Association ResponseOpen System Authentication Process A uthentication request sent to AP ends challenge text text and sends it back to AP AP decrypts challenge te xt, and if correct, au
Trang 1f t
Trang 3S ource: h ttp ://w w w in fo s e c u ritv -m a g a z in e c o m
O u r m o b ile p h o n e s are u n w ittin g ly g iv in g a w a y th r e a t v e c to rs to w o u ld -b e hackers (and, fo r
th a t m a tte r, physical c rim in a ls as w e ll), o ffe rin g c rim in a ls a n e w w a y to ta p in fo rm a tio n housed
on s m a rtp h o n e s
A c c o rd in g to re se a rch e rs a t Sophos, th e a b ility o f s m a rtp h o n e s to re ta in id e n tifie rs f o r th e tru s te d W i-F i n e tw o rk s th e y a tta c h to a u to m a tic a lly o ffe rs c rim in a ls a w in d o w in to d a ily h a b its
- and e x p lo ita b le in fo rm a tio n
"A w ire le s s d e vice goes th ro u g h a d is c o v e ry process in w h ic h it a tte m p ts to c o n n e c t to an
a va ila b le w ire le s s n e tw o rk This m ay e ith e r be 'p a s s iv e ' - lis te n in g fo r n e tw o rk s w h ic h are
b ro a d c a s tin g th e m s e lv e s - o r 'a c tiv e ' - s e n d in g o u t p ro b e re q u e s t packets in search o f a
n e tw o rk to c o n n e c t t o , " said S ophos b lo g g e r Julian B h a rd w a j " It's v e ry lik e ly th a t y o u r
s m a rtp h o n e is b ro a d c a s tin g th e nam es (SSIDs) o f y o u r fa v o rite n e tw o rk s fo r a n y o n e to see."
Trang 4It m eans th a t a w o u ld -b e c rim in a l can fin d o u t a lo t a b o u t a p e rs o n 's d a ily m o v e m e n ts - w h ic h
c o ffe e shops th e y v is it, w h a t th e ir h o m e n e tw o rk is ca lle d , w h ic h b o o k s to re s are fre q u e n te d , and so o n B ut aside fro m b e in g a nice t o o lk it f o r a s ta lk e r, it also gives c y b e rc rim in a ls a w a y
in to th e p e rs o n 's s m a rtp h o n e S p e cifica lly, an a tta c k e r c o u ld set up a ro g u e W i-F i n e tw o rk w ith
th e sam e SSID as th e one th e user is try in g to c o n n e c t to , w ith th e aim o f fo rc in g th e p h o n e to
c o n n e c t and tra n s fe r da ta th ro u g h it
"So w h ile s o m e o n e k n o w in g th a t y o u r p h o n e is try in g to c o n n e c t to ׳ B TH om eH ub-X Y Z׳ is n 't
im m e d ia te ly c o n d e m n in g , it m ay a llo w f o r th e m to launch a ׳ m a n -in -th e -m id d le ' a tta c k a g a in st
y o u , in te rc e p tin g da ta s e n t b e tw e e n you and a frie n d , g iv in g th e im p re s s io n y o u 're ta lk in g
d ire c tly t o each o th e r o v e r a p riv a te c o n n e c tio n , w h e n in fa c t th e e n tire c o n v e rs a tio n is
c o n tro lle d by th e a tta c k e r," e xp la in e d B h a rd w a j "A n ׳e vil t w in ' a tta c k c o u ld even a c c o m p lish
th is w ith o u t n e e d in g any k n o w le d g e o f y o u r W i-F i p a ssw o rd - v e ry d a m a g in g f o r all o f th o s e
w h o use m o b ile b a n k in g fo r in s ta n c e "
A ll o f th a t da ta d a rtin g across a irw a v e s in an u n e n c ry p te d fa s h io n c le a rly o ffe rs a p o te n tia lly huge s e c u rity h o le f o r an e n te rp ris in g c y b e rc rim in a l In an e ffo r t to fin d o u t h o w real th e d a n g e r
is, B h a rd w a j la u n ch e d an e x p e rim e n t a t a re c e n t u n iv e rs ity o p e n day in W a rw ic k , UK
He ran a s e c u rity d e m o in w h ic h he c o lle c te d d a ta fro m p e o p le w a lk in g by, d is p la y in g it fo r
th e m to see In ju s t fiv e h o u rs, 246 w ire le s s d e vice s cam e in to range A lm o s t h a lf - 4 9 % - o f
th e s e devices w e re a c tiv e ly p ro b in g f o r th e ir p re fe rre d n e tw o rk s to c o n n e c t to , re s u ltin g in 365
n e tw o r k n a m e s b e in g b ro a d c a s t O f th o s e , 25% w e re c u s to m iz e d , n o n -s ta n d a rd n e tw o rk nam es H o w e v e r, 7% o f th e nam es re ve a le d lo c a tio n in fo rm a tio n , in c lu d in g th re e w h e re th e
n e tw o rk n am e w as a c tu a lly th e fir s t line o f an address
״ W h a t m akes th is even m o re w o rry in g w as h o w easily I w as a ble to c a p tu re th is se n sitive
in fo r m a tio n ," he e x p la in e d ״ A tin y w ire le s s ro u te r I p u rc h a s e d fro m eBay fo r $ 2 3 9 5 and som e fre e ly a va ila b le s o ftw a re I fo u n d on G oogle w as all I ne e d e d I d id n 't even need to u n d e rs ta n d
a n y th in g a b o u t th e 802.1 p ro to c o ls th a t g o v e rn W i-F i to c a rry o u t th is a tta c k "
C o upled w ith a p o rta b le p o w e r so u rce , a d e vice c o u ld easily be h id d e n in a p la n t p o t, garbage can, p a rk bench and so on to lu re W i-F i devices t o a tta c h to it
M o b ile p h o n e users can p ro te c t th e m s e lv e s s o m e w h a t by te llin g y o u r p h o n e s to ׳fo r g e t'
n e tw o rk s yo u no lo n g e r use to m in im iz e th e a m o u n t o f da ta leakage, he said But, ׳׳t he
u n fo rtu n a te new s is th e re d o e s n 't a p p e a r to be an easy w a y to d isa b le a c tive w ire le s s scanning
on s m a rtp h o n e s like A n d ro id s and iP h o n e s," he n o te d , o th e r th a n s h u ttin g W i-F i access
c o m p le te ly o f f o r d is a b lin g lo c a tio n -a w a re s m a rtp h o n e apps
Trang 5M o d u l e O b j e c t i v e s C E H
J W h a t Is S p e c tru m A nalysis?
