1. Trang chủ
  2. » Tất cả

CEHv8 module 15 hacking wireless networks

258 760 0
Tài liệu đã được kiểm tra trùng lặp

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 258
Dung lượng 12,12 MB

Nội dung

Association ResponseOpen System Authentication Process A uthentication request sent to AP ends challenge text text and sends it back to AP AP decrypts challenge te xt, and if correct, au

Trang 1

f t

Trang 3

S ource: h ttp ://w w w in fo s e c u ritv -m a g a z in e c o m

O u r m o b ile p h o n e s are u n w ittin g ly g iv in g a w a y th r e a t v e c to rs to w o u ld -b e hackers (and, fo r

th a t m a tte r, physical c rim in a ls as w e ll), o ffe rin g c rim in a ls a n e w w a y to ta p in fo rm a tio n housed

on s m a rtp h o n e s

A c c o rd in g to re se a rch e rs a t Sophos, th e a b ility o f s m a rtp h o n e s to re ta in id e n tifie rs f o r th e tru s te d W i-F i n e tw o rk s th e y a tta c h to a u to m a tic a lly o ffe rs c rim in a ls a w in d o w in to d a ily h a b its

- and e x p lo ita b le in fo rm a tio n

"A w ire le s s d e vice goes th ro u g h a d is c o v e ry process in w h ic h it a tte m p ts to c o n n e c t to an

a va ila b le w ire le s s n e tw o rk This m ay e ith e r be 'p a s s iv e ' - lis te n in g fo r n e tw o rk s w h ic h are

b ro a d c a s tin g th e m s e lv e s - o r 'a c tiv e ' - s e n d in g o u t p ro b e re q u e s t packets in search o f a

n e tw o rk to c o n n e c t t o , " said S ophos b lo g g e r Julian B h a rd w a j " It's v e ry lik e ly th a t y o u r

s m a rtp h o n e is b ro a d c a s tin g th e nam es (SSIDs) o f y o u r fa v o rite n e tw o rk s fo r a n y o n e to see."

Trang 4

It m eans th a t a w o u ld -b e c rim in a l can fin d o u t a lo t a b o u t a p e rs o n 's d a ily m o v e m e n ts - w h ic h

c o ffe e shops th e y v is it, w h a t th e ir h o m e n e tw o rk is ca lle d , w h ic h b o o k s to re s are fre q u e n te d , and so o n B ut aside fro m b e in g a nice t o o lk it f o r a s ta lk e r, it also gives c y b e rc rim in a ls a w a y

in to th e p e rs o n 's s m a rtp h o n e S p e cifica lly, an a tta c k e r c o u ld set up a ro g u e W i-F i n e tw o rk w ith

th e sam e SSID as th e one th e user is try in g to c o n n e c t to , w ith th e aim o f fo rc in g th e p h o n e to

c o n n e c t and tra n s fe r da ta th ro u g h it

"So w h ile s o m e o n e k n o w in g th a t y o u r p h o n e is try in g to c o n n e c t to ׳ B TH om eH ub-X Y Z׳ is n 't

im m e d ia te ly c o n d e m n in g , it m ay a llo w f o r th e m to launch a ׳ m a n -in -th e -m id d le ' a tta c k a g a in st

y o u , in te rc e p tin g da ta s e n t b e tw e e n you and a frie n d , g iv in g th e im p re s s io n y o u 're ta lk in g

d ire c tly t o each o th e r o v e r a p riv a te c o n n e c tio n , w h e n in fa c t th e e n tire c o n v e rs a tio n is

c o n tro lle d by th e a tta c k e r," e xp la in e d B h a rd w a j "A n ׳e vil t w in ' a tta c k c o u ld even a c c o m p lish

th is w ith o u t n e e d in g any k n o w le d g e o f y o u r W i-F i p a ssw o rd - v e ry d a m a g in g f o r all o f th o s e

w h o use m o b ile b a n k in g fo r in s ta n c e "

A ll o f th a t da ta d a rtin g across a irw a v e s in an u n e n c ry p te d fa s h io n c le a rly o ffe rs a p o te n tia lly huge s e c u rity h o le f o r an e n te rp ris in g c y b e rc rim in a l In an e ffo r t to fin d o u t h o w real th e d a n g e r

is, B h a rd w a j la u n ch e d an e x p e rim e n t a t a re c e n t u n iv e rs ity o p e n day in W a rw ic k , UK

He ran a s e c u rity d e m o in w h ic h he c o lle c te d d a ta fro m p e o p le w a lk in g by, d is p la y in g it fo r

th e m to see In ju s t fiv e h o u rs, 246 w ire le s s d e vice s cam e in to range A lm o s t h a lf - 4 9 % - o f

th e s e devices w e re a c tiv e ly p ro b in g f o r th e ir p re fe rre d n e tw o rk s to c o n n e c t to , re s u ltin g in 365

n e tw o r k n a m e s b e in g b ro a d c a s t O f th o s e , 25% w e re c u s to m iz e d , n o n -s ta n d a rd n e tw o rk nam es H o w e v e r, 7% o f th e nam es re ve a le d lo c a tio n in fo rm a tio n , in c lu d in g th re e w h e re th e

n e tw o rk n am e w as a c tu a lly th e fir s t line o f an address

״ W h a t m akes th is even m o re w o rry in g w as h o w easily I w as a ble to c a p tu re th is se n sitive

in fo r m a tio n ," he e x p la in e d ״ A tin y w ire le s s ro u te r I p u rc h a s e d fro m eBay fo r $ 2 3 9 5 and som e fre e ly a va ila b le s o ftw a re I fo u n d on G oogle w as all I ne e d e d I d id n 't even need to u n d e rs ta n d

a n y th in g a b o u t th e 802.1 p ro to c o ls th a t g o v e rn W i-F i to c a rry o u t th is a tta c k "

C o upled w ith a p o rta b le p o w e r so u rce , a d e vice c o u ld easily be h id d e n in a p la n t p o t, garbage can, p a rk bench and so on to lu re W i-F i devices t o a tta c h to it

M o b ile p h o n e users can p ro te c t th e m s e lv e s s o m e w h a t by te llin g y o u r p h o n e s to ׳fo r g e t'

n e tw o rk s yo u no lo n g e r use to m in im iz e th e a m o u n t o f da ta leakage, he said But, ׳׳t he

u n fo rtu n a te new s is th e re d o e s n 't a p p e a r to be an easy w a y to d isa b le a c tive w ire le s s scanning

on s m a rtp h o n e s like A n d ro id s and iP h o n e s," he n o te d , o th e r th a n s h u ttin g W i-F i access

c o m p le te ly o f f o r d is a b lin g lo c a tio n -a w a re s m a rtp h o n e apps

Trang 5

M o d u l e O b j e c t i v e s C E H

J W h a t Is S p e c tru m A nalysis?

