Beruflich Dokumente
Kultur Dokumente
WIRELESS LAN
SECURITY
Non-traditional networks
Man-in-the-middle attacks (MITM)
Caffe Latte attack
Ad hoc networks
Malicious association
Etc
Non-traditional networks
Non-traditional networks such as personal network Bluetooth devices are not safe
from cracking and should be regarded as a security risk.
Even barcode readers, handheld PDAs, and wireless printers and copiers should
be secured.
The man-in-the-middle attack (often know as MITM, MitM, MIM, MiM, MITMA)
in cryptography and computer security is a form of active eavesdropping in
which the attacker makes independent connections with the victims and relays
messages between them, making them believe that they are talking directly to
each other over a private connection, when in fact the entire conversation is
controlled by the attacker.
The Cafe Latte attack allows you to obtain a WEP key from a client system.
Briefly, this is done by capturing an ARP packet from the client, manipulating it
and then send it back to the client.
Ad hoc networks
While these types of networks usually have little protection, encryption methods
can be used to provide security.
Malicious association
These types of laptops are known as soft APs(Software Access Point) and
are created when a cyber criminal runs some software that makes his/her
wireless network card look like a legitimate access point
Once the thief has gained access, he/she can steal passwords, launch attacks on
the wired network, or plant Trojans!
Hide SSID
MAC ID filtering
Static IP addressing
Regular WEP
WPAv1
LEAP
WPAv2
Smart cards, USB tokens, and software tokens
RF shielding
Hide SSID
MAC ID filtering
Static IP
addressing
LEAP
This is a very strong form of security. When combined with some server software, the hardware or
software card or token will use its internal identity code combined with a user entered PIN to create a
powerful algorithm that will very frequently generate a new encryption code. The server will be time
synced to the card or token. This is a very secure way to conduct wireless transmissions.
Companies in this area make USB tokens, software tokens, and smart cards.
Currently the safest security measures are the smart cards / USB tokens. However, these are
expensive.
The next safest methods are WPA2 or WPA with a RADIUS server
RF shielding
Its practical in some cases to apply specialized wall paint and window film to a room or building
to significantly attenuate wireless signals, which keeps the signals from propagating outside a
facility.
This can significantly improve wireless security because its difficult for hackers to receive the
signals beyond the controlled area of an enterprise, such as within parking lots.
Despite security measures as encryption, hackers may still be able to crack them. This is done
using several techniques and tools.
End-to-end
encryption
One can argue that both layer 2 and layer 3 encryption methods are not good
enough for protecting valuable data like passwords and personal emails.
Those technologies add encryption only to parts of the communication path, still
allowing people to spy on the traffic if they have gained access to the wired
network somehow
The solution may be encryption and authorization in the application layer, using
technologies like SSL, SSH, GnuPG , PGP and similar.
The disadvantage with the end-to-end method is, it may fail to cover all traffic.
THANK YOU!