NUCIA
advertisement
BSYOD: Bring and Secure Your Own Device Hardening your Mobile Devices to Participate in the Wireless World Nebraska University Center for Information Assurance Timeline Part 1: NUICA, Who are we? Part 2: Security concerns Part 3: Some Solutions 11:15 Part 4: Audience Questions and Suggestions 12:00 12:15 NUCIA Nebraska University Center for Information Assurance http://nucia.unomaha.edu/ 3 The UNO NUCIA Team Ken Dick Robin Gandhi Steve Nugen Abhishek Parakh Dwight Haworth Leah Pietron Connie Jones Bill Mahoney Charles Spence 4 Information Assurance • IA research and education is supported across the college of IS&T and the Graduate college • NSA designated National Center of Academic Excellence in Information Assurance Education (CAE IAE) • Degrees include • BS in IA; MS in IA (starting Fall 2012)NEW, IA concentrations with CS and MIS • Non-degree programs and activities include • MIS IA certificate, International Cyber Defense Workshop • Special programs for High School teachers and students 5 Student Accomplishment (1) UCSB iCTF 2010: 72 teams (900 students!) from 16 countries competed in a game of hacking, challenge-solving, and state-sponsored warfare. (26 US Universities) Student Accomplishment (2) Placed 7th among all US Undergraduate teams Student Accomplishment (3) • IFSF CTF Quals hosted from Tunisia • 4th among US teams • 21st among 236 teams Worldwide 8 State of the Art IA Labs STEAL-1 STEAL-2 STEAL-4 7 pods; 5 hosts ea 9 pods; 5 hosts ea Virtual Machines New SCADA Testbed New hosts: Quad; 16 GB; dual NICS 6 VM Servers; 4 NICS each Each host can support multiple VMs; Networking options include host-only; STEAL domain; and Internet (via VPN) Able to carve out subsets to simulate different domains, cross-domain architectures, hardened systems, targets, and attackers. Supports teaching and research STEAL-3 Student Research Desktop Workstations Networks: STEAL Only (Isolated) UNO Internet; Private Internet 9 Wireless Security Issues 802.11 Networks • 802.11: A family of IEEE specifications for WLANs operating in 2.4 GHz RF spectrum • 2.4 GHz Frequency, Unlicensed • Divided into 14 channels • Infrastructure mode is most commonly used PC-1 PC-2 AP Gateway Internet 11 Inherent Security Issues • Nodes in the physical vicinity of each other can monitor all network traffic • Open hotspots do not encrypt any traffic between the mobile node and the access point • Mobile applications may use insecure protocols to exchange sensitive information 12 NIST Guidance • Guidelines for Securing Wireless Local Area Networks (WLANs) • NIST SP 800-153 • http://csrc.nist.gov/publications/drafts/800-153/Draft- SP800-153.pdf 4/8/2015 13 Worrisome Scenarios • Capturing Wireless traffic • Rouge Access Points • Sniffing • Session high jacking • Insecure Apps • IPhone Southwest App • Privacy issues • Malicious QR codes • Wireless Encryption Cracking • WEP and WPA attacks 14 Rouge Access Points • Advertise open access points in public places with similar names to legitimate ones • E.g. attwifi, boingo, linksys, NETGEAR PC-1 PC-2 Sniffer AP HUB Gateway Internet 15 Sniffing • Passive monitoring of wireless traffic • The RF monitor mode allows every frame appearing on a channel to be copied into the scanning node • Hardware easily available for purchase • Wireless cards whose firmware and corresponding driver software together permit reading of all raw 802.11 frames • ~ $ 30 16 Sniffing Kismac Macbook Air Alfa wardriving card 17 Scanning available networks 18 Network activity 19 Selecting a target 20 Selecting a target 21 Foraging with Wireshark 22 Foraging with Wireshark 23 Foraging with Wireshark 24 Session Highjacking http://codebutler.com/firesheep 25 Insecure Apps • Some applications have inherent flaws that can be exploited on public networks • Case: Southwest Airlines iPhone App 26 Southwest Airlines iPhone App • Use a remote network proxy to examine HTTP traffic 27 Southwest Airlines iPhone App • The app assigns a Device ID to uniquely identify the device 28 Southwest Airlines iPhone App • The registration data is sent out in the clear! 