Port Scanning scan report 168.1. 1 somehost com (online)ping results address:192.168.1.1(ipv4) hostnames: somehost com (user) The 83 ports scanned but not shown below are in state: closed Port state Service reason Product version Extra info tcp. open syn-ack ProFTPD 22 tcR filtered ssh no-response 25 tcpfiltered smtp no-response 80 tcp.open http syn-ack Apache 2.2.3 (Centos 106 tcp open pop3pw syn-ack poppassd 110 tcp open pop senza Courier pop3d iltered rpcbind no-response 113 tcp filtered auth no-response 2:4 tcp. open Jap syn-ack Courier Imap released 443 tcp open http syngas Apache 2.2.3 (Centos) 465 tcp open unknown syn-ack tcp ltered dp se no-respons tcp open JmaR syn-ack Courier Imap released 995 tcp open syngas 2049 tcp.filtered nfs no-response 3306 tcpopen mysa. syn-ack MySQL 5.0.45 8443 tcp.open unknown syn-ack 34 sec. scanned 1 host(s) scanned 1 host(s online o host(s) offline From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Port Scanning 16 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Vulnerabilities in Wireless Networks Confidentiality Integrity Availability Unauthorized wiFi access WiFi protocol weaknesses Picking up the beacon SSID in all frames Association issues From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Vulnerabilities in Wireless Networks • Confidentiality • Integrity • Availability • Unauthorized WiFi access • WiFi protocol weaknesses • Picking up the beacon • SSID in all frames • Association issues 17 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Failed Countermeasure: WEP Wired equivalent privacy, or WEP, was designed at the same time as the original 802. 11 WiFi standards as the mechanism for securing those communications Weaknesses in WeP were first identified in 2001 four years after release More weaknesses were discovered over the course of years, until any WEP-encrypted communication could be cracked in a matter of minutes From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Failed Countermeasure: WEP • Wired equivalent privacy, or WEP, was designed at the same time as the original 802.11 WiFi standards as the mechanism for securing those communications • Weaknesses in WEP were first identified in 2001, four years after release • More weaknesses were discovered over the course of years, until any WEP-encrypted communication could be cracked in a matter of minutes 18 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
HoW WeP Works Client and access point(AP)have a pre-shared key AP sends a random number to the client which the client then encrypts using the key and returns to the AP The aP decrypts the number using the key and checks that it's the same number to authenticate the client Once the client is authenticated the ap and client communicate using messages encrypted with the key From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
How WEP Works • Client and access point (AP) have a pre-shared key • AP sends a random number to the client, which the client then encrypts using the key and returns to the AP • The AP decrypts the number using the key and checks that it’s the same number to authenticate the client • Once the client is authenticated, the AP and client communicate using messages encrypted with the key 19 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
WEP Weaknesses Weak encryption key WEP allows to be either 64-or 128-bit but 24 of those bits are reserved for initialization vectors ) thus reducing effective key size to 40 or 140 bits Keys were either alphanumeric or hex phrases that users typed in and were therefore vulnerable to dictionary attacks Static key Since the key was just a value the user typed in at the client and AP, and since users rarely changed those keys, one key would be used for many months of communications Weak encryption process A 40-bit key can be brute forced easily Flaws that were eventually discovered in the RC4 encryption algorithm WEP uses made the 104-bit keys easy to crack as well From Security in Computing, Fifth Edition, by Charles P Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
WEP Weaknesses • Weak encryption key • WEP allows to be either 64- or 128-bit, but 24 of those bits are reserved for initialization vectors (IV), thus reducing effective key size to 40 or 140 bits • Keys were either alphanumeric or hex phrases that users typed in and were therefore vulnerable to dictionary attacks • Static key • Since the key was just a value the user typed in at the client and AP, and since users rarely changed those keys, one key would be used for many months of communications • Weak encryption process • A 40-bit key can be brute forced easily. Flaws that were eventually discovered in the RC4 encryption algorithm WEP uses made the 104-bit keys easy to crack as well 20 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved