Understanding WiFi Security Vulnerabilities And Solutions

2y ago
24 Views
2 Downloads
2.54 MB
27 Pages
Last View : 18d ago
Last Download : 2m ago
Upload by : Brenna Zink
Transcription

Understanding WiFi SecurityVulnerabilities and SolutionsDr. Hemant ChaskarDirector of TechnologyAirTight Networks

WiFi ProliferationGlobal WiFi Radio Chipset e: WiFi Alliance, www.wifialliance.orgCopyright 2009, AirTight Networks, Inc.

Irony of Information Age“It's the great irony of our Information Age -- the verytechnologies that empower us to create and to buildalso empower those who would disrupt and destroy.”- US President Obama on Cyber SecurityCopyright 2009, AirTight Networks, Inc.

WiFi Is No ExceptionWiFi throws new pieces in the information security puzzle!Signal spillage outsidebuildingsThreats operative belowLayer 3Operation in unlicensedband, open technologyWired firewalls, IDS/IPS,anti-virus ineffective againstWiFi threatsCopyright 2009, AirTight Networks, Inc.

Everyone Is Talking About WiFi SecurityFinancial Districts Airspace Reveals Wi-Fi Security Risks, Sarbanes-OxleyCompliance Journal, May 2009http://www.s-ox.com/dsp getNewsDetails.cfm?CID 2614Citing safety, Govt bans WiFi in key offices, missions, Indian Express,August I (Payment Card Industry) DSS Wireless Guidelines, June /info sup.shtmlWiFi networks under attack from wardrivers, The Times of India,September 2008http://timesofindia.indiatimes.com/India/WiFi under attack from wardrivers /articleshow/3429169.cmsSecurity experts warn of dangers of rogue Wi-Fi hotspots, CNN BusinessTraveler, August /wifi.security.hackers/index.html?iref 24hoursCopyright 2009, AirTight Networks, Inc.

Some Say It Is Top Priority TodayNext Generation Threats andVulnerabilities ProjectionJune 2009Copyright 2009, AirTight Networks, Inc.

Sometimes We Learn The Hard Way45.7 Million payment cardaccounts compromised at TJXstores in USA over WiFiEstimated liabilities more than 4.5 BillionCopyright 2009, AirTight Networks, Inc.

Closer Look AtWiFi VulnerabilitiesCopyright 2009, AirTight Networks, Inc.

Incorrect Views of WiFi SecurityNo WiFiEnterprisesWiFi is officiallydeployedCopyright 2009, AirTight Networks, Inc.“I don’t have any WiFi installedand hence I must be secure”“I have Firewalls, IDS, Anti-virus installedand hence I am already protected”

Most Obvious WiFi ThreatEavesdropping, Unauthorized AccessWPA, WPA2Managed APsFirewall, Wired IPSManaged ClientsSolution: Use of strong wireless authentication & encryption in WiFi OPEN and WEP are big NO! WPA can be used, but not enterprise grade, use WPA2 which is enterprise grade SSID hiding and MAC access control lists can be evadedFind tutorial on WPA/WPA2 at http://www.airtightnetworks.com/fileadmin/content images/news/webinars/AuthEncryp Primer.pdfCopyright 2009, AirTight Networks, Inc.

WPA2 or No-WiFi Cannot Address Unmanaged DevicesEavesdroppingUnauthorized AccessCrackingWPA, WPA2Wi-PhishingExternal APsHoneypotsRogue APExternal UsersMisconfigured APFirewall, Wired IPSAd hocConnectionsWireless DoSThreats from Unmanaged DevicesCopyright 2009, AirTight Networks, Inc.

Rogue AP Unmanaged AP attached to network (Logically) LAN jack hanging out of windowMalicious intent or simply anunwitting, impatient employeeWall Jack APPocket APWireless RouterProvides direct access to wirednetwork from areas of spillage Steal data on wire Scan network for vulnerabilities Firewall, anti-virus, WPA2 do not see thisPCMCIA and USB APsCopyright 2009, AirTight Networks, Inc.

