Hacking Wireless Networks

Table of contents:

  • Bluetooth operates at a frequency of 2.45GHz and divides the bandwidth into narrow channels to avoid interference with other devices that use the same frequency.
  • Bluetooth has been shown to be vulnerable to attack. One early exploit is Bluejacking. It allows an individual to send unsolicited messages over Bluetooth to other Bluetooth devices.
  • Bluesnarfing is the theft of data, calendar information, or phone book entries. This means that no one within range can make a connection to your Bluetooth device and download any information they want without your knowledge or permission.

    Table FF.8. Wireless Standards and Frequencies

    IEEE WLAN Standard

    Over-the-Air Estimates

    Frequencies

    802.11b

    11Mbps

    2.40002.2835GHz

    802.11a

    54Mbps

    5.7255.825GHz

    802.11g

    54Mbps

    2.40002.2835GHz

    802.11n

    540Mbps

    2.40002.2835GHz

  • The 802.11b 802.11g and 802.11n systems divide the usable spectrum into 14 overlapping staggered channels whose frequencies are 5MHz apart.
  • Direct-sequence spread spectrum (DSSS) This method of transmission divides the stream of information to be transmitted into small bits. These bits of data are mapped to a pattern of ratios called a spreading code.
  • Frequency-hopping spread spectrum (FHSS) This method of transmission operates by taking a broad slice of the bandwidth spectrum and dividing it into smaller subchannels of about 1MHz.
  • WPA uses Temporal Key Integrity Protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and adds an integrity-checking feature which verifies that the keys haven't been tampered with. WPA improves on WEP by increasing the IV from 24 bits to 48. Rollover has also been eliminated, which means that key reuse is less likely to occur.

Table FF.9. WPA Versus WPA2

Mode

WPA

WPA2

Enterprise mode

Authentication: IEEE 802.1x EAP

Authentication: IEEE 802.1x EAP

 

Encryption: TKIP/MIC

Encryption: AES-CCMP

Personal mode

Authentication: PSK

Authentication: PSK

 

Encryption: TKIP/MIC

Encryption: AES-CCMP

Table FF.10. EAP Types

Service

EAP-MD5

LEAP

EAP-TLS

EAP-TTLS

PEAP

Server Authentication

No

Uses password hash

Public key certificate

Public key certificate

Public key certificate

Supplicant Authentication

Uses password hash

Uses password hash

Smart card or public key certificate

PAP, CHAP, or MS-CHAP

Any EAP type such as public key certificate

Dynamic Key Delivery

No

Yes

Yes

Yes

Yes

Security Concerns

Vulnerable to man-in-the-middle attack, session hijack, or identity exposure

Vulnerable to dictionary attack or identity exposure

Vulnerable to identity exposure

Vulnerable to man-in-the-middle attack

Vulnerable to man-in-the-middle attack


Virus and Worms

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net