H o w to Reveal H id d e n SSIDs
J Crack W i-F i E n c ry p tio n
J W ire le s s H acking Tools
B lu e to o th H acking
H o w to BlueJack a V ic tim
H o w to D efe nd A g a in s t W ire le s s A tta cks
J W ire le s s S e c u rity Tools
J W ire le s s P e n e tra tio n Te sting
1 = W ire le s s n e tw o rk s are in e x p e n s iv e w h e n c o m p a re d to w ire d n e tw o rk s But, th e y a re
m o re v u ln e ra b le to a tta cks w h e n c o m p a re d w ith th e w ire d n e tw o rk s An a tta c k e r can easily
c o m p ro m is e th e w ire le s s n e tw o rk , if p ro p e r s e c u rity m e a su re s are n o t a p p lie d o r if th e n e tw o rk
is n o t c o n fig u re d a p p ro p ria te ly E m p lo y in g a high s e c u rity m e c h a n ism m a y be exp e n sive
H ence, it is a d visa b le to d e te rm in e c ritic a l sources, risks, o r v u ln e ra b ilitie s associated w ith it and
th e n ch e ck w h e th e r th e c u rre n t s e c u rity m e c h a n ism is a ble to p ro te c t yo u a g a in st all possible
a tta cks If n o t, th e n u p g ra d e th e s e c u rity m e ch a n ism s But, yo u s h o u ld e n su re th a t yo u leave no
o th e r d o o rw a y f o r a tta c k e rs to reach and c o m p ro m is e th e c ritic a l resources o f y o u r business This m o d u le assists yo u in id e n tify in g th e c ritic a l sources o f y o u r business and h o w to p ro te c t
th e m
This m o d u le fa m ilia riz e s yo u w ith :
Trang 6© Types o f W ire le s s N e tw o rk s © W h a t Is S p e c tru m Analysis?
©
Using W a rd riv in g
W ire le s s T ra ffic A nalysis
© W ire le s s P e n e tra tio n T e stin g
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n c i l
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 3 9
Trang 7M o d u l e F l o w C E H
M o d u l e F l o w
Y A w ire le s s n e tw o rk is a re la xe d d a ta c o m m u n ic a tio n s y s te m th a t uses ra d io fre q u e n c y
te c h n o lo g y w ith w ire le s s m e d ia to c o m m u n ic a te and o b ta in d a ta th ro u g h th e a ir, w h ic h fre e s
th e user fro m c o m p lic a te d and m u ltip le w ire d c o n n e c tio n s T hey use e le c tro m a g n e tic w aves to
in te rc o n n e c t d a ta an in d iv id u a l p o in t to a n o th e r w ith o u t re ly in g on any b o d ily c o n s tru c tio n To
u n d e rs ta n d th e c o n c e p t o f ha ckin g w ire le s s n e tw o rk s , le t us b egin w ith w ire le s s co n ce p ts
This s e c tio n p ro v id e s in s ig h t in to w ire le s s n e tw o rk s , ty p e s o f w ire le s s n e tw o rk s , w ire le s s
s ta n d a rd s , a u th e n tic a tio n m odes and process, w ire le s s te rm in o lo g y , and ty p e s o f w ire le s s
a n te n n a
W ire le s s T h re a ts
& | | | | | | W ire le s s H a ckin g M e th o d o lo g y
Trang 8E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 4 1
Trang 9J W i-Fi refers to w ireless local area n e tw o rk s (W LAN) based on IEEE 802.11 stan dard
J It is a w id e ly used te c h n o lo g y fo r w ireless co m m u n ica tio n across a ra d io channel
J Devices such as a personal co m pute r, vid e o -g a m e console, s m a rtp h o n e , etc use W i-Fi to
co n n e ct to a n e tw o rk resource such as th e In te rn e t via a w ire le ss n e tw o rk access p o in t
» S e cu rity is a big issue and m ay n o t m e e t
e x p e c ta tio n s
« As th e n u m b e r o f c o m p u te rs o n th e n e tw o rk increases, th e b a n d w id th su ffe rs
« W iFi e n h a n ce m e n ts can re q u ire n e w w ire le s s cards a n d /o r access p o in ts
« Som e e le c tro n ic e q u ip m e n t can in te rfe re w ith
th e W i-Fi n e tw o rk s
« In sta lla tio n is fa st and easy and e lim in a te s
w irin g th ro u g h w a lls and ce iling s
« It is easier to p ro v id e c o n n e c tiv ity in areas
w h e re it is d iffic u lt to lay cable
e Access to th e n e tw o rk can be fro m
a n yw h e re w ith in range o f an access p o in t
© P u b lic places like a irp o rts , lib ra rie s, schools
o r even c o ffe e shops o ffe r you c o n sta n t
In te rn e t co n n e c tio n s using W ireless LAN
F u n d a m e n ta l changes to th e da ta n e tw o rk in g and te le c o m m u n ic a tio n are ta k in g place w ith th e
w ire le s s c o m m u n ic a tio n re v o lu tio n W i-F i is d e v e lo p e d on IEEE 8 0 2 1 1 sta n d a rd s , and it is
w id e ly used in w ire le s s c o m m u n ic a tio n It p ro v id e s w ire le s s access to a p p lic a tio n s and data across a ra d io n e tw o rk W i-Fi sets up n u m e ro u s w ays to b u ild up a c o n n e c tio n b e tw e e n th e
