The document outlines a presentation by two speakers on hacking and information security. It introduces the speakers and their backgrounds in cybersecurity. The presentation topics include basics of WiFi networks, wireless standards, encryption algorithms, wireless hacking methodology and common attacks. It also covers how to stay secure and defensive tools. Interactive portions engage the audience on their WiFi security concerns and ask for feedback to improve future sessions.
2. We Are…The Speakers…
Sudarshan Pawar
Certified Security Expert(C.S.E.)
Certified Information Security Specialist (C.I.S.S.)
Security Xplained (TechNext Speaker)
Computer Engg.
& a Security Professional
Prakashchandra Suthar
Security Enthusiast
Cisco Certified Network Associate
Red Hat Linux Certified
Security Xplained (TechNext Speaker)
Computer Engg
Security Researcher.
3.
4. Topics to be covered
• Basics of Wifi
• Types of wireless networks
• Wireless Standards(802.11 series)
• Encryption Algorithms
• Wireless hacking methodology
• ATTACKS(commonly encountered)
• Staying secure(Defense)
• Security Tools
We are not including stats, history, who did what/when/why-> Bcoz it’s Booooring….!!! U can
google them later….!
7. Wifi Basics
• WiFi(Wireless Fidelity)->Wireless
networks(commonly referred as WLAN
• Developed on IEEE 802.11 standards
• Wireless networks include: Bluetooth, Infrared
communication, Radio Signal etc.
• Components used:
o Wireless Client Receiver
o Access Point
o Antennas
15. WiFi Standards
Points 802.11b 802.11a 802.11g 802.11n
Extension to 802.11 802.11 802.11a 802.11g
Bandwidth (Mhz) 20 (11Mbps) 20 (54Mbps) 20 (54Mbps) 20 (54Mbps)
40 (150Mbps)
Frequency(Ghz) 2.4 5 2.4 2.4, 5
Pros Lowest cost;
signal range is
good and not
easily obstructed
fast maximum
speed; regulated
frequencies
prevent signal
interference from
other devices
fast maximum
speed; signal
range is good and
not easily
obstructed
fastest maximum
speed and best
signal range;
more resistant to
signal
interference from
outside sources
Cons slowest
maximum speed
highest cost;
shorter range
signal that is
more easily
obstructed
costs more than
802.11b;
appliances may
interfere on the
unregulated
signal frequency
standard is not
yet finalized;
16. Are u seriously concerned about wifi
security????? Be honest!
18. WEP(Wired Equivalence Privacy)
• The first encryption scheme made available
for Wi-Fi.
• Uses 24 bit initialization vector for cipher
stream RC4 for confidentiality
• CRC-32 bit checksum for integrity.
• Typically used by home users.
• Uses 64,128, 256 bit keys
• Flawed from the get go.
19. WEP Working
KEY
STORE WEP Key IV
RC4
CIPHER KEYSTREAM
DATA ICV
PAD KID CIPHERTEXTIV
WEP ENCRYPTED
PACKET(MAC FRAME)
CRC 32
CHECKSUM
XOR
ALGO.
20. WEP Weakness
1. Key management and key size
2. 24 bit IV size is less.
3. The ICV algorithm is not appropriate
4. Use of RC4 algorithm is weak
5. Authentication messages can be easily forged
24. WPA2
• Long Term Solution (802.11)
• Stronger Data protection & Network access
control
• Used CCMP
– Based on AES
• Hardware changes required
Types
1. Personal Pre Shared Key
2. Enterprise 802.1x + RADIUS
42. Defense against WPA / WPA2 attacks
• Extremely Complicated keys can help
• Passphrase should not one from dictionary, so
use uncommon-senseless words.
• Key should be more than 20 chars with
combination of special chars, numbers,
alphabets. Change them at regular intervals.
44. 1. WPA instead of WEP
2. WPA2 Enterprise implementation
3. Place AP at secured location.
4. Centralized authentication & Update Drivers
regularly.
5. Changing default SSID after Configuring
WLAN
6. Firewall policies & Router access Password
Security Checkboxes
45. 1. MAC add. Filtering
2. Encryption at Access Point
3. Packet Filtering between AP
4. Network Strength configuration.
5. Use Ipsec’s for encryption on WLANS
6. Check out for Rogue Access Points
Security Checkboxes(contd…)
48. Questions?
• What you want to ask, many already have that same question
on their mind. Be bold and lead
• OK, if you don’t want to speak and keep shut and keep
thinking about it in your mind and take those questions home,
make sure you email those to us and sleep well at night!
49. What should be our topic for the next meet?
I hate to ask but, how can we make this better?