H o w to Reveal H id d e n SSIDs

J Crack W i-F i E n c ry p tio n

J W ire le s s H acking Tools

B lu e to o th H acking

H o w to BlueJack a V ic tim

H o w to D efe nd A g a in s t W ire le s s A tta cks

J W ire le s s S e c u rity Tools

J W ire le s s P e n e tra tio n Te sting

1 = W ire le s s n e tw o rk s are in e x p e n s iv e w h e n c o m p a re d to w ire d n e tw o rk s But, th e y a re

m o re v u ln e ra b le to a tta cks w h e n c o m p a re d w ith th e w ire d n e tw o rk s An a tta c k e r can easily

c o m p ro m is e th e w ire le s s n e tw o rk , if p ro p e r s e c u rity m e a su re s are n o t a p p lie d o r if th e n e tw o rk

is n o t c o n fig u re d a p p ro p ria te ly E m p lo y in g a high s e c u rity m e c h a n ism m a y be exp e n sive

H ence, it is a d visa b le to d e te rm in e c ritic a l sources, risks, o r v u ln e ra b ilitie s associated w ith it and

th e n ch e ck w h e th e r th e c u rre n t s e c u rity m e c h a n ism is a ble to p ro te c t yo u a g a in st all possible

a tta cks If n o t, th e n u p g ra d e th e s e c u rity m e ch a n ism s But, yo u s h o u ld e n su re th a t yo u leave no

o th e r d o o rw a y f o r a tta c k e rs to reach and c o m p ro m is e th e c ritic a l resources o f y o u r business This m o d u le assists yo u in id e n tify in g th e c ritic a l sources o f y o u r business and h o w to p ro te c t

th e m

This m o d u le fa m ilia riz e s yo u w ith :

Trang 6

© Types o f W ire le s s N e tw o rk s © W h a t Is S p e c tru m Analysis?

©

Using W a rd riv in g

W ire le s s T ra ffic A nalysis

© W ire le s s P e n e tra tio n T e stin g

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n c i l

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 3 9

Trang 7

M o d u l e F l o w C E H

M o d u l e F l o w

Y A w ire le s s n e tw o rk is a re la xe d d a ta c o m m u n ic a tio n s y s te m th a t uses ra d io fre q u e n c y

te c h n o lo g y w ith w ire le s s m e d ia to c o m m u n ic a te and o b ta in d a ta th ro u g h th e a ir, w h ic h fre e s

th e user fro m c o m p lic a te d and m u ltip le w ire d c o n n e c tio n s T hey use e le c tro m a g n e tic w aves to

in te rc o n n e c t d a ta an in d iv id u a l p o in t to a n o th e r w ith o u t re ly in g on any b o d ily c o n s tru c tio n To

u n d e rs ta n d th e c o n c e p t o f ha ckin g w ire le s s n e tw o rk s , le t us b egin w ith w ire le s s co n ce p ts

This s e c tio n p ro v id e s in s ig h t in to w ire le s s n e tw o rk s , ty p e s o f w ire le s s n e tw o rk s , w ire le s s

s ta n d a rd s , a u th e n tic a tio n m odes and process, w ire le s s te rm in o lo g y , and ty p e s o f w ire le s s

a n te n n a

W ire le s s T h re a ts

& | | | | | | W ire le s s H a ckin g M e th o d o lo g y

Trang 8

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 4 1

Trang 9

J W i-Fi refers to w ireless local area n e tw o rk s (W LAN) based on IEEE 802.11 stan dard

J It is a w id e ly used te c h n o lo g y fo r w ireless co m m u n ica tio n across a ra d io channel

J Devices such as a personal co m pute r, vid e o -g a m e console, s m a rtp h o n e , etc use W i-Fi to

co n n e ct to a n e tw o rk resource such as th e In te rn e t via a w ire le ss n e tw o rk access p o in t

» S e cu rity is a big issue and m ay n o t m e e t

e x p e c ta tio n s

« As th e n u m b e r o f c o m p u te rs o n th e n e tw o rk increases, th e b a n d w id th su ffe rs

« W iFi e n h a n ce m e n ts can re q u ire n e w w ire le s s cards a n d /o r access p o in ts

« Som e e le c tro n ic e q u ip m e n t can in te rfe re w ith

th e W i-Fi n e tw o rk s

« In sta lla tio n is fa st and easy and e lim in a te s

w irin g th ro u g h w a lls and ce iling s

« It is easier to p ro v id e c o n n e c tiv ity in areas

w h e re it is d iffic u lt to lay cable

e Access to th e n e tw o rk can be fro m

a n yw h e re w ith in range o f an access p o in t

© P u b lic places like a irp o rts , lib ra rie s, schools

o r even c o ffe e shops o ffe r you c o n sta n t

In te rn e t co n n e c tio n s using W ireless LAN

F u n d a m e n ta l changes to th e da ta n e tw o rk in g and te le c o m m u n ic a tio n are ta k in g place w ith th e

w ire le s s c o m m u n ic a tio n re v o lu tio n W i-F i is d e v e lo p e d on IEEE 8 0 2 1 1 sta n d a rd s , and it is

w id e ly used in w ire le s s c o m m u n ic a tio n It p ro v id e s w ire le s s access to a p p lic a tio n s and data across a ra d io n e tw o rk W i-Fi sets up n u m e ro u s w ays to b u ild up a c o n n e c tio n b e tw e e n th e

tr a n s m itte r and th e re c e iv e r such as D ire c t-s e q u e n c e Spread S p e c tru m (DSSS), F re q u e n cy-

h o p p in g Spread S p e ctru m (FHSS), In fra re d (IR), and O rth o g o n a l F re q u e n c y -d iv is io n M u ltip le x in g (O FD M )

A d v a n ta g e s :

