Wireless Security Basics

Hands-On Ethical Hands-On Ethical Hacking and Network Hacking and Network

DefenseDefenseChapter 11Chapter 11

Hacking Wireless NetworksHacking Wireless Networks

Last revised 10-30-08 5 pm

2

ObjectivesObjectives

Explain wireless technologyExplain wireless technology Describe wireless networking standardsDescribe wireless networking standards Describe the process of authenticationDescribe the process of authentication Describe wardrivingDescribe wardriving Describe wireless hacking and tools used Describe wireless hacking and tools used

by hackers and security professionalsby hackers and security professionals

3

Understanding Wireless Understanding Wireless TechnologyTechnology

For a wireless network to function, you must have For a wireless network to function, you must have the right hardware and softwarethe right hardware and software

Wireless technology is part of our livesWireless technology is part of our lives Baby monitorsBaby monitors Cell and cordless phonesCell and cordless phones PagersPagers GPSGPS Remote controlsRemote controls Garage door openersGarage door openers Two-way radiosTwo-way radios Wireless PDAsWireless PDAs

4

Components of a Wireless Components of a Wireless NetworkNetwork

A wireless network has only three basic A wireless network has only three basic componentscomponents Access Point (AP)Access Point (AP) Wireless network interface card (WNIC)Wireless network interface card (WNIC) Ethernet cableEthernet cable

5

Access PointsAccess Points

An access point (AP) is a transceiver that An access point (AP) is a transceiver that connects to an Ethernet cableconnects to an Ethernet cable It bridges the wireless network with the wired It bridges the wireless network with the wired

networknetwork Not all wireless networks connect to a wired Not all wireless networks connect to a wired

networknetwork Most companies have Wireless LANs Most companies have Wireless LANs

(WLANs) that connect to their wired network (WLANs) that connect to their wired network topologytopology

6

Access PointsAccess Points

The AP is where channels are configuredThe AP is where channels are configured An AP enables users to connect to a LAN An AP enables users to connect to a LAN

using wireless technologyusing wireless technology An AP is available only within a defined areaAn AP is available only within a defined area

7

Service Set Identifiers Service Set Identifiers (SSIDs)(SSIDs)

Name used to identify the wireless local Name used to identify the wireless local area network (WLAN)area network (WLAN)

The SSID is configured on the APThe SSID is configured on the AP Unique 1- to 32-character alphanumeric nameUnique 1- to 32-character alphanumeric name Name is case sensitiveName is case sensitive

Wireless computers need to configure the Wireless computers need to configure the SSID before connecting to a wireless SSID before connecting to a wireless networknetwork

8


SSID is transmitted with each packetSSID is transmitted with each packet Identifies which network the packet belongsIdentifies which network the packet belongs

The AP usually broadcasts the SSIDThe AP usually broadcasts the SSID

9


Many vendors have SSIDs set to a default Many vendors have SSIDs set to a default value that companies never changevalue that companies never change

An AP can be configured to not broadcast An AP can be configured to not broadcast its SSID until after authenticationits SSID until after authentication Wireless hackers can attempt to guess the Wireless hackers can attempt to guess the

SSIDSSID Verify that your clients or customers are Verify that your clients or customers are

not using a default SSIDnot using a default SSID

10

See links Ch 11a, bSee links Ch 11a, b

11

Configuring an Access PointConfiguring an Access Point

Configuring an AP varies depending on Configuring an AP varies depending on the hardwarethe hardware Most devices allow access through any Web Most devices allow access through any Web

browserbrowser Enter IP address on your Web browser and Enter IP address on your Web browser and

provide your user logon name and passwordprovide your user logon name and password

12

Wireless RouterWireless Router

A wireless router includes an access point, A wireless router includes an access point, a router, and a switcha router, and a switch

13

Demo: Configuring an Demo: Configuring an Access PointAccess Point

Wireless Configuration Wireless Configuration OptionsOptions SSIDSSID Wired Equivalent Wired Equivalent

Privacy (WEP) Privacy (WEP) encryptionencryption

Changing Admin Changing Admin PasswordPassword

14

Configuring an Access PointConfiguring an Access Point Wireless Configuration OptionsWireless Configuration Options

SSIDSSID Wired Equivalent Privacy (WEP) encryptionWired Equivalent Privacy (WEP) encryption WPA (WiFi Protected Access ) is betterWPA (WiFi Protected Access ) is better

