Wireless and Mobile Security

Module – 13
Day - 21

Instructor - Bappe Sarker

Agenda
• Building Secure Wireless Network
• Wireless Network Models
• RF and Protocol Attacks
• Wi-Fi Security Standrads
• Mobile Device Management
Lab-8:Specialized Mobile Security Tools (Trend Micro
MDM)
Lab-9: Wireless Access Point Hacking
Securing Wireless Network
• Modern networks incorporate wireless networks using the 802.11
standard, Wi-Fi, enabling laptops, tablets, and smartphones to
connect to the wired resources, such as file servers and printers.
Wireless networks, however, represent a broad attack surface that,
if not secured properly, provides excellent opportunities for
attackers to access those same resources. Thus, a key component
of network security is to lock down wireless net- works sufficiently
to keep out attackers yet still enable authorized users to access
network resources easily.
Understanding Wireless Network
Wireless communication refers to any type of data exchange
between the parties that is performed wirelessly (over the air). This
definition is extremely wide, since it may correspond to many types
of wireless technologies, like −
• Wi-Fi Network Communication
• Bluetooth Communication
• Satellite Communication
• Mobile Communication
Wireless Security Standards
• Since the beginning of IEEE 802.11 standard, the wireless networks were
evolving at a significant pace. People saw the potential in this type of data
transmission; therefore 802.11 successors were showing up, few years after
each other. The following table summarizes the current 802.11 standards that
are used in our times −
Wireless Access Point (AP)
• Access Point (AP) is the central node in 802.11 wireless implementations. It is
the interface between wired and wireless network, that all the wireless clients
associate to and exchange data with.
Wireless Controller (WLC)
• In corporate wireless implementation, the number of Access Points is often
counted in hundreds or thousands of units. It would not be administratively
possible to manage all the AP's and their configuration (channel assignments,
optimal output power, roaming configuration, creation of SSID on each and
every AP, etc.) separately.
Cell & Channels
• A cell is basically a geographical region covered by the AP's or BTS's antenna
(transmitter). In the following image, a cell is marked with a yellow line.
• In environments with multiple APs placed in the same physical area, the smart
channel assignment is used in order to avoid collisions (collisions of the frames
transmitted on exactly the same frequency from multiple sources at the same
time).
Wi-Fi Channels and Operating
Frequency
Wi-Fi Antenna Types
Wireless Authentication &
Encryption
• We will briefly go through the possible authentication schemes that are used in the wireless
deployments. They are: Open Authentication and Pre-Shared Key (PSK)-based authentication. The
former one is based on EAP frames to derive dynamic keys.
• The term Open Authentication is itself very misleading. It suggests, that some kind of authentication
is in place, but in fact, the authentication process in this scheme is more like formal step, rather than
authentication mechanism. The process looks like how it is shown in the following diagram
Wireless Authentication Protocols
• The purpose of these protocols is to help secure your wireless network, and you
should consider them for implementation on your wireless network.

Wired Equivalent Privacy(WEP): WEP was created to secure and

ensure data confidentiality at the same level that a traditional wired
network offered. Wireless connections transmit data through radio
waves, which can be intercepted. WEP was designed to encrypt this
data so that even if it were to be intercepted, such as through a MiiM
attack, the threat actor would not be able to decipher its contents.

