WiFi Security: Keeping Your Information Private and Safe
Transcription
WiFi Security: Keeping Your Information Private and Safe
WiFi Security: Keeping Your Information Private and Safe Nicholas Moore ● ● ● ● Information Technology Technician II -Superior Federal Credit Union Chairman Lima Regional Information Technology Alliance IT Advisory Board- James A. Rhodes State College Blogger www.NicholasMoore.net Today's Mission Our goal today is to keep you safe when using WIFI. We are not trying to scare you from using WIFI. WIFI can be a great tool. We are here today to educate you on vulnerabilities. It is unlikely you will encounter the situations we will go over today. However they do happen. I want to share with you steps you can take to reduce this possibility. Concerns Introduce yourself...Share your WIFI concerns... Terms Wi-Fi a facility allowing computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area. 1990s: from wireless + an apparently arbitrary second element, after hi-fi; sometimes incorrectly interpreted as a shortening of Wireless Fidelity . Terms ● ● ● SSID is a case sensitive, 32 alphanumeric character unique identifier attached to the header of packets sent over a wireless local-area network (WLAN) that acts as a password when a mobile device tries to connect to the basic service set (BSS) -- a component of the IEEE 802.11 WLAN architecture. (This is the name of your wireless network). Access Point (AP)The computer or network device that serves as an interface between wireless- equipped computers and the rest of the network. Using an Access Point as the network backbone, each computer connects first to the AP, then another computer. Many AP's sold today also have a wired ethernet hub or switch built-in, making them a router, not just an AP. Router accepts multiple internal connections, wired and wireless, and allows them to use the same external IP address, thus lowering the cost of sharing internet access by not requiring the purchase of more IPs. Terms ● ● WEP Wired Equivalent Privacy is a set of encryption algorithms designed to protect data transmitted wirelessly. WEP actually has several gaping vulnerabilities that make it fairly easy to crack, though it still takes time. WPA, or WiFi Protected Access, is a much improved form of encryption for wireless data. It lacks the vulnerabilities that WEP had, while at the same time easing installation and use of WiFi networks. WPA2 is the follow-up product, though it is only recently making it's way into products. A Connected World You will find WIFI hotspots practically anywhere you go today. Most public places provide free and open WIFI. Some major cities are even moving to offer publicly open WIFI. Today we will explore possible security risks that you could encounter using free WIFI. We will also address homeWIFI concerns. One of the most important things to understand about open WIFI is that most data is transferred in clear text. What is clear text?: Unencrypted data, anyone who can read and view has the ability to understand it. What Are Cyber Criminals After? ● Online Banking Accounts ● Social Media Accounts ● Credit & Debit Card Numbers ● Social Security Numbers ● Email Accounts ● Online Shopping Accounts ● Character Defamation Common WIFI Attacks & Tools ● Packet Sniffers ● Rogue Wifi Networks ● Man In The Middle Attacks ● Network Injection Note: All the software and hardware tools that we go over today serve a purpose. They can be used to solve problems and for security testing. But these tools are also often used by cyber criminals for malicious purposes. Packet Sniffers Tools that can allow a cyber criminal to view any information sent over any unsecured WIFI network. Example: A user connects to a public WIFI access point. A cyber criminal is also connected. The user has just checked his email. Email is transmitted in clear text. Meaning it is not encrypted and is a non secure form of communication. The cyber criminal was just able to steal the users email address and password using a packet sniffer. Rogue Wifi Networks The attacker sets up a fake network that masquerades as a legitimate network to steal information from anyone who connects to it. This is often referred to as a honey pot. Example: A pineapple scans and copies legitimate access points. Once this is complete the cyber criminal can use the device and transmit copied WIFI networks. A user then connects to what appears to be a legitimate access point. But in reality he is connecting to the attackers pineapple. This will allow the attacker to steal all web data coming from the users computer or it could be used to setup a Man In The Middle Attack. ● This is why you should not allow devices to auto-connect Purchase your Pineapple today: https://hakshop.myshopify.com/products/wifi-pineapple Man In The Middle Is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle). This could be accomplished using a free programed called Cain & Abel. Tips To Stay Safe WIFI ● Firewall ● Antivirus Software ● Use unique passwords for different accounts ● Strong Passwords ● Use SSL/ TLS in email clients. If your host does not offer security. It's time to look for a new provider. ● Opt for secure sessions in services ● Use a paid for VPN Unique Passwords While remembering just one or two passwords is much easier than remembering many, never use the same password to access different computer systems. This is especially true for accessing various websites on the Internet. You cannot be sure your password is well-protected or even encrypted on any system you do not own. When a password in compromised, damage is minimal if the password is unique. Firewall Software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted SSL / TLS (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the internet. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity Opt In for Secure Sessions Some web services provide extra opt in security options Example: Facebook offered HTTPS access as a non default feature for some time. This since has been change VPN A virtual private network (VPN) extends a private network across a public network, such as the internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.[1] A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions Use HTTPS.. Hypertext Transfer Protocol Secure (HTTPS) Regular websites transfer content in plain text, making it an easy target for anyone who has access to your network. Many websites also use HTTPS to encrypt the transfer data. Try to take advantage of this when possible. Warning: HTTPS is not always completely secure in all situations. IMPORTANT! ● ● ● PASSWORDS CAN BE CRACKED. Do not assume you are safe on WIFI that requires you to login (unlikely but possible) Anyone on the same WIFI network is capable of stealing your traffic (this is very simple) Any WIFI access point...could be fake Home WIFI Tips ● Turn on Encryption Using the highest level possible ● Change Default SSID & Passwords ● Do not allow devices to auto connect ● Position Home Router in the middle of the home ● Disable file sharing ● Use wired connection when shopping or accessing private information ● Use Prepaid VISA cards ● Turn WIFI off during extended periods of non-use Review ● ● Be aware Public Wi-Fi is inherently insecure – so be cautious. Treat all Wi-Fi with suspicion Don’t just assume that the Wi-Fi is legitimate. It could be a bogus link that has been set up by a cyber criminal that’s attempting to capture valuable, personal information from unsuspecting users. Question everything – and don’t connect to an unknown or unrecognized wireless access point. ● Password protect your home WIFI & Change default SSID ● Do NOT allow devices to auto connect to public WIFI. Show Off Packet Sniffing ● Demo using WireShark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues. Materials ● WI-FI Secuirty Tips ● Secure your WI-FI