9 In s ta lla tio n is fa s t and easy and e lim in a te s w irin g th ro u g h w a lls and ceilings

9 It is easier to p ro v id e c o n n e c tiv ity in areas w h e re it is d iffic u lt to lay cable

9 Access to th e n e tw o rk can be fro m a n y w h e re w ith in range o f an access p o in t

Trang 10

9 Using a w ire le s s n e tw o rk , m u ltip le m e m b e rs can access th e In te rn e t s im u lta n e o u s ly

w ith o u t h a vin g to pay an ISP fo r m u ltip le a cco u n ts

0 P ublic places like a irp o rts , lib ra rie s , schools, o r even c o ffe e shops o ffe r yo u a c o n s ta n t

In te rn e t c o n n e c tio n using a w ire le s s LAN

D is a d v a n ta g e s :

9 S e c u rity is a big issue and m ay n o t m e e t e x p e c ta tio n s

9 As th e n u m b e r o f c o m p u te rs on th e n e tw o rk increases, th e b a n d w id th s u ffe rs

9 W i-F i s ta n d a rd s change d w h ic h re s u lts in re p la c in g w ire le s s cards a n d /o r access p o in ts

9 Som e e le c tro n ic e q u ip m e n t can in te rfe re w ith th e W i-F i n e tw o rk s

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 4 3

Trang 11

2 0 1 0 v s 2 0 1 1 W i - F i D e v i c e T y p e C o m p a r i s o n

L _ J S ource: h ttp ://w w w m e r a k i.c o m

M e ra k i, th e c lo u d n e tw o rk in g c o m p a n y , a n n o u n c e d s ta tis tic s s h o w in g th e W i-F i d e vice ty p e

c o m p a ris o n The g ra p h c le a rly sh o w s th a t th e iPads used s ig n ific a n tly m o re W i-F i d a ta th a n th e average m o b ile device

A pple iPad

Trang 12

2 5 %

2 5 %

2 1%18%

Trang 13

C E H

P u b l i c P l a c e s

J You can fin d fr e e /p a id W i-F i access

a va ila b le in c o ffe e sho ps, s h o p p in g m a lls,

A t H o m e

W i-F i n e tw o rk s a t h o m e a llo w yo u t o be w h e re v e r yo u w a n t w ith la p to p , iPad, o r

h a n d h e ld d e vice , and yo u d o n 't need to m ake holes to h ide E th e rn e t cables If yo u have a

w ire le s s c o n n e c tio n in y o u r h o m e , yo u can c o n n e c t any n u m b e r o f devices th a t have W i-Fi

c a p a b ilitie s to y o u r c o m p u te r The devices w ith W i-F i c a p a b ility in c lu d e W i-F i-c a p a b le p rin te rs and radios

P u b l i c P l a c e s

T h o u g h th e s e W i-F i n e tw o rk s are c o n v e n ie n t w ays to c o n n e c t to th e In te rn e t, th e y are

n o t se cu re , because, a n y o n e , i.e., be it a g e n u in e user o r an a tta c k e r, can c o n n e c t to such

n e tw o rk s o r h o ts p o ts W h e n yo u are using a p u b lic W i-F i n e tw o rk , it is b est to send in fo rm a tio n

o n ly to e n c ry p te d w e b s ite s You can easily d e te rm in e w h e th e r a w e b s ite is e n c ry p te d o r n o t by

lo o k in g a t th e URL If th e URL begins w ith " h ttp s ," th e n it is an e n c ry p te d w e b s ite If th e

n e tw o rk asks yo u fo r W PA p a ssw o rd to c o n n e c t to th e p u b lic W i-F i n e tw o rk , th e n yo u can

c o n s id e r th a t h o ts p o t a secure one

W i- F i a t H o m e

Trang 14

Copyright © by EG-G(HIICil All Rights Reserved Reproduction is S trictly Prohibited.

A w ire le s s n e tw o rk can also be e s ta b lis h e d by using an access p o in t, o r a base s ta tio n W ith th is

ty p e o f n e tw o rk , th e access p o in t acts like a h u b , p ro v id in g c o n n e c tiv ity f o r th e w ire le s s

c o m p u te rs on its system It can c o n n e c t a w ire le s s LAN t o a w ire d LAN, w h ic h a llo w s w ire le s s

c o m p u te r access to LAN re so u rce s, such as file servers o r e x is tin g In te rn e t c o n n e c tio n s

To s u m m a riz e :

9 S o ftw a re Access P o in ts (SAPs) can be c o n n e c te d to th e w ire d n e tw o rk , and ru n on a

c o m p u te r e q u ip p e d w ith a w ire le s s n e tw o rk in te rfa c e card

M u ltip le Access Points Extension to a W ired N e tw o rk

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 4 7

Trang 15

fe a tu re s W ith s u ita b le n e tw o rk in g s o ftw a re s u p p o rt, users on th e w ire le s s LAN can share file s and p rin te rs s itu a te d on th e w ire d LAN and vice versa.

Internet

FIG U R E 15.3: E x te n s io n t o a W ir e d N e tw o r k

M u l t i p l e A c c e s s P o i n t s

This ty p e o f n e tw o rk consists o f w ire le s s c o m p u te rs c o n n e c te d w ire le s s ly by using

m u ltip le access p o in ts If a single large area c a n n o t be c o ve re d by a single access p o in t,

m u ltip le access p o in ts o r e x te n s io n p o in ts can be e s ta b lis h e d A lth o u g h e x te n s io n p o in t

c a p a b ility has been d e v e lo p e d by som e m a n u fa c tu re rs , it is n o t d e fin e d in th e w ire le s s

s ta n d a rd

W h e n using m u ltip le access p o in ts , each access p o in t w ire le s s area needs to o v e rla p its

n e ig h b o r's area This p ro v id e s users th e a b ility to m o ve a ro u n d seam less using a fe a tu re called

ro a m in g Som e m a n u fa c tu re rs d e v e lo p e x te n s io n p o in ts th a t a ct as w ire le s s relays, e x te n d in g

th e range o f a s in g le access p o in t M u ltip le e x te n s io n p o in ts can be s tru n g to g e th e r to p ro v id e

w ire le s s access to lo c a tio n s fa r fro m th e c e n tra l access p o in t