tr a n s m itte r and th e re c e iv e r such as D ire c t-s e q u e n c e Spread S p e c tru m (DSSS), F re q u e n cy-
h o p p in g Spread S p e ctru m (FHSS), In fra re d (IR), and O rth o g o n a l F re q u e n c y -d iv is io n M u ltip le x in g (O FD M )
A d v a n ta g e s :
9 In s ta lla tio n is fa s t and easy and e lim in a te s w irin g th ro u g h w a lls and ceilings
9 It is easier to p ro v id e c o n n e c tiv ity in areas w h e re it is d iffic u lt to lay cable
9 Access to th e n e tw o rk can be fro m a n y w h e re w ith in range o f an access p o in t
Trang 109 Using a w ire le s s n e tw o rk , m u ltip le m e m b e rs can access th e In te rn e t s im u lta n e o u s ly
w ith o u t h a vin g to pay an ISP fo r m u ltip le a cco u n ts
0 P ublic places like a irp o rts , lib ra rie s , schools, o r even c o ffe e shops o ffe r yo u a c o n s ta n t
In te rn e t c o n n e c tio n using a w ire le s s LAN
D is a d v a n ta g e s :
9 S e c u rity is a big issue and m ay n o t m e e t e x p e c ta tio n s
9 As th e n u m b e r o f c o m p u te rs on th e n e tw o rk increases, th e b a n d w id th s u ffe rs
9 W i-F i s ta n d a rd s change d w h ic h re s u lts in re p la c in g w ire le s s cards a n d /o r access p o in ts
9 Som e e le c tro n ic e q u ip m e n t can in te rfe re w ith th e W i-F i n e tw o rk s
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 4 3
Trang 112 0 1 0 v s 2 0 1 1 W i - F i D e v i c e T y p e C o m p a r i s o n
L _ J S ource: h ttp ://w w w m e r a k i.c o m
M e ra k i, th e c lo u d n e tw o rk in g c o m p a n y , a n n o u n c e d s ta tis tic s s h o w in g th e W i-F i d e vice ty p e
c o m p a ris o n The g ra p h c le a rly sh o w s th a t th e iPads used s ig n ific a n tly m o re W i-F i d a ta th a n th e average m o b ile device
A pple iPad
Trang 122 5 %
2 5 %
2 1%18%
Trang 13C E H
P u b l i c P l a c e s
J You can fin d fr e e /p a id W i-F i access
a va ila b le in c o ffe e sho ps, s h o p p in g m a lls,
A t H o m e
W i-F i n e tw o rk s a t h o m e a llo w yo u t o be w h e re v e r yo u w a n t w ith la p to p , iPad, o r
h a n d h e ld d e vice , and yo u d o n 't need to m ake holes to h ide E th e rn e t cables If yo u have a
w ire le s s c o n n e c tio n in y o u r h o m e , yo u can c o n n e c t any n u m b e r o f devices th a t have W i-Fi
c a p a b ilitie s to y o u r c o m p u te r The devices w ith W i-F i c a p a b ility in c lu d e W i-F i-c a p a b le p rin te rs and radios
P u b l i c P l a c e s
T h o u g h th e s e W i-F i n e tw o rk s are c o n v e n ie n t w ays to c o n n e c t to th e In te rn e t, th e y are
n o t se cu re , because, a n y o n e , i.e., be it a g e n u in e user o r an a tta c k e r, can c o n n e c t to such
n e tw o rk s o r h o ts p o ts W h e n yo u are using a p u b lic W i-F i n e tw o rk , it is b est to send in fo rm a tio n
o n ly to e n c ry p te d w e b s ite s You can easily d e te rm in e w h e th e r a w e b s ite is e n c ry p te d o r n o t by
lo o k in g a t th e URL If th e URL begins w ith " h ttp s ," th e n it is an e n c ry p te d w e b s ite If th e
n e tw o rk asks yo u fo r W PA p a ssw o rd to c o n n e c t to th e p u b lic W i-F i n e tw o rk , th e n yo u can
c o n s id e r th a t h o ts p o t a secure one
W i- F i a t H o m e
Trang 14Copyright © by EG-G(HIICil All Rights Reserved Reproduction is S trictly Prohibited.
A w ire le s s n e tw o rk can also be e s ta b lis h e d by using an access p o in t, o r a base s ta tio n W ith th is
ty p e o f n e tw o rk , th e access p o in t acts like a h u b , p ro v id in g c o n n e c tiv ity f o r th e w ire le s s
c o m p u te rs on its system It can c o n n e c t a w ire le s s LAN t o a w ire d LAN, w h ic h a llo w s w ire le s s
c o m p u te r access to LAN re so u rce s, such as file servers o r e x is tin g In te rn e t c o n n e c tio n s
To s u m m a riz e :
9 S o ftw a re Access P o in ts (SAPs) can be c o n n e c te d to th e w ire d n e tw o rk , and ru n on a
c o m p u te r e q u ip p e d w ith a w ire le s s n e tw o rk in te rfa c e card
M u ltip le Access Points Extension to a W ired N e tw o rk
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 4 7
Trang 15fe a tu re s W ith s u ita b le n e tw o rk in g s o ftw a re s u p p o rt, users on th e w ire le s s LAN can share file s and p rin te rs s itu a te d on th e w ire d LAN and vice versa.
