SECURE SYSTEMS

Secure Systems



Secure Systems

Topic 1: WiFi continues to have serious security weaknesses and the compromise of WPS

Abstract

This paper discusses the security implications when using the various wireless protocols and includes demonstrations of attacks on WEP and WPA2 networks. This document aims to highlight the risks wireless technologies present and explain how these risks can be countered to safeguard networks and data. This paper focuses on war driving attacks, WEP and WPA wireless access protocols, weaknesses in WPS (WiFi Protected Setup), rogue access points and evil twin attacks.

Introduction

In 2007, TJX (a company that owns T.K. Maxx (in the UK), Marshalls, HomeGoods and A.J. Wright) admitted that hackers had been stealing data via wireless networks for at least 18 months before they were discovered. The attackers had obtained access via an insecure deployment of wireless networks in two retail facilities in Miami and stole information including over 45 million credit and debit card details. Analysts have estimated the cost of the breach to be over $8.6 billion in fines, legal costs and brand reputational damage. The real truth is that wireless networks were being exploited long before this very public case and still remain a threat to many organisations today. (Dlodlo 2011: 161-168)Being aware of the risks and implementing secure protocols and clients is the key to safeguarding your network assets. This document aims to highlight the risks wireless technologies present and explain how you can circumvent these risks to safeguard your networks.

Open WiFi Networks

'Open' or unencrypted wireless networks are publicly available networks that anyone, within range of the access point, can connect to. This represents an opportunity for an attacker to join the network, scan for accessible target hosts/networks and use Internet bandwidth if traffic can be routed this way. With a powerful directional Yagi antenna, the attacker can eavesdrop on network traffic from up to several miles away. (Durkee 2010: 62-69)

Open wireless networks are often created to provide a backup or test Internet connection for IT department personnel. However, if the connecting device (e.g. a corporate laptop) can be compromised from a local network perspective (i.e. the laptop is missing critical security patches and has no firewall turned on) then an attacker can potentially join the open network, compromise the laptop and install backdoor software. If this laptop was then plugged into the main corporate network, the attacker would then be able to identify and attack critical internal servers e.g. active directory and database servers (via the backdoor software) and potentially take full control of the Windows network by gaining Domain Administrator privileges. (Bisong 2011: 30-45)

An attacker may also be able to access internal networks without compromising connected devices. The wireless network may be part of the corporate network by design (a very questionable network design though) or there may be a mis-configuration of some description that the client is not aware of. ReactionIS have discovered many such misconfigurations and have helped clients rectify the issues. We would always suggest performing a sanity check from unsecured wireless networks (just in ...