29 Southwest Airlines iPhone App • … and any subsequent login information 30 Privacy violations • Universal Device Identifiers • iPhone UUID, ANDROID_ID • Several application use UUID to perform some sort of tracking • A user does not have control over this the use of this information by apps • The UUID may be transmitted in the clear over unprotected WiFi networks 31 Security and Privacy Hall of shame • http://blog.afewguyscoding.com/2011/12/survey- mobile-device-security-threats-vulnerabilities-defenses/ • http://www.msnbc.msn.com/id/46856168/ns/technolog y_and_science-security/t/cracks-appear-face-applesios-security/ 32 Malicious QR Codes • QR codes can be used to launch malicious websites that infect or root mobile devices • Malicious QR codes can be pasted on legitimate advertisements and fliers • Disable automatic launching of applications upon scanning of QR codes 33 WEP and WPA Cracking • WEP-based passwords are very easy to crack. • WPA/PSK is relatively easy to crack given a short password length. • WPS pin bruteforce also weakens WPA/WPA2 protected networks 34 WEP and WPA Cracking • Tools: • Aircrack-ng suite • Kismet – wireless sniffing tool • A wireless adapter that supports monitor mode for wireless sniffing • Linux operating system • Alternative (Kismac + wireless adapter + Mac) 35 WEP and WPA Cracking (Aircrack-ng) 36 WEP and WPA Cracking (Kismac) 37 SOME USEFUL APPS AND BEST PRACTICES 38 Best Practices • Center for Internet Security (CIS) Mobile Security Benchmarks • iPhone 5.0.1 security benchmark • Google Android 2.3 (Gingerbread) • http://benchmarks.cisecurity.org/ • http://benchmarks.cisecurity.org/en- us/?route=downloads.browse.category.benchmarks.mobile 39 Monitor Device Operation • iOS Apps for this include • System Status • Functionality includes displaying the system log • http://itunes.apple.com/us/app /system-status-device-activity/id401457165 • SYS Activity Manager • http://itunes.apple.com/us/app /sys-activity-manager-plus/id440654325 40 Monitor your environment • iOS Network/Port Scanners continued • IT Tools • http://itunes.apple.com/us/app /it-tools/id324054954 • IP Network Scanner • http://itunes.apple.com/us/app /ip-network-scanner/id335517657 • LanScan HD • http://itunes.apple.com/us/app /lanscan-hd/id461551081 41 Monitor your environment • iOS Network/Port Scanners include: • Scanny • http://itunes.apple.com/us/app /scany-network-port-scanner/id328077901 • iNetPro • http://itunes.apple.com/us/app /inet-pro-network-scanner/id305242949 • Deep Whois • http://itunes.apple.com/us/app /deep-whois-lookup-ips-domains/id328895000 42 Screen Locks • Physical security is important for mobile devices • Store large amounts of personal data • Easier to steal • Easier to misplace • Maximize security by: • Set up passcodes for device access • Auto-locking feature • Automatic data erasure after failed attempts 43 Screen Locks • Be careful with pattern locks. • Sometimes the pattern lock path is shown on the screen as it is used (depends upon the device). • Your pattern may be left behind by smudge marks. • Consider if someone might be watching your screen. 44 Hardware Encryption • iPhone Support • iPhone 3GS and later • Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode • Third-party applications can use the data protection APIs 45 Hardware Encryption • Android Support • Android 2.3 (Gingerbread) • All Motorola Devices • Some HTC Devices • Android 3.0+ • All Honeycomb Devices • All Ice Cream Sandwich Devices 46 Hardware Encryption • Screen locks provide a good start, but do not encrypt the SD card or phone data. • Android provides additional settings • But, built-in encryption module have often been rendered useless 47 Hardware Encryption • iPhone • 3GS, Encryption declared ‘useless’ by hackers, 2009 • http://www.wired.com/gadgetlab/2009/07/iphoneencryption • iOS 4, Encryption broken by ElcomSoft, 2011 • http://www.extremetech.com/mobile/84150-how-ios-4encryption-was-cracked-and-how-to-protect-your-iphone • Alternative