Beruflich Dokumente
Kultur Dokumente
FreeEBook&TipsTrik:Wirelessnetworksecurity
0
Mehr NchsterBlog
Blogerstellen Anmelden
FreeEBook&TipsTrik
Kategori
TipsTricksPowerPoint2007(2)
BlogArchive
2009(11)
Juli(11)
Sabtu,25Juli2009
Wirelessnetworksecurity
Inthecurrentglobalizationera,theuseoftheInternetisgrowingrapidly,wecanseethatin
almostallofthishemisphereareconnectedtheinternet.FirsttoconnecttotheInternetmost
peopleusethecable,butthistimefortheconnectiontotheInternetisalreadyabletouse
wireless.Comparedwithusingthemediacable,wirelessadvantageamongmanyuserscan
HowtofindtheurlofaYoutube
video?
connecttheinternetwheneverandwherevertheoriginisstillinthescopeofhotspot,otherthan
Howtosetupawirelesshome
networkwithallcom...
wirelesshasmoreweaknessesthanthecable,especiallyintermsofsecurity.
HowfindtheIPAddressofyour
routertoconfigur...
smartphoneorPDA.MobilephoneandPDAdevicesisaveryflexible,practicalandeasilycarriedto
Howtouseandshowall
keyboardshortcutsinWord...
information.Thetoolisalsoequippedwithamethodofwirelessnetworksystemsthatcanaccess
Wirelessnetworksecurity
StartMenuofWindowsXP,
WindowsVistastyle
thatintermsofdevelopmentcosts,wirelessismuchcheaperwhencomparedtocable.However,
Wirelessnotonlycanbeaccessedthroughanycomputer,wirelesscanalsobeaccessedthrougha
goeverywhere(diviceportable)andeasytouseasatoolthatcansaveanumberofdata/
JULY|2016
theinternetwithoutbeingrestrictedbydistance,timeandplace.butthetoolisstillvulnerableto
thecodethat,becausethetoolisbasicallydesignedinthedesignandnotequippedwithany
protectionorsecuritythatcanprotectdata/informationtobestored.Sothatthetoolisstill
essentialmethodofoperatingsystemthatcanprotectboththedata/informationtobestored
andnirkabelnyanetwork.
WiththeStartButtonStartKiller
3.0
Sincewirelesscommunicationusesamoreamoreopentomediaandcommunicationdigunakanlah
SohowQuickindexedintheBlog
SearchEngine
Security(WTLS)toensurethesecurityofawirelesscomputernetwork.
ATICatalyst9.7,Driver
'integrationist'andVist...
ofwirelesstechnologyisverysignificantinlinewiththeneedsofmobileinformationsystems.Many
ChangingtheDefaultStorage
Location
thewirelessnetworkoneach,butverylittleattentiontothesecurityofdatacommunicationson
SettheNumberofRecent
Documents
Calendar
wiredequivalentPripacy(WEP),WifiProtectedAccess(WPA,WPA2)andWirelessTranspotLayer
Wirelessnetworkshavemoreweaknessthanwiththecablenetwork.Currently,thedevelopment
wirelessserviceproviderssuchascommercialhotspot,ISP,Warnet,campusesandofficesareusing
thenetworkiswireless.Thismakesthehackerbeinterestedtomengexplorekeamampuannyato
performvariousactivitiesthatareusuallyillegaltousewifi.
Manywirelesshackersorthebeginnerindoingwardrivingusingvarioustypesofactivitiesand
methods.Wardrivingisanactivityoreventtogetinformationonawifinetworkandgetaccessto
thewirelessnetwork.Generallyaimstogetinternetconnection,butalsomanythatdoforthe
AboutMe
purposesofaparticularstartfeelingkeingintahuan,trytry,research,jobpraktikum,andother
crimes.