Internet
FIG U R E 15.3: E x te n s io n t o a W ir e d N e tw o r k
M u l t i p l e A c c e s s P o i n t s
This ty p e o f n e tw o rk consists o f w ire le s s c o m p u te rs c o n n e c te d w ire le s s ly by using
m u ltip le access p o in ts If a single large area c a n n o t be c o ve re d by a single access p o in t,
m u ltip le access p o in ts o r e x te n s io n p o in ts can be e s ta b lis h e d A lth o u g h e x te n s io n p o in t
c a p a b ility has been d e v e lo p e d by som e m a n u fa c tu re rs , it is n o t d e fin e d in th e w ire le s s
s ta n d a rd
W h e n using m u ltip le access p o in ts , each access p o in t w ire le s s area needs to o v e rla p its
n e ig h b o r's area This p ro v id e s users th e a b ility to m o ve a ro u n d seam less using a fe a tu re called
ro a m in g Som e m a n u fa c tu re rs d e v e lo p e x te n s io n p o in ts th a t a ct as w ire le s s relays, e x te n d in g
th e range o f a s in g le access p o in t M u ltip le e x te n s io n p o in ts can be s tru n g to g e th e r to p ro v id e
w ire le s s access to lo c a tio n s fa r fro m th e c e n tra l access p o in t
Trang 16In te rn e t
FIG U R E 15.4: M u lt ip le A ccess P o in ts
Access p o in ts p ro v id e w ire le s s c o n n e c tiv ity to lo ca l c o m p u te rs , and local c o m p u te rs on
d iffe r e n t n e tw o rk s can be in te rc o n n e c te d A ll h a rd w a re access p o in ts have th e c a p a b ility o f
b e in g in te rc o n n e c te d w ith o th e r h a rd w a re access p o in ts H o w e v e r, in te rc o n n e c tin g LANs o v e r
w ire le s s c o n n e c tio n s is a m o n u m e n ta l and c o m p le x task
FIG U R E 15.5: D ia g ra m m a tic a l re p r e s e n ta tio n o f L A N -to -L A N W ire le s s N e tw o r k
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 4 9
Trang 173 G H o t s p o t
A 3G h o ts p o t is a ty p e o f w ire le s s n e tw o rk th a t p ro v id e s W i-F i access to W i-F i-
e n a b le d d e vices in c lu d in g M P3 players, n o te b o o k s , cam eras, PDAs, n e tb o o k s , and m o re
Trang 18S t a n d a r d
A m e n d m e n t s F r e q
( G H z ) M o d u l a t i o n
S p e e d ( M b p s ) R a n g e ( f t )
W h e n it fir s t cam e o u t in 1997, th e w ire le s s lo ca l are a n e tw o r k (W L A N ) s ta n d a rd sp e cifie d
o p e ra tio n a t 1 and 2 M b /s in th e in fra re d , as w e ll as in th e lic e n s e -e x e m p t 2.4-G Hz In d u s tria l,
S c ie n tific , and M e d ic a l (ISM ) fre q u e n c y b a nd An 8 0 2 1 1 n e tw o r k in th e e a rly days used to have
fe w PCs w ith w ire le s s c a p a b ility c o n n e c te d to an E th e rn e t (IEEE 8 0 2 3 ) LAN th ro u g h a single
n e tw o rk access p o in t 8 0 2 1 1 n e tw o rk s n o w o p e ra te a t h ig h e r spe e d s and in a d d itio n a l bands
W ith its g ro w th , n e w issues have risen such as s e c u rity , ro a m in g a m o n g m u ltip le access p o in ts , and even q u a lity o f service These issues are d e a lt w ith by e x te n s io n s to th e s ta n d a rd id e n tifie d
by le tte rs o f th e a lp h a b e t d e riv e d fro m th e 8 0 2 1 1 ta s k g ro u p s th a t c re a te d th e m
Q The 8 0 2 1 1 a e x te n s io n d e fin e s re q u ire m e n ts fo r a physical la y e r (w h ic h d e te rm in e s ,
a m o n g o th e r p a ra m e te rs , th e fre q u e n c y o f th e signal and th e m o d u la tio n schem e to be used) o p e ra tin g in th e U n lice n se d N a tio n a l In fo rm a tio n In fra s tru c tu re (UNII) b a nd, a t 5 GHz, a t d a ta ra te s ra n g in g fr o m 6 M b /s to 54 M b /s The la ye r uses a schem e called
o rth o g o n a l fre q u e n c y -d iv is io n m o d u la tio n (O FD M ), w h ic h tra n s m its da ta on m u ltip le
s u b c a rrie rs w ith in th e c o m m u n ic a tio n s ch a n n e l It is in m a n y w ays s im ila r to th e physical
G
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 5 1
Trang 19E uropea n T e le c o m m u n ic a tio n s S tandard s In s titu te
9 C o m m e rc ia lly tra d e m a rk e d in 1999 by th e W ire le s s E th e rn e t C o m p a tib ility A llia n c e (WECA) as W i-F i, th is e x te n s io n m a d e 8 0 2 1 1 b a h o u s e h o ld w o rd It d e fin e s o p e ra tio n in
th e ISM 2.4GHZ band at 5.5 M b /s and 11 M b /s (as w e ll as th e fa llb a c k ra te s o f 1 M b /s and 2 M b /s ) This physical la y e r uses th e m o d u la tio n schem es c o m p le m e n ta ry code
ke yin g (CCK) and p a c k e t b in a ry c o n v o lu tio n a l c o d in g (PBCC) WECA is an in d u s try
o rg a n iz a tio n c re a te d to c e rtify in te r o p e r a b ility a m o n g 8 0 2 1 1 b p ro d u c ts fro m dive rse
m a n u fa c tu re rs
9 This ta s k g ro u p 's w o rk on w ire le s s LAN b rid g in g has been fo ld e d in to th e 8 0 2.11
s ta n d a rd
9 This ta s k g ro u p en h a n ce s th e 8 0 2 1 1 s p e c ific a tio n s by s p e llin g o u t its o p e ra tio n in n e w
re g u la to ry d o m a in s , such as c o u n trie s in th e d e v e lo p in g w o rld In its in itia l fo rm , th e
s ta n d a rd c o ve re d o p e ra tio n o n ly in N o rth A m e ric a , E urope, and Japan
9 8 0 2 1 1 are used fo r re a l-tim e a p p lic a tio n s such as v o ic e and v id e o To e n su re th a t th e se tim e -s e n s itiv e a p p lic a tio n s have th e n e tw o rk re so u rce s w h e n th e y need th e m , it is
w o rk in g on e xtra m e ch a n ism s to e n s u re q u a lity o f service to Layer 2 o f th e re fe re n c e
m o d e l, th e m e d iu m -a cce ss la ye r, o r MAC
9 8 0 2 1 1 s ta n d a rd s have d e v e lo p e d fr o m th e sm all e x te n s io n p o in ts o f w ire d LANs in to
m u ltip le access p o in ts These access p o in ts m u s t c o m m u n ic a te w ith o n e a n o th e r to
a llo w users to ro a m a m o n g th e m This ta s k g ro u p is w o rk in g on e x te n s io n s th a t e n a b le
c o m m u n ic a tio n b e tw e e n access p o in ts fro m d iffe r e n t v e n d o rs
9 This ta s k g ro u p is w o rk in g on h ig h -sp e e d e x te n s io n s to 8 0 2 1 1 b The c u rre n t d r a ft o f
8 0 2 l l g c o n ta in s PSCC and CCK OFDM a lo n g w ith o ld OFDM as m o d u la tio n schem es
