Study Notes Wireless Access Security Disabling Unused Connections As with any service or device, if a wireless adapter is not being used, it is best to disable it or turn the device off, just to protect against the connection being misused. Most notebooks have a button or Fn key shortcut to turn off the wireless adapter. Alternatively, you can use the adapter's configuration software, or just disable the device through Device Manager or CMOS Setup. Follow this rule for any type of unused connection: IrDA, Bluetooth, wired LAN, and so on. Stress the importance of disabling unused connections and services. e It is also vital to periodically survey the site to detect rogue APs ("white hat" war driving). If connected to a LAN without security, an unauthorized AP creates a very welcoming backdoor through which to attack the network. A rogue AP could also be used to capture user log in attempts. www.youtube.com/watch?v =bHg7qwbFcT0 Sa m pl A rogue AP masquerading as a legitimate one is called an "Evil Twin" or sometimes "Wiphishing". An evil twin might just have a similar name (SSID) to the legitimate one or the attacker might use some DoS technique to overcome the legitimate AP. This attack will not succeed if authentication security is enabled on the AP (unless the attacker also knows the details of the authentication method). One solution is to ensure the use of 802.1X security so that APs and clients must perform mutual authentication. There are also various scanners and monitoring systems designed to detect rogue APs, including NetStumbler and Kismet. Jamming (Interference) As mentioned above, a wireless network can be disrupted by interference from other radio sources. These are often unintentional but it is also possible for an attacker to purposefully jam an access point. This might be done simply to disrupt services or to position an "evil twin" AP on the network with the hope of stealing data. www.youtube.com/watch?v =q7VM-h-1VBw A Wi-Fi jamming attack can be performed by setting up an AP with a stronger signal. Wi-Fi jamming devices are also widely available (though they are often illegal to use and sometimes to sell). Such devices can be very small but the attacker still needs to gain fairly close access to the wireless network. No part of these notes may be reproduced in any form, electronic or printed, without the written permission of a director of gtslearning International Limited. If you suspect that these notes have been unlawfully copied, please telephone +44 (0)207 887 7999 or email [email protected] Page 295 Module 4 / Unit 5 CompTIA Security+ Certification Support Skills (2011 Objectives) The only ways to defeat a jamming attack are either to locate the offending radio source and disable it or to boost the signal from the legitimate equipment. AP's for home and small business use are not often configurable but the more advanced wireless access points, such as Cisco's Aironet series, support configurable power level controls 129. Enterprise models usually also support RF sweep scanning for rogue APs. Bluetooth www.youtube.com/watch?v =eyR2LofIKKI e pl Bluetooth PCMCIA card in a notebook computer As a radio-based technology, Bluetooth does not require line of sight. It is quoted to work at distances of up to 10 meters (30 feet) for Class 2 devices or 1 meter (3 feet) for Class 3 devices. Bluetooth is limited to speeds of about 1 Mbps 130. m Bluetooth vulnerabilities are mostly derived from research projects rather than actual threat sources but the risk is likely to increase. Devised by Ericsson Mobile Communication, Bluetooth is a shortrange 2.4 GHz FHSS radio-based wireless communications system to be found on an increasing number of devices, such as cell phones and laptops. It is used to implement peripheral device connectivity in a Personal Area Network (PAN). Sa Bluetooth devices have their own security issues, summarized below: ■ Device discovery - a device can be put into discoverable mode meaning that it will connect to any other Bluetooth devices nearby. Unfortunately, even a device in non-discoverable mode is quite easy to detect. 129 Simply increasing power output is not always reliable. As you increase power, you also increase the chance of the signal bouncing, causing more interference, especially if there are multiple APs. Also, the client radio power levels should match those of the AP or they may be able to receive signals but not transmit back so power levels are best set to autonegotiate. You should also be aware of legal restrictions on power output - these vary from country-to-country. 130 Devices supporting the Bluetooth 2.0 (Enhanced Data Rate [EDR]) standard have a maximum transfer rate of 3 Mbps. There are also Class 1 devices that work at a range of 100m but these are restricted to industrial applications. Page 296 No part of these notes may be reproduced in any form, electronic or printed, without the written permission of a director of gtslearning International Limited. If you suspect that these notes have been unlawfully copied, please telephone +44 (0)207 887 7999 or email [email protected]