FreeAllEBookTipsTrik
Lihatprofillengkapku
Theweaknessofwirelessnetworksingeneralcanbedividedinto2types,ie,weakness,and
weaknessintheconfigurationonthetypeofencryptionused.Oneexampleoftheweaknessinthe
configurationbecauseatthistimetobuildawirelessnetworkiseasy.Manyvendorsprovidea
facilitythatallowsusersornetworkadminsooftenfoundthatwirelessisstillusingthedefault
wirelessconfigurationdefaultvendor.Writersoftenfindthatwirelessisinstalledonthenetworkis
stillusingthedefaultsettingssuchasvendordefaultSSID,IPAddress,remotemanagement,DHCP
enable,channelfrequency,evenwithoutencryptionuser/passwordforthewirelessadministration.
Variouseffortsinthesecurityofwirelessnetworks
1.HideSSID
ManyadministratorshideServicesSetId(SSID)wirelessnetworkwiththeintentionthattheyonly
knowtheSSIDcanbeconnectedtotheirnetwork.Thisisnotcorrect,becausetheSSIDisnotable
disembuyikanperfectly.Atacertaintime,orespeciallywhentheclientisconnected(assosiate)or
whenitwilldecideitself(deauthentication)ofawirelessnetwork,theclientwillstillsendtheSSIDin
theformofplaintext(evenifusingencryption),soifweintendmenyadapnya,canbeeasytofind
information.SometoolsthatcanbeusedtoobtaintheSSIDdihiddenamongothers,kismet
(kisMAC),ssid_jack(airjack),aircrack,void11andmanymore.
2.Wirelesssecuritywiththemethodswiredequivalentprivacy(WEP)
WEPisastandardsecurity&encryptionusedonthefirstwireless,WEP(wiredequivalentprivacy)is
amethodofsecuringawirelessnetwork,alsocalledtheSharedKeyAuthentication.SharedKey
AuthenticationistheauthenticationmethodthatrequirestheuseofWEP.WEPusesencryption
keysthatareentered(bytheadministrator)totheclientandaccesspoint.Thiskeymustmatch
fromagivenaccesspointtotheclient,theclientisincludedforauthentikasitheaccesspoint,and
haveastandard802.11bWEP.
SharedKeyAuthenticationProcess:
1.clientassociationrequesttoaccesspoint,thisstepisthesameastheOpenSystem
http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html
1/4
7/2/2016
FreeEBook&TipsTrik:Wirelessnetworksecurity
1.clientassociationrequesttoaccesspoint,thisstepisthesameastheOpenSystem
Authentication.
2.accesspointsendschallengetexttotheclienttransparently.
3.clientwillencrypttheresponsewiththechallengetextusingtheWEPkeyandsendbacktothe
accesspoint.
4.accesspointtogiveresponsetoclientfeedback,accesspointwilldotodecryptencrypted
responsesfromtheclienttoverifythatthechallengetextisencryptedusingtheWEPkeyis
appropriate.Intheprocess,theaccesspointwilldetermineiftheclientalreadyprovidesthe
appropriateWEPkey.IftheWEPkeyprovidedbytheclientiscorrect,thentheaccesspointwill
respondpositivelyanddirectlytoauthentikasiclient.However,iftheWEPkeyisenteredtheclientis
incorrect,thentheaccesspointwillrespondnegativelyandtheclientwillnotbeauthentikasi.Thus,
theclientwillnotterauthentikasiandnotterasosiasi.
AccordingtoAriefHamdaniGunawan,DataCommunicationviatheIEEE802.11,SharedKey
AuthenticationseemstobemoresecurefromtheOpenSystemAuthentication,butnotinreality.
SharedKeyevenopenthedoorforitorcracker.Itisimportanttounderstandtworoadsusedby
theWEP.WEPcanbeusedtoverifytheidentityoftheclientduringtheprocessofauthentikasi
sharedkey,butcanalsobeusedformendecryptionofdatasentbytheclientthroughtheaccess
point.
WEPhasmanyweaknesses,amongothers:
Issueaweakkey,theRC4algorithmusedcanbesolved.
