Académique Documents
Professionnel Documents
Culture Documents
International
Telecommunication
Union
Session x: WiFi Internet Security
2
Wireless Security Initiatives
by ITU and WiFi Organisations
3
ITU
Integrated Management
4
WI-FI ORGANIZATIONS
1.3
WIRELESS TRAINING & EDUCATION - VENDOR NEUTRAL
WIRELESS CERTIFICATION ROADMAP
7
PROTOCOLS AT EACH LAYER (TCP/IP VS OSI MODEL)
TCP/IP Model OSI Model
5 Session
9
WIRELESS COMMUNICATION LAYERS – OSI LAYERS
Wireless
10
Wireless Tools operate at
OSI layers 1 and 2
11
SPECTRUM ANALYZERS – OSI LAYER 1
OSI LAYER 2 - DISCOVERY / SCANNING
Active Scanning AP Discovery
Passive Scanning
Beacons
Beacons
Beacons
Beacons
18
IPV4 AND IPV6 RELATIONS TO WIRELESS INFRASTRUCTURES
19
IPV4 AND IPV6 RELATIONS TO WIRELESS INFRASTRUCTURES
20
Wireless Security Risks
21
WIRELESS SECURITY RISKS
Different type of devices on the network, each having their own security
settings (and limitations)
22
WIRELESS SECURITY RISKS
Default configurations of wireless equipment
End users not familiar with corporate use policy and limited knowledge
how to recognize / enforce security
23
WIRELESS SECURITY RISKS - AVIATION
No standardization on policies
Some airlines allow mobile devices continuously on some airlines don’t
allow it, but there is no policy enforcement
24
WIFI – EXAMPLE OF WIRELESS SECURITY ISSUES
Hotspot Phishing
Rogue APs
Server
Mobile User
AP
INTERNET
INTRANET
Laptop
Desktop
Non-Compliant APs
Municipal Wi-Fi
25
WIFI - WIRELESS VULNERABILITIES
Type Attacks
Rogue APs
Reconnaissance Open/Misconfigured APs
Ad Hoc stations
WEP, WPA, LEAP cracking
Sniffing/Eavesdropping Dictionary attacks / Brute Force / Rainbow Tables
Leaky APs
MAC spoofing
Masquerade HotSpot attacks
Evil Twin / Wi-Phishing attacks
Multicast / Broadcast injection
Insertion Routing cache poisoning
Man in the Middle attacks (MITM)
Disassociation
Denial-of-Service Duration field spoofing
RF jamming
MOBILE – EXAMPLE OF WIRELESS SECURITY ISSUES
Vulnerabilities:
• IMEI
• BTS – BSC
• HLR
• VLR
Naming of hotspots
http://mashable.com/2016/05/02/qantas-wifi-scare/#P9g.PDs.IGqX
29
OTHER WIRELESS SECURITY RISKS
BlueTooth
Virus / Worms / Malware
Listening to phone calls (headset) or car audio systems
Changing languages (“DoS”)
Car Hacking via Bluetooth (Controlling the car)
NFC (Near Field Communication)
Credit Cards with NFC communication
Transportation cards (“Bus”, “Train”)
Toll gates using wireless cards
Hotel Key cards
ZigBee
Home Automation equipment
Floor Controllers
Thermostats
30
20 March 2014
Snoopy - Drone can steal what's on your phone via WiFi
(kind of a HoneyPot attack)
The research will be presented at the Black Hat Asia cybersecurity conference in
Singapore 25-28 March 2014
http://money.cnn.com/2014/03/20/technology/security/drone-phone/
http://ht3.cdn.turner.com/money/big/technology/2014/03/20/t-drone-steals-phone-
info.cnnmoney_620x348_dl.flv
31
WiFi Security measures Demo
32
Live Demonstration
Certified Wireless
Support teams
Page - 36
Standardization
Note: Wireless = Mobile/Cellular, WiFi and indoor/outdoor mission/business critical wireless technologies
.
Page - 37
End of Session
International
Telecommunication
Union