WT Week 7

Wireless Security

tldr - WLAN security threats & authentication

WLAN Security Threats

Access point impersonation (Rogue APs)

• AP connected to corporate wired-LAN
• Hacker plants AP with the same corporate SSID to entice users to associate with it

Ad Hoc Networks

• Peer-to-peer connection between stations (without an AP)
• Does not have corporate security
• Any station can enter as long as it is also connected to the wired LAN

Passive Attacks

• Hacker gathers information to be used in an active attack, scheduled for execution later
• Wireless sniffing often used
• Hacker captures large amounts of raw frames to analyse to discover a key for decryption

Denial of Service

• Jams the frequency where the WLAN is located
• Causes interruption of service
• Floods wireless network with probe requests or association frames making the network unusable

Authentication

The process in which the wireless client has its identity verified by the AP

Authentication Methods

No authentication

• Open

How it works

1. Client sends probe request
2. APs send probe responses
3. Client selects best response & sends authentication request to selected AP
4. AP confirms authentication and registers client
5. Client sends association request to AP
6. AP confirms association and registers client

👎🏼

• No authentication
• No data encryption

Pre-Shared Key

• WEP
• WPA-Personal
• WPA2-Personal

How it works

1. Client sends probe request
2. APs send probe responses
3. Client selects best response & sends authentication request to selected AP
4. AP sends authentication response containing unencrypted challenge text
5. Client encrypts the challenge text using one of its WEP keys and sends it to AP
6. AP compares encrypted challenge text with its own encrypted challenge text. If same, AP allows client onto WLAN

Wired Equivalent Privacy (WEP)

• Uses static keys
• Keys are shared among devices & APs
• Fun fact: WEP was compromised in late 2000 (so stop using WEP)

WPA2

• Uses Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES)
• Stronger encryption than WEP
• Fun fact: WPA2 superseded WEP in 2003 (yes use WPA2)

Authentication Server

• WPA-Enterprise
• WPA2-Enterprise
• 802.1x

WPA2-Enterprise

• Same encryption schemes as WPA2 / WPA2-Personal - TKIP & AES
• Use 802.1X with Extensible Authentication Protocol (EAP) method for authentication
  • Requires authentication server
  • Remote Authentication Dial-In User Service (RADIUS) server is used for dynamic key generation upon authentication. It sends security keys to wireless clients

fin