Wireless network security audit. Security audit of wireless Wi-Fi networks. Wireless Security Methods

The purpose of the course is a practical study of security issues and features of protecting wireless networks. The program rationally alternates between systematic theoretical information and practical work by students under the guidance of an experienced instructor. The theoretical part of the course includes basic information on the architecture of wireless networks, as well as the standards available in this area and the security mechanisms built into the equipment for building wireless networks. In addition, an effective methodology is proposed for integrating a wireless network with the existing network infrastructure, taking into account all security aspects. More than 50% of teaching time is spent practical work at specially prepared stands illustrating various solutions for protecting wireless networks.

During the training process, students acquire skills in working with NetStumbler, Kismet, AirSnort, aircrack and other wireless network monitoring tools. Particular attention is paid to the use of the most common wireless network audit tools, both commercial and freely distributed.

Audience

  • System and network administrators responsible for the security of computer networks.
  • Specialists from organizations that plan to use wireless technologies.
  • Information security administrators.

Preliminary preparation

Basic knowledge of network technologies, basic protocols and services of the TCP/IP stack, skills in working with operating systems(OS) Windows 2003 and Linux. Knowledge of modern technologies and security protocols is welcome: VPN, PKI, IPSec.

You can test your knowledge of the TCP/IP stack protocols by requesting a self-test from the Learning Center.

As a result of training

You will gain knowledge:

  • on the architecture of wireless networks;
  • about the available security mechanisms built into wireless network equipment;
  • on the use of additional security mechanisms for wireless networks;
  • on the specifics of using attack detection systems and security scanners in wireless networks;
  • on safety issues related to the use of Bluetooth devices.

You can:

  • use basic data protection mechanisms in wireless networks;
  • increase the security of your wireless network using VPN and IEEE802.1x technologies;
  • monitor wireless networks;
  • Perform security audits of wireless networks.

Listener package

  • Branded training manual.
  • Versions of the main security measures discussed in the course, additional and reference Information on the subject of the course in electronic form.

Additionally

After successfully passing the test, graduates receive certificates from the Informzashita Training Center.

Training on this course is taken into account when receiving at the Informzashita Training Center documents of the established form on training in additional professional programs in the field of information security.

Graduates can receive free consultations from the Training Center specialists on the completed course.

Course program

  • Wireless technologies: general information. Introduction. 802.11 standard and “substandards”. Equipment and architecture of wireless networks. Threats associated with the use of wireless networks. Working with the NetStumbler program. Detecting and connecting to a wireless network (practice).
  • Basic data protection mechanisms in wireless networks. Filtering based on MAC addresses. Unauthorized connection to an access point that uses access control based on MAC addresses (practice). Use of security mechanisms built into access points. WEP protocol, its advantages and disadvantages. Kismet and AirSnort programs. Using WEP, cracking the WEP key (practice).
  • Protecting wireless networks at the network level. Separation of a wireless network into a separate segment. Using IPSec to protect wireless client traffic (practice). Protecting the wireless segment using L2TP. Application of VPN technologies to protect wireless networks (practice).
  • WPA (Wi-Fi Protected Access) and 802.11i standards. IEEE802.1x standard. Authentication protocols EAP, PEAP. Building a network infrastructure based on the recommendations of the IEEE802.1x standard (practice). TKIP protocol, Michael method and WPA technology. 802.11i standard.
  • Detection of attacks in wireless networks. Types of wireless attacks. Collection of information about wireless networks (war driving). Denial of service. MAC address spoofing. Attacks on the 802.1x authentication mechanism. Attacks on wireless network clients Architecture and features of wireless attack detection systems Detection of unauthorized access points and wireless clients. Protecting wireless network clients (practice). Wireless Network Security Monitoring
  • Security analysis of wireless networks. Specifics and methodology for assessing the security of wireless networks. Tools and sequence of actions. Collecting information about the wireless network, determining the topology.
  • WPAN networks. Bluetooth security. WPAN standards. Bluetooth architecture. Operating modes of Bluetooth devices. Search for Bluetooth devices using various tools. Vulnerabilities of Bluetooth devices, tools for identifying them.

Protection of wireless communications (for information security administrator, information security department specialist, information security analyst)

Today I would like to talk about our approach to the construction of high-performance WLAN (wi-fi) networks using the example of a completed project for one of our customers.

According to the previously signed NDA (non-disclosure agreement), we do not have the right to disclose: the name of the customer company, the transaction amount and the location of the object.

Lately, we have often encountered requests for solutions to problems with wireless networks from representatives of small and medium-sized businesses. This is understandable, because big business, unlike novice players, has financial resources and an understanding of the prospects for the development of its IT park and, in most cases, immediately competently approaches the organization of network infrastructure. Companies in the SMB (small and medium business) segment often use regular SOHO access points without placing special requirements on corporate wi-fi.

