module7 wireless security-b

© 2010 – Foreground Security. All rights reserved

Module 7Wireless Security

Module7


Module Objectives

• This module will familiarize you with the following:– Wi-Fi Security Issues – Bluetooth– Cell Phone Policy and Procedures

Module7


Wireless Today

• Wi-Fi [Wireless Fidelity]

• Bluetooth

• Infrared

• RFID

• Satellite / Microwave


Wi-Fi

• 802.11– b / g / a / n

• Modes– Infrastructure– Ad-Hoc (Peer Mode)

• SSID

• MAC Filtering


Wireless Networks


Wireless Issues

• Vulnerabilities– Signal Availability– Easy access to signals

• Not much required ($ or equipment)

– Signal Frequency Congestion• Microwave / Cordless Phone / Neighbor

– SSID Announce– False Security of Encryption


Wireless Countermeasures

• User Awareness

• Security Settings– Confining the signal– Disguising the label (SSID)– Choosing allowed parties (MAC filter)– Hiding the data (Encryption)


Wireless Trends

• Faster Speed– 802.11n / 802.16 (WiMax)

• Better Security– Stronger Encryption

– Authentication (802.1x)


Wi-Fi Encryption

• WEP

• WPA

• WPA2

• EAP


Wi-Fi Risks

• Key Reuse (WEP is flawed)

• Sniffing

• Open Access (sniffed credentials)

• Denial of Service [DoS]

• Rogue Access Points

• Improperly Configured APs


Wi-Fi Tools

• NetStumbler

• Kismet

• AirCrack

• AirMagnet

• SnifferPro

• Ethereal


Handhelds

• Vulnerabilities– Malware– Theft (Device or Data)– Exploit wireless signal– Denial of Service– HotSync


Handheld Countermeasures

• Firewalls / Anti-Malware

• Password protected

• No unnecessary data storage

• Encrypted transmissions

• 2-factor authentication

101


Bluetooth

List of applications• A typical Bluetooth mobile phone headset• More prevalent applications of Bluetooth include:• Wireless control of and communication between a mobile phone and a hands-free

headset. This was one of the earliest applications to become popular. • Wireless networking between PCs in a confined space and where little bandwidth is

required. • Wireless communications with PC input and output devices, the most common being the

mouse, keyboard and printer. • Transfer of files between devices with OBEX. • Transfer of contact details, calendar appointments, and reminders between devices with

OBEX. • Replacement of traditional wired serial communications in test equipment, GPS

receivers, medical equipment, bar code scanners, and traffic control devices. • For controls where infrared was traditionally used. • Sending small advertisements from Bluetooth enabled advertising hoardings to other,

discoverable, Bluetooth devices. • Two seventh-generation game consoles, Nintendo's Wii[4] and Sony's PlayStation 3 use

Bluetooth for their respective wireless controllers. • Dial-up internet access on personal computer or PDA using a data-capable mobile phone

as a modem.


Most important security weaknesses - Bluetooth

• Problems with E0

• Unit key

• PIN

• Problems with E1

• Location privacy

• Denial of service attacks


Other weaknesses

• No integrity checks

• No prevention of replay attacks

• Man in the middle attacks

• Turn off discovery

• Sometimes: default = no security

• …


Recommendations

• Never use unit keys!!!!

• Use long and sufficiently random PINs

• Always make sure security is turned on

• …


Interesting solutions

• Replace E0 and E1 with AES

• Use MACs to protect integrity

• Pseudonyms

• Identity based cryptography


BluetoothIssues

• Hacking Movie(s)

module7 wireless security-b

Documents