CEH.V6.-.Module.20.Hacking.Wireless.Networks

1x copyright by ec council all rights reserved

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: NetStumbler to drive around and map out active wireless networks Using Netstumbler, the attacker locates a strong signal on the target WLAN Netstumbler not only has the ability to monitor all active networks in the area, but it also integrates with a GPS to map APs EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 2: Choose the Network to Attack At this point, the attacker has chosen his target the NetStumbler or Kismet can tell him whether or not the network is encrypted encrypted EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 3: Analyzing the Network Example: • • • • • • EC-Council WLAN has no broadcasted SSID NetStubmler tells you that SSID is ZXECCOUNCIL Multiple access points are present Open authentication method WLAN is encrypted with 40bit WEP WLAN is not using 802.1X Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 4: Cracking the WEP Key Attacker sets NIC drivers to monitor mode It begins by capturing packets with Airodump Airodump quickly lists the available network with SSID SSID and starts capturing packets After a few hours of Airodump session, launch Ai Aircrack to start cracking! WEP key for ZXECCOUNCIL is now revealed! EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 5: Sniffing the Network Once the WEP key is cracked and the NIC is configured appropriately, the attacker is assigned an IP and can access the WLAN Attacker begins listening to traffic with WireShark Look for plaintext protocols (in this case, FTP, POP, and Telnet) EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Wi Wireless Security EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WIDZ: Wireless Intrusion Detection Detection System WIDZ is a proof of concept IDS system for 802.11 that guards APs and monitors monitors locally for potentially malevolent activity It detects scans, association floods, and bogus/rogue APs. It can easily be integrated integrated with SNORT or RealSecure EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Radius: Used as Additional Layer in in Security EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Securing Wireless Networks MAC Address Filtering • MAC Address Filtering method uses a list of MAC addresses of client wireless network interface cards that are allowed to associate with the access point SSID (NetworkID) • The first attempt to secure a wireless network was the use of Network ID (SSID) • When a wireless client wants to associate with an access point the point, the SSID is transmitted during the process • The SSID is a seven-digit alphanumeric ID that is hard coded into the access point and the client device Firewalls • Using a firewall to secure a wireless network is probably the only way to prevent unauthorized access Wireless networks that use infrared beams to transport data from one point to another are secure EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Securing Wireless Networks (cont’d) Change the default SSID names, such as NETGEAR Add passwords to all devices on the wireless network Disable broadcast...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online