15

Configuring an Access Point Configuring an Access Point (continued)(continued)

Steps for configuring a D-Link wireless Steps for configuring a D-Link wireless router (continued)router (continued) Turn off SSID broadcastTurn off SSID broadcast You should also change your SSIDYou should also change your SSID

16

17

Wireless NICsWireless NICs

For wireless technology to work, each For wireless technology to work, each node or computer must have a wireless node or computer must have a wireless NICNIC

NIC’s main functionNIC’s main function Converting the radio waves it receives into Converting the radio waves it receives into

digital signals the computer understandsdigital signals the computer understands

18

Wireless NICsWireless NICs

There are many wireless NICs on the There are many wireless NICs on the marketmarket Choose yours depending on how you plan to Choose yours depending on how you plan to

use ituse it Some tools require certain specific brands of Some tools require certain specific brands of

NICsNICs

19

Understanding Wireless Understanding Wireless Network StandardsNetwork Standards

A standard is a set of rules formulated by A standard is a set of rules formulated by an organizationan organization

Institute of Electrical and Electronics Institute of Electrical and Electronics Engineers (IEEE)Engineers (IEEE) Defines several standards for wireless Defines several standards for wireless

networksnetworks

20

IEEE: CCSF Student Chapter IEEE: CCSF Student Chapter

Next meeting:Next meeting: Thurs, Nov 6, 2008 in Sci 37, 5:00 pmThurs, Nov 6, 2008 in Sci 37, 5:00 pm

Email Email [email protected]@ccsf.edu for more info for more info

21

IEEE StandardsIEEE Standards

Standards pass through these groups:Standards pass through these groups: Working group (WG)Working group (WG) Sponsor Executive Committee (SEC)Sponsor Executive Committee (SEC) Standards Review Committee (RevCom)Standards Review Committee (RevCom) IEEE Standards BoardIEEE Standards Board

IEEE Project 802IEEE Project 802 LAN and WAN standardsLAN and WAN standards

22

The 802.11 StandardThe 802.11 Standard

The first wireless technology standardThe first wireless technology standard Defined wireless connectivity at 1 Mbps Defined wireless connectivity at 1 Mbps

and 2 Mbps within a LANand 2 Mbps within a LAN Applied to layers 1 and 2 of the OSI modelApplied to layers 1 and 2 of the OSI model Wireless networks cannot detect collisionsWireless networks cannot detect collisions

Carrier sense multiple access/collision Carrier sense multiple access/collision avoidance (CSMA/CA) is used instead of avoidance (CSMA/CA) is used instead of CSMA/CDCSMA/CD

23

AddressingAddressing

Wireless LANs do not have an address Wireless LANs do not have an address associated with a physical locationassociated with a physical location An addressable unit is called a station (STA)An addressable unit is called a station (STA)

24

The Basic Architecture of The Basic Architecture of 802.11802.11

802.11 uses a basic service set (BSS) as 802.11 uses a basic service set (BSS) as its building blockits building block Computers within a BSS can communicate Computers within a BSS can communicate

with each otherwith each other

25

The Basic Architecture of 802.11The Basic Architecture of 802.11

To connect To connect two BSSs, two BSSs, 802.11 802.11 requires a requires a distribution distribution system (DS)system (DS)

26

Frequency RangeFrequency Range

In the United States, Wi-Fi uses In the United States, Wi-Fi uses frequencies near 2.4 GHzfrequencies near 2.4 GHz

(Except 802.11a at 5 GHz)(Except 802.11a at 5 GHz) There are 11 channels, but they overlap, so There are 11 channels, but they overlap, so

only three are commonly usedonly three are commonly used See link Ch 11c (cisco.com)See link Ch 11c (cisco.com)

27

Infrared (IR)Infrared (IR)

Infrared light can’t be seen by the human eyeInfrared light can’t be seen by the human eye IR technology is restricted to a single room or IR technology is restricted to a single room or

line of sightline of sight IR light cannot penetrate walls, ceilings, or floorsIR light cannot penetrate walls, ceilings, or floors

Image: IR transmitter for wireless headphonesImage: IR transmitter for wireless headphones

28

IEEE Additional 802.11 IEEE Additional 802.11 ProjectsProjects

802.11a802.11a Created in 1999Created in 1999 Operating frequency 5 GHzOperating frequency 5 GHz Throughput 54 MbpsThroughput 54 Mbps