D e v e lo p m e n t o f th is e x te n s io n w as m a rk e d by a g re a t deal o f c o n te n tio n in 2 0 0 0 and
2001 o v e r m o d u la tio n schem es A b re a k th ro u g h o c c u rre d in N o v e m b e r 2 0 01, and th e
ta s k g ro u p w o rk e d to fin a liz e its d r a ft d u rin g 2002
9 This ta sk g ro u p is w o rk in g on m o d ific a tio n s to th e 8 0 2 1 1 a physical la y e r to e n su re th a t
80 2 1 1 a m ay be used in E urope The ta sk g ro u p is a d d in g d y n a m ic fre q u e n c y s e le c tio n and p o w e r c o n tro l tra n s m is s io n , w h ic h are re q u ire d to m e e t re g u la tio n s in E urope.The o rig in a l v e rs io n o f 8 0 2 1 1 in c o rp o ra te d a M A C -le ve l p riv a c y m e c h a n is m called
W ire d E q u iv a le n t Privacy (WEP), w h ic h has p ro v e n in a d e q u a te in m a n y s itu a tio n s This
ta s k g ro u p is busy w ith im p ro v e d s e c u rity m e ch a n ism s The p re s e n t d r a ft in c lu d e s
T e m p o ra l Key In te g rity P ro to c o l (TKIP) as an im p ro v e m e n t o v e r WEP 8 02.11 a
re p re s e n ts th e th ir d g e n e ra tio n o f w ire le s s n e tw o rk in g s ta n d a rd s and te c h n o lo g y
9 8 0 2 H i s ta n d a rd im p ro v e s W LAN s e c u rity The e n c ry p te d tra n s m is s io n o f d a ta b e tw e e n
8 0 2 1 1 a and 8 0 2 1 1 b W LANS is b est d e s c rib e d by 8 0 2 l l i A n e w e n c ry p tio n key
p ro to c o l such as T e m p o ra l Key In te g rity P ro to c o l (TKIP) and th e A d va n ce d E n c ry p tio n
S ta n d a rd (AES) is d e fin e d by 8 0 2 l l i TKIP is a p a rt o f s ta n d a rd s fro m IEEE It is an
Trang 209 e n h a n c e m e n t o f W LANs The o th e r n am e f o r AES in c ry p to g ra p h y is R ijndael The U.S
g o v e rn m e n t a d o p te d AES as th e key f o r e n c ry p tio n s ta n d a rd
9 8 0 2 l l n is a re v is io n w h ic h e n h a n ce d th e e a rlie r 8 0 2 1 1 s ta n d a rd s w ith m u ltip le - in p u t
m u ltip le - o u tp u t (M IM O ) a n te n n a s It w o rk s alike w ith 2.4 GHz and th e m in o r used 5 GHz bands This is an IEEE in d u s try s ta n d a rd fo r W i-F i w ire le s s local n e tw o rk tra n s p o rta tio n s
O FD M is used in D ig ita l A u d io B ro a d ca stin g (DAB) and in W ire le s s LAN
9 8 0 2 1 6 a / d / / e / m (W iM A X ) is a w ire le s s c o m m u n ic a tio n s s ta n d a rd d esgine d to p ro v id e
30 to 40 m bps rates The o rig in a l v e rs io n o f th e s ta n d a rd on w h ic h W iM A X is based (IEEE
8 0 2 1 6 ) sp e c ifie d a physical la y e r o p e ra tin g in th e 10 to 66 GHz range 8 0 2 1 6 a , u p d a te d
in 2004 to 8 0 2 1 6 -2 0 0 4 , a d d e d s p e c ific a tio n s fo r th e 2 to 11 GHz range 8 0 2 1 6 -2 0 0 4
w as u p d a te d by 8 0 2 1 6 e -2 0 0 5 in 2005 and uses scalable o rth o g o n a l fre q u e n c y -d iv is io n
m u ltip le access (O rth o g o n a l fre q u e n c y -d iv is io n m u ltip le x in g (O FD M ) is a m e th o d o f
e n c o d in g d ig ita l da ta on m u ltip le c a rrie r fre q u e n c ie s
9 B lu e to o th is a w ire le s s p ro to c o l m o s tly in te n d e d to be used by th e s h o rte r-ra n g e
s o lic ita tio n s
The ta b le th a t fo llo w s su m m a riz e s all th e w ire le s s s ta n d a rd s m e n tio n e d on th is slide:
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 5 3
Trang 22Copyright © by EG-G(l1ncil All Rights Reserved Reproduction is S trictly Prohibited.
S e r v i c e S e t I d e n t i f i e r ( S S I D )
י£ The Service Set Id e n tifie r (SSID) is a u n iq u e id e n tifie r th a t is used to e s ta b lish and
m a in ta in w ire le s s c o n n e c tiv ity SSID is a to k e n to id e n tify a 8 0 2 1 1 (W i-F i) n e tw o rk ; by d e fa u lt it
is th e p a rt o f th e p a cke t h e a d e r s e n t o v e r a w ire le s s local area n e tw o rk (W LA N ) It a ct as a single shared p a ssw o rd b e tw e e n access p o in ts and c lie n ts S e c u rity c o n c e rn s arise w h e n th e
d e fa u lt values are n o t ch a n g e d , since th e s e u n its can th e n be easily c o m p ro m is e d SSID access
p o in ts b ro a d ca sts th e ra d io signals c o n tin u o u s ly re ce ive d by th e c lie n t m a ch in e s if e n a b le d A
n o n -s e c u re access m o d e s ta tio n c o m m u n ic a te s w ith access p o in ts by b ro a d c a s tin g c o n fig u re d SSID, a b la n k SSID, o r an SSID c o n fig u re d as "a n y " Because SSID is th e u n iq u e n a m e given to
W LAN , all devices and access p o in ts p re s e n t in W LAN m u s t use th e sam e SSID It is necessary
f o r any d e vice th a t w a n ts to jo in th e W LAN to give th e u n iq u e SSID If th e SSID o f th e n e tw o rk is
ch a n g e d , re c o n fig u ra tio n o f th e SSID on e v e ry n e tw o rk is re q u ire d , as e v e ry use r o f th e n e tw o rk
c o n fig u re s th e SSID in to th e ir s yste m U n fo rtu n a te ly , SSID does n o t p ro v id e s e c u rity to W LAN , since it can be s n iffe d in p la in te x t fro m packets
The SSID can be up to 32 c h a ra c te rs long Even if th e access p o in ts (APs) o f th e s e n e tw o rk s are
v e ry close, th e packets o f th e tw o are n o t g o in g to in te rfe re Thus, SSIDs can be c o n s id e re d a
p a ssw o rd f o r an AP, b u t it can be s e n t in cle a r te x t and can be easily d is c o v e re d In o th e r w o rd s , SSIDs can be calle d a shared s e c re t th a t e v e ry o n e kn o w s, and a n y o n e can d e te rm in e The SSID
re m a in s s e c re t o n ly on th e closed n e tw o rk s w ith no a c tiv ity , w h ic h is in c o n v e n ie n t to th e
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 5 5
Trang 23is a s e c re t key in ste a d o f a p u b lic key Som e c o m m o n SSIDs are:
Trang 24Association Response
Open System Authentication Process
A uthentication request sent to AP
ends challenge text
text and sends it back to AP
AP decrypts challenge te xt, and if correct, authenticates client
A ccess P o in t (A P ) Client connects to netw ork
Shared Key Authentication Process
Copyright © by EG-G(IIIICil All Rights Reserved Reproduction is S trictly Prohibited.