Trang 16

In te rn e t

FIG U R E 15.4: M u lt ip le A ccess P o in ts

Access p o in ts p ro v id e w ire le s s c o n n e c tiv ity to lo ca l c o m p u te rs , and local c o m p u te rs on

d iffe r e n t n e tw o rk s can be in te rc o n n e c te d A ll h a rd w a re access p o in ts have th e c a p a b ility o f

b e in g in te rc o n n e c te d w ith o th e r h a rd w a re access p o in ts H o w e v e r, in te rc o n n e c tin g LANs o v e r

w ire le s s c o n n e c tio n s is a m o n u m e n ta l and c o m p le x task

FIG U R E 15.5: D ia g ra m m a tic a l re p r e s e n ta tio n o f L A N -to -L A N W ire le s s N e tw o r k

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 4 9

Trang 17

3 G H o t s p o t

A 3G h o ts p o t is a ty p e o f w ire le s s n e tw o rk th a t p ro v id e s W i-F i access to W i-F i-

e n a b le d d e vices in c lu d in g M P3 players, n o te b o o k s , cam eras, PDAs, n e tb o o k s , and m o re

Trang 18

S t a n d a r d

A m e n d m e n t s F r e q

( G H z ) M o d u l a t i o n

S p e e d ( M b p s ) R a n g e ( f t )

W h e n it fir s t cam e o u t in 1997, th e w ire le s s lo ca l are a n e tw o r k (W L A N ) s ta n d a rd sp e cifie d

o p e ra tio n a t 1 and 2 M b /s in th e in fra re d , as w e ll as in th e lic e n s e -e x e m p t 2.4-G Hz In d u s tria l,

S c ie n tific , and M e d ic a l (ISM ) fre q u e n c y b a nd An 8 0 2 1 1 n e tw o r k in th e e a rly days used to have

fe w PCs w ith w ire le s s c a p a b ility c o n n e c te d to an E th e rn e t (IEEE 8 0 2 3 ) LAN th ro u g h a single

n e tw o rk access p o in t 8 0 2 1 1 n e tw o rk s n o w o p e ra te a t h ig h e r spe e d s and in a d d itio n a l bands

W ith its g ro w th , n e w issues have risen such as s e c u rity , ro a m in g a m o n g m u ltip le access p o in ts , and even q u a lity o f service These issues are d e a lt w ith by e x te n s io n s to th e s ta n d a rd id e n tifie d

by le tte rs o f th e a lp h a b e t d e riv e d fro m th e 8 0 2 1 1 ta s k g ro u p s th a t c re a te d th e m

Q The 8 0 2 1 1 a e x te n s io n d e fin e s re q u ire m e n ts fo r a physical la y e r (w h ic h d e te rm in e s ,

a m o n g o th e r p a ra m e te rs , th e fre q u e n c y o f th e signal and th e m o d u la tio n schem e to be used) o p e ra tin g in th e U n lice n se d N a tio n a l In fo rm a tio n In fra s tru c tu re (UNII) b a nd, a t 5 GHz, a t d a ta ra te s ra n g in g fr o m 6 M b /s to 54 M b /s The la ye r uses a schem e called

o rth o g o n a l fre q u e n c y -d iv is io n m o d u la tio n (O FD M ), w h ic h tra n s m its da ta on m u ltip le

s u b c a rrie rs w ith in th e c o m m u n ic a tio n s ch a n n e l It is in m a n y w ays s im ila r to th e physical

G

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 5 1

Trang 19

E uropea n T e le c o m m u n ic a tio n s S tandard s In s titu te

9 C o m m e rc ia lly tra d e m a rk e d in 1999 by th e W ire le s s E th e rn e t C o m p a tib ility A llia n c e (WECA) as W i-F i, th is e x te n s io n m a d e 8 0 2 1 1 b a h o u s e h o ld w o rd It d e fin e s o p e ra tio n in

th e ISM 2.4GHZ band at 5.5 M b /s and 11 M b /s (as w e ll as th e fa llb a c k ra te s o f 1 M b /s and 2 M b /s ) This physical la y e r uses th e m o d u la tio n schem es c o m p le m e n ta ry code

ke yin g (CCK) and p a c k e t b in a ry c o n v o lu tio n a l c o d in g (PBCC) WECA is an in d u s try

o rg a n iz a tio n c re a te d to c e rtify in te r o p e r a b ility a m o n g 8 0 2 1 1 b p ro d u c ts fro m dive rse

m a n u fa c tu re rs

9 This ta s k g ro u p 's w o rk on w ire le s s LAN b rid g in g has been fo ld e d in to th e 8 0 2.11

s ta n d a rd

9 This ta s k g ro u p en h a n ce s th e 8 0 2 1 1 s p e c ific a tio n s by s p e llin g o u t its o p e ra tio n in n e w

re g u la to ry d o m a in s , such as c o u n trie s in th e d e v e lo p in g w o rld In its in itia l fo rm , th e

s ta n d a rd c o ve re d o p e ra tio n o n ly in N o rth A m e ric a , E urope, and Japan

9 8 0 2 1 1 are used fo r re a l-tim e a p p lic a tio n s such as v o ic e and v id e o To e n su re th a t th e se tim e -s e n s itiv e a p p lic a tio n s have th e n e tw o rk re so u rce s w h e n th e y need th e m , it is

w o rk in g on e xtra m e ch a n ism s to e n s u re q u a lity o f service to Layer 2 o f th e re fe re n c e

m o d e l, th e m e d iu m -a cce ss la ye r, o r MAC

9 8 0 2 1 1 s ta n d a rd s have d e v e lo p e d fr o m th e sm all e x te n s io n p o in ts o f w ire d LANs in to

m u ltip le access p o in ts These access p o in ts m u s t c o m m u n ic a te w ith o n e a n o th e r to

a llo w users to ro a m a m o n g th e m This ta s k g ro u p is w o rk in g on e x te n s io n s th a t e n a b le

c o m m u n ic a tio n b e tw e e n access p o in ts fro m d iffe r e n t v e n d o rs

9 This ta s k g ro u p is w o rk in g on h ig h -sp e e d e x te n s io n s to 8 0 2 1 1 b The c u rre n t d r a ft o f

8 0 2 l l g c o n ta in s PSCC and CCK OFDM a lo n g w ith o ld OFDM as m o d u la tio n schem es

D e v e lo p m e n t o f th is e x te n s io n w as m a rk e d by a g re a t deal o f c o n te n tio n in 2 0 0 0 and