encryption methods may be available through apps 48 Hardware Encryption • iPhone • Also remember to encrypt device backups • Examples • Device location tracking • http://www.geek.com/articles/apple/how-to-deal-withyour-iphone-tracking-you-20110420/ • Facebook login data • http://www.cultofmac.com/159169/facebook-iossecurity-flaw-highlights-security-risk-in-ios-backups/ • User enabled, or enforced through configuration profiles 49 Virtual Private Networks • VPNs build an encrypted tunnel from a mobile device to a trusted endpoint • Prevents eavesdropping on untrusted networks • iPhone, iPad and Android support the following • Cisco IPSec, L2TP/IPSec PSK, and PPTP virtual private network protocols. • Android additionally supports L2TP/IPsec CRT 50 Native VPN support 51 3rd Party SSL-VPN 52 Jailbreaking/Rooting • Pros of a Locked Device • For most users, obtaining root access to a mobile device is an unnecessary risk. • Prevent unauthorized apps installations and changes. • The device stays configured the way the manufacturer intended. 53 Jailbreaking/Rooting • Cons of a Locked Device • Manufacturers are not quick to update software. • Security vulnerabilities may stay unpatched • The manufacturer may not have secured the device to meet enterprise-level standards. • No firewall protection or native VPN solutions. 54 Jailbreaking/Rooting • Pros of a Unlocked Device • The device can potentially be flashed with a more secure ROM/configuration. • The kernel for Android can be recompiled to support: • Firewalls for both IPv4 and IPv6 • IPSEC VPN connections 55 Jailbreaking/Rooting • Cons of a Unlocked Device • The user can “brick” the device during configuration if not careful. • Root access is easier to leverage for malicious parties in addition to the user. • The user must be even more vigilant when deciding what apps to install. 56 Rooted Android Precautions • If the device merely needs a configuration change, temporary rooting may be the best. • This continues to block unauthorized root access attempts as designed after configuration. • This eliminates future user error after configuration. 57 Rooted Android Precautions • The Android hacking community always suggests the use of a root access manager. • It requires approval by the user for all root access requests. • This potentially puts up one last line of defense. 58 Mobile Device Management • Security concerns include • Preventing unauthorized use of the device • Protecting data while at rest in the device (or in backups or the cloud) and in-transit • Security of the applications (e.g., leaking information or not complying with security settings) • Mobile devices could be the weakest link in information protection 59 Mobile Device Management • iOS devices can be configured/managed through • Local settings on the device • Apple Configuration Utility • Microsoft Exchange ActiveSync • Mobile Device Management -- platorm independent 60 Mobile Device Management • Recommended reading includes • CIS iOS benchmark • Apple guidance • iPhone and iPad in Business Deployment Scenarios • http://images.apple.com/ipad/business/docs/iOS_Busin ess.pdf • iPad in Business: Security Overview • http://images.apple.com/ipad/business/pdf/iPad_Securit y_Overview.pdf • iPhone Enterprise Deployment Guide • http://manuals.info.apple.com/en_US/Enterprise_Deplo yment_Guide.pdf 61 Mobile Device Management • Recommended reading continued • Apple Configuration Utility (aka Apple Configurator) • http://www.wired.com/wiredenterprise/2012/03/appleconfigurator/ • http://krypted.com/iphone/managing-ios-devices-with-appleconfigurator/ • http://itunes.apple.com/us/app/appleconfigurator/id434433123 62 Mobile Device Management • Recommended reading continued • Mobile Device Management (MDM) • http://en.wikipedia.org/wiki/Mobile_device_management • http://www.apple.com/ipad/business/integration/mdm/ • http://images.apple.com/ipad/business/docs/iOS_MDM. pdf • http://www.computerworld.com/s/article/9224894/Tips_for_d eveloping_a_mobile_device_management_strategy 63 DISCUSSIONS 64
