Remote Security

Presentation Transcript



Wireless Security Michael H. Warfield mhw@ISS.Net

These slides will be accessible, after the meeting, here: http://www.wittsend.com/mhw/2005/Wireless-Security-LISA

Outline Introduction and Standards Common Uses and Abuses Security Incident Examples Access Control and Confidentiality Securing Wireless Networks Closing Summary and References

Introduction Many types of remote Point-to-point Wi-Fi/802.11 WiMax/802.16 Bluetooth 3 rd Generation Cellular & Wireless Broadband Wi-Fi is getting to be universal Wireless is unfathomably adaptable Cost successful contrasted with hard wired systems Works in unforgiving situations Works in portable situations

WiFi Standards (Alphabet Soup?)

802.11 IEEE endorsed in 1997 General remote principles family 2.4 GHz shared unlicensed band Covered by FCC Part 15 directions Initially 1-2 Mbps Poor execution Poor acknowledgment

802.11a IEEE Ratified in 1999 First ship in 2001 5 GHz unlicensed band 54 Mbps High Performance Costly Poor range Adoption was moderate and poor

802.11b IEEE confirmed in 1999 2.4Ghz shared unlicensed Band Up to 11Mbps Moderate Performance Relatively modest Moderate range (twice that of 802.11a) Moderate obstruction from different administrations Quickly turned out to be exceptionally well known

802.11g IEEE sanctioned in June 2003 Shipping in January 2003 2.4GHz shared unlicensed band 54 Mbps (Super G bouncing to more than 100 Mbps) Good Performance Inexpensive (very reasonable) Powerful (numerous have outsider overhauls) Compatible with 802.11b

802.11n 100+ Mbps Compatible with 802.11b and 802.11g Upcoming standard Multiple recommendations presented No agreement starting yet MIMO – 802.11n review?

802.11s IEEE Working gathering initially met in July 2004 802.11 w/Mesh topology Intel early proposition for 802.11s Builds on 802.11 a/b/g Should be relevant to 802.11n No present benchmarks for 802.11 work Access focuses and hubs independently transfer parcels Self sorting out and extensible

Common Uses

Hotspots are openly available remote zones Pay and free hotspots are multiplying Most airplane terminals now have hotspots Some are free, some for pay Some inns are choosing remote for broadband Some are collaborating with remote suppliers Some espresso chains have remote for clients Some individuals set up hotspots only for kicks

Neighborhood Networks Cul-De-Sac Area Networks (CDSAN)? High power APs cover two or three little boulevards Antennas broaden go significantly promote YES! You truly CAN be the ISP for your whole circular drive! Case neighborhood net in Canada Broadband VoIP Video Being popularized for organizations

Municipal WiFi Municipalities considering WiFi as an utility Antennas/Access Points on lights and utility posts Uniform scope and administration Narrows "the advanced partition" Conflicts with business rivalry Mixed authoritative activities Some dynamic arrangements

Communities Philadelphia Proposal for group WiFi brought about state enactment to counteract it Philadelphia has an exclusion in coming about enactment San Fransisco Google contracted to giving free administration New Orleans Free administration in outcome of Katrina utilizing gave hardware BellSouth answered to have pulled back a gift accordingly New York A New York district has proposed commanding securing access focuses Encryption is NOT compulsory Security is required even WITH encryption

Wireless VoIP Wireless PBX Great for portable representatives Hospitals Schools Conference Centers Cost powerful Versatile Isolated Access Points and systems control security Potential evesdropping/sniffing dangers

Industry and Agriculture Supports versatile gear Farm gear in the field Mobile manufacturing plant floor hardware and workers Eases sending and establishment Wiring issues in old establishments Aids with threatening situations Not just end organizing administrations Part of the modern procedure

Personal Area Networks Wireless cards and get to focuses are as modest as system interfaces now Employees may introduce APs under work areas for their tablets Convenient for home-to-office street warriors Home lan security issues may get to be corporate lan security issues Unauthorized or rebel get to focuses can make expanding security openings Open workstations can open up your wired system

Common Abuses

Wardriving Popular game Simple as a PDA A little versatile reception apparatus is non-meddling Pringles jars are shabby and successful radio wires Good directional recieving wires can work for miles Automated instruments construct wardriving maps with gps Majority of get to focuses have no encryption! Lion's share of get to focuses utilize default settings! A FBI agent has expressed that wardriving and warchalking are legitimate (however not transmission capacity robbery).

