Scribd
Upload
13 views7 pages

CH 7 - Securing Wireless LANs

The document discusses various Wi-Fi encryption standards, including the transition from WEP to WPA3, highlighting their vulnerabilities and improvements. It also covers wireless technologies like RFID, NFC, and Bluetooth, along with associated security risks and attacks. Additionally, it emphasizes the importance of Wi-Fi coverage, performance, discovery, and hardening techniques to secure wireless networks.

Uploaded by

Partha Sarathi Nandi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views7 pages

CH 7 - Securing Wireless LANs

The document discusses various Wi-Fi encryption standards, including the transition from WEP to WPA3, highlighting their vulnerabilities and improvements. It also covers wireless technologies like RFID, NFC, and Bluetooth, along with associated security risks and attacks. Additionally, it emphasizes the importance of Wi-Fi coverage, performance, discovery, and hardening techniques to secure wireless networks.

Uploaded by

Partha Sarathi Nandi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Ch 7 - Securing Wireless LANs

Wi-Fi Encryption Standards


- WEP utilized RC4 encryption and is no longer in use
- 802.11i introduced AES encryption, PSKs, and enterprise mode,
but many devices couldn't handle the AES encryption process

Wired Equivalent Privacy (WEP)….


Part of original 802.11 standard
RC4 streaming
Began with initialization vector (IV)
Problem was with IV’s

IEEE 802.11i….
AES instead of RC4
Pre-shared key (PSK) instead of IV
Or WPA-Enterprise
Authenticate with RADIUS server
The Problem: most WAPs and network cards couldn't handle AES
Solution: Wi-Fi Protected Access (WPA)
RC4 with PSK or RADIUS server

WPA2
AES
Can do RADIUS or PSK
Counter-Mode/CBC-MAC Protocol (CCMP)
The Problem: can be cracked through the handshake

WPA3
Disallows outdated protocols
Protected Management Frames (PMF)
Simultaneous authentication of equals (SAE)

Wi-Fi Protected Setup (WPS)


Must have WPS-capable wireless access points (WAPs) and devices
Press button on both WAP and device
Creates a WPA2- encrypted connection
The Problem: easy to crack
The Solution: devices no longer include it

Copyright Robert Mathisen & Total Seminars 2023


RFID, NFC, and Bluetooth
- RFID uses wireless tags on objects; commonly used for inventory control
- NFC is a short-range wireless technology commonly used for payment cards
- Bluetooth is a wireless technology for pairing devices together
such as smartphones, speakers, or headsets
- Bluejacking and bluesnarfing are Bluetooth attacks

Radio Frequency Identifier (RFID)….


Uses RF communication to track objects with RFID tags
Range is -5 meters (16.5 feet)
Commonly used for inventory control, locating pets, and in some passports
RFID tags are normally powered by the reading/scanning device

Near Field Communication (NFC)….


Type of RFID
Close-range wireless communications
Approximately 5 cm (1.5 inches)
Common uses….
Payment cards
Smartphone (data sharing, payments)
Read/write NFC tags

Bluetooth….
802.15.1 Standard (2.4 or 5 GHz frequency range)
Wireless networking with shorter range than Wi-Fi
Class 1 - Up to 100 meters (328 feet)
Example: USB Wi-Fi Dongles
Class 2 - 10 meters (33 feet)
Example: Bluetooth Headset
Devices must be paired together to communicate
Car stereo - Headset - Keyboards

Bluetooth Attacks….
Bluejacking - unauthorized sending of anonymous msgs to a Bluetooth device
Example: sharing bogus contact info with a message as the contact name

Bluesnarfing - Data theft from remote devices using Bluetooth

Mitigation - Disable Bluetooth when not needed

Copyright Robert Mathisen & Total Seminars 2023


Wi-Fi Coverage and Performance
- A Wi-Fi site survey shows existing
WLANs, signal strength, channel usages, and security settings
- Extended WLAN coverage is possible,
but ensure channels do not overlap in adjacent cells
- Wi-Fi Heat Maps use colors to indicate areas
with strong signal strength as well as dead zones

Wi-Fi Coverage and Performance….


Signal strength weakens over distance
Transmission power measured in decibel milliwatts (dBm)
-30 dBm is great, -80 not so great
Atmospheric conditions affect wireless connectivity

Wi-Fi Site Survey….


Conduct during Wi-Fi deployment and troubleshooting
Collect Wireless Stats
Signal Strength
Noise
Channel Overlapping
Transmission Speeds

Copyright Robert Mathisen & Total Seminars 2023


Wi-Fi Discovery and Attacks
- WLANs can be discovered in proximity due to beacon frames
- Jamming attacks are interference attacks
- WEP passphrases are easily cracked
- Deauthentication/disassociation severs Wi-Fi client connections
- Client to AP handshakes can be captured to perform offline PSK attacks

Wi-Fi Discovery and Mapping….


War-Chalking - Sidewalk Marking
War-Driving - Scan from within Vehicle
War-Flying - Scan using a Drone

Malicious WAP Targeting….


Rogue Access Point - Unauthorized Wireless AP
Evil twin - Unauthorized Wireless AP mimicking Valid AP Name

Wi-Fi AP Beacon Frames….


Sent every ~100ms
Clients cannot verify beacons
Key not established yet
Beacon frames are easily forged
Contains….
SSID (WLAN name)
Maximum transmit power (dBm)

Wi-Fi Attacks….
Connecting to Open WLANs
Cracking WEP Passphrase
RF Signal Jamming
Interference Wi-Fi Channel Overlap
Flood AP with Deauthentication (disassociation) Packets
Denial of Service (DoS) attack

Copyright Robert Mathisen & Total Seminars 2023


Cracking WPA2
- The WLAN BSSID must be known when attacking a WLAN
- Client MAC address is required for some WLAN attacks
- Online or offline dictionary and brute-force attacks can crack WPA PSKs

Disassociation/ Deauthentication Attacks


1) Discover AP’s
2) Discover connected clients
3) Disconnect active client from AP
sudo aireplay-ng -0 1 -a <AP MAC> -c <Client MAC>
4) Monitor client-AP handshake
5) Perform online or offline dictionary or brute-force to determine PSK

Copyright Robert Mathisen & Total Seminars 2023


Wi-Fi Hardening
- Use RADIUS authentication for enterprise Wi-Fi networks
- EAP variants can be used to harden Wi-Fi authentication
- Hardening Wi-Fi includes changing default settings, hiding the SSID,
using WPA3, and enabling MAC filtering
- Captive portals are initial landing pages
when users connect to public Wi-Fi networks

Extensible Authentication Protocol (EAP)….


IEEE 802.1x RADIUS authentication
Supports identity federation

EAP-FAST (Flexible Authentication via Secure Tunneling)


No certificates
Shared secret must be configured on both devices

EAP-TLS
Server- and client-side certificates

EAP-TTLS
Requires a server certificate
Encapsulates RADIUS messages

Protected EAP
Requires a server certificate
Encapsulates EAP messages

Hardening Wi-Fi….
Change default AP credentials

Hide the SSID


WLAN name is removed from AP beacon frames
Clients must know the SSID to connect
Clients must know PSK or credentials

Enable MAC filtering

Use WPA3 Enterprise


RADIUS server authentication

Copyright Robert Mathisen & Total Seminars 2023


Limit signal emanation
Transmit power levels

Captive portal
Landing page (Web site)
May require user authentication
Until authenticated, all HTTP requests show the landing page
User may only need to agree to terms of use

Copyright Robert Mathisen & Total Seminars 2023

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy