HACKING & INFORMATION SECURITY

Presents:

WiFi SECURITY

-With TechNext
 We AreThe Speakers

Sudarshan Pawar

Certified Security Expert(C.S.E.)

Certified Information Security Specialist (C.I.S.S.)
Security Xplained (TechNext Speaker)
Computer Engg.
& a Security Professional

Prakashchandra Suthar
Security Enthusiast
Cisco Certified Network Associate
Red Hat Linux Certified
Security Xplained (TechNext Speaker)
Computer Engg
Security Researcher.
 Topics to be covered
Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
We are not including stats, history, who did what/when/why-> Bcoz its Booooring.!!! U can
google them later.!
Current Generation
 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
 Wifi Basics

WiFi(Wireless Fidelity)->Wireless
networks(commonly referred as WLAN
Developed on IEEE 802.11 standards
Wireless networks include: Bluetooth, Infrared
communication, Radio Signal etc.
Components used:
o Wireless Client Receiver
o Access Point
o Antennas
 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
 Extension to a wired network

(EXTENSION POINT)

(BROADBAND ROUTER)

(ACCESS POINT)
 Multiple Access points

(ACCESS POINT-2)

(BROADBAND ROUTER)

(ACCESS POINT-1)
 LAN -2-LAN

LAN-1 LAN-2
3g Hotspot
Internet

GPRS
3G
4G
 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
How many of you have tried this???
 WiFi Standards
Points 802.11b 802.11a 802.11g 802.11n

Extension to 802.11 802.11 802.11a 802.11g

Bandwidth (Mhz) 20 (11Mbps) 20 (54Mbps) 20 (54Mbps) 20 (54Mbps)

40 (150Mbps)
Frequency(Ghz) 2.4 5 2.4 2.4, 5

Pros Lowest cost; fast maximum fast maximum fastest maximum

signal range is speed; regulated speed; signal speed and best
good and not frequencies range is good and signal range;
easily obstructed prevent signal not easily more resistant to
interference from obstructed signal
other devices interference from
outside sources

Cons slowest highest cost; costs more than standard is not

maximum speed shorter range 802.11b; yet finalized;
signal that is appliances may
more easily interfere on the
obstructed unregulated
signal frequency
Are u seriously concerned about wifi
security????? Be honest!
 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
 WEP(Wired Equivalence Privacy)
The first encryption scheme made available
for Wi-Fi.
Uses 24 bit initialization vector for cipher
stream RC4 for confidentiality
CRC-32 bit checksum for integrity.
Typically used by home users.
Uses 64,128, 256 bit keys
Flawed from the get go.
 WEP Working
KEY RC4
STORE WEP Key IV CIPHER KEYSTREAM

XOR
CRC 32 DATA ICV ALGO.
CHECKSUM

IV PAD KID CIPHERTEXT

WEP ENCRYPTED
PACKET(MAC FRAME)
 WEP Weakness
1. Key management and key size
2. 24 bit IV size is less.
3. The ICV algorithm is not appropriate
4. Use of RC4 algorithm is weak
5. Authentication messages can be easily forged
Wep Broken beyond repair
 WPA (Wi-Fi Protected Access)
Data Encryption for WLAN based on 802.11 std.
Improved Encryption & Authentication Method.
Uses TKIP
Based on WEP
Michael algorithm
Hardware changes not required
Firmware update

Types
1. Personal 2. Enterprise
PSK 802.1x + RADIUS
 WPA Working
Temporary
KEY WEP RC4
Encryption key KEYSTREAM
MIXING SEED CIPHER
Transmit
Address
T.S.C.

MAC IV KID EIV CIPHER TEXT

HEADER

( PACKET TO BE TRANSMITTED )

MSDU
MICHAELS MPDU ICV
ALGORITHM MSDU + MIC KEY
MIC KEY
 WPA2
Long Term Solution (802.11)
Stronger Data protection & Network access control
Used CCMP
Based on AES
Hardware changes required

Types
1. Personal Pre Shared Key
2. Enterprise 802.1x + RADIUS
WPA2 Working

Source: EC Council
Source: someecards
 Breaking WPA/WPA2
Dictionary Attacks(Not so successful, but yeah
some time)
Brute Force(tools like: Kismac, Aireplay etc)
WPA PSK
 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
 Security breaching sequence
Find the network

Study its traffic

Study Security
mechanisms

ATTACK!!!!!!!!
(i.e. Decrypt the
packets)
 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
DOS

BEFORE ATTACK
 Access point is busy handling attackers request

AFTER ATTACK
 Man In The Middle Attack(MITM)
Before
After
 ARP Poisoning/Spoofing

Source: http://securitymusings.com/wp-content/uploads/2008/12/arp-spoofing.png
WiFi JAMMING.
WiFi JAMMING.
Fake Access Points

SSID: XYZ Bank

Fake Access Points

SSID: XYZ Bank

 Basics of Wifi
Types of wireless networks
Wireless Standards(802.11 series)
Encryption Algorithms
Wireless hacking methodology
ATTACKS(commonly encountered)
Staying secure(Defense)
Security Tools
 Defense against WPA / WPA2 attacks

Extremely Complicated keys can help

Passphrase should not one from dictionary, so
use uncommon-senseless words.
Key should be more than 20 chars with
combination of special chars, numbers,
alphabets. Change them at regular intervals.
#eY,t#!$c@/\/_B-gUd0n3?@$sW0rD
 Security Checkboxes

1. WPA instead of WEP

2. WPA2 Enterprise implementation
3. Place AP at secured location.
4. Centralized authentication & Update Drivers
regularly.
5. Changing default SSID after Configuring
WLAN
6. Firewall policies & Router access Password
 Security Checkboxes(contd)

1. MAC add. Filtering

2. Encryption at Access Point
3. Packet Filtering between AP
4. Network Strength configuration.
5. Use Ipsecs for encryption on WLANS
6. Check out for Rogue Access Points
 Wi-Fi Security Auditing Tools
AirMagnet Wifi Analyzer
AirDefense
Adaptive wireless IPS
ARUBA RF Protect WIPS
And many others
?
 Questions?

What you want to ask, many already have that same question
on their mind. Be bold and lead

OK, if you dont want to speak and keep shut and keep
thinking about it in your mind and take those questions home,
make sure you email those to us and sleep well at night!
What should be our topic for the next meet?

I hate to ask but, how can we make this better?