W i-F i a u th e n tic a tio n can be p e rfo rm e d in tw o m o d e s:
1 O pen system a u th e n tic a tio n
2 Shared key a u th e n tic a tio n
O p e n S y s t e m A u t h e n t i c a t i o n P r o c e s s
In th e o p e n system a u th e n tic a tio n process, any w ire le s s s ta tio n can send a re q u e s t fo r
a u th e n tic a tio n In th is process, one s ta tio n can send an a u th e n tic a tio n m a n a g e m e n t fra m e c o n ta in in g th e id e n tity o f th e s e n d in g s ta tio n , to g e t a u th e n tic a te d and c o n n e c te d w ith
o th e r w ire le s s s ta tio n The o th e r w ire le s s s ta tio n (AP) checks th e c lie n t's SSID and in response sends an a u th e n tic a tio n v e rific a tio n fra m e , if th e SSID m a tch e s O nce th e v e rific a tio n fra m e reaches th e c lie n t, th e c lie n t c o n n e c ts to th e n e tw o rk o r in te n d e d w ire le s s s ta tio n
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 5 7
Trang 25• v l / >
P ro be R esponse (S e c u rity P a ra m e te rs)
־ 3
In th is process each w ire le s s s ta tio n is assum ed to have re ce ive d a shared s e c re t key
o v e r a secure ch a n n e l th a t is d is tin c t fro m th e 8 0 2 1 1 w ire le s s n e tw o rk c o m m u n ic a tio n
ch a n n e ls The fo llo w in g steps illu s tra te h o w th e c o n n e c tio n is e sta b lis h e d in Shared Key
A u th e n tic a tio n process:
9 The s ta tio n sends an a u th e n tic a tio n re q u e s t to th e access p o in t
9 The access p o in t sends ch a lle n g e te x t to th e s ta tio n
9 The s ta tio n e n c ry p ts th e ch a lle n g e te x t by m a k in g use o f its c o n fig u re d 6 4 -b it o r 1 2 8 -b it
d e fa u lt key, and it sends th e e n c ry p te d te x t to th e access p o in t
9 The access p o in t uses its c o n fig u re d WEP key (th a t c o rre s p o n d s t o th e d e fa u lt key o f
s ta tio n ) t o d e c ry p t th e e n c ry p te d te x t The access p o in t c o m p a re s th e d e c ry p te d te x t
w ith th e o rig in a l ch a lle n g e te x t If th e d e c ry p te d te x t m a tch e s th e o rig in a l ch a lle n g e
te x t, th e access p o in t a u th e n tic a te s th e s ta tio n
9 The s ta tio n c o n n e c ts to th e n e tw o rk
The access p o in t can re je c t to a u th e n tic a te th e s ta tio n if th e d e c ry p te d te x t does n o t m a tc h th e
o rig in a l ch a lle n g e te x t, th e n s ta tio n w ill be u n a b le to c o m m u n ic a te w ith e ith e r th e E th e rn e t
Trang 26The 8 0 2 l x p ro v id e s c e n tra liz e d a u th e n tic a tio n For 8 0 2 l x a u th e n tic a tio n to w o rk on a
w ire le s s n e tw o rk , th e AP m u s t be a ble to se c u re ly id e n tify tr a ffic fro m a p a rtic u la r w ire le s s
c lie n t The id e n tific a tio n is a c c o m p lis h e d by using a u th e n tic a tio n keys th a t are se n t to th e AP and th e w ire le s s c lie n t fro m th e R e m o te A u th e n tic a tio n Dial in U ser S ervice (RADIUS) s e rv e r
W h e n a w ire le s s c lie n t com es w ith in range o f th e AP, th e fo llo w in g process occurs:
1 C lie n t sends an a u th e n tic a tio n re q u e s t to th e AP fo r e s ta b lis h in g th e c o n n e c tio n
3 The w ire le s s c lie n t re sp o n d s w ith its EAP-R esponse id e n tity
4 The AP fo rw a rd s th e id e n tity to th e RADIUS s e rv e r using th e u n c o n tro lle d p o rt.The RADIUS s e rv e r sends a re q u e s t to th e w ire le s s s ta tio n via th e AP, s p e c ify in g th e
a u th e n tic a tio n m e c h a n ism to be used
6 The w ire le s s s ta tio n re sp o n d s to th e RADIUS s e rv e r w ith its c re d e n tia ls via th e AP
7 If th e c re d e n tia ls are a c c e p ta b le , th e RADIUS s e rv e r sends an e n c ry p te d a u th e n tic a tio n key to th e AP
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 5 9
Trang 27u n ic a s t session key, and tra n s m its it to th e w ire le s s s ta tio n
FIGURE 1 5 9 : S h a re d ke y A u th e n tic a tio n m o d e
Trang 28A s s o c ia tio n The process o f c o n n e c tin g a w ire le s s d e vice to an access p o in t is
called a sso cia tio n
(BSS)
H o ts p o t Place w h e re w ire le s s n e tw o rk is a va ila b le f o r p u b lic use
Access P o in t Used to c o n n e c t w ire le s s devices to a w ire le s s n e tw o rk
ISM b a n d A range o f ra d io fre q u e n c ie s th a t are assigned fo r use by u n lice n se d
Trang 29DSSS It is used to tr a n s m it da ta on a s ta b le range o f th e fre q u e n c y band
FHSS
Data is tra n s m itte d on ra d io c a rrie rs w h ic h h o p p s e u d o -ra n d o m ly
th ro u g h m a n y d iffe r e n t fre q u e n c ie s a t a p re -d e te rm in e d ra te and
h o p p in g sequen ce
O FD M M e th o d o f e n c o d in g d ig ita l d a ta on m u ltip le c a rrie r fre q u e n c ie s w ith
m u ltip le o v e rla p p in g ra d io fre q u e n c y c a rrie rs
TABLE 1 5 2 : W ire le s s te r m s a n d d e s c rip tio n s
Trang 30To p e rfo rm W a rW a lk in g , a tta c k e rs w a lk a ro u n d w ith W i-F i e n a b le d la p to p s to d e te c t
o p e n w ire le s s n e tw o rk s In th is te c h n iq u e , th e a tta c k e r goes on fo o t to c o n d u c t th e W i-F i
