4.6.

2 Wireless Attack Facts

Page 1 of 2

Wireless Attack Facts

Wireless networks are vulnerable to the following specific security attacks: Attack Description A rogue access point is any unauthorized access point added to a network. A rogue access point that is configured to mimic a valid access point is known as an evil twin. Examples include: An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a method for remotely accessing the network. An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. An attacker configures a wireless access point in a public location, and then monitors traffic of those who connect to the access point to capture sensitive information such as usernames and passwords. Be aware of the following to mitigate and protect your network against rogue access points: Monitor the radio frequencies in your area to identify access points broadcasting in your area. Put access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access. When you find an unauthorized access point, unplug the Ethernet cable on the access point to disconnect it from the wired network. Specific threats associated with data emanation (i.e., where wireless signals might be received far beyond the intended area of coverage) include: War driving is a technique that hackers use to find wireless networks. They use detection tools that locate wireless access points within an area, even if the SSID broadcast has been disabled. Once the wireless network has been detected, it is often easy to gain access to the network, even without being physically present in your building or even on your property. War chalking are marks outside of buildings that indicate the presence of a wireless network. Attackers might use these marks to alert others of open or secured wireless networks. Businesses might even use these marks to advertise their free wireless networks. To mitigate threats caused by data emanation: Do not place access points near outside walls. Conduct a site survey to identify the coverage area and optimal placement for wireless access points to prevent signals from going beyond identified boundaries. A site survey uses tools to identify the presence and strength of wireless transmissions. Implement a Faraday cage or Faraday shield to mitigate data emanation. A Faraday cage is an enclosure that prevents radio frequency signals from emanating out of a controlled environment. It is an enclosure formed by conducting material, or a mesh of conducting material that blocks external static electrical fields. Faraday cages can prevent the use of a cell phone. Encrypt all data transmitted through your access point. Use firewalls on each network access point. Packet sniffing (also known as eavesdropping) is the interception and possible decoding of wireless transmissions. Wireless transmissions can be easily intercepted. Encrypt all data

Rogue access point

Data emanation

Packet sniffing

http://content.testout.com/client/HtmlTextLoader.html

5/10/2013

4.6.2 Wireless Attack Facts

Page 2 of 2

transmitted through to and from your access point to mitigate threats from packet sniffing on the wireless network. Initialization Vector (IV) attack An initialization vector (IV) is a seed value used in encryption. The seed value and the key are used in an encryption algorithm to generate additional keys or to encrypt data. WEP encryption reuses initialization vectors which can be observed through patterns and ultimately can be cracked (known as an IV attack). For security, the initialization vector should be large and it should be unpredictable. With wireless networks, interference is a signal that corrupts or destroys the wireless signal sent by access points and other wireless devices. Interference affects the availability of a network because normal communications are not possible. Types of interference are: Interference Electromagnetic Interference (EMI) is interference caused by motors, heavy machinery, and fluorescent lights. Radio Frequency Interference (RFI) is interference on the radio channel and can be caused by nearby wireless devices using the same channel, cordless phones, or microwave ovens. Bluetooth is designed to allow devices to communicate within a personal area network (PAN) of close proximity. PAN devices include cell phones, personal digital assistants (PDAs), printers, mice, and keyboards. Bluetooth Is designed for longer distances than IR and for lower power consumption. Devices need to be in discovery mode to find each other and synchronize. Operate in the 2.4 GHz frequency range and uses adaptive frequency hopping (AFH). Eavesdropping on Bluetooth is difficult because it implements authentication and key derivation with custom algorithms based on the SAFER+ block cipher and it uses the E0 stream cipher for encrypting packets. Bluetooth is one of the most secure protocols for mobile device communication, but it is susceptible to the following: Bluejacking is a rather harmless practice which entails an unknown sender sending business cards anonymously to a Bluetooth recipient within a distance of 10-100 meters, depending on the class of the Bluetooth device. The business cards usually include a flirtatious message, used by the attacker to see a visual reaction from the recipient. Multiple messages will be sent to the device if the attacker thinks there is a chance they will be added as a contact. Bluetooth devices are not susceptible to bluejacking if they are set to non-discoverable mode. Bluesnarfing is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs. Bluesnarfing allows access to view the calendar, e-mails, text messages, and contact lists. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability. Bluebugging gives an attacker access to all mobile phone commands that use Bluetooth technology, such as initiating phone calls, sending and receiving messages, eavesdropping, and reading and writing phonebook contacts. Bluebugging can be accomplished only by highly-skilled individuals. To mitigate the risks with Bluetooth: Disable Bluetooth completely if not required. Bluetooth and the 802.11b wireless standard both operate on the same frequency range and can lead to signal interference. Turn of discovery mode if a Bluetooth connection is used on a mobile device.

Bluetooth

http://content.testout.com/client/HtmlTextLoader.html

5/10/2013