Understanding Wireless Network Threats and Vulnerabilities

Slide Note
Embed
Share

Explore the various threats and vulnerabilities present in wireless networks, including different types of attackers, weaknesses in WLAN security standards, such as WEP, and the risks associated with Bluetooth and Ad Hoc networks. Learn about the profiles of cyber attackers and the importance of implementing proper security measures to protect against potential breaches and attacks.

jes_mcg
jes_mcg Follow

Uploaded on Sep 11, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. LM 4. Wireless Network Threats & Vulnerabilities Dr. Lei Li

  2. Road Map Mobile Security Security Auditing & Risk Analysis WLAN Security Introduction Mobile Network Overview Evolution of Wireless Network WLAN Overview Cellular Network Security Infor. Security Essentials WLAN Threats & Vulnerabilities Mobile Security Threats WLAN Security WLAN Mobile Devices Security Security Tools 2

  3. Learning Outcomes After this module, a student will be able to: Describe different types of attackers Describe the vulnerabilities of WLAN in general Describe WEP, WPA and WPA2 and their vulnerabilities. Explain what s passive attack and what s active attack. List two examples of each types attack. Describe confidentiality, access control, availability, authentication and integrity attacks on WLAN. Discuss Bluetooth security features Describe Bluetooth vulnerabilities and threats Describe the threat models of the Ad Hoc wireless network 3

  4. General Profiles of A Cyber Attacker Attacker Example Script Kiddie/Skid only partially engagedin understanding offensive tools Expert Attackers Kevin Mitnick, curiosity, money, patriotism,etc. Activist/Hack tivists Anonymous Nation States Stealing, Disrupting Services Logic Bombs, support law enforcement & military Terrorists ISIS Defacement ofUS disabled Veteran websites, DDoS of power grids, Chemical Changes in Water Motive Action People interested in or Curious, Mischievous, Street Cred Since they don t know the tools they may be very noisy when attacking and perform a lot of attempts, may have the most harmful consequences Only limited by their imagination, can steal, spy, and sell exploits on the unethicalmarket @th3j35t3r, EdSkodus, Various motives, Manning,Snowden, Further a Cause Reveal Information, further a cause, deface websites, or disrupt progress of opposition Gain a greater understanding of allies andenemies Stuxnet Espionage: Further a Cause Infiltrate, destroy data, cause political upheaval, death, manipulate data in order to promote a cause Cybercrime Mafia Money DOS against financial institutions, steal credentials, sell illegal goods, anything for money, Crime as a Service (CaaS), Ransomware variants, credit card theft, etc. Destruction of data, altering data, or stealing information Insider Attacker Current or Former Employee Revenge, could be clueless employees too

  5. WLAN Vulnerabilities WLAN-Flexibility, cost-effectiveness, & easy of installation Use of Radio Frequency Difficult to contain the signals Vulnerabilities in security standards Easy to setup often means more network not properly configured for secure access 5

  6. Security Standards WEP (Wired Equivalent Privacy) Created in 1999 by IEEE 802.11b Provide same level of privacy as that of wired LAN 40/104 bit key are static & IV is short No effective key management Encryption algorithm (RC4) Known flaws Easy target for cryptanalysis Shouldn t be used in today s WLAN 6

  7. Wi-Fi Protected Access (WPA) Developed in 2004 by 802.11i to address issues of WEP Use 48bits TKIP Add Integrity protection Enterprise and personal mode Enterprise mode use EAP and 802.1x for access control and authentication Backward compatible with old device employs WEP Still uses RC4 Vulnerable to dictionary, brute force, and DoS attacks 7

  8. WPA2 Successor to WPA, ratified by IEEE 11i in 2004 Most secure security standard available Replace RC4 & TKIP with AES and CCMP for encryption and authentication More seamless roaming Still have vulnerability 8

