DOCSLIB.ORG

A Practical Guide to Understanding Wireless Networking Concepts, Security Protocols, Attack, and Safer Deployment Schemes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Practical Guide to Understanding Wireless Networking Concepts, Security Protocols, Attack, and Safer Deployment Schemes Rochester Institute of Technology RIT Scholar Works Theses 2003 A Practical guide to understanding wireless networking concepts, security protocols, attack, and safer deployment schemes Jay Yip Follow this and additional works at: https://scholarworks.rit.edu/theses Recommended Citation Yip, Jay, "A Practical guide to understanding wireless networking concepts, security protocols, attack, and safer deployment schemes" (2003). Thesis. Rochester Institute of Technology. Accessed from This Thesis is brought to you for free and open access by RIT Scholar Works. It has been accepted for inclusion in Theses by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. Rochester Institute of Technology B. Thomas Golisano College of Computing and Information Sciences Master of Science in Information Technology Thesis Approval Form Student Name: __.:::..:Ja::::.lyl..-Y.:.....:i~p _____________ Thesis Title: A Practical Guide To Understanding Wireless Networking Concepts, Sec.urity Protocols, Attack, and Safer Deployment Schemes Thesis Committee Name Signature Date Prof. Bruce Hartpence Bruce Hartpence Chair Bradley R. Newcomer Bradley R. Newcomer 5 -11 -OL( Committee Member Robert B. Cummings Robert B. Cummings 5-11-01: Committee Member Thesis Reproduction Permission Form Rochester Institute of Technology B. Thomas Golisano College of Computing and Information Sciences Master of Science in Information Technology A Practical Guide To Understanding Wireless Networking Concepts, Security Protocols, Attack, and Safer Deployment Schemes I, Jay Yip, hereby grant permission to the Wallace Library of the Rochester Institute of Technology to reproduce my thesis in whole or in part. Any reproduction must not be for commercial use or profit. Date: t;11~ )OLf Signature of Author: _J_a~y_Y_i-,--p_____ _ I A practical guide to understanding wireless networking concepts, security protocols, attack, and safer deployment schemes By Jay Yip Project submitted in partial fulfillment of the requirements for the degree of Master of Science in Information Technology Department of Information Technology B. Thomas Golisano College Of Computing and Information Sciences October 2003 Abstract/Introduction page4 Overview page4 Research page5 Why is wireless so important? page6 802.11b verses 802.1 1g page7 Popularity changes page7 Comparison chart of 802.11b verses 802.1 1g along with 802.11 a...page8 Introduction to WEP page9 WhatisWEP page9 How WEP encryption works pagel 0 How shared key authentication works pagel 2 How open key authentication works pagel 3 Enabling WEP pagel 4 WEP is flawed pagel 6 Why Wi-Fi is insecure pagel 6 History of 802. 1 1 security vulnerability timeline pagel 9 Different types of WEP attacks page20 How to find an access point page23 Equipment needed to find an access point page23 Windows XP page24 Netstumbler page25 ApSniff page27 Is Wardriving legal? page28 Wireless Traffic and WEP cracking tools page29 Ethereal page30 Kismet page31 Airsnort page32 WEP Crack page32 Dwepcrack page33 Comments found regarding WEP page34 In favor of WEP page34 In opposition of WEP page35 WEP2 (Second Generation WEP) page36 WEP2 verses WEP page36 Future of WEP2 page37 Alternatives to WEP/WEP2 page37 WPA (Wi-Fi Protected Access) page37 Advantages of upgrading to WPA page40 Migration from WEP to WPA page40 Issues over implementing WPA page41 802. 1 1 i page42 Authentication Protocols and Encryption Algorithms page43 802. 1 x page43 802. 1 x authentication with Wi-Fi page44 EAP (Extensible Authentication Protocol) page45 RADIUS (Remote Access Dial In User Service) server page46 AES (Advanced Encryption Standard) page47 Roaming Issues page48 Multiple Access Points with the same SSID page48 Multiple Access Points with an authentication sever page48 Author's recommendations page49 Implement a firewall page50 Implement WEP page50 Securely configure the access point page51 Implement Fake AP page51 Detect rogue access points page52 Implement a VPN page53 Tunneling and encapsulation basics page53 PPTP and L2TP Protocols page54 Implement a RADIUS authentication server page54 pot' Setup a 'honey page54 Conclusion page55 Abstract/Introduction With the explosion of wireless networks appearing in buildings, business and educational campuses, and even homes; security is a large concern in order to prevent attempted intrusions and malicious attacks from the retrieval of confidential data. Wireless Fidelity, Wi-Fi for short, does provide security in the form called Wired Equivalent Privacy otherwise simply known as WEP. However cases documenting WEP's security mechanism being breached in legitimate and illegitimate cases have been published and are readily available on the Internet. While wireless networks provide the freedom of mobility for users, this also allows potential hackers to eavesdrop on unsuspecting wireless users. Or worse, one could potentially hijack an access point and gain unauthorized