29

IEEE Additional 802.11 IEEE Additional 802.11 Projects (continued)Projects (continued)

802.11b802.11b Operates in the 2.4 GHz rangeOperates in the 2.4 GHz range Throughput 11 MbpsThroughput 11 Mbps Also referred as Wi-Fi (wireless fidelity)Also referred as Wi-Fi (wireless fidelity) Allows for 11 channels to prevent overlapping Allows for 11 channels to prevent overlapping

signalssignals Effectively only three channels (1, 6, and 11) can Effectively only three channels (1, 6, and 11) can

be used in combination without overlappingbe used in combination without overlapping Introduced Wired Equivalent Privacy (WEP)Introduced Wired Equivalent Privacy (WEP)

30


802.11e802.11e It has improvements to address the problem It has improvements to address the problem

of interferenceof interference When interference is detected, signals can jump to When interference is detected, signals can jump to

another frequency more quicklyanother frequency more quickly

802.11g802.11g Operates in the 2.4 GHz rangeOperates in the 2.4 GHz range Throughput increased from 11 Mbps to 54 Throughput increased from 11 Mbps to 54

MbpsMbps

31


802.11i802.11i Introduced Wi-Fi Protected Access (WPA)Introduced Wi-Fi Protected Access (WPA) Corrected many of the security vulnerabilities Corrected many of the security vulnerabilities

of 802.11bof 802.11b 802.11n (draft)802.11n (draft)

Will be finalized in Dec 2009Will be finalized in Dec 2009 Speeds up to 300 MbpsSpeeds up to 300 Mbps Aerohive AP runs at 264 Mbps nowAerohive AP runs at 264 Mbps now

Links Ch 11zc, Ch 11zdLinks Ch 11zc, Ch 11zd

32


802.15802.15 Addresses networking Addresses networking

devices within one devices within one person’s workspaceperson’s workspace Called wireless Called wireless

personal area network personal area network (WPAN)(WPAN)

Bluetooth is one of six Bluetooth is one of six 802.15 standards802.15 standards Image from Image from

ubergizmo.comubergizmo.com

33


BluetoothBluetooth Defines a method for interconnecting portable Defines a method for interconnecting portable

devices without wiresdevices without wires Maximum distance allowed is 10 metersMaximum distance allowed is 10 meters It uses the 2.45 GHz frequency bandIt uses the 2.45 GHz frequency band Throughput of up to 2.1 Mbps for Bluetooth 2.0Throughput of up to 2.1 Mbps for Bluetooth 2.0

Note: the speed value of 12 Mbps in your book and Note: the speed value of 12 Mbps in your book and the lecture notes is wrongthe lecture notes is wrong

Link Ch 11zgLink Ch 11zg

34


802.16 (also called WIMAX)802.16 (also called WIMAX) Addresses the issue of wireless metropolitan area Addresses the issue of wireless metropolitan area

networks (MANs)networks (MANs) Defines the WirelessMAN Air InterfaceDefines the WirelessMAN Air Interface Range of up to 30 milesRange of up to 30 miles Throughput of up to 120 MbpsThroughput of up to 120 Mbps

802.20802.20 Addresses wireless MANs for mobile users who Addresses wireless MANs for mobile users who

are sitting in trains, subways, or cars traveling at are sitting in trains, subways, or cars traveling at speeds up to 150 miles per hourspeeds up to 150 miles per hour

35


BluetoothBluetooth Defines a method for interconnecting portable Defines a method for interconnecting portable

devices without wiresdevices without wires Maximum distance allowed is 10 metersMaximum distance allowed is 10 meters It uses the 2.45 GHz frequency bandIt uses the 2.45 GHz frequency band Throughput of up to 12 MbpsThroughput of up to 12 Mbps

HiperLAN2HiperLAN2 European WLAN standardEuropean WLAN standard It is not compatible with 802.11 standardsIt is not compatible with 802.11 standards

36

2.1 Mbps

37

Understanding AuthenticationUnderstanding Authentication

Wireless technology brings new security Wireless technology brings new security risks to a networkrisks to a network

AuthenticationAuthentication Establishing that a user is authentic—Establishing that a user is authentic—

authorized to use the networkauthorized to use the network If authentication fails, anyone in radio range If authentication fails, anyone in radio range

can use your networkcan use your network

38

The 802.1X StandardThe 802.1X Standard

Defines the process of authenticating and Defines the process of authenticating and authorizing users on a WLANauthorizing users on a WLAN