WEPkeyusingastatic
Problemsinitializationvector(IV)WEP
messageintegrityissuesCyclicredundancycheck(CRC32)
WEPhastwolevels,namely64bitkey,and128bits.InfactthekeytothesecretWEPkey64bit
only40bit,and24bitistheinitialisationvector(IV).Likewiseinthe128bitWEPkey,secretkey
consistsof104bit.
AttacksontheweaknessofWEPare:
Theattackontheweaknessesinitializationvector(IV),oftencalledfmSattack.FmSabbreviation
ofthenameofthethirdweaknessIVinventorofFluhrer,Mantin,andShamir.Theattackiscarried
outbycollectingtheweakIVasmuchaspossible.ThemoretheweakIV,quicklyfoundthekeythat
isused
ObtainIVisuniquethroughthepacketdatatobeprocessedfortheprocessofcrackingtheWEP
keymorequickly.Thisiscalledchoppingattack,wasfirstfoundbyh1kari.Thistechniqueonly
requiresauniqueIVwillreducetheneedofIVintheweakWEPcracking.
Boththeattackandtakeoverthepacketenough,toshortenthetime,thehackersusuallydo
trafficinjection.TrafficInjectionthatisoftendonewiththewaytheARPpacketandsendbackto
theaccesspoint.Thisresultedintheinitialcollectionvectorsmoreeasilyandquickly.Unlikethefirst
andsecondattack,theattacktrafficforinjection,requiredspecificationoftoolsandapplications
thatstartrarelyfoundinshops,fromthechipset,firmwareversion,anddriverversion,andnot
infrequentlyhadtodothepatchingofthedriverandapplication.
3.WirelesssecuritywiththemethodsofWIFIProtectedAccsess(WPA)
IsasecretifWEP(wiredequivalentprivacy)isnolongerabletoprovidereliablewirelessconnection
(wireless)ulahsafefromtheusilorwanttotakeadvantageofwhatwehavewiththejargon
knownhackers.NotlongaftertheprocessofWEP,thefragilityinthecryptographyaspectsofthe
show.
VarietyofresearchhasbeendoneabouttheWEPandtheconclusionisthatalthoughawireless
networkprotectedbyWEP,thirdparties(hackers)canstillenterbreak.Ahackerwhohasa
wirelessequipmentpickupandsoftwareequipmentusedtocollectandanalyzeenoughdata,can
knowtheencryptionkeyisused.
TheweaknessoftheWEP,hasdevelopedanewtechniquecalledsecurityasWPA(WiFiProtected
Access).TechnicalWPAiscompatiblewiththemodelspecificationdraftIEEE802.11istandard.This
techniquehasseveralgoalsinthedesign,namelysolid,interoperasi,abletobeusedtoreplace
WEP,canbeimplementedinthehomeorcorporateuser,andisavailabletothepublicassoonas
possible.TheexistenceoftheWPA"replace"WPE,whethertruefeelingsof"calm"isobtained?
Therearealotofresponsesproandcontraaboutit.Therearesomewhosay,WPAencryption
mechanismhasastronger.However,therearepessimisticbecausetheflowofcommunicationthat
isusedisnotsafe,wherethetechnicalmaninthemiddlecanbeusedtoseekaprocessofdata.
WPAsothatthegoalisreached,atleasttwoofthemainsecurityarrangements.WPAwas
establishedtechniquestoprovideencryptionofdatathatpointtobeweakWEP,andprovidesuser
authenticationthatseemslostonthedevelopmentoftheconceptofWEP.
TechniquesdesignedWPAreplacesWEPsecuritymethod,whichusesstatickeysecurity,usingTKIP
(TemporalKeyIntegrityProtocol)whichisabletodynamicallychangeafter10,000packetsofdata
transmitted.TKIPprotocolwilltakethekeyasastartingpointandthenchangedregularlysothere
isnoencryptionkeyisusedtwice.Backgroundprocessisdoneautomaticallywithouttheuser.Do
withtheencryptionkeyregenerationapproximatelyeveryfiveminutes,aWiFinetworkusingWPA
hasslowedtheworkofhackerstryingtomakekeycrackingtools.
