Solving the Security Risks of WLAN Tuukka Karvonen 24.7.2016 Outline • • • • • • • General Guidelines Radio Interface Access Point Configuration Client Configuration TKIP Honey pot – Fake AP Links General Guidelines • Know the risks: War-Driving, Insertion Attacks, Monitoring, SNMP services, weak WEP algorithm, etc. • The default configuration of the devices usually lacks security • Clients and access points should be configured well • Organizations need a wireless security policy, which everyone should follow Radio Interface • Provide coverage only to the areas where it is needed – Adjust transmitting power – use directional antennas • Unintentional and intentional jamming is possible -> have an alternative, if it’s important to have your connection working • Notice, it is fully legal for anybody to disturb your WLAN on the license-free ISM band Access Point Configuration • Turn of the broadcasting of SSID and don’t use the default one • Provide DHCP (Dynamic Host Configuration Protocol) only if needed • Require Wired Equivalent Privacy and strengthen it with IEEE 802.1X and TKIP – Original WEP algorithm is weak, so keys need to be changed frequently Client Configuration • Disable unnecessary services (i.e. Windows file sharing) • Install Personal Firewall • Use higher level security (IPsec, VPNs, SSL, SSH etc.) • Use WEP and if possible strengthen it Temporal Key Integrity Protocol (TKIP) • Devices using WEP can be upgraded to TKIP with firmware patches • Uses temporal key, which is changed every 10000 packets with help of 802.1X • Combines the temporal key with the client's MAC address before adding a initialization vector -> every device has own encryption key • Inserts message integrity code into each packet to avoid forgeries Honey Pot – Fake AP • Confuses war drivers • Hides the real access point by generating thousands of counterfeit 802.11b access points – Sends Beacon frames with random SSID:s and MAC addresses • Advanced version would also need to create real traffic • http://www.blackalchemy.to/project/fakeap/ Links • Information – http://www.iss.net/wireless/WLAN_FAQ.php – http://www.80211-planet.com/ • Access point maps – http://www.wifimaps.com/ – http://www.netstumbler.com/ • Tools: – http://freshmeat.net/projects/airsnort/ – http://www.netstumbler.com/ – Wireless Scanner http://www.iss.net/download/