ch a lkin g The d is a d v a n ta g e o f th is a p p ro a c h is th e absence o f a c o n v e n ie n t c o m p u tin g
e n v iro n m e n t and s lo w e r speed o f tra v e l
W a r F l y i n g
( 8 3 ) W a rF ly in g is an a c tiv ity in w h ic h a tta c k e rs fly a ro u n d w ith W i-F i e n a b le d la p to p s to
d e te c t o p e n w ire le s s n e tw o rk s This is also k n o w n as w a rs to rm in g As m o s t o f th e
p e o p le u s u a lly scan fo r th e n e tw o rk s to m ap o u t th e w ire le s s n e tw o rk s in th e area o r as an
e x p e rim e n t, m o s t W a rF ly in g is harm less Also, it is m o re d iffic u lt to access o p e n n e tw o rk s
Trang 31A c c o rd in g to w w w w o rd s p y c o m , W a rD riv in g is a c o m p u te r cra ckin g te c h n iq u e th a t
in vo lve s d riv in g th ro u g h a n e ig h b o rh o o d w ith a w ire le s s e n a b le d n o te b o o k c o m p u te r,
m a p p in g houses and businesses th a t have w ire le s s access p o in ts
W a r C h a l k i n g
1
This te rm com es fro m w h a c k e rs w h o use c h a lk to place a special sy m b o l on a s id e w a lk
o r a n o th e r su rfa ce to in d ic a te a n e a rb y w ire le s s n e tw o rk th a t o ffe rs In te rn e t access It
is a m e th o d used to d ra w s y m b o ls in p u b lic places to a d v e rtis e o p e n W i-F i n e tw o rk s
Trang 32W i-F i w it h WPA W i-F i w ith M u ltip le
Access C o n tro ls W i-F i w it h C losed SSID W i-F i H o n e y p o t
Trang 33T y p e s o f W i r e l e s s A n t e n n a s
Copyright © by EG-G(HIICil All Rights Reserved Reproduction is S trictly Prohibited.
Yagi is a un id irectio nal antenna com m only used in com m unications fo r a frequency band o f 10 MHz to VHF and UHF
D ip o le A n t e n n a
B idirectional antenna, used to support client connections ra ther than site-to- site applications
Unidirectional Antenna
P a r a b o lic G r id A n t e n n a
It is based on th e principle o f a satellite dish bu t it does
no t have a solid backing They can pick up Wi-Fi signals
ten miles o r more.
Y a g i A n t e n n a
D ir e c t io n a l A n t e n n a
Used to broadcast and obtain radio waves fro m a single direction
O m n id ir e c t io n a l A n t e n n a
O m nidirectional antennas provide a 360 degree horizontal
radiation pattern It is used in wireless base stations.
A n te n n a s are im p o r ta n t fo r se n d in g and re c e iv in g ra d io signals T hey c o n v e rt
e le c tric a l im p u lse s in to ra d io signals and vice versa B asically th e re are fiv e ty p e s o f w ire le s s
a n te n n a s :
D i r e c t i o n a l A n t e n n a
^ A d ire c tio n a l a n te n n a is used to b ro a d c a s t and o b ta in ra d io w aves fro m a single
d ire c tio n In o rd e r to im p ro v e th e tra n s m is s io n and re c e p tio n th e d ire c tio n a l a n te n n a is desig n e d t o w o rk e ffe c tiv e ly in a fe w d ire c tio n s w h e n c o m p a re d w ith th e o th e r d ire c tio n s This also helps in re d u c in g in te rfe re n c e
O m n i d i r e c t i o n a l A n t e n n a
O m n id ire c tio n a l a n te n n a s ra d ia te e le c tro m a g n e tic e n e rg y re g u la rly in all d ire c tio n s
T h e y u su a lly ra d ia te s tro n g w aves u n ifo rm ly in tw o d im e n s io n s , b u t n o t as s tro n g ly in
th e th ir d These a n te n n a s are e ffic ie n t in areas w h e re w ire le s s s ta tio n s use tim e d iv is io n
m u ltip le access te c h n o lo g y A g o o d e x a m p le o f an o m n id ire c tio n a l a n te n n a is o n e used by ra d io
s ta tio n s These a n te n n a s are e ffe c tiv e fo r ra d io signal tra n s m is s io n because th e re c e iv e r m ay
n o t be s ta tio n a ry T h e re fo re , a ra d io can re ce ive a signal reg a rd le ss o f w h e re it is
Trang 34P a r a b o l i c G r i d A n t e n n a
( f tb
' A p a ra b o lic g rid a n te n n a is based on th e p rin c ip le o f a s a te llite d ish b u t it does n o t have a solid backing Instead o f solid ba ckin g th is kind o f a n te n n a s has a se m i-d ish
th a t is fo rm e d by a grid m a d e o f a lu m in u m w ire These g rid p a ra b o lic a n te n n a s can achieve
v e ry lo n g d is ta n c e W i-F i tra n s m is s io n s by m a k in g use o f th e p rin c ip le o f a h ig h ly fo c u s e d ra d io
b e a m This ty p e o f a n te n n a can be used to tra n s m it w e a k ra d io signals m illio n s o f m ile s back to
e a rth
( ( ( © ) ) } Y a g i A n t e n n a
Yagi is a u n id ire c tio n a l a n te n n a c o m m o n ly used in c o m m u n ic a tio n s f o r a fre q u e n c y band o f 10 M H z t o VHF a n d UHF It is also calle d as Yagi U da a n te n n a Im p ro v in g th e gain o f th e a n te n n a and re d u c in g th e noise level o f a ra d io signal are th e m a in fo cu s o f th is
a n te n n a It d o e s n 't o n ly have u n id ire c tio n a l ra d ia tio n and response p a tte rn , b u t it c o n c e n tra te s
th e ra d ia tio n and response It consists o f a re fle c to r, d ip o le , and a n u m b e r o f d ire c to rs An end fir e ra d ia tio n p a tte rn is d e v e lo p e d by th is a n te n n a
D i p o l e A n t e n n a
A d ip o le is a s tra ig h t e le c tric a l c o n d u c to r m e a s u rin g h a lf w a v e le n g th fro m end to end and c o n n e c te d a t th e RF fe e d lin e 's c e n te r It is also called as a d o u b le t It is b ila te ra lly