Whileusingthestandardencryption64and128bits,suchasthetechnologyWEP,WPATKIPmake
tobecomemoreeffectiveasanencryptionmechanism.However,problemssuchasadecreasein
throughputdikeluhkanbytheuser,suchaswirelessnetworkdoesnotmeetthestandardanswer
fromthedocumentyouarelookingfor.For,theproblemsassociatedwiththethroughputisvery
dependentonthehardware,themorespecificisthechipsetused.Contentionatthistime,ifthe
decreaseinthroughputoccurredintheimplementationofWEP,thelevelofreductionwillbemuch
greateriftheWPAandTKIPimplementedalthoughsomeclaimthattheproducthasbeena
decreaseinthroughput,withtheuseofthechipsetgreatercapacityandcapability.
http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html
2/4
7/2/2016
FreeEBook&TipsTrik:Wirelessnetworksecurity
AuthenticationprocessusingWPAand802.1xEAP(ExtensibleAuthenticationProtocol).
Simultaneously,theimplementationwillprovideastrongframeworkintheprocessofuser
Authentication.FrameworkwilltakeautilizationAuthenticationcentralizedserver,suchasRadius,
Authenticationuserstodobeforejoiningthewirelessnetwork.Alsoappliedtomutual
authentification,thewirelessnetworksousersdonotdeliberatelytojoinanothernetworkthatmay
bestealingtheidentityoftheirnetwork.
MechanismAESencryption(AdvancedEncryptionStandard)adoptedseemsakanWPA
Authenticationmechanismwiththeuser.However,AEShasnotseemnecessarybecauseTKIP
predictedaframeworkabletoprovideverystrongencryptionisnotyetknownthoughforhowlong
cansurviveketangguhannya.
Technologyforthewirelessuser,thequestionisnotdititikberatkantheunderstanding
bahwaWPAadalahbetterthanWEP,butismoreefficienttoimprovisationthatiscapableof
completewirelesssecurityproblemsatthistime.Inthefuture,wewillholdtheuserisking.Whatis
requiredoftheuser'swirelesstechnologyiseasytousethattechnology.Tobeabletousethe
"excess"oftheWPA,theusermusthavethehardwareandsoftwarecompatiblewiththestandard.
Fromthehardwareside,itmeansthatthewirelessaccesspointsandwirelessNIC(Network
InterfaceCard)thatisusedmustrecognizeWPAstandard.Unfortunately,somehardware
manufacturerswillnotsupportWPAviafirmwareupgrade,sousersareforcedtobuyasanew
wirelesshardwaretouseWPA.
Fromthesoftware,noWindowsoperatingsystemthatsupportsWPAbydefault.Computersthat
useWindowsoperatingsystemwithhardwarecompatiblewiththeWPAstandardcanimplement
aftertheWPAclient.WPAclientcanworkonthenewoperatingsystemWindowsServer2003and
WindowsXP.Fortheotheroperatingsystemusershavenotyetfoundinformationaboutthe
possibilityofimplementingtheWPA.
TomigratetheimplementationofhardwareandWPAcanbethoughtofasaverybigjob.
Fortunately,itisnotsomethingthatshouldbedoneatthesametime.WirelessAccessPointscan
supportWPAandWEPatthesametime.ThisallowsmigrationtoslowimplementationoftheWPA.
Inthewirelessnetworksthatrequireahighlevelofsecuritylevel,variationsinthesystemmadefor
additionalproprietarystandardWiFitransmission.Ondevelopment,somemanufacturershave
developedaWiFiencryptiontechnologytoaccommodatetheneedsofthesecurityofwireless
networks.