Basic conceptsBasic concepts Point-to-Point Protocol (PPP)Point-to-Point Protocol (PPP) Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP) Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA)Wi-Fi Protected Access (WPA)

39

Point-to-Point Protocol (PPP)Point-to-Point Protocol (PPP)

Many ISPs use PPP to connect dial-up or Many ISPs use PPP to connect dial-up or DSL usersDSL users

PPP handles authentication with a user PPP handles authentication with a user name and password, sent with PAP or name and password, sent with PAP or CHAPCHAP PAP (Password Authentication Protocol) PAP (Password Authentication Protocol)

sends passwords unencryptedsends passwords unencrypted Vulnerable to trivial sniffing attacksVulnerable to trivial sniffing attacks

See link Ch 11fSee link Ch 11f

40

CHAP VulnerabilityCHAP Vulnerability

CHAP (Challenge-Handshake CHAP (Challenge-Handshake Authentication Protocol)Authentication Protocol) Server sends a Challenge with a random Server sends a Challenge with a random

valuevalue Client sends a Response, hashing the random Client sends a Response, hashing the random

value with the secret passwordvalue with the secret password This is still vulnerable to a sort of session This is still vulnerable to a sort of session

hijacking attack (see links Ch 11e)hijacking attack (see links Ch 11e)

41

Extensible Authentication Extensible Authentication Protocol (EAP)Protocol (EAP)

EAP is an enhancement to PPPEAP is an enhancement to PPP Allows a company to select its Allows a company to select its

authentication methodauthentication method CertificatesCertificates KerberosKerberos

Kerberos is used on LANs for authenticationKerberos is used on LANs for authentication Uses Tickets and KeysUses Tickets and Keys Used by Windows 2000, XP, and 2003 Server by Used by Windows 2000, XP, and 2003 Server by

defaultdefault Not common on WLANS (I think)Not common on WLANS (I think)

42

X.509 CertificateX.509 Certificate Record that authenticates network Record that authenticates network

entitiesentities IdentifiesIdentifies

The ownerThe owner The certificate authority (CA)The certificate authority (CA) The owner’s public keyThe owner’s public key

See link Ch 11jSee link Ch 11j

43

Sample X.509 CertificateSample X.509 Certificate Go to gmail.comGo to gmail.com Double-click the padlockDouble-click the padlock

44

Public KeyPublic Key

Your browser Your browser uses the uses the Public Key to Public Key to encrypt data encrypt data so only Gmail so only Gmail can read itcan read it

45

LEAPLEAP

Lightweight Extensible Lightweight Extensible Authentication Protocol Authentication Protocol (LEAP)(LEAP) A Cisco productA Cisco product Vulnerable, but Cisco didn’t careVulnerable, but Cisco didn’t care Joshua Wright wrote the ASLEAP hacking Joshua Wright wrote the ASLEAP hacking

tool to crack LEAP, and forced Cisco to tool to crack LEAP, and forced Cisco to develop a better protocoldevelop a better protocol See link Ch 11gSee link Ch 11g

46

More Secure EAP MethodsMore Secure EAP Methods

Extensible Authentication Protocol-Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)Transport Layer Security (EAP-TLS) Secure but rarely used, because both client Secure but rarely used, because both client

and server need certificates signed by a CAand server need certificates signed by a CA Protected EAP (PEAP) and Microsoft Protected EAP (PEAP) and Microsoft

PEAPPEAP Very secure, only requires server to have a Very secure, only requires server to have a

certificate signed by a CAcertificate signed by a CA See link Ch 11hSee link Ch 11h

47

802.1X components802.1X components

SupplicantSupplicant The user accessing a WLANThe user accessing a WLAN

AuthenticatorAuthenticator The APThe AP

Authentication serverAuthentication server Checks an account database to see if user’s Checks an account database to see if user’s

credentials are acceptablecredentials are acceptable May use RADIUS (Remote Access Dial-In User May use RADIUS (Remote Access Dial-In User

Service)Service) See link Ch 11kSee link Ch 11k

48

49

Wired Equivalent Privacy Wired Equivalent Privacy (WEP)(WEP)