Case StudiesExample: APs visible in airspace of client site2 21 APs are unaccounted for (Open and WEP) Can one of the unaccounted for APs be on their6Open10WEPWPA2wired network? How can they keep track of APs 24x7?Unknown19Unaccounted Insecure APs Are Present in All Wireless Neighborhoods. AirTight Networks Scan of Financial Districts in USA, May ort.html RSA Wireless Security Survey,http://www.rsa.com/node.aspx?id 32682007 and 2008 scans of London, New York, Paris Deloitte Scan of Indian Cities, December 2008http://bcm-india.org/wifi india.pdf AirTight Networks Scan of Indian Cities, November 2008Copyright 2009, AirTight Networks, Inc.

Ad hoc ConnectionsEmployees may use ad hocconnections to share content Reduce productivity Leak sensitive dataInadvertent ad hoc connections Compromise laptop Bridge to enterprise networkEnorkwteeNsirpte rBridgingLaptopFor some real world data on ad hoc vulnerability, see AirTight’s scan studyat worldwide urces/knowledge-center/airport-scan.htmlCopyright 2009, AirTight Networks, Inc.

Ad hoc “Bridge” to Wired NetworkUsers may “bridge” wired and WiFi interfaces on their laptopsCopyright 2009, AirTight Networks, Inc.

MisassociationsWiPhishing,Evil Twin,HoneypotPolicyBypassedInternetAccess PolicyPolicy violation Gmail, IM, banned websites, bannedcontentMIM attack Password stealing, data interception Growing number of hack tools:KARMETASPLOIT, SSLstrip, AirbaseCopyright 2009, AirTight Networks, Inc.

Honeypot/Evil Twin/WiPhishingKARMETASPLOIT: ar-onhacking-wireless-clients/SSLstrip: eypots/Airbase: http://www.aircrack-ng.org/doku.php?id airbase-ng#descriptionYouTube - Fishing Windows Clients with airbase-ng and airchatWiFish Finder (free honeypot vulnerability assessment tool): ght 2009, AirTight Networks, Inc.

Cracking ExploitsWEP protocolvulnerabilitiesEarly WEPcracking gsophistication ofWEP cracking tools2005PTW attackCafé Latte2006WEPWPA-PSKcracking tool2004PEAP misconfigvulnerabilityTKIP exploit2007WPA2008WPA2For more information on cracking .org/2008/videos.html (Look for PEAP Pwned Extensible Authentication owledge-center/wpawpa2-tkip-exploit.htmlCopyright 2009, AirTight Networks, Inc.

DoS AttacksWireless DoS attacks are inevitable for WiFi Spoofed disconnects Spoofed connection floods Hogging wireless mediumEven Cisco MFP and 802.11w are vulnerable to DoS attacks See “Autoimmunity disorder in Wireless ces/knowledge-center/wlan-selfdos.htmlCopyright 2009, AirTight Networks, Inc.

Protection Wi-FiSecurity VulnerabilitiesPage 20Wireless Vulnerability Management2008 AirTight Networks, Inc.Copyright 2009, AirTight Networks, Inc.

WPA2 is Essential, But Not Enough!No-WiFi is Also Not Enough!EavesdroppingUnauthorized AccessCrackingWPA, WPA2Wi-PhishingExternal APsHoneypotsRogue APMisconfigured APFirewall, Wired IPSAd hocConnectionsWireless DoSCopyright 2009, AirTight Networks, Inc.External Users

24x7 Comprehensive Protection withWireless Intrusion Prevention System (WIPS)EavesdroppingUnauthorized AccessCrackingWi-PhishingExternal APs External UsersHoneypotsWIPSWPA, WPA2Rogue AP Misconfigured APFirewall, Wired IPSAd hocConnectionsWireless DoSCopyright 2009, AirTight Networks, Inc.

WIPS ComponentsAtWorkMonitoring SensorsData Aggregation ServerOptional Client Side AgentAwayCopyright 2009, AirTight Networks, Inc.

WIPS BenefitsBlock WiFi Threatsand VulnerabilitiesDetect WiFi Threatsand VulnerabilitiesLocate Threat PosingDevices on nsicsForensic InformationCompliance MonitoringCopyright 2009, AirTight Networks, Inc.Performance Monitoringand Troubleshooting

WIPS Providers In The MarketSource:July 2009MarketScope for Wireless LAN Intrusion Prevention SystemsCopyright 2009, AirTight Networks, Inc.