The customer came to LWCOM with the following description of the problems:

  • Wi-Fi slows down and files are downloaded slowly;
  • Poor signal in some parts of the office, and sometimes it just disappears.
A brief express examination revealed:
  • access to the wireless network is organized using a SOHO access point;
  • location of the access point - on the floor near office equipment;
  • orientation external antenna– arbitrary;
  • The radio module parameter settings are factory default, i.e. no additional settings was not produced.
Rice. Office layout. The location of the current access point is marked in red.

Typically, the problems described by the customer are caused by the following reasons:

  • Lack of wireless network planning before launch;
  • Saving factory default radio settings;
  • Lack of constant monitoring of radio parameters and adjustments taking into account changes on the air.
The customer was offered an audit of the wireless network, elimination of comments and equipment modernization. The following parameters were selected, agreed upon and approved, which will be required for comfortable office work:
  • The minimum received signal level is 67dBm;
  • The maximum radiation power of the transmitter must be within the limits permitted by law (no more than 100 mW);
  • Access points to replace an existing one must be of an office design with integrated antennas and the ability to be mounted on both the ceiling and the wall;
  • Availability of centralized management of all wireless network devices using one WEB interface;
  • Ability to adjust radio parameters in automatic mode without administrator participation;
  • Wireless data transfer speed – at least 20 Mbit/s;
  • Used frequency range– only 2.4 GHz.
As part of the initial stage of the survey, we measured the quality indicators of the current wireless network using the freely distributed software Speedtest and Network Signal Pro based on a device with Android OS. Quality indicators mean the level of the received signal and the speed of interaction with Internet resources.

Rice. Office layout. The numbers indicate the measurement points: in the room where the access point is located, in the room opposite and in two remote ones.

The measurements gave the following disappointing results

Measuring point No. 1

Measuring point No. 2

Measuring point No. 3

Measuring point No. 4

At the next stage, radio reconnaissance was carried out using the specialized Ekahau Site Survey software package, which made it possible to map the wireless network coverage of a specific room, as well as automatically plan the WLAN design depending on the material of existing barriers and their number. In our case, the barriers were partitions made of concrete and plasterboard.

Based on the requirements of the technical specifications, measurements were carried out using a laptop equipped with an external wireless USB adapter in the 2.4 GHz range. The inspection was carried out in Stop-and-Go mode. those. measurements in step-by-step mode with stops to record readings.

Rice. Layout of waypoints where measurements were taken.

Results of detailed radio reconnaissance



Detected neighboring wireless networks and the radio channels they use.

(SSID hidden)

8e:5d:4e:4d:f2:38, Unknown SSID

ac:cf:23:03:c6:10, Unknown SSID

32:cd:a7:36:5c:17, Unknown SSID

02:15:99:e4:01:cf, Unknown SSID

d4:ca:6d:92:b8:f7, Unknown SSID

90:72:40:19:99:82, Unknown SSID

6c:70:9f:eb:a8:ae, Unknown SSID

90:72:40:1d:30:de, Unknown SSID

74:d0:2b:58:b7:ec, Unknown SSID

bc:ee:7b:56:44:9e, Unknown SSID

50:46:5d:6d:de:e8, Unknown SSID

bc:ae:c5:b0:ed:7c, Unknown SSID

90:e6:ba:85:b6:63, Unknown SSID

90:e6:ba:74:2f:04, Unknown SSID

10:bf:48:92:a2:d0, Unknown SSID

54:04:a6:5b:40:a4, Unknown SSID

f4:6d:04:eb:07:4c, Unknown SSID

54:a0:50:e3:29:58, Unknown SSID

ac:f1:df:f2:28:b3, Unknown SSID

78:54:2e:8e:25:45, Unknown SSID

6c:72:20:77:04:b8, Unknown SSID

14:cc:20:5c:b7:41, Unknown SSID

10:7b:ef:61:b0:f0, Unknown SSID

conclusions
  1. Stable wireless network coverage is not provided in the part of the office opposite the access point. There is no wireless connection on mobile devices.
  2. Low speed interaction with Internet resources on mobile devices. Uncomfortable work, as well as the inability to view streaming audio and video content.
  3. The presence of many neighboring access points with overlapping radio channels that “jam” the customer’s network. In the current situation, without constant monitoring of radio parameters and changing settings on the fly, performance may deteriorate.
Next, on the provided diagram, theoretical planning was carried out taking into account the agreed upon terms of reference in the Ekahau Site Survey software interface.