Part of the 802.11b standardPart of the 802.11b standard Encrypts data on a wireless networkEncrypts data on a wireless network WEP has many vulnerabilitiesWEP has many vulnerabilities To crack WEP, see links Ch 11l, 11mTo crack WEP, see links Ch 11l, 11m

50

Wi-Fi Protected Access (WPA)Wi-Fi Protected Access (WPA) Specified in the 802.11i standardSpecified in the 802.11i standard Replaces WEPReplaces WEP WPA improves encryption by using WPA improves encryption by using

Temporal Key Integrity Protocol (TKIP)Temporal Key Integrity Protocol (TKIP)

51

TKIP EnhancementsTKIP Enhancements

Message Integrity Check (MIC)Message Integrity Check (MIC) Prevent attacker from injecting forged packets Prevent attacker from injecting forged packets

Extended Initialization Vector (IV) with Extended Initialization Vector (IV) with sequencing rulessequencing rules Prevent replays (attacker re-sending copied Prevent replays (attacker re-sending copied

packets)packets)

52

TKIP EnhancementsTKIP Enhancements

Per-packet key mixingPer-packet key mixing MAC addresses are used to create a keyMAC addresses are used to create a key Each link uses a different keyEach link uses a different key

Rekeying mechanismRekeying mechanism Provides fresh keysProvides fresh keys Prevents attackers from reusing old keysPrevents attackers from reusing old keys

53

WPA Adds 802.1xWPA Adds 802.1x

WPA also adds an authentication WPA also adds an authentication mechanism implementing 802.1X and mechanism implementing 802.1X and EAPEAP This was not available in WEPThis was not available in WEP

54

Understanding WardrivingUnderstanding Wardriving

Hackers use wardrivingHackers use wardriving Finding insecure access pointsFinding insecure access points Using a laptop or palmtop computerUsing a laptop or palmtop computer

Wardriving is not illegalWardriving is not illegal But using the resources of these networks is But using the resources of these networks is

illegalillegal WarflyingWarflying

Variant where an airplane is used instead of a Variant where an airplane is used instead of a carcar

55

How It WorksHow It Works

An attacker or security tester simply drives An attacker or security tester simply drives around with the following equipmentaround with the following equipment Laptop computerLaptop computer Wireless NICWireless NIC An antennaAn antenna Software that scans the area for SSIDsSoftware that scans the area for SSIDs

Not all wireless NICs are compatible with Not all wireless NICs are compatible with scanning programsscanning programs

Antenna prices vary depending on the quality Antenna prices vary depending on the quality and the range they can coverand the range they can cover

56

How It Works (continued)How It Works (continued)

Scanning software can identifyScanning software can identify The company’s SSIDThe company’s SSID The type of security enabledThe type of security enabled The signal strengthThe signal strength

Indicating how close the AP is to the attackerIndicating how close the AP is to the attacker

57

Demo: VistaStumblerDemo: VistaStumbler

Link Ch 11zeLink Ch 11ze

58

NetStumblerNetStumbler

Shareware tool written for Windows that Shareware tool written for Windows that enables you to detect WLANs enables you to detect WLANs Supports 802.11a, 802.11b, and 802.11g Supports 802.11a, 802.11b, and 802.11g

standardsstandards NetStumbler was primarily designed toNetStumbler was primarily designed to

Verify your WLAN configurationVerify your WLAN configuration Detect other wireless networksDetect other wireless networks Detect unauthorized APsDetect unauthorized APs

59


NetStumbler is capable of interface with a NetStumbler is capable of interface with a GPSGPS Enabling a security tester or hacker to map Enabling a security tester or hacker to map

out locations of all the WLANs the software out locations of all the WLANs the software detectsdetects

60


NetStumbler logs the following informationNetStumbler logs the following information SSIDSSID MAC address and Manufacturer of the APMAC address and Manufacturer of the AP ChannelChannel Signal StrengthSignal Strength EncryptionEncryption

Can detect APs within a 350-foot radiusCan detect APs within a 350-foot radius With a good antenna, they can locate APs a With a good antenna, they can locate APs a

couple of miles awaycouple of miles away

61

62

63

KismetKismet

Another product for conducting wardriving Another product for conducting wardriving attacksattacks

Runs on Linux, BSD, MAC OS X, and Runs on Linux, BSD, MAC OS X, and Linux PDAsLinux PDAs

