rohit wifi

Download Report

Transcript rohit wifi 

Wireless Security
The breaking and fixing
© ClubHack http://clubhack.com
History
© ClubHack http://clubhack.com
Types of Security
• OPEN : No security configured X
– Obviously not advised
– Data is in the air in plain text and anyone can read it
• WEP : Wired Equivalent privacy X
– Was broken years ago and takes 15 min to break in
– Very week and not recommended
– Accepts only hexadecimal password
© ClubHack http://clubhack.com
Types of Security…
• WPA: Wi-Fi Protected Access 
– Much better than WEP
– Accept long password and with all possible
combinations
– Easy to setup, as easy as WEP
– Available in all the common wi-fi routers
– A must for all home users
– Will take a looong time to break in
© ClubHack http://clubhack.com
Types of Security…
• WPA2: Advance Wi-Fi Protected Access

– Better than WPA
– Takes little more pain to setup
– Advised in corporate environments
– Strong encryption and authentication support
© ClubHack http://clubhack.com
Wireless Security Standards
© ClubHack http://clubhack.com
Description of WEP Protocol
WEP relies on a shared secret key (64 bit/128 bit) which is
shared between the sender (client) and the receiver (Access
Point).
Secret Key - to encrypt packets before they are transmitted
Integrity Check - to ensure packets are not modified in
transit.
The standard does not discuss how shared key is
established. In practice, most installations use a single key
which is shared between all mobile stations and access
7
points.
© ClubHack http://clubhack.com
CHAP Authentication
Supplicant
Authenticator
username
challenge
response
Accept/reject
© ClubHack http://clubhack.com
How WEP works
IV
original unencrypted packet
RC4
key
IV
encrypted packet
checksum
WEP Cracking Demo
Immediate Solution
• WPA
– Easy to configure
– Every home router has this
– No special hardware or software required
– Boost security level to a comfortable level
© ClubHack http://clubhack.com
How to configure WPA
• Open the configuration of your wi-fi device
• Go to wireless setting
• Under security option, select any one
–
–
–
–
WPA
WPA-PSK
WPA-Personal
WPA2-Personal
• Set a complex password
• Change the login password of the wireless
router.
• Done
© ClubHack http://clubhack.com
Example : Linksys
© ClubHack http://clubhack.com
Example : Netgear
© ClubHack http://clubhack.com
Example : ZyXEL
© ClubHack http://clubhack.com
Look for this
© ClubHack http://clubhack.com
Further Advised
• Change the router login password
frequently
– Atleast once a month
• Change the wireless WPA password also
– Atleast once a month
• Avoid temptation to connect to open
wireless just looking for free internet.
© ClubHack http://clubhack.com
What’s next (added security)
• We can configure DHCP more tightly.
– Lets not keep an open pool where any one
can connect
– Example
–
–
–
–
I have 3 machines in my home (desktop/laptop/phone)
I’ll create a IP pool of 3 IPs only
I’ll do DHCP reservation using the MAC of these 3 IP
Effectively I’m not allowing any outsider machine to
connect
© ClubHack http://clubhack.com
What’s next (added security) …
• We can configure MAC binding.
– Allow only MY machines to connect
– Many access points support MAC binding
– Any other machine will not be able to connect
to my Wi-Fi
© ClubHack http://clubhack.com
Not only terrorism, what else
• Connected to open network??
– Attacker can read your mails
– Attacker can see your password (even gmail)
– Attacker can see your credit card numbers
– Attacker can access confidential information
on your computer
– Attacker can chat with your girlfriend posing
as you.
© ClubHack http://clubhack.com
So…
• 6 easy steps to counter 95% of attack on
your wi-fi
• Secure your wi-fi today.
© ClubHack http://clubhack.com
Q & 42 ?
Rohit Srivastwa
Founder, ClubHack
[email protected]
member
© ClubHack http://clubhack.com