  9. Enterprise Mode Vs. Personal Mode Exist in WPA & WPA2 Same encryption algorithms Different authentication method Enterprise mode 802.1x, designed for organizations Personal mode pre-shared keys, designed for home use 9

  10. Wireless security cheat sheet http://searchnetworking.techtarget.com/feature/Wireless-encryption-basics- Understanding-WEP-WPA-and-WPA2 10

  11. Attacks to WLAN Passive attack Traffic analysis Active attack Unauthorized access Rogue access point 11

  12. Confidentiality Attacks Traffic analysis Eavesdropping Man-in-the-Middle attack Evil Twin AP 12

  13. Access Control Attacks War driving Rogue access point MAC address spoofing Unauthorized access 13

  14. Integrity Attack Session hijacking Reply attack 802.11 frame injection attack 802.11 data replay attack 802.11 data deletion 14

  15. Availability Attacks DoS/ Queensland DoS RF Jamming 802.11 beacon flood 802.11 association flood 802.11 de-authentication Fake SSID EAPOL flood AP theft 15

  16. Authentication Attack Dictionary & brute force Shared key guessing PSK cracking Application login theft Etc. 16

  17. Bluetooth Security Security mode 1 Security mode 2 Security mode 3 Security mode 4 17

  18. Bluetooth Threats & Vulnerabilities Vulnerabilities Encryption key length negotiate No user authentication Much more Threats Bluesnarfing Bluejacking Bluebugging Etc. 18

  19. Ad Hoc Wireless Network Threats Internal threats External threats Routing threats 19

  20. Reference Praphul Chandra, Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security, ELSEVIER, 2005. Jim Doherty, Wireless and Mobile Device Security, Jones & Bartlett Learning, 2016. https://www.walshcollege.edu/upload/docs/CyberSpring/Profile%20of%20a %20Cyber%20Attacker%20Presentation.pdf https://thesai.org/Downloads/Volume5No1/Paper_25- Wireless_LAN_Security_Threats_Vulnerabilities.pdf http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800- 121r1.pdf https://www.utc.edu/center-information-security-assurance/pdfs/course- paper-5620-ad-hoc-security.pdf 20

Related


Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

ciel
Software Security Principles and Practices: Enhancing Program Code Security

Software Security Principles and Practices: Enhancing Program Code Security

abcde
Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

Understanding Wireless Communication Networks by Dr. K. Gopi at SITAMS

thelonious
Scrolls:Rolling Flexible Surfaces for Wideband Wireless

Scrolls:Rolling Flexible Surfaces for Wideband Wireless

prudence
Understanding Wireless Security Audits and Best Practices

Understanding Wireless Security Audits and Best Practices

muriel
Understanding Computer Security and Software Vulnerabilities

Understanding Computer Security and Software Vulnerabilities

chriss
Understanding Buffer Overflow Vulnerabilities in Programming

Understanding Buffer Overflow Vulnerabilities in Programming

abcde
Understanding Web Security Threats and Vulnerabilities

Understanding Web Security Threats and Vulnerabilities

kile_59
Enhancing Operational Security: Protecting Critical Information

Enhancing Operational Security: Protecting Critical Information

alveenas
Emerging Threats in Banking: Mobile Banking Vulnerabilities

Emerging Threats in Banking: Mobile Banking Vulnerabilities

dash_60
Understanding Wireless Wide Area Networks (WWAN) and Cellular Network Principles

Understanding Wireless Wide Area Networks (WWAN) and Cellular Network Principles

anselm
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

quer_sna
Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization

Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization

sidra
Understanding Hybrid Threats and Resilience through Civil Preparedness

Understanding Hybrid Threats and Resilience through Civil Preparedness

vivienne
Rate Optimization in Wideband RIS-assisted Wireless Systems

Rate Optimization in Wideband RIS-assisted Wireless Systems

llewellyn
Understanding Vulnerabilities of Individuals with Autism in Disciplinary Hearings and Employment Tribunals