Kismet is advertised also as a sniffer and Kismet is advertised also as a sniffer and IDSIDS Kismet can sniff 802.11b, 802.11a, and Kismet can sniff 802.11b, 802.11a, and

802.11g traffic802.11g traffic

64

Kismet featuresKismet features

Ethereal- and Tcpdump-compatible data Ethereal- and Tcpdump-compatible data logginglogging

AirSnort compatibleAirSnort compatible Network IP range detectionNetwork IP range detection

65

Kismet features (continued)Kismet features (continued)

Hidden network SSID detectionHidden network SSID detection Graphical mapping of networksGraphical mapping of networks Client-server architectureClient-server architecture Manufacturer and model identification of APs Manufacturer and model identification of APs

and clientsand clients Detection of known default access point Detection of known default access point

configurationsconfigurations XML outputXML output Supports 20 card typesSupports 20 card types

66

Understanding Wireless Understanding Wireless HackingHacking

Hacking a wireless network is not much Hacking a wireless network is not much different from hacking a wired LANdifferent from hacking a wired LAN

Techniques for hacking wireless networksTechniques for hacking wireless networks Port scanningPort scanning EnumerationEnumeration

67

Tools of the TradeTools of the Trade

EquipmentEquipment Laptop computerLaptop computer A wireless NICA wireless NIC An antennaAn antenna Sniffer softwareSniffer software

68

AirSnortAirSnort

Created by Jeremy Bruestle and Blake Created by Jeremy Bruestle and Blake HegerleHegerle

It is the tool most hackers wanting to It is the tool most hackers wanting to access WEP-enabled WLANs useaccess WEP-enabled WLANs use

AirSnort limitationsAirSnort limitations Runs on either Linux or Windows (textbook is Runs on either Linux or Windows (textbook is

wrong)wrong) Requires specific driversRequires specific drivers Not all wireless NICs function with AirSnortNot all wireless NICs function with AirSnort

See links Ch 11p, 11qSee links Ch 11p, 11q

69

WEPCrackWEPCrack

Another open-source tool used to crack Another open-source tool used to crack WEP encryptionWEP encryption WEPCrack was released about a week before WEPCrack was released about a week before

AirSnortAirSnort It also works on *NIX systemsIt also works on *NIX systems WEPCrack uses Perl scripts to carry out WEPCrack uses Perl scripts to carry out

attacks on wireless systemsattacks on wireless systems AirSnort is considered better (link Ch 11r)AirSnort is considered better (link Ch 11r)

70

Countermeasures for Countermeasures for Wireless AttacksWireless Attacks

Anti-wardriving software makes it more Anti-wardriving software makes it more difficult for attackers to discover your difficult for attackers to discover your wireless LANwireless LAN HoneypotsHoneypots

Servers with fake data to snare intrudersServers with fake data to snare intruders Fakeap and Black Alchemy Fake APFakeap and Black Alchemy Fake AP

Software that makes fake Access PointsSoftware that makes fake Access Points Link Ch 11sLink Ch 11s

71

Countermeasures for Countermeasures for Wireless AttacksWireless Attacks

Use special paint to stop radio from Use special paint to stop radio from escaping your buildingescaping your building

Allow only predetermined MAC addresses Allow only predetermined MAC addresses and IP addresses to have access to the and IP addresses to have access to the wireless LANwireless LAN

Use an authentication server instead of Use an authentication server instead of relying on a wireless device to relying on a wireless device to authenticate usersauthenticate users

72

Countermeasures for Countermeasures for Wireless Attacks Wireless Attacks

Use an EAP authentication protocolUse an EAP authentication protocol If you use WEP, use 104-bit encryption If you use WEP, use 104-bit encryption

rather than 40-bit encryptionrather than 40-bit encryption But just use WPA insteadBut just use WPA instead

Assign static IP addresses to wireless Assign static IP addresses to wireless clients instead of using DHCPclients instead of using DHCP

Don’t broadcast the SSIDDon’t broadcast the SSID

73

Countermeasures for Countermeasures for Wireless Attacks Wireless Attacks

Place the AP in the demilitarized zone Place the AP in the demilitarized zone (DMZ) (DMZ) (image from wikipedia)(image from wikipedia)

74

Demo: Defeating MAC Demo: Defeating MAC Address FilteringAddress Filtering

Link Ch 11zfLink Ch 11zf

Education

Wireless Security Basics