WiFi Security: Keeping Your Information Private and Safe

Transcription

WiFi Security: Keeping Your Information Private and Safe
WiFi Security: Keeping Your
Information Private and Safe
Nicholas Moore
●
●
●
●
Information Technology Technician II -Superior
Federal Credit Union
Chairman Lima Regional Information
Technology Alliance
IT Advisory Board- James A. Rhodes State
College
Blogger www.NicholasMoore.net
Today's Mission
Our goal today is to keep you safe when using
WIFI. We are not trying to scare you from using
WIFI. WIFI can be a great tool. We are here
today to educate you on vulnerabilities. It is
unlikely you will encounter the situations we will
go over today. However they do happen. I want
to share with you steps you can take to reduce
this possibility.
Concerns
Introduce yourself...Share your WIFI concerns...
Terms
Wi-Fi
a facility allowing computers, smartphones, or other devices to connect to the Internet or communicate with one another
wirelessly within a particular area.
1990s: from wireless + an apparently arbitrary second element, after hi-fi; sometimes incorrectly interpreted as a shortening
of Wireless Fidelity .
Terms
●
●
●
SSID is a case sensitive, 32 alphanumeric character unique identifier
attached to the header of packets sent over a wireless local-area network
(WLAN) that acts as a password when a mobile device tries to connect to
the basic service set (BSS) -- a component of the IEEE 802.11 WLAN
architecture. (This is the name of your wireless network).
Access Point (AP)The computer or network device that serves as an
interface between wireless- equipped computers and the rest of the network.
Using an Access Point as the network backbone, each computer connects
first to the AP, then another computer. Many AP's sold today also have a
wired ethernet hub or switch built-in, making them a router, not just an AP.
Router accepts multiple internal connections, wired and wireless, and allows
them to use the same external IP address, thus lowering the cost of sharing
internet access by not requiring the purchase of more IPs.
Terms
●
●
WEP Wired Equivalent Privacy is a set of encryption
algorithms designed to protect data transmitted wirelessly.
WEP actually has several gaping vulnerabilities that make
it fairly easy to crack, though it still takes time.
WPA, or WiFi Protected Access, is a much improved form
of encryption for wireless data. It lacks the vulnerabilities
that WEP had, while at the same time easing installation
and use of WiFi networks. WPA2 is the follow-up product,
though it is only recently making it's way into products.
A Connected World
You will find WIFI hotspots practically anywhere you go
today. Most public places provide free and open WIFI.
Some major cities are even moving to offer publicly open
WIFI. Today we will explore possible security risks that you
could encounter using free WIFI. We will also address
homeWIFI concerns.
One of the most important things to understand about open WIFI is that most
data is transferred in clear text.
What is clear text?: Unencrypted data, anyone who can read and view has the
ability to understand it.
What Are Cyber Criminals After?
●
Online Banking Accounts
●
Social Media Accounts
●
Credit & Debit Card Numbers
●
Social Security Numbers
●
Email Accounts
●
Online Shopping Accounts
●
Character Defamation
Common WIFI Attacks & Tools
●
Packet Sniffers
●
Rogue Wifi Networks
●
Man In The Middle Attacks
●
Network Injection
Note: All the software and hardware tools that
we go over today serve a purpose. They can be
used to solve problems and for security testing.
But these tools are also often used by cyber
criminals for malicious purposes.
Packet Sniffers
Tools that can allow a cyber criminal to view any information sent over
any unsecured WIFI network.
Example: A user connects to a public WIFI access point. A cyber criminal
is also connected. The user has just checked his email. Email is
transmitted in clear text. Meaning it is not encrypted and is a non secure
form of communication. The cyber criminal was just able to steal the
users email address and password using a packet sniffer.
Rogue Wifi Networks
The attacker sets up a fake network that masquerades as a legitimate
network to steal information from anyone who connects to it. This is often
referred to as a honey pot.
Example: A pineapple scans and copies legitimate access points. Once
this is complete the cyber criminal can use the device and transmit
copied WIFI networks. A user then connects to what appears to be a
legitimate access point. But in reality he is connecting to the attackers
pineapple. This will allow the attacker to steal all web data coming from
the users computer or it could be used to setup a Man In The Middle
Attack.
