Transcript SHARK Node - Iowa State University

Shark: A Wireless Internet
Security Test Bed
Senior Design Project May07-09
Stephen Eilers
Jon Murphy
Alex Pease
Jessica Ross
What is SHARK?
• SHARK is a wireless security network to be
used to study security related issues on
wireless networks
• Meant to be a tool to teach interested
students about wireless security
• Also meant to report statistics about
attackers and methods used to researchers
at ISU
Intended Users
• Primary
– College students in computer related fields
– Most likely ages 18 to 22 and male
– Should already know the basics of
wireless networking
– Most likely uses a UNIX-based OS
• Secondary
– Interested community members
– People around campus looking for a free
access point
Intended Uses
• Primary
– To be used as a learning tool for students
– To be used as a means of gaining
information about methods of attack
Assumptions
• Software shall be freeware
• Traffic analyzer should be able to monitor connections,
packet traffic, and activity inside of machines hosting
WAPs
• Traffic generator shall generate authentic traffic
• Web server shall be secure
• Web server shall log names, emails, and MAC addresses
of prospective hackers
• There will be five levels of difficulty
Limitations
• Wireless access points must be
portable
• Initial build of SHARK must consist of
three or fewer computers
• SHARK must be built within a $150
budget
SHARK Node
Shark
Ubuntu
Squid
Void11
Apache
Mysql
WireShark
SHARK – Software
• OS - Ubuntu
– Linux operating system
– Free/Open-source software
– Latest distribution in Debian family
– Excellent documentation and support
– User Interface is easy to use
SHARK – Software
• Squid
– Web proxy cache
– Fairly well documented
– Free, open-source software
– Supports our needs and more
• Allows for use as transparent proxy
• Port 80 forwarding on SHARK and all 7-of-9
traffic to web
• Rest of traffic on shark, tunneled to virtual
Machine
SHARK – Software
• Apache
– Free, open-source software
– Well documented
– Used to create local web-server
login/registration
• Keep track of users
– Used to help analyze results
– Monitor individuals and their specific techniques
– Ability to determine what hardware is in use
SHARK – Software
• MySQL
– Well documented
– Free/Open Source software
– Easy to use
– Database
• Locally used store user login/registration
• Store captured data
SHARK – Software
• WireShark/Ethereal
– Free/Open-Source Software
– Well Documented
– Experience using software
– Network Protocol Analyzer
• Uses second wireless card
• Captures all traffic on SHARK Network
– Attack attempts
– Generated traffic
Levels of Security
• SHARK has five levels of security
– Guppy
• No security, used for basic registering on network
– Clownfish
• WEP security
– Swordfish
• Rotating WEP security
– Barracuda
• WPA security
– SHARK
• RADIUS security
• Each level provides statistical data on
hacking patterns
7-of-9
• Off-the-Shelf wireless access point
– Provides easy installation of open wireless
network
– Connects to Hub to provide generic
internet access for comparison
– Traffic is captured and analyzed on SHARK
node.
Traffic Generator – Baiting the
Hook
• To break WEP and WPA encryption,
attackers must analyze thousands of
packets
– Not just any packets, but ARP packets
• Void11
– Forces the generator to disconnect from the
network by generating de-authentication
packets
• Homebrew daemon
– will be running to reconnect the generator to
the SHARK network when it gets disconnected
– Acting as a normal user
Traffic Generator – Baiting the
Hook
• Void11 + daemon = ARP flooding
– Can produce on average of 75,000 ARP
packets/hour
• ARP packets contain Initialization Vectors
• a block of bits that is required to allow a stream or
block cipher executed in any of several streaming
modes without having to go through a re-keying
process.
• Takes 50k – 200k IV’s to crack 64-bit WEP
• Takes 200k – 700k IV’s to crack 128-bit WEP
• Takes 500k – 1 Million IV’s to crack WPAPSK
Secure Tunneling
•VPN
– Virtual Private Network
– Provide secure
communications over
unsecured networks for
data integrity
•Benefits
– extensible and easy to
manage while providing
the level of security we
desire
•Downsides
– if the machine itself is
compromised, they have
direct access
•Solution
– using scripts we are
able to “on-the-fly”
configure the SHARK box
Secure Tunneling – VPN
• One of the only ways to
provide a secure and
extensible way to access
the SHARK machines
• Need the ability to create
multiple VPN sessions, so
a VPN server is required
• Multiple solutions available
– Point to Point Tunneling
Protocol
– Layer 2 Tunneling
Protocol
– Secure Sockets Layer
Electrical View
virtualnet
smallbox
Sharkweb
hub
D-Link
router
Internet
Electrical View Pros/Cons
• One external IP
• Firewall
• branches
• Lots of port
forwarding
Port Forwarding
External->Internal
10022(non tunnel) -> Virtualnet(ssh)
10023(non tunnel)-> Smallbox(ssh)
10024(non tunnel)-> Sharkweb(ssh)
80(non tunnel)-> Sharkweb(http)
All other tunnel -> Virtualnet
All other non tunnel -> dropped
Machine Breakdown
VirtualNet
Ubuntu
Xen
SmallBox
SUSE
Snort
WireShark
Mysql
Apache
Sharkweb
FreeBSD
Apache
Mysql
php
Sharkweb
• OS
• Webserver
• Web Utilities
FreeBSD
Apache
MySQL, PHP
SmallBox
•
•
•
•
OS
Packet Capture
Filter
Webserver
SuSE LINUX
WireShark
Snort
Apache
Virtualnet
• OS
• Virtual Machine Manager
Ubuntu
Xen
Virtual Machine 1(trophy)
•
•
•
•
•
OS
Remote Log on
Webserver
Mail
Programming
FreeBSD
SSH
Apache
Squirrelmail
Gcc, G++
Virtual Machine 2
• OS
• Utilities
Debian Linux
TarPit
Virtual Machine 3
• OS
• Software
RedHat
HoneyD
Design Evaluation Form
SHARK Wireless Network
Functionality
Relative
Importance
Evaluation
Score
Resultant Score
Create Secured Wireless Network
20%
100%
20%
Virtual Net to direct user traffic to.
10%
100%
10%
Web server to register users
10%
100%
10%
Generate traffic to populate the network
10%
100%
10%
Security levels for users to break through.
15%
80%
12%
Secure tunnel from SHARK node to
15%
60%
9%
Capture data from access attempts.
10%
100%
10%
Analyze captured data
10%
10%
1%
Total
100%
82%
Questions?