access past the wireless network and then into the wired internal network. Thus an intruder who has hijacked an access point will be able to access critical data while hiding safely outside the building. Knowledge and understanding of wireless networks and of its security is a necessary step to be learnt if wireless networks are to be deployed securely especially in congested urban settings. Overview Network administrators implement WEP as a security means for users with wireless network capable devices that connect with access points; however WEP is flawed and can not be used as an absolute means of security. Available are applications that can sniff wireless traffic and view the contents of packets as they are being transmitted through the air. Also available are applications that can break WEP's security codes and mechanism which are readily available to be downloaded off the Internet. These applications work by capturing enough wireless packets and analyzing each one. Given enough time and resources, data can be revealed and WEP keys can be cracked. Even worse, the capturing of packets does not need to be within the same building. In fact it can be anywhere within the coverage range of the wireless network hence providing a great advantage for a potential intruder. Once a hacker has established connection to an Access Point and has cracked WEP, the hacker is virtually sitting inside a closed room in front of a victim's unoccupied computer. To make matters worse, once the penetration has been discovered; capturing the culprit is futile since they were never inside the building in the first place! By better understanding the aspects of wireless networking security, better security measures can take place. But before hand; it is best to understand what WEP is, how it works, why it fails, and what other measures can be implemented to decrease the chances of attacks. Research The scope of this thesis involves a brief discussion of available wireless protocols and what lies in the future with regards to securing computer networks whether they are wired or wireless. Research documenting what is WEP, how it works, and why it is flawed in terms of security will be discussed. This thesis will also document ways of finding wireless networks using a personal laptop computer or PDA (Personal Digital Assistant) armed with a wireless card and knowledge of the Windows and Linux operating system. Also a list of available programs available off the Internet will be briefly discussed and screen shots will be provided showing what each program is capable of doing in terms of potentially allowing an intruder to gain unlawful access from and into a wireless network. Information pertaining to the steps needed in order to crack WEP will be documented without creating a set of cookbook instructions. All the relevant information researched off the Internet will be comprised into a guide needed for someone to understand what the current forms of security exist for wireless networks during the time of this writing. Second generation WEP (WEP2) will be discussed and compared with first generation WEP as the hopes for this second generation version will provide a more robust version to first generation WEP. Alternative forms of security to WEP will be presented although none of them have been yet implemented into the market during the time of writing this thesis. Other alternative forms of existing and under development authentication and encryption schemes will be discussed, although their original purpose may not have been designed for Wi-Fi the concepts can be applied towards it. Based upon all gathered research, this thesis will include personal recommendations of setting up a wireless network in hopes to provide a more difficult setting for intruders to gain of unlawful access based upon the current security mechanisms and schemes available during the time of writing. Why is wireless so important? Planning for the future is an important step, which not only applies to computing technology but along with all other aspects of life. Although wireless is considered somewhat of a novelty during the time of this writing, in future time the role of wireless is bound to play a much larger role in the world of computing networks and beyond. According to Dr. Bernard Aboba of the Microsoft Corporation, he predicts wireless systems by the end of the first decade in the 20th century will consist of the following1: A viable desktop NIC replacement Wireless ISPs will happen Community nets will happen Adhoc networking will extend coverage dramatically Dual 802.1 1/WAN NICs will be commonplace Although they are only predictions, the probability of them actually occurring seems very likely to happen given the boom in computer technology from the early 1990's into the early 2000's. In the mean time during the time of this writing, some network administrators may oppose wireless or some may simply not want to deploy it. Based upon the above predictions, all network administrators should be prepared to either embrace wireless or at least accept it because wireless networking is currently only at its infancy and the future seems to indicate that wireless is not going to go away anytime soon.