2001 o v e r m o d u la tio n schem es A b re a k th ro u g h o c c u rre d in N o v e m b e r 2 0 01, and th e

ta s k g ro u p w o rk e d to fin a liz e its d r a ft d u rin g 2002

9 This ta sk g ro u p is w o rk in g on m o d ific a tio n s to th e 8 0 2 1 1 a physical la y e r to e n su re th a t

80 2 1 1 a m ay be used in E urope The ta sk g ro u p is a d d in g d y n a m ic fre q u e n c y s e le c tio n and p o w e r c o n tro l tra n s m is s io n , w h ic h are re q u ire d to m e e t re g u la tio n s in E urope.The o rig in a l v e rs io n o f 8 0 2 1 1 in c o rp o ra te d a M A C -le ve l p riv a c y m e c h a n is m called

W ire d E q u iv a le n t Privacy (WEP), w h ic h has p ro v e n in a d e q u a te in m a n y s itu a tio n s This

ta s k g ro u p is busy w ith im p ro v e d s e c u rity m e ch a n ism s The p re s e n t d r a ft in c lu d e s

T e m p o ra l Key In te g rity P ro to c o l (TKIP) as an im p ro v e m e n t o v e r WEP 8 02.11 a

re p re s e n ts th e th ir d g e n e ra tio n o f w ire le s s n e tw o rk in g s ta n d a rd s and te c h n o lo g y

9 8 0 2 H i s ta n d a rd im p ro v e s W LAN s e c u rity The e n c ry p te d tra n s m is s io n o f d a ta b e tw e e n

8 0 2 1 1 a and 8 0 2 1 1 b W LANS is b est d e s c rib e d by 8 0 2 l l i A n e w e n c ry p tio n key

p ro to c o l such as T e m p o ra l Key In te g rity P ro to c o l (TKIP) and th e A d va n ce d E n c ry p tio n

S ta n d a rd (AES) is d e fin e d by 8 0 2 l l i TKIP is a p a rt o f s ta n d a rd s fro m IEEE It is an

Trang 20

9 e n h a n c e m e n t o f W LANs The o th e r n am e f o r AES in c ry p to g ra p h y is R ijndael The U.S

g o v e rn m e n t a d o p te d AES as th e key f o r e n c ry p tio n s ta n d a rd

9 8 0 2 l l n is a re v is io n w h ic h e n h a n ce d th e e a rlie r 8 0 2 1 1 s ta n d a rd s w ith m u ltip le - in p u t

m u ltip le - o u tp u t (M IM O ) a n te n n a s It w o rk s alike w ith 2.4 GHz and th e m in o r used 5 GHz bands This is an IEEE in d u s try s ta n d a rd fo r W i-F i w ire le s s local n e tw o rk tra n s p o rta tio n s

O FD M is used in D ig ita l A u d io B ro a d ca stin g (DAB) and in W ire le s s LAN

9 8 0 2 1 6 a / d / / e / m (W iM A X ) is a w ire le s s c o m m u n ic a tio n s s ta n d a rd d esgine d to p ro v id e

30 to 40 m bps rates The o rig in a l v e rs io n o f th e s ta n d a rd on w h ic h W iM A X is based (IEEE

8 0 2 1 6 ) sp e c ifie d a physical la y e r o p e ra tin g in th e 10 to 66 GHz range 8 0 2 1 6 a , u p d a te d

in 2004 to 8 0 2 1 6 -2 0 0 4 , a d d e d s p e c ific a tio n s fo r th e 2 to 11 GHz range 8 0 2 1 6 -2 0 0 4

w as u p d a te d by 8 0 2 1 6 e -2 0 0 5 in 2005 and uses scalable o rth o g o n a l fre q u e n c y -d iv is io n

m u ltip le access (O rth o g o n a l fre q u e n c y -d iv is io n m u ltip le x in g (O FD M ) is a m e th o d o f

e n c o d in g d ig ita l da ta on m u ltip le c a rrie r fre q u e n c ie s

9 B lu e to o th is a w ire le s s p ro to c o l m o s tly in te n d e d to be used by th e s h o rte r-ra n g e

s o lic ita tio n s

The ta b le th a t fo llo w s su m m a riz e s all th e w ire le s s s ta n d a rd s m e n tio n e d on th is slide:

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 5 3

Trang 22

Copyright © by EG-G(l1ncil All Rights Reserved Reproduction is S trictly Prohibited.

S e r v i c e S e t I d e n t i f i e r ( S S I D )

י£ The Service Set Id e n tifie r (SSID) is a u n iq u e id e n tifie r th a t is used to e s ta b lish and

m a in ta in w ire le s s c o n n e c tiv ity SSID is a to k e n to id e n tify a 8 0 2 1 1 (W i-F i) n e tw o rk ; by d e fa u lt it

is th e p a rt o f th e p a cke t h e a d e r s e n t o v e r a w ire le s s local area n e tw o rk (W LA N ) It a ct as a single shared p a ssw o rd b e tw e e n access p o in ts and c lie n ts S e c u rity c o n c e rn s arise w h e n th e

d e fa u lt values are n o t ch a n g e d , since th e s e u n its can th e n be easily c o m p ro m is e d SSID access

p o in ts b ro a d ca sts th e ra d io signals c o n tin u o u s ly re ce ive d by th e c lie n t m a ch in e s if e n a b le d A

n o n -s e c u re access m o d e s ta tio n c o m m u n ic a te s w ith access p o in ts by b ro a d c a s tin g c o n fig u re d SSID, a b la n k SSID, o r an SSID c o n fig u re d as "a n y " Because SSID is th e u n iq u e n a m e given to

W LAN , all devices and access p o in ts p re s e n t in W LAN m u s t use th e sam e SSID It is necessary

f o r any d e vice th a t w a n ts to jo in th e W LAN to give th e u n iq u e SSID If th e SSID o f th e n e tw o rk is

ch a n g e d , re c o n fig u ra tio n o f th e SSID on e v e ry n e tw o rk is re q u ire d , as e v e ry use r o f th e n e tw o rk

c o n fig u re s th e SSID in to th e ir s yste m U n fo rtu n a te ly , SSID does n o t p ro v id e s e c u rity to W LAN , since it can be s n iffe d in p la in te x t fro m packets