Understanding Vulnerabilities of Individuals with Autism in Disciplinary Hearings and Employment Tribunals

manu
Understanding Snort: An Open-Source Network Intrusion Detection System

Understanding Snort: An Open-Source Network Intrusion Detection System

farah
Understanding Blockchain Vulnerabilities to Quantum Attacks

Understanding Blockchain Vulnerabilities to Quantum Attacks

nars186
Overview of Global Farmed Salmon and Organic Production

Overview of Global Farmed Salmon and Organic Production

xing_igo
Server-Side Technologies and Security Vulnerabilities in Mobile Services

Server-Side Technologies and Security Vulnerabilities in Mobile Services

alaysha
Coastal Challenges: Threats and Uses Analysis

Coastal Challenges: Threats and Uses Analysis

bade614
Addressing 5G Signaling Protocol Vulnerabilities

Addressing 5G Signaling Protocol Vulnerabilities

lyon
Automated Detection of SSL Vulnerabilities in Applications

Automated Detection of SSL Vulnerabilities in Applications

alve_ale
Analysis of file:// Vulnerabilities in Android Browser Apps

Analysis of file:// Vulnerabilities in Android Browser Apps

coto_ch

More Related Content

Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments
Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments
Evolution of Wireless-Wireline Convergence in 5G Networks
Evolution of Wireless-Wireline Convergence in 5G Networks
Enhancing Throughput in Multi-Hop Wireless Networks Using Reconfigurable Antennas
Enhancing Throughput in Multi-Hop Wireless Networks Using Reconfigurable Antennas
Guide to Creating Access from Wired to Wireless Devices Using Airborne AP Ethernet Bridge
Guide to Creating Access from Wired to Wireless Devices Using Airborne AP Ethernet Bridge
Exploring Web Application Vulnerabilities and JavaScript Worms
Exploring Web Application Vulnerabilities and JavaScript Worms
Network Slicing with OAI 5G CN Workshop Overview
Network Slicing with OAI 5G CN Workshop Overview
Analysis of McEliece Vulnerabilities in Escher's World
Analysis of McEliece Vulnerabilities in Escher's World
Mobile App Security: Vulnerabilities in User and Session Authentication
Mobile App Security: Vulnerabilities in User and Session Authentication
Secure Network Infrastructure Best Practices
Secure Network Infrastructure Best Practices
Understanding Network Security Threats and Goals in Computer Systems
Understanding Network Security Threats and Goals in Computer Systems
Understanding Internet Threat Landscape and Countermeasures
Understanding Internet Threat Landscape and Countermeasures
Analysis of Network Coordinate Systems and Security Vulnerabilities
Analysis of Network Coordinate Systems and Security Vulnerabilities
Understanding Wireless Propagation Models: Challenges and Applications
Understanding Wireless Propagation Models: Challenges and Applications
Healthcare Executive's Guide to Ransomware Threats
Healthcare Executive's Guide to Ransomware Threats
Understanding Cyber Security and Risks
Understanding Cyber Security and Risks
Understanding IEEE 802.11b Wireless LANs
Understanding IEEE 802.11b Wireless LANs
Understanding Different Types of Wireless Transmission Media
Understanding Different Types of Wireless Transmission Media
Wireless LANs: Components and Security Issues
Wireless LANs: Components and Security Issues
Understanding Wireless Power Technology
Understanding Wireless Power Technology
Exploring Our School Network - Physical Components and Benefits
Exploring Our School Network - Physical Components and Benefits
Challenges in Security Analysis of Advanced Reactors
Challenges in Security Analysis of Advanced Reactors
A Review of Wireless Body Area Networks for Medical Applications
A Review of Wireless Body Area Networks for Medical Applications
Comprehensive Overview of Computer Networks and Protocols for GCSE Level
Comprehensive Overview of Computer Networks and Protocols for GCSE Level
Wireless TSN in 802.11: New Requirements and Integration with 802.1
Wireless TSN in 802.11: New Requirements and Integration with 802.1