Load more

Recommended publications
  • Wireless Local Area Networks: Threats and Their Discovery Using Wlans Scanning Tools Ms
    International Journal of Advanced Networking Applications (IJANA) ISSN No. : 0975-0290 137 Wireless Local Area Networks: Threats and Their Discovery Using WLANs Scanning Tools Ms. Rakhi Budhrani Bhavnagar, Gujarat, India. Dr. R. Sridaran, Dean, Faculty of Computer Applications, Marwadi Education Foundation’s Group of Institutions, Rajkot, Gujarat, India. ----------------------------------------------------------------------ABSTRACT-------------------------------------------------------- Wireless Local Area Networks frequently referred to as WLANs or Wi-Fi networks are all the passion in recent times. Wireless networks offer handiness, mobility, and can even be less expensive to put into practice than wired networks in many cases. But how far this technology is going provide a protected environment in terms of privacy is again an anonymous issue. Realizing the miscellaneous threats and vulnerabilities associated with 802.11-based wireless networks and ethically hacking them to make them more secure is what this paper is all about. On this segment, we'll seize a look at common threats, vulnerabilities related with wireless networks. This paper presents an overview some of the WLANs Scanning, Sniffing and Auditing tools available on the internet. This paper Reviews these tools along with their merits, demerits and how they can be used for hacking, exploiting security holes and their usage characterization in WLANs. Keywords - Current threats in WLANs, Exploiting Security, WLANs Scanning, WLANs Sniffing, Multifunctional, WLANs auditing tools penetrate any wired network via wireless network as Access Point (AP) is bridging between wireless and I. INTRODUCTION wired network. Wireless Networks present a host of issues for network managers. Unauthorized access he Institute of Electrical and Electronics points, broadcasted SSIDs, unknown stations, MITM Engineers (IEEE) provides 802.11 set of attacks such as session hijacking and spoofed MAC standards for WLANs.
    [Show full text]
  • PDF with Notes
    Wireless Tools Training materials for wireless trainers This talk covers tools that will show you a great deal of information about wireless networks, including network discovery, data logging, security auditing, and spectrum analysis. Version 1.4 by Rob, @2009-11-23 Version 1.5 by Rob, @2010-02-28 Version 1.6 by Rob, @2010-03-12 Goals ‣ The goal of this talk is to provide an introduction to a few software tools that will help you to: ‣ monitor your WiFi network to identify problems ‣ perform security audits and prevent attacks ‣ observe the ongoing performance of your network and plan for future needs ‣ detect interference 2 Types of wireless tools ‣ Network ESSID scanners ‣ Wireless protocol analyzers ‣ Encryption cracking tools ‣ Wireless device auditing and management ‣ “War driving” tools: network mapping ‣ Spectrum analysis 3 Built-in wireless clients 4 If a computer has a wireless card, it has a basic network scanner. NetStumbler http://www.stumbler.net/ 5 NetStumbler was one of the first and most widely used WiFi detection tools. It runs only in Windows XP or Windows 2000, and works with many (but not all) wireless cards. NetStumbler can be used for mapping the coverage of your WiFi network, War Driving, rogue AP detection, aligning antennas on a long distance link, and more. NetStumbler is not open source, and was last updated in 2004. http://www.vistumbler.net/ 6 Vistumbler is an updated open source network detection tool for Windows Vista and Windows 7. It supports many of the same features as NetStumbler, including network detection and GPS integration. It also works with Google Earth to allow realtime WiFi mapping on a live map.
    [Show full text]
  • Evaluating Kismet and Netstumbler As Network Security Tools & Solutions
    Master Thesis MEE10:59 Evaluating Kismet and NetStumbler as Network Security Tools & Solutions Ekhator Stephen Aimuanmwosa This thesis is presented as part requirement for the award of Master of Science Degree in Electrical Engineering Blekinge Institute of Technology January 2010 © Ekhator Stephen Aimuanmwosa, 2010 Blekinge Institute of Technology (BTH) School of Engineering Department of Telecommunication & Signal Processing Supervisor: Fredrik Erlandsson (universitetsadjunkt) Examiner: Fredrik Erlandsson (universitetsadjunkt i Evaluating Kismet and NetStumbler as Network Security Tools & Solutions “Even the knowledge of my own fallibility cannot keep me from making mistakes. Only when I fall do I get up again”. - Vincent van Gogh © Ekhator Stephen Aimuanmwosa, (BTH) Karlskrona January, 2010 Email: [email protected] ii Evaluating Kismet and NetStumbler as Network Security Tools & Solutions ABSTRACT Despite advancement in computer firewalls and intrusion detection systems, wired and wireless networks are experiencing increasing threat to data theft and violations through personal and corporate computers and networks. The ubiquitous WiFi technology which makes it possible for an intruder to scan for data in the air, the use of crypto-analytic software and brute force application to lay bare encrypted messages has not made computers security and networks security safe more so any much easier for network security administrators to handle. In fact the security problems and solution of information systems are becoming more and more complex and complicated as new exploit security tools like Kismet and Netsh (a NetStumbler alternative) are developed. This thesis work tried to look at the passive detection of wireless network capability of kismet and how it function and comparing it with the default windows network shell ability to also detect networks wirelessly and how vulnerable they make secured and non-secured wireless network.
