Embed Size (px)
Citation preview
Wireless Security Issues @ Home & Hotspotting
Ernest Staats Director of Technology and Network Services (TNS)MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, [email protected] available @ http://www.es-es.org/
Information Blowin' in the Wind
Wireless open by default Wireless networks “broadcast” data into
the air Anyone can receive the broadcast Certain steps must be taken to protect
“users” of wireless networks
Wireless Basics - 802.11 2.4 GHz (no license) band Only 3 non-overlapping channels (in
theory) CSMA-CA (50% overhead) Half Duplex (talk then listen)
Home Wireless Issues Not enough bandwidth (when downloading or
gaming)
Updates chew-up bandwidth Co-channel interference (Phones,
Microwaves) Old Firmware (check for updates every quarter) No Security or worse, they use WEP SSID broadcast on Raises your risk factor that someone
could obtain personal information or worse
What Could Happen? Slow down your Internet performance. View files on your computers and spread
dangerous software. Monitor the Web sites you visit, read
your e-mail and instant messages as they travel across the network, and copy your usernames and passwords.
Send spam or perform illegal activities with your Internet connection.
Changing Default Settings: Change the Default logon password and make it long! All defaults are known and published on the Net
http://www.phenoelit.de/dpl/dpl.html updated Jan 2007 AP Management Interface
HTTP, SNMP, Telnet HTTP Login
Linksys: UID=blank PW=admin DLink: UID=admin PW=blank Generic: UID=admin PW=admin
SNMP (disable SNMP for home use) All: PW=public
Change default no Open systems to WPA2 systems for home use a long passphrase
Cell Sizing: How far is your WIFI signal going? (that is called
your cell size) I can pickup wireless when I go visiting family in
ID or CO by just turning on my laptop Can’t cover whole house?
Repeater Better antenna MIMO 802.11N (if you like Vegas) Power Setting
The Cell size is usually adjusted by the power setting
Go outside your house and see how far your wireless single is reaching you will be surprised.
SSID Naming:
Identifies network Helps others identify whether or not you have left
default settings on Broadcast on by default (turn it off)
Once again with the default settings your wireless device broadcasts its name saying “my name is … connect to me
Turning off SSID cloaking is called Cloaking Avoid naming your SSID a private or personal code
(don’t make it your password or your name)
MAC Filtering: “MAC Filtering” is where you tell your
wireless device what other devices can connect to it.
A MAC address is the hardware number that is network card specific (literally burned into the network card when it is made)
Can be spoofed but is still a good option for homes
Obtaining Your MAC Address WINDOWS NT / 2000 PROFESSIONAL or XP:
After clicking on the Start Button, click on Run. Once a small black window appears, type in ipconfig /all (with a space
between the g and the /). Locate the number to the right of Physical Address. This is your MAC
address. Macintosh (OS X):
If your computer is running OS X, it is best to have it upgraded to at least 10.1 From the dock, select "System Preferences". Select the "Network" Pane With the TCP/IP tab selected, the number next to Ethernet Address is you MAC addres
Linux On Linux systems, the ethernet device is typically called eth0. In order to find the MAC address of
the ethernet device, you must first become root, through the use of su. Then, type ifconfig -a and look up the relevant info.
For example: # ifconfig -a eth0 Link encap:Ethernet HWaddr 00:60:08:C4:99:AA inet addr:131.225.84.67
Bcast:131.225.87.255 Mask:255.255.248.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15647904 errors:0 dropped:0 overruns:0 TX packets:69559 errors:0 dropped:0 overruns:0 Interrupt:10 Base address:0x300
The MAC address is the HWaddr listed on the first line. In the case of this machine, it is 00:60:08:C4:99:AA.
Encryption: WEP – First Wireless Security
Cracked -- Any middle-schooler can crack your WEP key in short order
WPA Cracked… but Key changes
WPA2 Cracked… but Harder to crack than WPA
802.1x Uses Server to Authorize User Can be very secure
802.11i AES encryption – “Uncrackable”
Wi-Fi Protected Access (WPA) WPA: WPA stands for Wi-Fi Protected Access.
WPA is much better than WEP; we recommend that you put at least WPA on your wireless. It has been cracked, but it takes much longer and is almost not worth the effort.
For “workgroups”, laptop carts, home users, etc.
Keep “secret” long and obscure (set a long passphrase of at least 20 random characters. Better yet, use the full 63 characters by typing a sentence you can remember—just don't make it something that's easily guessed, like a line from a movie.)
Additional weakness in social engineering the “secret”
Wi-Fi Protected Access (WPA2)
WPA2: is very effective for keeping most “normal” people off your wireless.
Changes encryption from RC4 to AES coWPAtty v4 can attack and crack it Some hardware may not support it Firmware upgrade may be necessary Use it if available
Turn It Off: The easiest wireless security option.
