08-16-2017, 10:45 PM
Wireless Threats and Attacks Wireless Introduction Wireless Security Requirements Threats Vulnerabilities Taxonomy of Attacks Attack against Wireless networks Against 802.11 network Bluetooth Handheld devices Summary 2 WIRELESS 3 Wireless Fastest growing segment of Computer industry Connection to LAN,WAN,PAN on the move Portable office Phone ,fax ,email ,file retrieval ,login on machines. Rescue, Military Slow ,Error-prone, Transmission interference 4 Wireless Wireless devices use Radio Frequency (RF) technology to facilitate communication. Various types of wireless communication solutions use different frequencies, most regulated by governments. 802.11 and Bluetooth operate in the 2.4Ghz unregulated band. 5 Common wireless usage scenarios Wide Area Networks (WANs) using GPRS, GSM etc. Local Area Networking (LANs) using 802.11b (aka WiFi). Personal Area Networking (PANs) using Bluetooth. 6 Security Requirements Expected from Wireless Communication 7 Wireless security requirement Same for wired & wireless CIA requirement Confidentiality: Keeping secrets secret!! Integrity: Data is unchanged Availability: Data is available for needful Authentication requirement of message Allow message non-repudiation 8 Attack and Threats Attack- Exploiting one or more vulnerabilities of communication medium Threat- Object, person or Entity representing a danger to security of communication medium Particular threats Device theft, theft of service, espionage. 9 Threat agents Majority of threats are hackers Accidental Users Script KiddiesCasual HackersSkilled hackers- Lot of freeware are available for hacking e.g.: netstumbler ,Kismet ,WEPcrack ,HostAP 10 Vulnerability Weakness or fault in the communication media allowing assurances to be compromised Since transmissions are broadcasted, they are available freely for anyone with right equipment Un authorized access Identity theft Un authorized equipment 11 Classification of Attacks 12 Taxonomy of Attacks Passive attacks: No content modification Confidentiality threats Two types : 1. Traffic analysis2. Eaves dropping- 13 Taxonomy of Attacks Active attacks : CIA is questioned Types : 1. 2. 3. 4. Masquerading- Impersonating Replay- Man in the middle Message modification- alteration Denial of service (D o S)-flooding and jamming 14 Attack against Wireless networks 1. 2. 3. Against 802.11 Networks : Against Blue tooth Networks : Against Hand held Devices : 15 16 What is 802.11 ??? Two fundamental architectural components Station (STA). Basic Service Set Identifier (BSSID) Access Point (AP). Service Set Identifier (SSID): Attack against 802.11 networks Infrastructure mode and ad hoc mode are the two basic network topologies 17 Ad hoc Mode Architecture 18 Infrastructure Mode 19 20 Passive attacks on 802.11 Interception & Monitoring : Attacker needs to be in range of access point No need of compromising a system since signals are broadcasted 802.11 b can have directional antennae which enhance the risk of detection and attack because it can exceed physical boundaries its not mean to cross 21 Passive attacks on 802.11 Traffic Analysis : 3 uses are Identify activity on network. Identify physical locations of access points (s s i d broadcasting) Identify types of protocols used in network for exploiting their flaws (pattern of packets e.g. TCP-Syn\SynAck\Ack) 22 Passive attacks on 802.11 Passive eavesdropping: Attacker monitor sessions not encrypted Reads the transmitted data and accumulate information through studying the packets Active eavesdropping: IP Spoofing- Attacker changes the destination I P address of packet to the address of a host they control . When actual host does not get message then message is resend so its undetected. 23 24 Active attacks on 802.11 1. Masquerade: Spoofing and id theft Unauthorized clients Brute force attacks Unauthorized access points 2. Man in middle: 3. Denial of Service: Jamming Flooding 25 What is blue-tooth? Open standard for Short range digital radio Fast and reliable Data + Voice communications Its employed to connect 2 blue tooth devices e.g. phone, p d a, printer, mouse 26 Attacks against Blue tooth Network 27 Passive attacks on blue tooth Authorized remote users use insecure links which are sniffed up by attackers If page link is compromised then traffic analysis If system is compromised then data manipulation and obtaining user details 28 Active attack on blue tooth 1. Masquerade: device authentication is done not user so any device if compromised possess as threat Attacker C 2. Man in middle: Device A Device B 29 Active attack on blue tooth 1. Message modification : use of un trusted p d a and capture all yr contacts to send messages 2. D o S- jamming the 2.4 Ghz Ism band it operates with devices like baby monitors which work on that same frequency 30 Attack on Hand held devices What are hand held devices ? Have their own IP address E.g. pager ,smart phone, tablets 31 32 33 Eavesdropping: Passive attack on Hand held devices Hand held devices have default enabled connectivity. Data is seldom encrypted 34 Denial of service- Active attack on Hand held devices Cell phones are jammed Virus, Trojan , worm Spamming inbox 3g phones have continuous connection with the network so they are prone to attack and traffic analysis 35 Summary Threats and attacks for wired and wireless is same CIA principle should be kept CYCLE: New Security measure -> New vulnerability discovered-> New hacking tool 36 Fighting back End to end security at application, transport and page link layer. Authentication of people Cryptography Security checklists Almost any given single security mechanism alone may be easily overcome by attackers. However, proper configuration and implementation of the maximum possible security mechanisms must be used to form a hodgepodge of multiple security layers, in effort to provide the best possible wireless protection. 37 Solutions Mutual authentication Strong confidentiality and dynamic rekeying Firewalls, anti-virus software Managerial solutions Security management practices and controls Establish security policies Regularly conduct security audits and risk assessment Provide user education