The SSID can be up to 32 c h a ra c te rs long Even if th e access p o in ts (APs) o f th e s e n e tw o rk s are

v e ry close, th e packets o f th e tw o are n o t g o in g to in te rfe re Thus, SSIDs can be c o n s id e re d a

p a ssw o rd f o r an AP, b u t it can be s e n t in cle a r te x t and can be easily d is c o v e re d In o th e r w o rd s , SSIDs can be calle d a shared s e c re t th a t e v e ry o n e kn o w s, and a n y o n e can d e te rm in e The SSID

re m a in s s e c re t o n ly on th e closed n e tw o rk s w ith no a c tiv ity , w h ic h is in c o n v e n ie n t to th e

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 5 5

Trang 23

is a s e c re t key in ste a d o f a p u b lic key Som e c o m m o n SSIDs are:

Trang 24

Association Response

Open System Authentication Process

A uthentication request sent to AP

ends challenge text

text and sends it back to AP

AP decrypts challenge te xt, and if correct, authenticates client

A ccess P o in t (A P ) Client connects to netw ork

Shared Key Authentication Process

Copyright © by EG-G(IIIICil All Rights Reserved Reproduction is S trictly Prohibited.

W i-F i a u th e n tic a tio n can be p e rfo rm e d in tw o m o d e s:

1 O pen system a u th e n tic a tio n

2 Shared key a u th e n tic a tio n

O p e n S y s t e m A u t h e n t i c a t i o n P r o c e s s

In th e o p e n system a u th e n tic a tio n process, any w ire le s s s ta tio n can send a re q u e s t fo r

a u th e n tic a tio n In th is process, one s ta tio n can send an a u th e n tic a tio n m a n a g e m e n t fra m e c o n ta in in g th e id e n tity o f th e s e n d in g s ta tio n , to g e t a u th e n tic a te d and c o n n e c te d w ith

o th e r w ire le s s s ta tio n The o th e r w ire le s s s ta tio n (AP) checks th e c lie n t's SSID and in response sends an a u th e n tic a tio n v e rific a tio n fra m e , if th e SSID m a tch e s O nce th e v e rific a tio n fra m e reaches th e c lie n t, th e c lie n t c o n n e c ts to th e n e tw o rk o r in te n d e d w ire le s s s ta tio n

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 5 7

Trang 25

• v l / >

P ro be R esponse (S e c u rity P a ra m e te rs)

־ 3

In th is process each w ire le s s s ta tio n is assum ed to have re ce ive d a shared s e c re t key

o v e r a secure ch a n n e l th a t is d is tin c t fro m th e 8 0 2 1 1 w ire le s s n e tw o rk c o m m u n ic a tio n

ch a n n e ls The fo llo w in g steps illu s tra te h o w th e c o n n e c tio n is e sta b lis h e d in Shared Key

A u th e n tic a tio n process:

9 The s ta tio n sends an a u th e n tic a tio n re q u e s t to th e access p o in t

9 The access p o in t sends ch a lle n g e te x t to th e s ta tio n

9 The s ta tio n e n c ry p ts th e ch a lle n g e te x t by m a k in g use o f its c o n fig u re d 6 4 -b it o r 1 2 8 -b it

d e fa u lt key, and it sends th e e n c ry p te d te x t to th e access p o in t

9 The access p o in t uses its c o n fig u re d WEP key (th a t c o rre s p o n d s t o th e d e fa u lt key o f

s ta tio n ) t o d e c ry p t th e e n c ry p te d te x t The access p o in t c o m p a re s th e d e c ry p te d te x t

w ith th e o rig in a l ch a lle n g e te x t If th e d e c ry p te d te x t m a tch e s th e o rig in a l ch a lle n g e

te x t, th e access p o in t a u th e n tic a te s th e s ta tio n

9 The s ta tio n c o n n e c ts to th e n e tw o rk

The access p o in t can re je c t to a u th e n tic a te th e s ta tio n if th e d e c ry p te d te x t does n o t m a tc h th e

o rig in a l ch a lle n g e te x t, th e n s ta tio n w ill be u n a b le to c o m m u n ic a te w ith e ith e r th e E th e rn e t

Trang 26

The 8 0 2 l x p ro v id e s c e n tra liz e d a u th e n tic a tio n For 8 0 2 l x a u th e n tic a tio n to w o rk on a

w ire le s s n e tw o rk , th e AP m u s t be a ble to se c u re ly id e n tify tr a ffic fro m a p a rtic u la r w ire le s s

c lie n t The id e n tific a tio n is a c c o m p lis h e d by using a u th e n tic a tio n keys th a t are se n t to th e AP and th e w ire le s s c lie n t fro m th e R e m o te A u th e n tic a tio n Dial in U ser S ervice (RADIUS) s e rv e r

W h e n a w ire le s s c lie n t com es w ith in range o f th e AP, th e fo llo w in g process occurs:

1 C lie n t sends an a u th e n tic a tio n re q u e s t to th e AP fo r e s ta b lis h in g th e c o n n e c tio n

3 The w ire le s s c lie n t re sp o n d s w ith its EAP-R esponse id e n tity

4 The AP fo rw a rd s th e id e n tity to th e RADIUS s e rv e r using th e u n c o n tro lle d p o rt.The RADIUS s e rv e r sends a re q u e s t to th e w ire le s s s ta tio n via th e AP, s p e c ify in g th e

a u th e n tic a tio n m e c h a n ism to be used

6 The w ire le s s s ta tio n re sp o n d s to th e RADIUS s e rv e r w ith its c re d e n tia ls via th e AP

7 If th e c re d e n tia ls are a c c e p ta b le , th e RADIUS s e rv e r sends an e n c ry p te d a u th e n tic a tio n key to th e AP

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 5 9

Trang 27

u n ic a s t session key, and tra n s m its it to th e w ire le s s s ta tio n

FIGURE 1 5 9 : S h a re d ke y A u th e n tic a tio n m o d e

Trang 28

A s s o c ia tio n The process o f c o n n e c tin g a w ire le s s d e vice to an access p o in t is

called a sso cia tio n

(BSS)

H o ts p o t Place w h e re w ire le s s n e tw o rk is a va ila b le f o r p u b lic use

Access P o in t Used to c o n n e c t w ire le s s devices to a w ire le s s n e tw o rk

ISM b a n d A range o f ra d io fre q u e n c ie s th a t are assigned fo r use by u n lice n se d