In addition to the requirements of the technical specifications, the following parameters were taken into account:

  • The network is planned to have up to 30+ users simultaneously with mobile devices iOS/Android and 10 laptops. This data is needed for automatic network planning using software.
  • Point transmitter power up to 25 mW. In this case, if one access point fails, the second will increase the transmitter power to restore the coverage area (self-healing network).
  • Access points from the manufacturer Ruckus Wireless were used.
Automatic scheduler Ekahau has been issued the following arrangement of 2 access points sufficient to cover the office:

To organize a wireless network, we suggested using access points from the manufacturer Ruckus Wireless model R500, which have the following characteristics:

  • BeamFlex adaptive antenna technology – improved coverage;
  • Small size and weight – easy installation and inconspicuousness;
  • Unified management without using a controller - allowing you to significantly save on the purchase of a controller and licenses.
Due to the impossibility of installation at the planned points, it was decided to move them to the places indicated in the diagram below.


Rice. Theoretical received signal power level and new location of access points

At the end of the theoretical planning, 2 Ruckus R500 access points were purchased, configured and mounted on the ceiling in the specified locations.

After installation, a control measurement was carried out using Ekahau Site Survey.


Rice. New layout of waypoints for measurements.

Updated radio reconnaissance results



Also, after the launch of the updated wireless network, repeated measurements of the signal level and Internet connection speed were carried out using Speedtest and Network Signal Pro software based on Android OS from the same measurement points as the original ones.

Measuring point No. 1

Measuring point No. 2


Measuring point No. 3

Measuring point No. 4

As can be seen from the test results, by replacing SOHO equipment with two Ruckus R500 managed access points and choosing the optimal locations for their placement, we received a solution that meets all the requirements of the customer’s technical specifications, namely:

  • Stable signal throughout the office;
  • Guaranteed speed of interaction with Internet resources > 20 Mbit/sec;
  • Automatic regulation of radio parameters taking into account the air condition;
  • Management from a single WEB interface;
  • Aesthetic appearance of points;
  • Manufacturer's warranty for the entire system.
As a conclusion, we can say that this moment There are no barriers to building a truly productive and secure wireless network, even for small and medium-sized businesses that do not have large IT budgets.

For everyone who is interested in aspects of wireless network security, the DC7499 community is holding a small open workshop in the Hacker editorial office at Moscow, st. Lev Tolstoy. Participation is free, but pre-registration is required.

At the workshop we will tell you:

  • what current hardware options are suitable for working with Wi-Fi (Wi-Fi adapters, antennas, etc.);
  • what Linux software is relevant for security audits and hacking of 802.11 networks;
  • what nuances and limitations exist at the level software;
  • how to use documented and undocumented hardware chips.

To participate in the workshop you must have with you:

  • TP-Link 722N Wi-Fi card or similar equipment that supports monitor and access point modes;
  • laptop with Kali Linux Rolling Release OS preinstalled.

For those who do not have the opportunity to bring a suitable Wi-Fi adapter, we will try to find a similar device so that you can work and ask questions directly to the speakers during the workshop.

Where and when

Participation is free, prior registration is required. To confirm, please write to [email protected] with the topic “Registration for the workshop.” In the letter, indicate your full name or nickname and confirm that you can come. You will receive a reply letter within 24 hours Additional information by participation.

Attention, registration is required!

Where: Moscow, st. Lev Tolstoy
When: November 30, Wednesday, at 19-00
Important point: In accordance with the workshop format, we will be able to accommodate no more than 25 people. Please confirm your participation only if you are sure you can attend. For those who are unable to attend, we will definitely release material with the main points of the workshop.

ElcomSoft Wireless Security Auditor Pro 6.04.416.0is a program that effectively uses the computing power of modern video cards to recover and audit passwords on wireless networks at a speed unattainable by conventional means.

When using this technology, the most resource-intensive parts of the program are executed on powerful superscalar processors used in modern ATI and NVIDIA video cards. If there are one or more cards in the system latest generation, hardware acceleration is activated automatically. The program checks the security of your wireless network, trying to penetrate it from the outside or from the inside. You can download the program via a direct link (from the cloud) at the bottom of the page.

Key features of Wireless Security Auditor:

  • Wireless network security audit.
  • Hardware acceleration.
  • Determining the degree of security of a wireless network.
  • Determining the security level of WPA/WPA2-PSK passwords.
  • Save time using patented hardware acceleration technology and one or more NVIDIA video cards or ATI.
  • Launch powerful dictionary attacks with custom mutations.
  • Launching an attack from inside or outside the network.

click on the picture and it will enlarge

System requirements:
Operating system: Windows XP,Vista,7,8 (x86,x64)
CPU: 1 GHz
RAM: 512 MB
Hard disk space: 20 MB
Interface language: Russian
Size: 22 MB
pharmacy: included
*archive WITHOUT password

opens in a new window