James's LISA 2005 journal: Invited Talk
Wireless Security
Michael H. Warfield, Internet Security Systems, Inc.
This session is an overview of the current state of 802.11*
wireless standards, security profiles, developments, and
practices.
As hardware costs fall, wireless networks are proliferating
rapidly. Many are badly configured and highly insecure, in spite of
improvements in standards and default configurations. This talk on
wireless security will be an update on the state of the art in
802.11[abgix] security and security practices. Included will be some
recent developments in standards, security incidents, and
developments in the field, as well as recommendations on securing
wireless infrastructure.
the speaker has managed to hit an access point 20 miles away
120 access points down I-20
inverse wardriving!
your wi-fi security policy must include workstation setup
Evil twin:
"evil twin" variant on inverse wardriving
evil access point mimicks existing access point ESSID
Evil twins are more difficult to find than rogues.
only 11 channels in NA, standard supports 13
part of the wi-fi spectrum (someone in audience: "the bottom half") is
shared with amateur radio
Slide:
Major hardware chain had an insecure wireless netowkr in Michigan.
Intruders used it to break into the home office computers in North Carolina.
Law enforcement contacted but access not shut down during investigation.
Intruders were caught sitting in the parking lot during a susequent break-in.
(They found them by turning down the AP power and seeing who moved closer.)
But... what about using a high gain directional attenna?
Spammers wardrive.
Simple Bandwidth Theft: this was one of the rare cases where simply
using bandwidth fetched a conviction.
Other illegal activities: guy in Canada driving the wrong way down a
one-way street, naked from the waist down, downloading child
pornography using open APs.
gateway control
MAC level access control
turning off SSID has nothing to do with security
turning off SSID is just a polite way of saying "this isn't public"
- but it can give people a false sense of security
it's easier to break weak passwords on WPA PSK than it is to do
codebook attacks on WEP!
SSL servers on APs may be using shared certificates
static shared certificates are worse than shared keys
people can download firmware with certificates to you AP
dynamic, self-signed, certificaes are better than shared certs
"This guy got no class."
"We've got all kinds of neat access points around ISS."
kismet www.kismetwireless.net
airsnort airsnort.shmoo.com
BSD-Airtools www.dachb0den.com
The slides will be available here:
http://www.wittsend.com/mhw/2005/Wireless-Security-LISA