A lecture given by Cyberkryption founder Paul Dutot to the British Computer Society on the state of WI-FI security in Jersey based on a survey of 13,168 access points during December 2011
2. 2
About Me
Work at Air Traffic Engineering
Incorporated Engineer
Chartered IT Professional
Interested in Ethical Hacking
Interested in Information Security
MCTS / MCSE / Solaris / Security +
‘Pentest with Backtrack’ course
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
3. 3
WI-FI Security Agenda
Surveying Equipment
Surveying Process & Legal Issues
Data Manipulation.
WI-FI Encryption types and the risks
Recent News : State of WPS
Survey Results / Mapping
How to be a secure
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
4. 4
WI-FI Security
Surveying Equipment
GlobalSat
ND100 Gps
IP65 Weather Dongle
Proof Housing
with Alfa
Networks Card
Laptop
PSU
USB extension Cables
Backtrack 5
Kismet
Alfa Networks
Card in Monitor 300 W 12v to 240v Inverter
WI-FI Card in Monitor Mode | GPSD = location information | Kismet = Beacon Frames
only !!
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
5. 5
Surveying Process & Legal Issues
Computer Misuse (Jersey) Law 1995
We survey passively so therefore we are not connectin to access points
Data Protection (Jersey) Law 2005
Registered with Data Protection Law for lecture purposes
Regulation of Investigatory Powers (Jersey) Law 2005
Obtained ‘Lawful Authority’ to survey with SoJP and parish connetables.
SoJP control room informed when surveying taking place
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
6. 6
WI-FI Security
Data Manipulation
Paul Dutot Les Mouettes,4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
7. 7
WI-FI Security
No Encryption : The Risks
No specialist knowledge
Internet
required
Unauthorised
Bandwidth theft
Theft of digital material
Identity fraud
Authorised
MPIA / RIAA letter
Download of prohibited
material
Difficulty :
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis , J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
8. 8
WI-FI Security
WEP Encryption : The Risks
Medium difficulty
Internet
Unauthorised YouTube videos available
No client connection required
Same risks as no encryption
once bypassed
Authorised
Good chance of success
Difficulty :
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IENG MIET MBCS CITP T: + (0) 7797 741 392
44
9. 9
WI-FI Security
WPA Encryption : The Risks
Specialist knowledge
Internet
required
Unauthorised
Encryption secure with non
dictionary word
4 way handshake capture
required
Authorised
Client connection required
Low chance of success
Difficulty :
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741392
44
10. 10
WI-FI Security
WI-FI Protected Security - WPS
Designed to be an easy method to connect wireless devices
Key cryptography = Good 8 digit number +128 bit Nonce
Protocol for key validity = Bad / 4 digits / 3 digits + checksum
Identified by Stefan Viehbock
Routers should go into ‘lockdown’ after 3 invalid attempts but not all
do !!
Reaver exploitation tool freely available
Vulnerability renders WPA / WPA 2 security useless
SOLUTION: disable WPS and only enable when adding new devices
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis , J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
11. 11
WI-FI Security Survey Results
Survey carried out 12-15th December
Representative survey of 13,168 access points
13.9 % (1835) = no encryption
19.37% (2551) = WEP
33.27 % (4386) are insecure i.e. WEP or No Encryption
53.9% (7097) are made by Netgear
29.1% (2066) of Netgear routers are insecure
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
12. 12
WI-FI Security
Encryption by Type
3539
3301
2550
1835 1790
87 43 13
3 1 2 1
None WPA+AES-CCM
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
13. 13
WI-FI Security
Distribution by Channel
1% 2% 0%
Channel 0
24%
Channel 1
Channel 2
Channel 3
Channel 4
35% Channel 5
Channel 6
Channel 7
2% Channel 8
3% Channel 9
Channel 10
2%
Channel 11
2% Channel 12
Channel 13
2%
2%
2%
2% 20%
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
14. 14
WI-FI Security
Manufacturer Top Ten
2% 2%
3%
3%
Netgear 7097 4%
Netgear
ThomsonT 729 4% ThomsonT
Cisco 700 Cisco
ZygateCo 429 4% ZygateCo
3com 390 3com
BelkinIn 390 BelkinIn
AskeyCom 323 6% AskeyCom
ZyxelCom 319 ZyxelCom
Tp-LinkT 268 Tp-LinkT
Cisco-Li 254 7% Cisco-Li
65%
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
15. 15
WI-FI Security
Jersey WI-FI Map
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
16. 16
WI-FI Security
Encryption = None
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IENG MIET MBCS CITP T: + (0) 7797 741 392
44
17. 17
WI-FI Security
Encryption = WEP
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741 392
44
18. 18
WI-FI Security
How to be a secure home user
Use WPA2 + AES encryption
Internet with non dictionary password
Good password on access
point management interfaces
Disable WI-FI Protected Setup
(WPS)
Authorised
WPA+TKIP then WEP for
legacy devices
Check your WPA/WPA2
password at
http://wpacracker.com
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741392
44
19. 19
WI-FI Security
How to be a secure small business – Server 2003
Internet SNMP
Network Access Control
Mixed Environment
Implement BYOD
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741392
44
20. 20
WI-FI Security
How to be a secure business – Server 2008
Use Network Access
Protection
Not available before Windows
Server 2008
Significant infrastructure
Difficult to implement BYOD
‘Windows’ only infrastructure
Mixed environments use
Packet Fence or similar
product
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741392
44
21. Secure your router guide and PDF version of survey http://w
ww.cyberkryption.com
Paul Dutot Les Mouettes, 4 La Rue De Maupertuis, J ersey
IEng MIET MBCS CITP T: + (0) 7797 741392
44