10 31 2024 - rtji0/Arthur-Tech-Journal GitHub Wiki

10-31-2024

Wireless Local Area Network Attacks (WLAN)

  • Designed as a supplement for a wired LAN (cables are heavy and need to be physically replaced)

  • Wireless client network interface card (wireless adapter) preforms the same functions as a wired adapter

  • Access point (AP) is a centrally located WLAN connection device that can send and receive wireless signals, the "base station" for wireless network

  • AP acts as the bridge between wireless and wired networks because it can connect to wired network by cable

Screenshot 2024-10-31 101706

  • SSID <--> MAC address

  • Communication between routers to autoconnection to related networks

  • Connections are centrally managed

  • MS RADIUS <--> Active Directory

nps-server

  • Autonomous APs can manage wireless authentication, encryption, and other functions for wireless client devices - "fat APs"

  • APs that do not contain management and config functions - "thin APs"

  • Controller APs can be managed through a dedicated wireless LAN controller (WLC)

  • Captive portal AP used a standard web browser to provide info and allows the user to agree to a policy or present valid login credentials

Screenshot 2024-10-31 103324

  • Data center can have up to 14 kVA (explosion if problem)

  • Restrict access to datacenters, monitor all people entering

WLAN Enterprise Attacks

  • Well defines "hard edge" protects data and resources - network hard edge, physical walls and buildings that house enterprise

  • WLANs in enterprise blur these hard edges

  • Rogue AP - unauthorized access point allowing attacker to bypass network security config - usually set up by employee or insider, may be behind a firewall, opening network to attacks bypassing firewall

  • Evil twin - AP set up by attacker - attempts to mimic authorized AP from which attackers capture transmissions from users to evil twin AP

  • Hacker sends command to disconnect devices from AP, disconnecting AP and connecting to rogue AP

  • In attempting to access rogue AP, real AP password is captured for use by hacker

  • RF jamming - when attackers use intentional RF interference to flood the RF spectrum with enough interference to prevent a device from communicating with AP

  • Most home users fail to configure security on home networks

Detecting Rogue APs

  • Identifying rogue APs is known as rogue AP system detection

  • There are 4 types of wireless probes that can monitor airwaves for traffic:

− Wireless device probe

− Desktop probe

− Access point probe

− Dedicated probe

  • After detection, the information is sent to a centralized database where WLAN management system software compares it to a list of approved APs

Wired Equivalent Privacy (WEP)

  • IEEE802.11 security protocol designed to ensure that only authorized parties can view transmissions - WEP encrypts transmission

  • Secret key shared between wireless client device and AP

  • WEP can use only a 64-bit or 128-bit number to encrypt

  • WEP violates the cardinal rule of cryptography: avoid a detectable pattern

Wi-Fi Protected Setup

  • PIN method utilizes a PIN printed on a sticker of the wireless router or displayed through a software wizard