Wired equivalent privacy is a retired Wi-Fi security algorithm that

has been deemed unsafe and easy for threat actors to crack. For this
reason, it is almost never recommended to use WEP to secure Wi-Fi
networks or transmissions.
Wireless Authentication Protocols
Wi-Fi Protected Access (WPA): Wi-Fi Protected Access (WPA) was
designed to improve upon security and to fix some of key and the
Temporal Key Ithe flaws found in WEP. WPA uses a 128-bit integrity
Protocol (TKIP), which is a protocol used to change the encryption
keys for every packet that is sent.
Wi-Fi Protected Access2 (WPA2): WPA2 uses CCMP with the
Advanced Encryption Standard (AES) protocol for encryption of
wireless traffic instead of TKIP and also supports additional
features such as added protection for ad hoc networks and key
caching. Because WPA2 uses AES as its encryption protocol, it
supports 128-bit, 192-bit, and 256-bit encryption.
 Wi-Fi Protected Access2 (WPA2): WPA3 has been improved by using a number
of security features such Simultaneous Authentication of Equals (SAE), which
increases security by allowing the access point to authenticate the client as well
as the client to authenticate the access point. This improvement to the
authentication security helps prevent the cracking of handshake traffic that is
common with WPA2.
Wireless Threats
• Configuration Problems (Misconfigurations or Incomplete
Configurations)
Simple configuration problems are often the cause of many
vulnerabilities because many consumer/SOHO-grade access points
ship with no security configuration at all. Other potential issues
with configuration include weak passphrases, feeble security
deployments, and default SSID usage.
• Denial of Service or De-authenticaiton Attack
Anybody familiar with network security is aware of the concept of
denial of service (DoS), also referred to as a “spoiler.” It is one of
the simplest network attacks to perpetrate because it only requires
limiting access to services. This can be done by placing viruses or
worm programs on your network, or by simply sending a large
amount of traffic at a specific target with the intent of causing a
slowdown or shutdown of wireless services.
Wireless Threats
• Passive Capturing
Passive capturing (or eavesdropping) is performed simply by
getting within range of a target wireless LAN, then ‘listening to’
and capturing data which can be used for breaking existing
security settings and analyzing non-secured traffic. Such
information that can be “heard” include SSIDs, packet exchanges,
and files (including confidential ones).
• Rogue (or Unauthorized/Ad-Hoc) Access Points
One method often used by attackers involves setting up a rogue
access point within the range of an existing wireless LAN. The idea
is to ‘fool’ some of the authorized devices in the area to associate
with the false access point, rather than the legitimate one.
Wireless Threats
• Evil Twin Attack
An attacker can gather
enough information
about a wireless access
point to impersonate it
with their own, stronger
broadcast signal. This
fools unsuspecting users
into connecting with the
evil twin signal and
allows data to be read or
sent over the internet.
Server authentication
and penetration
testing are the only tools
that will aid in ending
evil twin attacks.
Wireless Attack Demo

• 01: Password cracking by capturing handshake

and cracking
• 02: Capture password by performing evil-twin
attack
Bring Your Own Device (BYOD)
• BYOD stands for bring your own device, and the
most commonly accepted BYOD meaning is when
employees use their own personal devices to connect to
the organization's network and access what they need
to do their jobs. This includes data and information that
could be potentially sensitive or confidential.
• Bring your own device (BYOD) represents an opportunity
for employees to boost their productivity, and when
executed using the appropriate safety protocols, a
bring-your-own-device policy provides a combination of
flexibility and security.
Bring Your Own Device (BYOD) Risks
• 1. Lack of control over devices
When employees use their own devices, it can be difficult for the company
to ensure they are not downloading or installing malicious software or
other harmful applications. This can put the company's sensitive data and
systems at risk.
• 2. Vulnerability to cyberattacks
Personal devices may not have the same level of security as company-
owned devices, and employees may not be aware of the importance of
protecting sensitive company information.
• 3. Legal implications of a data breach
If employees are storing sensitive company information on their personal
devices, it can be difficult to ensure that the data is properly protected in
accordance with applicable laws and regulations.
How to Reduce BYOD Risks
 MDM (Mobile Device Management)
• Mobile Device Management (MDM) software is a vital
component that monitors, safeguards, manages, and supports
different types of mobile devices and tablets including iPhone,
iPad, Android, and BlackBerry, along with the applications that run
on them. It monitors all mobile devices with different operating
system such as Android, Windows, and Symbian mobile.
 MDM (Mobile Device Management)
• Mobile Device Management (MDM) software is a vital
component that monitors, safeguards, manages, and supports
different types of mobile devices and tablets including iPhone,
iPad, Android, and BlackBerry, along with the applications that run
on them. It monitors all mobile devices with different operating
system such as Android, Windows, and Symbian mobile.
MDM Features / Capabilities
MDM Features / Capabilities
MDM Features / Capabilities
MDM Features / Capabilities
Any Question?
Thank You