●
This is why you should not allow devices to auto-connect
Purchase your Pineapple today:
https://hakshop.myshopify.com/products/wifi-pineapple
Man In The Middle
Is a form of active eavesdropping in which the attacker makes
independent connections with the victims and relays messages
between them, making them believe that they are talking
directly to each other over a private connection, when in fact the
entire conversation is controlled by the attacker. The attacker
must be able to intercept all messages going between the two
victims and inject new ones, which is straightforward in many
circumstances (for example, an attacker within reception range
of an unencrypted Wi-Fi wireless access point, can insert
himself as a man-in-the-middle).
This could be accomplished using a free programed called Cain
& Abel.
Tips To Stay Safe WIFI
●
Firewall
●
Antivirus Software
●
Use unique passwords for different accounts
●
Strong Passwords
●
Use SSL/ TLS in email clients. If your host does not offer
security. It's time to look for a new provider.
●
Opt for secure sessions in services
●
Use a paid for VPN
Unique Passwords
While remembering just one or two passwords
is much easier than remembering many, never
use the same password to access different
computer systems. This is especially true for
accessing various websites on the Internet. You
cannot be sure your password is well-protected
or even encrypted on any system you do not
own. When a password in compromised,
damage is minimal if the password is unique.
Firewall
Software or hardware-based network security
system that controls the incoming and outgoing
network traffic based on applied rule set. A
firewall establishes a barrier between a trusted,
secure internal network and another network
(e.g., the Internet) that is not assumed to be
secure and trusted
SSL / TLS
(TLS) and its predecessor, Secure Sockets
Layer (SSL), are cryptographic protocols
designed to provide communication security
over the internet. This session key is then used
to encrypt data flowing between the parties.
This allows for data/message confidentiality,
and message authentication codes for message
integrity
Opt In for Secure Sessions
Some web services provide extra opt in security
options
Example: Facebook offered HTTPS access as a
non default feature for some time. This since has
been change
VPN
A virtual private network (VPN) extends a
private network across a public network, such
as the internet. It enables a computer to send
and receive data across shared or public
networks as if it is directly connected to the
private network, while benefiting from the
functionality, security and management policies
of the private network.[1] A VPN is created by
establishing a virtual point-to-point connection
through the use of dedicated connections,
virtual tunneling protocols, or traffic encryptions
Use HTTPS..
Hypertext Transfer Protocol Secure (HTTPS)
Regular websites transfer content in plain text, making it an easy
target for anyone who has access to your network. Many websites
also use HTTPS to encrypt the transfer data. Try to take advantage
of this when possible.
Warning: HTTPS is not always completely secure in all situations.
IMPORTANT!
●
●
●
PASSWORDS CAN BE CRACKED. Do not
assume you are safe on WIFI that requires you
to login (unlikely but possible)
Anyone on the same WIFI network is capable of
stealing your traffic (this is very simple)
Any WIFI access point...could be fake
Home WIFI Tips
●
Turn on Encryption Using the highest level possible
●
Change Default SSID & Passwords
●
Do not allow devices to auto connect
●
Position Home Router in the middle of the home
●
Disable file sharing
●
Use wired connection when shopping or accessing
private information
●
Use Prepaid VISA cards
●
Turn WIFI off during extended periods of non-use
Review
●
●
Be aware Public Wi-Fi is inherently insecure – so be cautious.
Treat all Wi-Fi with suspicion Don’t just assume that the Wi-Fi is
legitimate. It could be a bogus link that has been set up by a cyber
criminal that’s attempting to capture valuable, personal information
from unsuspecting users. Question everything – and don’t connect to
an unknown or unrecognized wireless access point.
●
Password protect your home WIFI & Change default SSID
●
Do NOT allow devices to auto connect to public WIFI.
Show Off Packet Sniffing
●
Demo using WireShark
Wireshark is a free and open-source packet analyzer. It is
used for network troubleshooting, analysis, software and
communications protocol development, and education.
Originally named Ethereal, in May 2006 the project was
renamed Wireshark due to trademark issues.
Materials
●
WI-FI Secuirty Tips
●
Secure your WI-FI