Wireless Security Flashcards
Detail Wireless Access Point Security
Default Wireless Administrator Passwords
WiFi Protected Access
Cloak SSID ( Disable Broadcast ) - Only someone who knows name of network can connect to it
MAC Address filtering - Network admin manually adds mac address of device that tries to connect to network
Firewall
Strategically positioning access point (Router in centre of home)
Search for rogue access points - Used by hacker to visit blocked websites - DHCP protocol very useful
Assign static IP addresses (Enhanced security)
Describe WiFi Pineapple
Network Security and penetration testing tool -> Hack 5
Can use as a rogue access point to conduct MITM attack
Can broadcast fake SSID
Eavesdrop on wireless traffic on any device that connects to it
VPN can improve security of comms being sent
Turning off WiFi on device improves security
Use websites that use https
Router Connection/ Logs
Type 192.168.1.1
www.routerlogin.net
www.routerlogin.com
Ethernet cable to router
Describe DHCP (Dynamic Host Configuration Protocol)
It is the dynamic assignment of IP addresses
Typically a client server protocol that provides an IP host with an IP address and other config info ( subnet mask or default gateway)
Static IP addresses are assigned to networking equipment like routers, firewalls and servers.
Host comps like tablets and smartphones are generally assigned a dynamic IP address
DHCP - Router or Server Function - Ports 67 & 68
View DHCP activity in Windows Event Viewer
MAC addresses of devices.
How do I find DHCP events
Search box -> Event
Events: C:\Windows\System32\winevt\Logs
Eric Zimmerman: EVTX Parser
DHCP Logging Events for DNS Registrations
DHCP Server Operational Events
How to find Forensic Evidence on different devices
WiFi Connections
Windows:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkList\Signatures\Unmanaged
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\NetworkCards
MacOS:
/Library/Preferences/SystemConfiguration/com.apple.airport.preferences
iPhone (iOS):
com.apple.wifi.plist
/private/var/preferences/SystemConfiguration/
Android:
wpa_supplicant.conf
com.google.android.gms/databases/herrevad
Herrevad:
SSID
BSSID
WiFi Security Protocol - WPA/WPA2/WPA3
Time Stamp (Device time)
Smartphone Security
Avoid Public WiFi at all costs
Prevent autoconnect
Describe WEP Wireless Encryption
Wired Equivalent Privacy (WEP)
Original WLAN Encryption Protocol
Challenging to configure
Significant vulnerabilities
WEP Attacks:
Packet Injections
Fake authentication
FMS Attack, statistical, 2001
KoreK Attack, statistical, 2004
ChopChop Attack, fake ARP, 2004
Fragmentation Attack, fragmentation, 2005
PTW Attack (Pychkine, Tews, Weinmann), statistical, 2007
Describe WPA Wireless Encryption
WiFi Protected Access (WPA)
Interim fix for WEP
WPA used a Pre-Shared Key (PSK) & Temporal Key Integrity Protocol (TKIP)
WPA –> Handshake and Encryption
Describe WPA2 Wireless Encryption
WiFi Protected Access Version 2
Based on 802.11i Wireless Security Protocol
Utilizes Advanced Encryption Standard (AES)
Unique Encryption Keys Created for each client
KRACKs (Key Reinstallation AttaCKs
Describe WPA3 Wireless Encryption
WiFi Protected Access version 3
No offline dictionary attack
Forward Secrecy - Only recent transmissions can be decrypted
WiFi easy connect - QR code activation on Iot device
Public WiFi Hotspots -> All traffic encrypted with WPA3
Safer Enterprise and Home Networks - compatible WPA3 router req
Describe Dragonfly Handshake
Dragonblood Hack
WPA3 - Personal
Recovery Network Key
Downgrade Security
Launch DoS (Denial of Service) Attack
Abuse Timing or Cache based Side channel Leaks
wpa3.mathyvanhoef.com*