Attack and Defense in Wireless Networks.ppt

上传人:livefirmly316 文档编号:378695 上传时间:2018-10-09 格式:PPT 页数:14 大小:148.50KB
下载 相关 举报
Attack and Defense in Wireless Networks.ppt_第1页
第1页 / 共14页
Attack and Defense in Wireless Networks.ppt_第2页
第2页 / 共14页
Attack and Defense in Wireless Networks.ppt_第3页
第3页 / 共14页
Attack and Defense in Wireless Networks.ppt_第4页
第4页 / 共14页
Attack and Defense in Wireless Networks.ppt_第5页
第5页 / 共14页
亲,该文档总共14页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、Attack and Defense in Wireless Networks,Presented by Aleksandr Doronin,Outline,Wireless Networks and Security Attacking and defending WEP Attacking and defending WPA/WPA2 Common defense techniques Summary,Wireless Networks and Security,1) What are Wireless Networks? A wireless network is the way tha

2、t a computer is connected to a router without a physical link. 2) Why do we need? Facilitates mobility You can use lengthy wires instead, but someone might trip over them. 3) Why security? Attacker may hack a victims personal computer and steal private data or may perform some illegal activities or

3、crimes using the victims machine and ID. Also theres a possibility to read wirelessly transferred data (by using sniffers),Wireless Networks and Security,Three security approaches:WEP (Wired Equivalent Privacy) WPA (Wi-Fi Protected Access) WPA2 (Wi-Fi Protected Access, Version 2)WPA also has two gen

4、erations named Enterprise and Personal.,WEP (Wired Equivalent Privacy),Encryption: 40 / 64 bits 104 / 128 bits 24 bits are used for IV (Initialization vector)Passphrase: Key 1-4 Each WEP key can consist of the letters “A“ through “F“ and the numbers “0“ through “9“. It should be 10 hex or 5 ASCII ch

5、aracters in length for 40/64-bit encryption and 26 hex or 13 ASCII characters in length for 104/128-bit encryption.,WPA/WPA2 Personal,Encryption: TKIP AESPre-Shared Key: A key of 8-63 charactersKey Renewal: You can choose a Key Renewal period, which instructs the device how often it should change en

6、cryption keys. The default is 3600 seconds,Attacking WEP,iwconfig a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP (Address Resolution Protocol) requests to the target router macchanger a tool

7、that allows you to view and/or spoof (fake) your MAC address airmon a tool that can help you set your wireless adapter into monitor mode (rfmon) airodump a tool for capturing packets from a wireless router (otherwise known as an AP) aireplay a tool for forging ARP requests aircrack a tool for decryp

8、ting WEP keys,How to defend when using WEP,Use longer WEP encryption keys, which makes the data analysis task more difficult. If your WLAN equipment supports 128-bit WEP keys. Change your WEP keys frequently. There are devices that support “dynamic WEP“ which is off the standard but allows different

9、 WEP keys to be assigned to each user. Use a VPN for any protocol, including WEP, that may include sensitive information. Implement a different technique for encrypting traffic, such as IPSec over wireless. To do this, you will probably need to install IPsec software on each wireless client, install

10、 an IPSec server in your wired network, and use a VLAN to the access points to the IPSec server.,Attacking WPA,macchanger a tool that allows you to view and/or spoof (fake) your MAC address airmon a tool that can help you set your wireless adapter into monitor mode (rfmon) airodump a tool for captur

11、ing packets from a wireless router (otherwise known as an AP) aireplay a tool for forging ARP requests Capture WPA/WPA2 handshakes by forcing clients to reauthenticate Generate new Initialization Vectors aircrack a tool for decrypting WEP keys (should be used with dictionary),How to defend when usin

12、g WPA,Passphrases the only way to crack WPA is to sniff the password PMK associated with the handshake authentication process, and if this password is extremely complicated it will be almost impossible to crack Passphrase Complexity select a random passphrase that is not made up of dictionary words.

13、 Select a complex passphrase of a minimum of 20 characters in length and change it at regular intervals,Common defense techniques,Change router default user name and password Change the internal IP subnet if possible Change default name and hide broadcasting of the SSID (Service Set Identier) None o

14、f the attack methods are faster or effective when a larger passphrase is used. Restrict access to your wireless network by filtering access based on the MAC (Media Access Code) addresses Use Encryption,Summary,Change all possible default router settings Use encryption (WPA/WPA2) Use long and complex keys/passphrases,Thank you!,References,http:/www.backtrack-linux.org/ http:/www.aircrack-ng.org/ http:/

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 教学课件 > 大学教育

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1