Trang 29

DSSS It is used to tr a n s m it da ta on a s ta b le range o f th e fre q u e n c y band

FHSS

Data is tra n s m itte d on ra d io c a rrie rs w h ic h h o p p s e u d o -ra n d o m ly

th ro u g h m a n y d iffe r e n t fre q u e n c ie s a t a p re -d e te rm in e d ra te and

h o p p in g sequen ce

O FD M M e th o d o f e n c o d in g d ig ita l d a ta on m u ltip le c a rrie r fre q u e n c ie s w ith

m u ltip le o v e rla p p in g ra d io fre q u e n c y c a rrie rs

TABLE 1 5 2 : W ire le s s te r m s a n d d e s c rip tio n s

Trang 30

To p e rfo rm W a rW a lk in g , a tta c k e rs w a lk a ro u n d w ith W i-F i e n a b le d la p to p s to d e te c t

o p e n w ire le s s n e tw o rk s In th is te c h n iq u e , th e a tta c k e r goes on fo o t to c o n d u c t th e W i-F i

ch a lkin g The d is a d v a n ta g e o f th is a p p ro a c h is th e absence o f a c o n v e n ie n t c o m p u tin g

e n v iro n m e n t and s lo w e r speed o f tra v e l

W a r F l y i n g

( 8 3 ) W a rF ly in g is an a c tiv ity in w h ic h a tta c k e rs fly a ro u n d w ith W i-F i e n a b le d la p to p s to

d e te c t o p e n w ire le s s n e tw o rk s This is also k n o w n as w a rs to rm in g As m o s t o f th e

p e o p le u s u a lly scan fo r th e n e tw o rk s to m ap o u t th e w ire le s s n e tw o rk s in th e area o r as an

e x p e rim e n t, m o s t W a rF ly in g is harm less Also, it is m o re d iffic u lt to access o p e n n e tw o rk s

Trang 31

A c c o rd in g to w w w w o rd s p y c o m , W a rD riv in g is a c o m p u te r cra ckin g te c h n iq u e th a t

in vo lve s d riv in g th ro u g h a n e ig h b o rh o o d w ith a w ire le s s e n a b le d n o te b o o k c o m p u te r,

m a p p in g houses and businesses th a t have w ire le s s access p o in ts

W a r C h a l k i n g

1

This te rm com es fro m w h a c k e rs w h o use c h a lk to place a special sy m b o l on a s id e w a lk

o r a n o th e r su rfa ce to in d ic a te a n e a rb y w ire le s s n e tw o rk th a t o ffe rs In te rn e t access It

is a m e th o d used to d ra w s y m b o ls in p u b lic places to a d v e rtis e o p e n W i-F i n e tw o rk s

Trang 32

W i-F i w it h WPA W i-F i w ith M u ltip le

Access C o n tro ls W i-F i w it h C losed SSID W i-F i H o n e y p o t

Trang 33

T y p e s o f W i r e l e s s A n t e n n a s

Copyright © by EG-G(HIICil All Rights Reserved Reproduction is S trictly Prohibited.

Yagi is a un id irectio nal antenna com m only used in com m unications fo r a frequency band o f 10 MHz to VHF and UHF

D ip o le A n t e n n a

B idirectional antenna, used to support client connections ra ther than site-to- site applications

Unidirectional Antenna

P a r a b o lic G r id A n t e n n a

It is based on th e principle o f a satellite dish bu t it does

no t have a solid backing They can pick up Wi-Fi signals

ten miles o r more.

Y a g i A n t e n n a

D ir e c t io n a l A n t e n n a

Used to broadcast and obtain radio waves fro m a single direction

O m n id ir e c t io n a l A n t e n n a

O m nidirectional antennas provide a 360 degree horizontal

radiation pattern It is used in wireless base stations.

A n te n n a s are im p o r ta n t fo r se n d in g and re c e iv in g ra d io signals T hey c o n v e rt

e le c tric a l im p u lse s in to ra d io signals and vice versa B asically th e re are fiv e ty p e s o f w ire le s s

a n te n n a s :

D i r e c t i o n a l A n t e n n a

^ A d ire c tio n a l a n te n n a is used to b ro a d c a s t and o b ta in ra d io w aves fro m a single

d ire c tio n In o rd e r to im p ro v e th e tra n s m is s io n and re c e p tio n th e d ire c tio n a l a n te n n a is desig n e d t o w o rk e ffe c tiv e ly in a fe w d ire c tio n s w h e n c o m p a re d w ith th e o th e r d ire c tio n s This also helps in re d u c in g in te rfe re n c e

O m n i d i r e c t i o n a l A n t e n n a

O m n id ire c tio n a l a n te n n a s ra d ia te e le c tro m a g n e tic e n e rg y re g u la rly in all d ire c tio n s

T h e y u su a lly ra d ia te s tro n g w aves u n ifo rm ly in tw o d im e n s io n s , b u t n o t as s tro n g ly in

th e th ir d These a n te n n a s are e ffic ie n t in areas w h e re w ire le s s s ta tio n s use tim e d iv is io n

m u ltip le access te c h n o lo g y A g o o d e x a m p le o f an o m n id ire c tio n a l a n te n n a is o n e used by ra d io

s ta tio n s These a n te n n a s are e ffe c tiv e fo r ra d io signal tra n s m is s io n because th e re c e iv e r m ay

n o t be s ta tio n a ry T h e re fo re , a ra d io can re ce ive a signal reg a rd le ss o f w h e re it is

Trang 34

P a r a b o l i c G r i d A n t e n n a

( f tb

' A p a ra b o lic g rid a n te n n a is based on th e p rin c ip le o f a s a te llite d ish b u t it does n o t have a solid backing Instead o f solid ba ckin g th is kind o f a n te n n a s has a se m i-d ish

th a t is fo rm e d by a grid m a d e o f a lu m in u m w ire These g rid p a ra b o lic a n te n n a s can achieve

v e ry lo n g d is ta n c e W i-F i tra n s m is s io n s by m a k in g use o f th e p rin c ip le o f a h ig h ly fo c u s e d ra d io

b e a m This ty p e o f a n te n n a can be used to tra n s m it w e a k ra d io signals m illio n s o f m ile s back to

e a rth

( ( ( © ) ) } Y a g i A n t e n n a

Yagi is a u n id ire c tio n a l a n te n n a c o m m o n ly used in c o m m u n ic a tio n s f o r a fre q u e n c y band o f 10 M H z t o VHF a n d UHF It is also calle d as Yagi U da a n te n n a Im p ro v in g th e gain o f th e a n te n n a and re d u c in g th e noise level o f a ra d io signal are th e m a in fo cu s o f th is

a n te n n a It d o e s n 't o n ly have u n id ire c tio n a l ra d ia tio n and response p a tte rn , b u t it c o n c e n tra te s

th e ra d ia tio n and response It consists o f a re fle c to r, d ip o le , and a n u m b e r o f d ire c to rs An end fir e ra d ia tio n p a tte rn is d e v e lo p e d by th is a n te n n a

