Abstract:
Wireless networks are already widely used throughout the world. People rely on them to connect to each other without the need to fight with cables and worry about mobility. Wireless is used in environments ranging from homes to airports and large metropolitan areas. However, with all this flow of information through the air we need to take security measures. This is what Atanas Dyulgerov talked about. He gave a basic intro to Wireless and then concentrated on the different aspects of security. He listed the basic types of vulnerabilities and also explained standards to fill the security gaps, including encryption algorithms and standards for frequencies used to broadcast radio waves.
Presented By:
Atanas Dyulgerov
read full report
http://cssu-bgold/seminars/ppt/Wireless_Security.ppt
http://cssu-bgold/seminars/pdf/Wireless_Security.pdf
Presented by:
ASHISH TRIPATHI
[attachment=12787]
Wireless security
WHY?
HOW?
Types of wireless devices�
Wireless routers
Access points
Wireless Adapters
Wireless Phones
Other Devices
Wireless routers�
Build in firewall
Internet and file sharing
Assign IP address
Work like a traffic police officer.
Access points�
No firewall
Just forward the internet
Work as a door to internet
Wireless Adapters
Enable pc or laptop to access wireless signals or radio frequencies
Wireless Phones�
Mostly smartphones and regular phones
Wireless connection
GSM(Global System for Mobile Communications)
CDMA(Code division multiple access)
WLAN
BLUETOOTH
Types of unauthorized access
Accidental association
Malicious association
Ad-hoc networks
Identity theft (MAC spoofing)
Man-in-the-middle attacks
Smartphone Mobile hacking
Accidental association
Miss-association or accidental deliberate
Accidental association
Miss-association or accidental deliberate
Malicious association�
Fake Access point
Also called Soft AP’s
Ad-hoc networks�
Peer to peer(p2p)
No server
How Security breach?
No authentication
No encryption
No firewall
Identity theft (MAC spoofing)�
Used in network with mac filtering
Hacker find out mac address of an client
Hacker use that mac address to access that network and infect it.
Man-in-the-middle attacks�
Smartphone Mobile hacking�
GPRS Hacking
SMS Hacking
Bluetooth Hacking
Mobile Phone Jammers
Cabir, believed to be the world's first worm that can spread on mobile phones using Bluetooth and WLAN
Trojan horses in games, screensavers and other applications -- resulting in false billing, unwanted disclosure of stored information, and deleted or stolen user data.
INDUSTRIAL LEVEL SECURITY
Wireless intrusion prevention system�(WIPS)
Is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).
WIPS implementation methods
WIPS configurations consist of three components:
Sensors —scan area with antennas and detectors
Server — analyzes packets captured by sensors
Console — The console provides the primary user interface into the system for administration and reporting
Wireless Security Best Practices�
Basic prevention method
MAC ID filtering
Give network access to only selected mac address
Static IP addressing
Give access to selected IP address only
RF shielding
Shielding a area from unauthorized access using jammers and electro magnetic field
Advance prevention method
802.11 security
WEP(Wired Equivalent Privacy)
WPAv1(Wi-Fi Protected Access VERSION 1)
802.11i security
WPAv2(Wi-Fi Protected Access VERSION 2)
WEP(Wired Equivalent Privacy)
WEP WORKS ON
Open System authentication
Shared Key authentication
128 bit pre-shared key
The pre-shared WEP key is also used for encrypting the data frames flaws
packet spoofing reveals the key
No key management protocol
WPAv1(Wi-Fi Protected Access)
WPAv1
Just software/firmware upgrade is required
TKIP(Temporal Key Integrity Protocol)
combines the secret root key with the initialization vector
a sequence counter to protect against replay attacks
64-bit message integrity
flaws
Still uses same pre-shared key
Still packet spoofing available
WPAv2
WPAV2
New hardware was required
A pre-shared key was used for authentication
But dynamically generates a new key for each packet flaws
Still remains vulnerable to password cracking attacks if users rely on a weak passphrase