Network Analysis - Bengal Chamber of Commerce and Industry

Download Report

Transcript Network Analysis - Bengal Chamber of Commerce and Industry

www.cdackolkata.in
Computer Security
C-DAC/Kolkata
C-DAC All Rights Reserved
1
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• This presentation is intended to inform the
audience about the dangers associated with a
computer network devices and it is not a
demonstration of any Hacking .
2
Demos
• Wireless Security
www.cdackolkata.in
• Web Security
C-DAC/Kolkata
C-DAC All Rights Reserved
3
INDEX
www.cdackolkata.in
• Introduction
• A Step-by-Step process of Wireless
Communications
• Prevent Your Network from Getting Hacked
C-DAC/Kolkata
C-DAC All Rights Reserved
4
www.cdackolkata.in
INTRODUCTION
C-DAC/Kolkata
C-DAC All Rights Reserved
5
Wireless Internet
• It is internet access without the use of wires.
www.cdackolkata.in
• Instead it uses radio frequency bands to
exchange information between your computer
and the Internet within a range .
C-DAC/Kolkata
C-DAC All Rights Reserved
6
www.cdackolkata.in
Types of Wireless Security
C-DAC/Kolkata
C-DAC All Rights Reserved
7
Types of Security
• OPEN : No security configured
www.cdackolkata.in
– Obviously not advised
– Data is in the air in plain text and anyone can read it
• WEP : Wired Equivalent privacy
– Very week and not recommended
– Used in Open and Shared-Key Authentication
C-DAC/Kolkata
C-DAC All Rights Reserved
8
Types of Security…
• WPA: Wi-Fi Protected Access
C-DAC/Kolkata
Much better than WEP
Pre shared Key concept used
Encryption Algorithm used TKIP
Easy to setup, as easy as WEP
Available in all the common wi-fi routers
A must for all home users
Will take a long time to break in
C-DAC All Rights Reserved
www.cdackolkata.in
–
–
–
–
–
–
–
9
Types of Security…
• WPA2: Advance Wi-Fi Protected Access
C-DAC/Kolkata
Better than WPA
Used AES as Encryption System
Takes little more pain to setup
Advised in corporate environments
Strong encryption and authentication support
C-DAC All Rights Reserved
www.cdackolkata.in
–
–
–
–
–
10
Wireless Security Standards
www.cdackolkata.in
C-DAC/Kolkata
C-DAC All Rights Reserved
11
Description of WEP Protocol
WEP relies on a shared secret key (40 bit/128 bit) which is shared
between the sender (client) and the receiver (Access Point).
Integrity Check - to ensure packets are not modified in transit.
www.cdackolkata.in
Secret Key - to encrypt packets before they are transmitted
The standard does not discuss how shared key is established. In
practice, most installations use a single key which is shared
between all mobile stations and access points.
12
C-DAC/Kolkata
C-DAC All Rights Reserved
12
How to configure WPA
–
–
–
–
WPA
WPA-PSK
WPA-Personal
WPA2-Personal
• Set a complex password
• Change the login password of the wireless router.
• Done
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• Open the configuration of your wi-fi device
• Go to wireless setting
• Under security option, select any one
13
www.cdackolkata.in
Look for this
C-DAC/Kolkata
C-DAC All Rights Reserved
14
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
A Step-by-Step process of
Wireless Communication
15
A little info…
• For Connecting with a AP user render data
segment called Beacon frames.
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• After connected with AP the data segment is
called Packet.
16
More info…
• The more users that are connected to one
access point, the more packets are generated.
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• Depending on how long the computer is
connected, it can generate a certain number of
packets per day.
17
First…
• You must locate the wireless signal
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• This can be done by using your default
Windows tool “View Available Wireless
Network”
18
Second…
• If it is using authentication or encryption then
for the next step a Cracking tool can be use
for WEP keys.
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• Once you located a wireless network you can
connect to it unless it is using authentication or
encryption.
19
Third….
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• Once enough packets recovered it will then
captured information gathered from the packets
and crack the key giving you access.
20
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
Prevent Your Network from
Getting Hacked
21
Prevent Your Network from Getting
Hacked
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• Don’t broadcast your SSID . This is usually done
during the setup of your wireless router.
• Change the default router login to something else.
• If your equipment supports it, use WPA or WPA 2
because it offers better encryption which is still able to
be broken but much harder.
• Always check for updates to your router.
• Turn off your router or access point when not using it.
22
Security Advised
• Change the router login password frequently
• Change the wireless WPA password also
– At least once a month
• Avoid temptation to connect to open wireless
just looking for free internet.
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
– At least once a month
23
Security Advised..
• We can configure DHCP more tightly.
–
–
–
–
C-DAC/Kolkata
I have 3 machines in my home (desktop/laptop/phone)
I’ll create a IP pool of 3 IPs only
I’ll do DHCP reservation using the MAC of these 3 IP
Effectively I’m not allowing any outsider machine to connect
C-DAC All Rights Reserved
www.cdackolkata.in
– Lets not keep an open pool where any one can
connect
– Example
24
Security Advised..
• We can configure MAC binding.
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
– Allow only MY machines to connect
– Many access points support MAC binding
– Any other machine will not be able to connect to
my Wi-Fi
25
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
Web Security
26
Methods
Man-in-the-Middle Attacks
www.cdackolkata.in
Stealing Passwords
Trojan Horses
Exploiting Defaults
Wireless Attacks
C-DAC/Kolkata
C-DAC All Rights Reserved
27
Man-in-the-middle(MITM) Attack



MAC(Media Access Control) duplication
ARP (Address Resolution Protocol) poisoning
Router table poisoning
Fake routing tables
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in

28
Conclusion
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
• There is no such thing as 100% percent
security when using wireless networks but at
least with these few simple steps you can make
it harder for the average person to break into
your network.
29
C-DAC/Kolkata
C-DAC All Rights Reserved
www.cdackolkata.in
Thank You
30