Solving the Security Risks of WLAN Tuukka Karvonen 24.7.2016

Solving the Security Risks of
Tuukka Karvonen
General Guidelines
Radio Interface
Access Point Configuration
Client Configuration
Honey pot – Fake AP
General Guidelines
• Know the risks: War-Driving, Insertion
Attacks, Monitoring, SNMP services, weak
WEP algorithm, etc.
• The default configuration of the devices
usually lacks security
• Clients and access points should be
configured well
• Organizations need a wireless security
policy, which everyone should follow
Radio Interface
• Provide coverage only for the areas where
it is needed
– Adjust transmitting power
– use directional antennas
• Unintentional and intentional jamming is
possible -> have an alternative, if it’s
important to have your connection working
Access Point Configuration
• Turn of the broadcasting of SSID and don’t
use the default one
• Provide DHCP only if needed
• Require Wired Equivalent Privacy and
strengthen it with IEEE 802.1X and TKIP
– Original WEP algorithm is weak, so keys need
to be changed frequently
Client Configuration
• Disable unnecessary services (i.e.
Windows file sharing)
• Install Personal Firewall
• Use higher level security (IPsec, VPNs,
SSL, SSH etc.)
• Use WEP and if possible strengthen it
Temporal Key Integrity Protocol
• Devices using WEP can be upgraded to TKIP
with firmware patches
• Uses temporal key, which is changed every
10000 packets with help of 802.1X
• Combines the temporal key with the client's
MAC address before adding a initialization
vector -> every device has own encryption key
• Inserts message integrity code into each packet
to avoid forgeries
Honey Pot – Fake AP
• Confuses war drivers
• Hides the real access point by generating
thousands of counterfeit 802.11b access
– Sends Beacon frames with random SSID:s
and MAC addresses
• Advanced version would also need to
create real traffic
• Information
• Access point maps
• Tools:
– Wireless Scanner