Inverse Wardriving with an Access Point Linux based get to focuses have additional components Extra power Remote charge line Can run Kismet on the Access Point Trolling for open customers willing to interface Many workstations are empowered for "any" AP Can trade off related wired systems Test keeps running at Democratic National Convention

Open Workstations Common to "append" to the "wrong" get to point Many portable workstations accompany worked in WiFi might be empowered without acknowledgment Difficult to secure tablets to restricted associations Open workstations might be debased outside of security edges Open workstations may connect remote to wired systems WiFi arrangement must incorporate workstation setups!

Evil Twin Variation on the "reverse wardriving" Evil get to point imitates existing access point ESSID Looking for particular systems Not only for unbridled workstations Increased power can abrogate genuine get to focuses Evil twins can be more hard to discover than mavericks Shield from inside, shield from without

Hotspot Battles Only 11 diverts in North America Competition with and between expense administrations Providers have set up charge based remote get to Cybercafes have set up remote administrations Competing people have utilized directional recieving wires to communicate into contending areas Organizations have set up free problem areas Companies trying to set up administrations for a charge have collided with group hotspots Some problem areas in air terminals have turned out to be free WiFi range is imparted to Amateur Radio Amateurs utilize a great deal more power Accidental cross get to and cross impedance have happened

Security Incidents (What were you considering?)

Information Leakage Information may spill from shaky remote systems Networks might be steered over remote connections Information may spill in communicate messages Attackers can utilize procedures, for example, "arp reserve harming" to block and divert activity Schools have had understudy information unintentionally uncovered through remote systems What's your lawful risk?

Threats to Reputation Wireless is anything but difficult to use for improper action Retail chains have utilized remote for brief money registers Researchers have discovered uncertain remote nets broadcasting touchy client data Publication of remote breaks have prompt to significant advertising occurrences for a few organizations What if the specialists had been "awful folks"? (Some have been)

Computer Break-ins Major equipment chain had a shaky remote system in Michigan Intruders utilized it to break into the home office PCs in North Carolina Law requirement reached yet get to not close down amid examination Intruders were discovered sitting in the parking area amid an ensuing break-in What about utilizing a high increase directional radio wires?

Spammers Drive-by-spamming is occurring Spammers can send a huge number of E-Mails in minutes Your servers get reprimanded Your mishandle individuals get bugged Your organization gets boycotted California man confess to spamming individuals through unprotected hotspots Convicted under Can-Spam Act What about remote burglary? Additionally being utilized to dispatch phishing tricks

Extortionists have misused open get to focuses Maryland man utilized unsecured remote systems to make "untraceable" dangers and coercion requests Threats followed to homes and a dental specialist's office Caught by his interest for cash (Make the check payable to...)

Simple Bandwidth Theft Individual in Florida watches somebody sitting in his neighborhood playing with a tablet Individual conceals portable PC at whatever point individuals approach Individual still present a few hours after the fact Suspicious conduct answered to Police locate the suspicious individual utilizing WiFi Charged with burglary of data transfer capacity Other charges pending? Neighborhood watch?

Other Illegal Activities Canadian police found an individual driving the wrong path down a restricted private road Individual had wardriving gear in the auto Individual had been misusing open private get to focuses to download kid explicit entertainment Additional charge: Theft of broadcast communications What in the event that it was your get to point? How might you disclose the system action to law requirement?

Denial of Service Various Denial of Service assaults conceivable "Omerta" disassociate assaults disengage workstations RF assaults overpower channels and range Overpowered get to focuses produce obstruction General blockage and channel swarming RF "Ping of Death" Unlicensed administrations are not shielded from RF impedance

Access and Confidentiality

Gateway Control Access control through an application passage Use site validation to open a firewall Little or no connection level security Wireless movement might be sniffed Very basic in inns Very regular in paid-for "problem areas" Somewhat basic at colleges Prone to "data spillage" Pro