHostAP)thatusecomponentssuchasthesameinformationasthetargetAP
SSID,BSSIDandchannelfrequencyisused.SowhenaclientthatisconnectedtotheAPmadeus,
we can divert traffic to the actual AP. Not infrequently captive portal built on a hotspot has a
weaknessinthenetworkconfigurationordesign.Forexample,authenticationisstillusingplaintext
(http),networkmanagementcanbeaccessedviawireless(theoneonthenetwork),andmany
more.Anotherweaknessofthecaptiveportalisthatthecommunicationofdataortrafficwhen
authenticationisconducted(connectednetwork)willbesentisstillnotencrypted,soitcaneasily
disadap by the hacker. For that need to be careful connecting the hotspot network, in order to
exploitthesecurecommunicationsprotocolsuchashttps,pop3s,ssh,imapsff.
DiposkanolehFreeAllEBookTipsTrikdi01.12

0komentar:
PoskanKomentar

http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html

3/4

7/2/2016

FreeEBook&TipsTrik:Wirelessnetworksecurity
Linkkepostingini
BuatsebuahLink
<<PostingLebihBaru

Beranda

PostingLama>>
Langganan:PoskanKomentar(Atom)

links2

Adakesalahandidalamgadgetini

Adakesalahandidalamgadgetini

Pengikut

Jointhissite
withGoogleFriendConnect

Members(1)

Alreadyamember?Signin

BloggertemplatesmadebyAllBlogTools.com

http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html

BacktoTOP

4/4