D i p o l e A n t e n n a

A d ip o le is a s tra ig h t e le c tric a l c o n d u c to r m e a s u rin g h a lf w a v e le n g th fro m end to end and c o n n e c te d a t th e RF fe e d lin e 's c e n te r It is also called as a d o u b le t It is b ila te ra lly

s y m m e tric a l so it is in h e re n tly a bala n ce d a n te n n a These kinds o f a n te n n a s are u su a lly fe d w ith

a bala n ce d p a ra lle l-w ire RF tra n s m is s io n line

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il

A l l R i g h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 6 7

Trang 35

Parabolic Grid Antenna C EH

Parabolic grid a n tennas e n a b le attackers to g e t b e tte r signal q u a lity resulting in m ore d a ta to eavesdrop on , m o re b a n d w id th to abuse and higher p o w e r o u tp u t th a t is essential in Layer 1 DoS and m an -

in -th e -m id d le attacks

SSID C h a n n e l E n c r y p tio n A u t h e n t ic a tio n S ig n a l

Awslocal 8 None U n kno w n 54% j

P a ra b o lic G rid A n ten n a

data to eavesdrop on, m ore bandw idth to abuse, and higher pow er output that is essential in Layer 1 DoS and m an-in-the-m iddle attacks Grid parabolic antennas can pick up Wi-Fi signals from a distance of 10 miles The design of this antenna saves weight and space and it has the capability of picking up Wi-Fi signals that are either horizontally or vertically polarized

SSID Channel Encryption Authentication Signal

TABLE 15.4: Various SSID's and percentage of signal quality

Trang 36

M odule Flow C EH

« - M o d u le Flow

b

-H ־־

Wireless encryption is a process of protecting the wireless netw ork from attackers

w h o can collect your sensitive inform ation by breaching the RF (Radio Frequency) traffic

This section provides insight on various wireless encryption standards such as WEP, W PA,

W PA2, W EP issues, how to break encryption algorithms, and how to defend against encryption algorithm cracking

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y EC-C0UnCil

A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 6 9

Trang 38

Types of Wireless Encryption CEH

w ire le ss s e cu rity standard

w h ich can be cracked easily

W PA2

W PA2 uses AES (1 28 bit) and CCMP fo r wireless data encryption

W PA2 Enterprise

It integrates EAP standards w ith

o f TKIP

EAP

Supports m ultiple

a uthenticatio n m ethods, such as token cards, Kerberos, certificates etc.

LEAP

It is a proprietary WLAN a uthenticatio n protocol developed by Cisco

m echanisms fo r 8 0 2 1 1 wireless networks

CC M P

CCMP utilizes 1 28 -b it keys, w ith a 4 8 -b it initialization vector (IV)

9 WEP: A W LAN clients authenticating and data encryption protocol and it is an old, original wireless security standard that can be cracked easily

Q WPA: It is an advanced W LAN clients authenticating and data encryption protocol using TKIP, MIC, and AES encryption It uses a 48-bit IV, 32-bit CRC, and TKIP encryption for wireless security

9 WPA2: W P A 2 uses AES (128-bit) and C C M P fo r wireless data encryption

9 W PA2 Enterprise: It integrates EAP standards with W P A encryption

9 TKIP: A security protocol used in W P A as a replacem ent for WEP

e AES: It is a sym m etric-key encryption, used in W P A 2 as a replacem ent of TKIP

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y EC-C0UnCil

A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 7 1

Trang 39

9 LEAP: A proprietary W LAN authentication protocol developed by Cisco

9 RADIUS: A centralized authentication and authorization m anagem ent system

networks

9 CCMP: C C M P utilizes 128-bit keys, with a 48-bit initialization vector (IV) fo r replay detection

Trang 40

CEH WEP Encryption

Q WEP uses a 2 4 -b it in itia lizatio n vector (IV) to form stream cipher RC4 fo r confidentiality, and the CRC-32 checksum fo r integrity o f wireless transmission

W hat Is WEP?

Q W ire d Equivalent Privacy (W EP) is an IEEE 8 0 2 1 1 wireless

protocol which provides security algorithm s fo r data confidentiality during wireless transmissions

WEP Flaw s

64-bit W EP uses a 4 0-bit key 128-bit W EP uses a 104-bit key size 256-bit W EP uses 232-bit key size

WEP encryp tion can be easily cracked

Q It has significant

v u ln era b ilitie s and design flaw s

It was developed without:

0 A cadem ic o r public review

Q Review fro m cryptologists

Copyright © by EC-C(ancil All Rights Reserved Reproduction is S trictly Prohibited.

WEP E n c ry p tio n

In this section we will discuss W EP encryption as well as its flaws

W hat Is WEP E ncryption?

According to searchsecurity.com, " W ire d Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard 802.11b." W EP is a

co m p o n e n t of the IEEE 802.11 W L A N standards Its primary purpose is to provide confidentiality of data on wireless networks at a level equivalent to that of w ired LANs Physical security can be applied in wired LANs to stop unauthorized access to a network

In a wireless LAN, the netw ork can be accessed w ithout physically connecting to the LAN Therefore, IEEE utilizes an encryption mechanism at the data link layer for m inim izing unauthorized access on W LAN This is accom plished by encrypting data with the sym m etric RC4 encryption a lg o rith m — a cryptographic m echanism used to defend against threats

Role of WEP in Wireless Communication

9 W EP protects from eavesdropping on w ireless com m unications

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y EC-C0UnCil

A l l R ig h t s R e s e r v e d R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d

M o d u l e 1 5 P a g e 2 1 7 3

Ngày đăng: 14/12/2021, 21:28

TỪ KHÓA LIÊN QUAN

w