...

Saturday, February 26, 2011

NETSEC 08

We now go into a short chapter of Wireless Security. The advantage of having wireless is that it is convenient, doesn't require extensive cabling and planning, has a high ROI and can increase productivity (mobile users). It can also be used for temporary deployments such as during a trade show.
Wireless operates on the 2.4GHz and the 5GHz radio frequency ranges. The NIC has a Radio transceiver attached to it to allow communication with the AP. Wireless can experience interference when communicating through heavy walls, large metal objects, etc.

Wireless can operate in two modes:
-Infrastructure - Indirectly through a central place, e.g. AP
-Ad-Hoc - Directly between two hosts

APs are typically used to connect wireless clients to a wired network.

Each wireless network is identified with an SSID (Service Set Identifier) and it can be configured as Infrastructure mode on the AP or Ad-Hob mode on the initial client. SSIDs are periodically advertised through beacons.

Ad-Hoc clients do not require an access point and is easier to set up temporarily. Infrastructure mode takes advantage of the high powered antennae to cover wide areas.

802.11 refers to the wireless standards established by the IEEE. Here's a simple breakdown:

802.11a
-Operates on 5GHz, less crowded, and less interference from other appliances
-Speed up to 54Mbps
-Incompatible with b/g

802.11b
-Operates on 2.4GHz, more crowded, likely to be interfered by microwaves, cordless phones, etc.
-Speed up to 11Mbps but can operate over further distances
-More susceptible to heavy walls and big metal objects

802.11g
-Operates on 2.4GHz
-Speed up to 54Mbps, same range as b
-Backwards compatible with b, but will operate at lower speeds

802.11n
-Operates on both 2.4GHz and 5GHz (or either)
-300Mbps through MIMO technology

All vulnerabilities of a wired ethernet applies to wireless, and in addition, it is especially prone to interception attacks, as well as interruption through jamming.

Frames are sent as far as the radio transmissions take it, and any device within range of an unprotected network can intercept every packet.

War Driving refers to the technique that involves driving through a neighborhood to map APs using a wireless-enabled laptop. The information can then be used to plan attacks on insecured networks, or badly secured ones. AirSnort and NetStumbler are two free wireless network detectors.

To combat insecurities, the WEP (Wired Equivalent Privacy) was developed. Ideally, only the receiver can comprehend the received data. It is designed to provide the same level fo security of a wired LAN, prevent malicious users from sniffing, and prevent malicious users from sending crafted frames. It uses the RC4 encryption with a 40- or 128-bit key (symmetric) for Confidentiality and the CRC32 checksum for Integrity. The keys need to be configured on both ends. It works no the Data Link and Physical Layers, so it does not offer end-to-end security (and it is not designed to).

All that being said, WEP is not very secure, and can be cracked under 5 minutes, but it should be the bare minimum.

Measures against sniffing (some more effective than others) include:
-Changing the default SSID
-Disable SSID broadcasting
-Use MAC filtering
-Use an encryption scheme
-Change WEP keys often (or make use of TKIP)
-Only share what is needed
-Disable access point administration over wireless

Short chapter eh?

No comments :

Post a Comment

<