s y m m e tric a l so it is in h e re n tly a bala n ce d a n te n n a These kinds o f a n te n n a s are u su a lly fe d w ith
a bala n ce d p a ra lle l-w ire RF tra n s m is s io n line
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 6 7
Trang 35Parabolic Grid Antenna C EH
Parabolic grid a n tennas e n a b le attackers to g e t b e tte r signal q u a lity resulting in m ore d a ta to eavesdrop on , m o re b a n d w id th to abuse and higher p o w e r o u tp u t th a t is essential in Layer 1 DoS and m an -
in -th e -m id d le attacks
SSID C h a n n e l E n c r y p tio n A u t h e n t ic a tio n S ig n a l
Awslocal 8 None U n kno w n 54% j
P a ra b o lic G rid A n ten n a
data to eavesdrop on, m ore bandw idth to abuse, and higher pow er output that is essential in Layer 1 DoS and m an-in-the-m iddle attacks Grid parabolic antennas can pick up Wi-Fi signals from a distance of 10 miles The design of this antenna saves weight and space and it has the capability of picking up Wi-Fi signals that are either horizontally or vertically polarized
SSID Channel Encryption Authentication Signal
TABLE 15.4: Various SSID's and percentage of signal quality
Trang 36M odule Flow C EH
« - M o d u le Flow
b
-H ־־
Wireless encryption is a process of protecting the wireless netw ork from attackers
w h o can collect your sensitive inform ation by breaching the RF (Radio Frequency) traffic
This section provides insight on various wireless encryption standards such as WEP, W PA,
W PA2, W EP issues, how to break encryption algorithms, and how to defend against encryption algorithm cracking
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y EC-C0UnCil
A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 6 9
Trang 38Types of Wireless Encryption CEH
w ire le ss s e cu rity standard
w h ich can be cracked easily
W PA2
W PA2 uses AES (1 28 bit) and CCMP fo r wireless data encryption
W PA2 Enterprise
It integrates EAP standards w ith
o f TKIP
EAP
Supports m ultiple
a uthenticatio n m ethods, such as token cards, Kerberos, certificates etc.
LEAP
It is a proprietary WLAN a uthenticatio n protocol developed by Cisco
m echanisms fo r 8 0 2 1 1 wireless networks
CC M P
CCMP utilizes 1 28 -b it keys, w ith a 4 8 -b it initialization vector (IV)
9 WEP: A W LAN clients authenticating and data encryption protocol and it is an old, original wireless security standard that can be cracked easily
Q WPA: It is an advanced W LAN clients authenticating and data encryption protocol using TKIP, MIC, and AES encryption It uses a 48-bit IV, 32-bit CRC, and TKIP encryption for wireless security
9 WPA2: W P A 2 uses AES (128-bit) and C C M P fo r wireless data encryption
9 W PA2 Enterprise: It integrates EAP standards with W P A encryption
9 TKIP: A security protocol used in W P A as a replacem ent for WEP
e AES: It is a sym m etric-key encryption, used in W P A 2 as a replacem ent of TKIP
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y EC-C0UnCil
A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 7 1
Trang 399 LEAP: A proprietary W LAN authentication protocol developed by Cisco
9 RADIUS: A centralized authentication and authorization m anagem ent system
networks
9 CCMP: C C M P utilizes 128-bit keys, with a 48-bit initialization vector (IV) fo r replay detection
Trang 40CEH WEP Encryption
Q WEP uses a 2 4 -b it in itia lizatio n vector (IV) to form stream cipher RC4 fo r confidentiality, and the CRC-32 checksum fo r integrity o f wireless transmission
W hat Is WEP?
Q W ire d Equivalent Privacy (W EP) is an IEEE 8 0 2 1 1 wireless
protocol which provides security algorithm s fo r data confidentiality during wireless transmissions
WEP Flaw s
64-bit W EP uses a 4 0-bit key 128-bit W EP uses a 104-bit key size 256-bit W EP uses 232-bit key size
WEP encryp tion can be easily cracked
Q It has significant
v u ln era b ilitie s and design flaw s
It was developed without:
0 A cadem ic o r public review
Q Review fro m cryptologists
Copyright © by EC-C(ancil All Rights Reserved Reproduction is S trictly Prohibited.
WEP E n c ry p tio n
In this section we will discuss W EP encryption as well as its flaws
W hat Is WEP E ncryption?
According to searchsecurity.com, " W ire d Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard 802.11b." W EP is a
co m p o n e n t of the IEEE 802.11 W L A N standards Its primary purpose is to provide confidentiality of data on wireless networks at a level equivalent to that of w ired LANs Physical security can be applied in wired LANs to stop unauthorized access to a network
In a wireless LAN, the netw ork can be accessed w ithout physically connecting to the LAN Therefore, IEEE utilizes an encryption mechanism at the data link layer for m inim izing unauthorized access on W LAN This is accom plished by encrypting data with the sym m etric RC4 encryption a lg o rith m — a cryptographic m echanism used to defend against threats
Role of WEP in Wireless Communication
9 W EP protects from eavesdropping on w ireless com m unications
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y EC-C0UnCil
A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d
M o d u l e 1 5 P a g e 2 1 7 3