Tuesday, October 27, 2009

.:: || Wireless Security || ::.

There are three principal ways to secure a wireless network.


  • For closed networks (like home users and organizations) the most common way is to configure access restrictions in the access points. Those restrictions may include encryption and checks on MAC address. Another option is to disable ESSID broadcasting, making the access point difficult for outsiders to detect. Wireless Intrusion Prevention Systems can used to provide wireless LAN security in this network model.

  • For commercial providers, hotspots, and large organizations, the preferred solution is often to have an open and unencrypted, but completely isolated wireless network. The users will at first have no access to the Internet nor to any local network resources. Commercial providers usually forward all web traffic to a captive portal which provides for payment and/or authorization. Another solution is to require the users to connect securely to a privileged network using VPN.

  • Wireless networks are less secure than wired ones; in many offices intruders can easily visit and hook up their own computer to the wired network without problems, gaining access to the network, and it's also often possible for remote intruders to gain access to the network through backdoors like Back Orifice. One general solution may be end-to-end encryption, with independent authentication on all resources that shouldn't be available to the public.



Joining BBS




Roaming & channel

  • roaming = walk/change away from initial AP network to another AP network



802.11a

  • 54Mbps in 5Ghz range

  • not compatible


802.11g

  • 54Mbps in 2.4GHz range

  • compatible


802.11b

  • 11Mbps in 2.4GHz range

  • compatible


Open system authentication

  • Service Set Identifier (SSID)

  • Station must specify SSID to connect to the AP


Interception

  • signal week by 3 factor:



  • 1. Wall

  • 2. floor

  • 3. interference


802.11

  • 3 basic security service:


  • 1. Authentication

  • 2. Integrity - data will be encrypt by using WEP & WPA technique.

  • 3. Confidential

  • * Some say WPA is much more secure than WEP but its actually depends on what type of shared key that actually base on ots library. the it use a simple library so it would be easy to crack and hack the network

    Passive attack

    • Attacker collect all trafic

    • Attacker collect two message


  • 1. encrypted with same key and IV

  • 2. Statistical attack to reveal plain text

  • 3. Plaintext X0R chipertext = keystream


  • Tool to crack the wireless AP

    • Backtrack


    0 comments:

    WP Gadget Review | Design: fahimie Blogger port by Kepit@n Copyright 2009 | Programmed by Muhd Fahimie