Solving the Security Risks of WLAN Tuukka Karvonen 24.7.2016

advertisement
Solving the Security Risks of
WLAN
Tuukka Karvonen
24.7.2016
Outline
•
•
•
•
•
•
•
General Guidelines
Radio Interface
Access Point Configuration
Client Configuration
TKIP
Honey pot – Fake AP
Links
General Guidelines
• Know the risks: War-Driving, Insertion
Attacks, Monitoring, SNMP services, weak
WEP algorithm, etc.
• The default configuration of the devices
usually lacks security
• Clients and access points should be
configured well
• Organizations need a wireless security
policy, which everyone should follow
Radio Interface
• Provide coverage only to the areas where it is
needed
– Adjust transmitting power
– use directional antennas
• Unintentional and intentional jamming is
possible -> have an alternative, if it’s important
to have your connection working
• Notice, it is fully legal for anybody to disturb your
WLAN on the license-free ISM band
Access Point Configuration
• Turn of the broadcasting of SSID and don’t
use the default one
• Provide DHCP (Dynamic Host
Configuration Protocol) only if needed
• Require Wired Equivalent Privacy and
strengthen it with IEEE 802.1X and TKIP
– Original WEP algorithm is weak, so keys need
to be changed frequently
Client Configuration
• Disable unnecessary services (i.e.
Windows file sharing)
• Install Personal Firewall
• Use higher level security (IPsec, VPNs,
SSL, SSH etc.)
• Use WEP and if possible strengthen it
Temporal Key Integrity Protocol
(TKIP)
• Devices using WEP can be upgraded to TKIP
with firmware patches
• Uses temporal key, which is changed every
10000 packets with help of 802.1X
• Combines the temporal key with the client's
MAC address before adding a initialization
vector -> every device has own encryption key
• Inserts message integrity code into each packet
to avoid forgeries
Honey Pot – Fake AP
• Confuses war drivers
• Hides the real access point by generating
thousands of counterfeit 802.11b access
points
– Sends Beacon frames with random SSID:s
and MAC addresses
• Advanced version would also need to
create real traffic
• http://www.blackalchemy.to/project/fakeap/
Links
• Information
– http://www.iss.net/wireless/WLAN_FAQ.php
– http://www.80211-planet.com/
• Access point maps
– http://www.wifimaps.com/
– http://www.netstumbler.com/
• Tools:
– http://freshmeat.net/projects/airsnort/
– http://www.netstumbler.com/
– Wireless Scanner http://www.iss.net/download/
Download