CWNP CWNA – Types of Wireless Attacks Part 3
For whatever reason, we don’t hear a lot of people talk about denial of service. And you know what? Denial of service on radio frequency is the easiest thing you can do. I can go to any electronics store, buy a jammer, turn it on, and your wireless service is gone. It’s that easy. I mean, I want to keep people from getting out of the network. I can just, again, intentionally jam it. I could probably even do it with my laptop. If I get on the same channel as yours and try to get a higher amplitude, it’s I don’t know, an easier way to say that denial of service is easy.
Remember, we’re talking about denial of service on wireless. So you have to be close, right, to the wireless network. Even if you want to intercept traffic, you still have to be close. So that’s about the only thing that might restrict me, is how close can I get to the access point to try to prevent that signal from being used. Some jamming could be unintentional, by the way. Again, it’s different appliances, cordless phones, if anybody still has those, they don’t mean to do a denial of service. But if I can get anything to begin to transmit on your channel, on your frequency band, if it’s loud enough, then you’re going to lose service.
Something really cool today is that we’re seeing a lot of wids or wips wireless intrusion detection or prevention, and the goal is to find those unauthorized access points. So when we look at a network and we have a lot of and I’m just drawing little antennas and we have a wireless access or a wireless LAN controller paying attention every so often a little time, slice a very small time slice. These access points will stop working to transmit and receive data. And they will scan all of the channels, looking to see if there’s any other access points or other signs of interference and report it to the wireless LAN controller. The wireless LAN controller actually has many different tricks they can do. So I don’t know how to draw an evil one of these. Let’s just call this one the R rogue.
It has a lot of tricks up its sleeves where it can actually send messages to the real access points to transmit data, hoping that the return comes into the actual wireless line controller so you can find out if it’s just your neighbor in the office next door with an access point that has no problems at all with your network. Or if somebody really has connected one to you. But anyway, so they call it detection to be able to find out what’s happening there. But then if it is something attached to your network, oh, this is even better. The wireless line controller can program your existing access points to attack that one to send things like deauthenticate, or if there’s a computer connected to it and you’re your office, it can send messages to it to disassociate. And so we can actually do our own little denial of service against that rogue access point.
So as an example, again, you could also buy an access point that does nothing for your network as far as data, but it exists solely to listen to your network, to listen to the air, to look for interference, or to look for rogue access points. It’s not unusual. If you were to be inside of an office building and you walk into this building and you look at the roof and you see an access point about 3ft from another access point, you might say, well, why do you need that kind of coverage so close? And that’s because one of them is in monitor mode. That’s right. We pay money for an access point we don’t use for data, but it’s just doing that job looking for those access points that shouldn’t be there.
So if we found one, I wish I could draw skull and crossbones like that. Part of it being called wireless intrusion prevention. Prevention means we can do something to stop that. So they might send a spoofed client de authentication frame, meaning that if somebody in our network was accidentally connected to it, they would be deauthenticated and we would send it also to the laptop that made the mistake of connecting to the rogue access point. So they both would then break the connection between them, hoping that we would then get the real access point to connect to us.
Anytime you talk about security, there are a lot of different tools, fun, gadgets. Every vendor has some really cool equipment that you could use. But before you just go out and buy stuff and put it in in hopes that it works, you’ve got to start with a blueprint. You’re just not going to buy a bunch of lumber and build a house without a plan. And that plan and security is what we call a security policy. So whenever you’re going to begin this process of looking at security, you have to start with that main blueprint, giving yourselves, or at least establishing what a security policy is. And that policy might at first be very general, but it’s from that general policy that we can then create more refined policies which are going to lead to your standards and procedures that you’re going to put into place for security.
So from that top level policy, you have a functional policy to be more specific about the technical aspects of wireless security, such as how to secure wireless networks in terms of the solutions and the actions that you think you need. So you might have what they call policy essentials, which are just the basic security procedures like passwords policies, training, baseline of security. Baseline, meaning this is the minimum I’m going to allow as far as what I want for security.
If you do more, that’s better. You could even just use the vendor best practices as your baseline and move forward from that design and implementation. Again, that’s back to the blueprint of what we want to do. And then, of course, you need to somehow monitor, audit and respond. If you find doubt that you’re not meeting at least that baseline.
Part of your policies should be about the bring your own device. What do we do with people with smartphones and tablets? Because everybody wants and expects to be able to use those devices in your network. So you need to have a bring your own device policy. And here’s what I’m really worried about, is people are connecting with their phones and tablets to your access point, going into the wired network, downloading files from a file server and doing it legitimately so they can do their. Job, but then they leave and they take usually an unencrypted drive with all of your very important data and go home with it or leaving the car or whatever the case may be. Part of your policy might just be about encryption of the data on your phones. I’ve seen some places where they give their employees their own tablets and smartphones from the company that are already set up with those security features, so they could use them for personal or business use.
Again, remote access. As far as what happens, they take their devices off site or if they want to create their own connections, what if they are at home? What if they’re at home and they want to make a vpn into the network? Well, at your house you might do a wireless connection with your access point and that might be unencrypted, even though you’re going to go through the internet and over to headquarters and all of that’s secured. If I really wanted to hack a company, I would find out all the people who work from home and I’d parked my car outside and listen to their unsecured communications from inside the house because I wouldn’t understand this vpn stuff, but I could still get the information. And also a policy about rogue access points, whether it’s something that somebody benignly brings from home, you should have a corporate policy about bringing extra network equipment as well as having a plan to respond to those real rogue access points that might be harming your network.
There should be a policy about not allowing ad hoc. Right. That’s the independent Basic Service set. Remember that’s where I told you two computers without an access point are making wireless connections with each other. So you shouldn’t allow it because that’s kind of like a peer to peer network and it just is leading for the potential of somebody hijacking that session coming in proper use, right? Acceptable use policies should be outlined as far as what you can or can’t do. And hopefully you have an intrusion detection policy how to respond to the alerts if something’s been found.
So in this module, we talked about wireless attacks, intrusion monitoring, about creating wireless security policies. And I hope even though I went back what do they call it on the cartoon, my way, way back machine to talk about some things that people used to do to eavesdrop and break into wireless. We’re still doing those things, but with a lot more sophisticated tools. So I hope all of this gave you information that you could go back and create a more secure network.
Popular posts
Recent Posts