4.MACFiltering
AlmosteverywirelessaccesspointorrouterwithsecurityfacilitatedMACFiltering.Thisisnot
actuallymuchhelptosecurethewirelesscommunication,becausetheMACaddressiseasy
dispoofingorevenamended.ToolsifconfiginOSLinux/Unixoravarietyofnetworktoolssptutilitis,
regedit,smac,machangeonwindowsOSwitheasytouseforchangingorspoofingtheMAC
address.TheauthorisstilloftenfindwifiintheofficeandeventheISP(whichisusuallyusedby
warnetwarnet)thatonlyuseMACFilteringprotection.Byusingwardrivingapplicationslikekismet/
aircrackorkisMACtools,informationcanbeobtainedbytheMACaddressofeachclientthatare
connectedtoanAccessPoint.Aftergettingthisinformation,wecanconnecttotheAccesspointto
changewiththeMACinaccordancewiththeclientearlier.Inthewirelessnetwork,MACaddress
duplicationdoesnotleadtoconflict.OnlyneedadifferentIPtotheclientbeforethat.
5.Captiveportal
Captiveportalinfrastructureoriginallydesignedforacommunitythatallowsallpeoplecanconnect
(opennetwork).Captiveportalengineisactuallyarouterorgatewaythatdoesnotprotectorallow
theusertraffictomakearegistration/authentication.Here'showworkplacecaptiveportal:
userswithwirelessclientallowedtoconnectwirelesstogettheIPaddress(DHCP).
blockalltrafficexceptforthecaptiveportal(Registration/WebbasedAuthentication),whichis
locatedonthecablenetwork.
belokkanorredirectallwebtraffictothecaptiveportal
aftertheuserperformregistrationorlogin,allowaccesstothenetwork(internet)
Somethingstonote,thatthecaptiveportalonlyperformtrackingbasedontheIPconnectionclient
and MAC address after authentication. This makes possible for the captive portal is used for
authenticationwithoutIPandMACaddresscandispoofing.AttackswithIPspoofingandMAC.MAC
addressspoofing,asalreadydescribedinsection4above.MediumtoIPspoofing,whichrequired
moreeffortthatisusingtheARPcachepoisoning,wecanredirecttrafficfromaclientthathas
beenconnectedbefore.AttacksthatarequiteeasytodousingtheRogueAP,AccessPointthatis
setup(usuallyusingHostAP)thatusecomponentssuchasthesameinformationasthetargetAP
SSID,BSSIDandchannelfrequencyisused.SowhenaclientthatisconnectedtotheAPmadeus,
we can divert traffic to the actual AP. Not infrequently captive portal built on a hotspot has a
weaknessinthenetworkconfigurationordesign.Forexample,authenticationisstillusingplaintext
(http),networkmanagementcanbeaccessedviawireless(theoneonthenetwork),andmany
more.Anotherweaknessofthecaptiveportalisthatthecommunicationofdataortrafficwhen
authenticationisconducted(connectednetwork)willbesentisstillnotencrypted,soitcaneasily
disadap by the hacker. For that need to be careful connecting the hotspot network, in order to
exploitthesecurecommunicationsprotocolsuchashttps,pop3s,ssh,imapsff.
DiposkanolehFreeAllEBookTipsTrikdi01.12
0komentar:
PoskanKomentar
http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html
3/4
7/2/2016
FreeEBook&TipsTrik:Wirelessnetworksecurity
Linkkepostingini
BuatsebuahLink
<<PostingLebihBaru
Beranda
PostingLama>>
Langganan:PoskanKomentar(Atom)
links2
Adakesalahandidalamgadgetini
Adakesalahandidalamgadgetini
Pengikut
Jointhissite
withGoogleFriendConnect
Members(1)
Alreadyamember?Signin
BloggertemplatesmadebyAllBlogTools.com
http://myebooktips.blogspot.de/2009/07/wirelessnetworksecurity.html
BacktoTOP
4/4