Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Security of Wireless Networks

No description
by

Márton Sebők

on 18 February 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security of Wireless Networks

Security of Wireless Networks
Márton Sebők, CEH
Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.

Kevin Mitnick
computer security consultant
This talk is intended for educational purposes only.
Any misuse of this information is solely your responsibility.
The participants accept that their devices could be used for demonstrative purposes.
What needs to be protected?
1. identity
3. trust
4. resources
5. data
RFID
WIFI
GSM
MIFARE Classic
Attacks
key recovery
10 sec
not needed with default keys
cloning
from > 60m
Chinese magic cards
emulation
If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.
Kahlil Gibran
artist, poet and writer
SDR
Security measures
hiding the SSID
MAC filtering
encryption
open
WEP
WPA
WPA2
802.1x
WPS
Sniffing
all unencrypted communication
credentials
sessions

what to do with HTTPS encryption?
pass length
-
5-13 chars
6-63 chars
6-63 chars
?
8 digits
cracking time
0
< 10min
theoretically ∞
theoretically ∞
?
< 10h
sniff
y
y
y
y
n
RSA
1. pick 2 random primes (of > 600 digits)
2. derive public & private key
3. encrypt with one key, decrypt with the other
PKI
Rogue APs
classic MITM
client-only attacks
"free" internet
cracking encryption
802.1x credentials
MITM
ARP poisoning







content spoofing
self-signed certificate
strip SSL
If you are not paying for it, you're not the customer; you're the product
being sold.
Andrew Lewis
software developer
In a time of deceit
telling the truth is a revolutionary act.

George Orwell
novelist, essayist and journalist
Thank you!
Let us not look back in anger or forward in fear, but around in awareness.

James Thurber
cartoonist, author
Deepnet - Tor
since 2002
2014: 320k pages indexed
military origins
The Hidden Wiki
WikiLeaks submission
Silk Road
bitcoins
closed down in 10/2013 by FBI, seized 26k BTC
reopened
Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it
with strangers.

Chris Pirillo
author, blogger
Password cracking
brute-force
dictionary
hybrid

must not contain user name
>= 8 chars
>= 3 different char sets from
symbols, uppercase, lowercase, numbers

high entropy, change often
Conclusions
RFID
use RFID blocking wallet
WIFI
don't trust HTTP sites
don't trust e-mails
enforce HTTPS
don't accept invalid certificates
buy VPN

use WPA2-PSK/AES (CCMP)
pick a good password
use 802.1x
validate server certificate
pick a good password
GSM
disable GSM
2. privacy
ePassport
personal data, photo, fingerprints
Hungary
1st generation from 2008
2nd generation from 2009
cloning
forging
biometrics are protected
only of non-PKD countries
fixed with 3rd generation from 12/2014
Transport cards
discovered in London, 2008
free rides for 24h
fixed by replacing in 2010

Netherlands 2008
Boston 2008
San Francisco, New York 2012
Australia 2012
New Zealand 2013
EMV
PayPass
< 5k HUF
read out card data
not name, CVV
relay attack
cloning to magnetic stripe card
for one transaction
GSM-EDGE (2G)
60%
identity numbers
IMEI
IMSI
TMSI
MSISDN
location identifiers
MNC
LAC
ARFCN
Attacks
sniffing
force downgrade to GSM by jamming
uncover TMSI with silent SMSs
record traffic
crack KC (A5/1)
paging attacks
denial of service
hijacking
Attacks cont'd
IMSI detach
KC not needed
rogue BTS
111: Шановний абоненте, ви зареєстровані як учасник масових заворушень.
Passwords
high entropy, change often
change defaults
Full transcript