When you don’t need it, TURN IT OFF. On vacation After a certain hour at night
Turn OFF access point / wireless router and your laptop’s wireless card (saves your battery life some also)
Turn off DHCP on the router or access point, set a fixed IP address range, then set each connected device to match. Use a private IP range (like 10.0.0.x) to prevent computers from being directly reached from the Internet. Assign Static IP Addresses to Devices Or Limit the number of DHCP address your router will give out
Home Wireless Summary Change default settings -- SSID and passwords Use WPA or (better WPA2) Use a MAC filter Turn off SSID broadcasting Know how far your wireless signal is reaching Turn off wireless when not being used for extended time
periods & Turn off DHCP or limit DHCP Disable remote administration Update Firmware on AP and wireless cards
semiannually Secure your Home machines
Current AV Firewall (if the wireless router has a firewall option turn it on) Spyware protection Auto update Windows Common Sense (Check the “Secure Your Laptop Section”)
Hot Spot or Public Access Everything you do can be observed by other
people; including your email, logon and surfing. Etherwatch (driftnet, etherpeg)
Capture and display images Ethereal, Commview, AirMagnet…
Capture packets and display email, web pages, etc.
Data is unencrypted Unless an application does it
Your system can be probed to see if someone can get into your laptop
Common Laptop Issues
Most laptop users leave wireless “on” all the time
Peer attack may be possible Firewall might block
Access to shared folders or administrative share “C$” \\Name or IP address\c$
Set WiFi client to “infrastructure”
Secure Your Laptop Turn your firewall on: Start > Settings > Network Connections >
Wireless Network Connection > Change Advanced Settings > Advanced Tab > Windows Firewall Settings > Select “On” > OK
BETTER YET use Another Firewall (i.e. Kerio, Jetico, or Zone Alarm)
Turn ad-hoc mode off: Start > Settings > Network Connections > Wireless Network Connection > Change Advanced Settings > Wireless Networks Tab > Select Network > Properties > Uncheck “This is a computer-to-computer (ad-hoc) network” > OK
Disable file sharing: Start > Settings > Network Connections > Wireless Network Connection > Change Advanced Settings > Uncheck “File and Printer Sharing” > OK
Change Administrator password : Click Start > Control Panel > User Accounts. Ensure the Guest account is disabled. Click your Administrator User Account, and reset the password
Infrastructure Networks Only To allow only connections to approved access points:
In Control Panel, double-click Network Connections. In the Network Connections window, right-click Wireless
Network Connection, and then click Properties. In the Wireless Network Connection Properties dialog
box, on the Wireless Networks tab, make sure that the Use Windows to configure my wireless network settings check box is selected.
Under Preferred networks, make sure that the name of the network that you want to connect to is highlighted, and then click Advanced.
In the Advanced dialog box, click Access point (infrastructure) network only, and then click Close. Click OK.
VPN Solutions
AnchorFree's Hotspot Shield, a new free software download. Install it on a Windows 2000 or XP system
Paid VPN Solutions WiTopia's personalVPN, HotspotVPN (SSL) JiWire's SpotLock (IPSec) software. All charge for the VPN connections they
provide, and require installation of a utility on the computer.
Security Tips for Public Hotspots Use a personal firewall Use anti-virus software (update daily or hourly) Update your operating system and other applications
(i.e. office. adobe reader) regularly. Turn off file sharing. Use Web-based email that employs secure http (https)
(beware of some SSL issues though) Use a virtual private network (VPN). Password-protect your computer and important files
(make sure your administrator account has a good long password).
Encrypt files before transferring or emailing them. Make sure you're connected to a legitimate access point. Be aware of people around you. Properly log out of web sites by clicking log out instead
of just closing your browser, or typing in a new Internet address
TIPS for WIFI at Work TO keep a work WIFI system so it does not drop users as
they move around all vendors have some common suggestions.
Name all your AP's with the same name so if the single gets blocked by an individual standing in front of the AP or in front of another users laptop and they then get a stronger single from another work AP they do not have to re authenticate to the work wireless network.
Make sure all your AP's are on the same subnet if your are doing AD authentication.
Make sure the network is the only one listed on the preferred networks under the wireless tab of the "wireless network connection properties" on the network card adapter settings in control panel.
TIPS for WIFI at Work (cont.)
Also on the wireless tab of the "wireless network connection properties“, click on the advanced tab and: Make sure it is set on the (Networks to Access)
section to only access the Access Point also called (infrastructure) networks only
Then make sure the Automatically connect to non-preferred networks is unchecked
These steps will greatly help you only once these steps are done, and if you still have issues then turning off Windows Zero Config for WIFI might help
Use 802.1x or (better) 802.11i in offices that need secure wireless.