    [Show full text]
  • Engineering Wireless-Based Software Systems and Applications for a Listing of Recent Titles in the Artech House Computing Library, Turn to the Back of This Book
    Engineering Wireless-Based Software Systems and Applications For a listing of recent titles in the Artech House Computing Library, turn to the back of this book. Engineering Wireless-Based Software Systems and Applications Jerry Zeyu Gao Simon Shim Hsing Mei Xiao Su a r techhouse. com Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the U.S. Library of Congress. British Library Cataloguing in Publication Data Engineering wireless-based software systems and applications.—(Artech House computing library) 1. Software engineering 2. Wireless communications systems I. Gao, Jerry 005.1 ISBN-10: 1-58053-820-7 ISBN-13: 978-1-58053-820-6 Cover design by Yekaterina Ratner © 2006 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, includ- ing photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Artech House cannot attest to the accuracy of this informa- tion. Use of a term in this book should not be regarded as affecting the validity of any trade- mark or service mark. 10 9 8 7 6 5 4 3 2 1 To my wife Tracy and my lovely son Kevin To my parents Ming Gao and Ye-Fang Qin —Jerry Zeyu Gao To my Mom and Dad —Simon Shim To my wife Teresa,
    [Show full text]
  • Comparative Analysis of Wireless Devices
    SMART 2012 : The First International Conference on Smart Systems, Devices and Technologies Comparative Analysis of Wireless Devices Maria Astrakhantceva Andrei Sukhov Samara State Aerospace University, Samara State Aerospace University, Moskovskoe sh., 34, Moskovskoe sh., 34, Samara, 443086, Russia Samara, 443086, Russia E-mail: [email protected] E-mail: [email protected] Abstract—In this paper, we attempt to compare the quality of Finally, Section IV discusses the ramifications of the experi- communication wireless equipment manufactured by different ments. vendors. A range of smart devices operating in the various standards are available on the market today. Special attention is II. THE MODEL OF COMPARATIVE ANALYSIS paid to the WiFi standard as the most popular and affordable due to cheap hardware. The dependence of packet loss on According to the IETF standard from RFC 2544 [1], the the signal power level and load bus is described using linear quality characteristics of a TCP/IP based network are de- approximation. The resulting model coefficients have been found scribed by the following parameters [5]: in the experiment and compared. A description is given of the experiment, which was conducted for several types of equipment, • D - packet delay (measured in milliseconds, ms); and the main features of the equipment are identified. • p - packet loss (measured in percent, %); • j - delay variation or network jitter (measured in mil- Keywords-quantitative comparison of the WiFi equipments; packet loss; connection quality of the wireless standard liseconds, ms); IEEE802.11b/g/n • B - available bandwidth for end to end connections (measured in Megabits per second, Mbps). I. INTRODUCTION For wireless networks the main parameter of network con- nection quality is packet loss.
    [Show full text]
  • CWTS® Certified Wireless Technology Specialist
    ffirs.indd ii 8/25/2012 3:43:36 PM CWTS® Certified Wireless Technology Specialist Official Study Guide Second Edition wnload from Wow! eBook <www.wowebook.com> o D ffirs.indd i 8/25/2012 3:43:34 PM ffirs.indd ii 8/25/2012 3:43:36 PM CWTS® Certified Wireless Technology Specialist Official Study Guide Second Edition Robert J. Bartz ffirs.indd iii 8/25/2012 3:43:36 PM Senior Acquisitions Editor: Jeff Kellum Development Editor: Jim Compton Technical Editors: Bryan Harkins and Tom Carpenter Production Editor: Eric Charbonneau Copy Editor: Liz Welch Editorial Manager: Pete Gaughan Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde Media Project Manager 1: Laura Moss-Hollister Media Associate Producer: Josh Frank Media Quality Assurance: Doug Kuhn Book Designer: Judy Fung Proofreader: Nancy Bell Indexer: Ted Laux Project Coordinator, Cover: Katherine Crocker Cover Designer: Ryan Sneed Copyright © 2012 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-35911-2 ISBN: 978-1-118-49487-5 (ebk.) ISBN: 978-1-118-46131-0 (ebk.) ISBN: 978-1-118-49484-4 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
    [Show full text]