ConclusionWiFi warrants new security controls in enterprise networks For both WiFi and no-WiFi networks Perceived as high priority item today Also a regulatory compliance requirementStrong authentication and encryption (WPA2) is essential forauthorized Wi-Fi Prevents eavesdropping and unauthorized accessAnother layer of security in the form of WIPS (Wireless IntrusionPrevention System) is essential for comprehensive protection Prevents rogue APs, ad hoc connections, misassociations, cracking exploits,DoS attacks Compliance monitoring Performance monitoring and troubleshooting as added benefitsCopyright 2009, AirTight Networks, Inc.

For More Information on WiFi Securitywww.airtightnetworks.com WiFi security knowledge resource Real world scans and case studies Industry news Blog Videos Best practices Security solutionsCopyright 2009, AirTight Networks, Inc.

WiFi warrants new security controls in enterprise networks For both WiFi and no-WiFi networks Perceived as high priority item today Also a regulatory compliance requirement Strong authentication and encryption (WPA2) is essential for authorized Wi-Fi

Related Documents:

N450 WiFi Cable Modem Router (N450) 54 N600 WiFi Cable Modem Router (C3700) 55 AC1750 WiFi Cable Modem Router (C6300) 56 WiFi USB Adapters. AC1200 High Gain WiFi USB Adapter (AC1200) 58 AC600 WiFi USB Mini Adapter (A6100) 59 N600 WiFi USB Adapter (WNDA3100) 59 N300 WiFi USB Adapter (WNA3100) 60 N300 WiFi USB Mini Adapter (WNA3100M) 60 N150 WiFi USB Adapter (WNA1100) 61 N150 WiFi USB Micro .

Nighthawk —AC1900 WiFi Cable Modem Router For XFINITY Internet & Voice Data Sheet C7100V Get the fastest WiFi currently available on WiFi cable modem routers & enjoy a blazing-fast, lag-free WiFi experience for gaming, video streaming or surfing. Speed EXTREMELY FAST WIFI—Up to 1.9 Gpbs combined WiFi speed for extreme gaming and .

Nighthawk AC2100 Smart WiFi Router Data Sheet AC2100 Get the next-generation WiFi & enjoy a blazing-fast, lag-free WiFi experience for gaming, video streaming or surfing. Speed †BLAZING FAST WIFI—Up to 2100Mbps DUAL BAND GIGABIT WIFI—Next-generation WiFi now at Gigabit speeds

FLORIDA CAREER COLLEGE KINDLE SETUP 6 Connect to WiFi Select the first option. It will either say "Internet", "Wireless Bluetooth" or "WiFi" STEP 7 Connect to WiFi Select "WiFi" STEP 8 Connect to WiFi Select your "Home WiFi Network" STEP 9 If you do not have Wi-Fi at home, you can also connect to a mobile hotspot through

Towards Understanding Android System Vulnerabilities: . could be due to the difficulty of understanding low-level system vulnerabilities and the lack of analysis resources. The recent arise of bug bounty programs gives researchers a new source to systematically analyzing vulnerabilities. For example,

The N450 WiFi Cable Data Gateway might also be referred to as the N450 WiFi Cable Modem Router. Hardware Overview 8 AC1900, N900, and N450 WiFi Cable Data Gateways : Introduction: The cable data gateway provides you with an easy and secure way to set up a WiFi home network with fast access to the Internet over a cable network. It lets you block unsafe Internet content and applications and .

The AC1200 Smart WiFi Router with External Antennas is compatible with the latest WiFi devices and is backward compatible with 802.11 a/b/g and n devices. With simultaneous dual-band WiFi technology, the router offers speeds up to 300 Mbps at 2.4 GHz and 833 Mbps at 5 GHz and avoids interference, ensuring top WiFi speeds and reliable connections.

wisdom and determination on this day of celebration. We stand on the shoulders of many clouds of witnesses. We bring to you our time, talents and money to continue the work you began with our ancestors. We stand in the middle of greater possibilities. You have carried us through many dangers, toils and snares. Eyes have not seen, nor ear heard, neither have entered the heart of men and women .