25-08-2017, 09:32 PM
Wireless Threats and Attacks Wireless Introduction ¢ ¢ ¢ Wireless Security Requirements Threats Vulnerabilities ¢ ¢ Taxonomy of Attacks Attack against Wireless networks ¢ ¢ ¢ Against 802.11 network Bluetooth Handheld devices ¢ Summary 2 WIRELESS 3 Wireless ¢ Fastest growing segment of Computer industry ¢ Connection to LAN,WAN,PAN on the move ¢ Portable office “Phone ,fax ,email ,file retrieval ,login on machines. ¢ Rescue, Military ¢ Slow ,Error-prone, Transmission interference 4 Wireless ¢ Wireless devices use Radio Frequency (RF) technology to facilitate communication. ¢ Various types of wireless communication solutions use different frequencies, most regulated by governments. ¢ 802.11 and Bluetooth operate in the 2.4Ghz unregulated band. 5 Common wireless usage scenarios ¢ Wide Area Networks (WANs) using GPRS, GSM etc. ¢ Local Area Networking (LANs) using 802.11b (aka WiFi). ¢ Personal Area Networking (PANs) using Bluetooth. 6 Security Requirements Expected from Wireless Communication 7 Wireless security requirement ¢ Same for wired & wireless ¢ CIA requirement¢ Confidentiality: Keeping secrets secret!! ¢ Integrity: Data is unchanged ¢ Availability: Data is available for needful ¢ Authentication requirement of message ¢ Allow message non-repudiation 8 Attack and Threats ¢ Attack- Exploiting one or more vulnerabilities of communication medium ¢ Threat- Object, person or Entity representing a danger to security of communication medium ¢ Particular threats “ Device theft, theft of service, espionage. 9 Threat agents Majority of threats are hackers ¢ ¢ ¢ ¢ Accidental Users Script KiddiesCasual HackersSkilled hackers- ¢ Lot of freeware are available for hacking e.g.: netstumbler ,Kismet ,WEPcrack ,HostAP 10 Vulnerability ¢ Weakness or fault in the communication media allowing assurances to be compromised ¢ Since transmissions are broadcasted, they are available freely for anyone with right equipment ¢ Un authorized access ¢ Identity theft ¢ Un authorized equipment 11 Classification of Attacks 12 Taxonomy of Attacks Passive attacks: No content modification Confidentiality threats Two types : 1. Traffic analysis2. Eaves dropping- 13 Taxonomy of Attacks ¢ Active attacks : CIA is questioned Types : 1. 2. 3. 4. Masquerading- Impersonating Replay- Man in the middle Message modification- alteration Denial of service (D o S)-flooding and jamming 14 Attack against Wireless networks 1. 2. 3. Against 802.11 Networks : Against Blue tooth Networks : Against Hand held Devices : 15 16 What is 802.11 ? ¢ Two fundamental architectural components ¢ ¢ Station (STA). Basic Service Set Identifier (BSSID) Access Point (AP). Service Set Identifier (SSID): Attack against 802.11 networks ¢ Infrastructure mode and ad hoc mode are the two basic network topologies 17 Ad hoc Mode Architecture 18 Infrastructure Mode 19 20 Passive attacks on 802.11 ¢ Interception & Monitoring : ¢ Attacker needs to be in range of access point ¢ No need of compromising a system since signals are broadcasted ¢ 802.11 b can have directional antennae which enhance the risk of detection and attack because it can exceed physical boundaries its not mean to cross 21 Passive attacks on 802.11 ¢ Traffic Analysis : 3 uses are ¢ Identify activity on network. ¢ Identify physical locations of access points (s s i d broadcasting) ¢ Identify types of protocols used in network for exploiting their flaws (pattern of packets e.g. TCP-Syn\SynAck\Ack) 22 Passive attacks on 802.11 ¢ Passive eavesdropping: ¢ Attacker monitor sessions not encrypted ¢ Reads the transmitted data and accumulate information through studying the packets ¢ Active eavesdropping: ¢ IP Spoofing- Attacker changes the destination I P address of packet to the address of a host they control . When actual host does not get message then message is resend so its undetected. 23 24 Active attacks on 802.11 1. Masquerade: ¢ ¢ ¢ ¢ Spoofing and id theft Unauthorized clients Brute force attacks Unauthorized access points 2. Man in middle: 3. Denial of Service: ¢ Jamming ¢ Flooding 25 What is blue-tooth? ¢ Open standard for Short range digital radio ¢ Fast and reliable ¢ Data + Voice communications ¢ Its employed to connect 2 blue tooth devices e.g. phone, p d a, printer, mouse 26 Attacks against Blue tooth Network 27 Passive attacks on blue tooth ¢ Authorized remote users use insecure links which are sniffed up by attackers “ If link is compromised then traffic analysis “ If system is compromised then data manipulation and obtaining user details 28 Active attack on blue tooth 1. Masquerade: device authentication is done not user so any device if compromised possess as threat Attacker C 2. Man in middle: Device A Device B 29 Active attack on blue tooth 1. Message modification : use of un trusted p d a and capture all yr contacts to send messages 2. D o S- jamming the 2.4 Ghz Ism band it operates with devices like baby monitors which work on that same frequency 30 Attack on Hand held devices What are hand held devices ? ¢ Have their own IP address ¢ E.g. pager ,smart phone, tablets 31 32 33 ¢ Eavesdropping: Passive attack on Hand held devices ¢ Hand held devices have default enabled connectivity. ¢ Data is seldom encrypted 34 ¢ Denial of service- Active attack on Hand held devices ¢ Cell phones are jammed ¢ Virus, Trojan , worm ¢ Spamming inbox ¢ 3g phones have continuous connection with the network so they are prone to attack and traffic analysis 35 Summary ¢ Threats and attacks for wired and wireless is same ¢ CIA principle should be kept ¢ CYCLE: New Security measure -> New vulnerability discovered-> New hacking tool 36 Fighting back ¢ End to end security at application, transport and link layer. ¢ Authentication of people ¢ Cryptography¢ Security checklists ¢ Almost any given single security mechanism alone may be easily overcome by attackers. However, proper configuration and implementation of the maximum possible security mechanisms must be used to form a hodgepodge of multiple security layers, in effort to provide the best possible wireless protection. 37 Solutions “ Mutual authentication “ Strong confidentiality and dynamic rekeying ¢ Firewalls, anti-virus software “ Managerial solutions ¢ Security management practices and controls ¢ Establish security policies ¢ Regularly conduct security audits and risk assessment ¢ Provide user education