Wireless - fontysvenlo.org

Download Report

Transcript Wireless - fontysvenlo.org 

Wireless & password security
Mark Theeuwes
Wireless basics
2
Wireless basics

Radio waves
3
Wireless basics

Channels 2,4 GHz (802.11 B/G/N)
4
Wireless basics

Channels 5GHz (802.11 A/N)
5
Wireless basics

Reflection

Refraction

Absorbtion

Scattering
6
Wireless basics

Omnidirectional antenna
7
Wireless basics

Other Antenna’s
8
Wireless basics

WLAN Cell
9
Wireless basics

Range
10
Wireless basics

Roaming
11
Wireless basics

Roaming
12
Wireless basics

Cells
13
Wireless basics

Honey cone
14
Wireless basics

Building
15
Wireless basics

Autonomous Accespoint
16
CiscoWireless

LWAP
17
Cisco Wireless
WLAN controllers
CISCO AIRONET 1200
I WIRELESS ACCESS POINT
I WIRELESS ACCESS POINT
LAN
CISCO AIRONET 1200
LWAP
RADIUS
CISCO AIRONET 1200
Firewalls
I WIRELESS ACCESS POINT
CISCO AIRONET 1200
I WIRELESS ACCESS POINT
LDAP
CISCO AIRONET 1200
I WIRELESS ACCESS POINT
CISCO AIRONET 1200
I WIRELESS ACCESS POINT
4) Cisco Secure ACS
servers
WEP128
5) ADS Domain Controllers
AES
Printers with wireless
workgroup bridge
Notebook
Wireless
workstations
18
Wireless
19
Wireless basics

Association
20
Wireless basics

Security options
21
Wireless attacks
22
Wireless attacks
23
WEP cracking
24
WPA2 cracking
25
Passwords
26
Strong passwords
27
Passwords
password
2Mypassword
2MyPa$$w0rd!
1Ef$aŎX9s2!#
28
Password policy considerations



What is too simple ?
Password age ?
Password length ?
29
Passwords
30
Strong passwords
31
Myspace attack 2006 (34.000 passwords)
32
Myspace attack 2006
33
Most common passwords (America)
 password1,
abc123, myspace1,
password, blink182, qwerty1,
fuckyou, 123abc, baseball1,
football1, 123456, soccer,
monkey1, liverpool1, princess1,
jordan23, slipknot1, superman1,
iloveyou1, monkey
34
Password hashes
35
Password hashes
36
Password hacking
37
Password guessing

The word "password"
 The same as the user name
 Name of the user
 Birthdays or birth places
 Relatives
 Pets
 Favorite colors, foods, places, etc.
38
Dictionary attacks
39
Brute force
40
Rainbow tables

NTLM hashes
41
Password database Fontys Venlo (10 years ago)
42
Future ?
43
Security is a trade off
44
Questions
45
46