Concepts:Chapter 8
|
frequency |
channels, channel bandwidth |
data throughput | range | |
802.11a |
5 GHz band |
12, 8 not overlapping, 20 MHz each |
up to 54 Mbps | 25-75 feet |
802.11b |
2.4 GHz band |
14, 3 not overlapping, 22 MHz each |
up to 11 Mbps |
100-150 feet |
802.11g |
2.4 GHz band | 14, 3 not overlapping, 22 MHz each | 54 Mbps | 100-150 feet |
802.11n |
2.4 or 5 GHz bands, or both with multiple antennas | 14, 3 not overlapping, 20 or 40 MHz
each |
65 to 600 Mbps | 100-150 feet |
802.11ac |
5 GHz band | 5, up to 80 MHz wide |
78 Mbps to 433 Mbps/data stream |
115-460 feet |
Because the facts about these technologies vary from installation to installation, you will want to treat the claims of vendors with some skepticism. Be aware of the names of the standards, their frequencies, and their relative shortcomings.
A typical wireless LAN adapter does not have a standard LAN jack (an RJ-45 is standard for Ethernets), but does have some kind of radio antenna, which may not be visible. A Wireless Access Point (WAP or just AP) typically has three components:
The text also discusses other standards. It has four pages on Bluetooth,
followed by material on more standards and problems.
Bluetooth - A Bluetooth system
is meant for short range, temporary
communication between devices no more than ten
meters (33 feet) apart. The text tells us that it is for Personal
Area Networks (PANs), that use two topologies. Let's learn some terms
along with the two topology types.
You should know about two Bluetooth attack types:
Near Field Communications (NFC) - This technology requires devices to be close enough to touch each other. A frequent example is a person holding their smart phone near a Point of Sale (POS) device that is pulling credit information from the phone. One of the points of such a short range technology is that is meant to be used only for trusted exchanges of information. Four vulnerabilities and a defense for each of them are in the table below:
Vulnerability | What it means | Defense |
Eavesdropping | a transaction may be intercepted | Use encryption where possible; do not use NFC when near anyone else. |
Data Manipulation | jamming of the transmissions; this is really just preventing the transaction | Use a device that monitors for this activity. |
Man in the middle attack | attacker intercepts both sides of the transaction, impersonates one or both | Use active-passive pairing, so each device can only send or only receive. (Note that this does NOT defeat an attack that buys more from the POS, which could be staged by the vendor.) |
Theft | a thief who steals the device can use it for purchases, or whatever it is configured to do | Configure the device to require a PIN or password for the transaction. |
Wireless LAN attacks are another topic in the text.
The text makes an argument that wireless networks are harder to defend because they can have many points at which a device may join or contact the network, as opposed to the more controlled number of entry points on a wired LAN. Each WAP becomes another switch from which an intruder may join the network. Each wireless device becomes a potential vulnerability that an attacker might exploit. We are warned specifically to configure the security settings for WAPs to reject unknown devices and users. Here are some wireless exploits that might be used:
Some techniques are more useful against wireless LANs that have no security configurations. This seems less prevalent than in the recent past, but it is still possible here and there. Be aware of the terms war driving (driving around looking for unprotected access points) and war chalking (marking access points for later attack or for other intruders).
There are more wireless vulnerabilities. A classic encryption method that is typically still offered on most equipment is Wired Equivalent Privacy (WEP). It should no longer be used due to some major problems:
We should probably never use Wi-Fi Protected Setup (WPS) which I have not encountered in these discussions before. The bottom line is that its security is also hackable, and it should be added to our "do not use" list.
You might think that MAC address filtering, limiting access to devices having specific MAC addresses might be a good idea. For wireless connections, this turns out to be less secure than we would like. MAC addresses are sent in clear text when associating (making a connection to a WAP), so they are easily discovered, then the attacker pretends to be an approved device. Controlling access by MAC address also becomes more difficult the more devices you allow to attach to the network. This is like the standard recommendation to use host files only if you have fewer than 10 hosts in your LAN. So this method becomes hard to manage as well as being less than secure.
It has been a standard recommendation for several years to configure your WAPs so they do not beacon. Beaconing is broadcasting your Service Set Identifier (SSID) which is the name of your WAP's wireless network. The concept has been that if there is no beacon, a user must actually know the SSID to request access through it. The problem is that network management packets are typically sent in clear text, and they will include the SSID, so a hacker can harvest it anyway.
The text suggest some standard protective measures on page 204.
On page 205, the text begins a discussion of wireless hacking tools. Several are listed, but its two favorites appear to be NetStumbler and inSSIDer. The text points out that NetStumber has not been updated in a while, and it only supports protocols through 802.11n. inSSIDer has an older free version, and a newer licensed version. Our author seems to like its interface. Both versions are downloadable for Windows, macOS, and Android. If you follow the links in this paragraph to download a copy, make sure you do not download anything else that the site wants to trick you into downloading.
The text discusses some defensive measures at the end of the chapter.
Most have been discussed already.
Assignments |