Several events and activities conducted to mengamanan wireless networks, among others:
1. SSID Hiding
Many administrators conceal Services Set Id (SSID) wireless network them with intention that only knows the SSID can be connected to their network. This not true, because the hidden SSID may not actually be perfect. At the moment specific or particularly when the client will connect (associate) or when it will decide themselves (Deauthentication) of a wireless network, then the client will continue to send the SSID in form plain text (though using encryption), so if we intend menyadapnya, can easily find that information. Some tools that can be used for get ssid that dihidden among others, kismet (kisMAC), ssid_jack (airjack), aircrack, void11 and much more.
2. Wireless security with WEP key only
WEP is a security & encryption standard first used on the wireless, WEP has many weaknesses, among others:
The problem of weak key, the RC4 algorithm used can be solved.
WEP uses static keys
Problem initialization vector (IV) WEP
Problem message integrity Cyclic Redundancy Check (CRC-32)
WEP consists of two levels, namely 64 bit key, and 128 bits.
Actually, the secret key in 64 bit WEP key is only 40 bits, is a 24bit Initialization Vector (IV). Likewise on 128-bit WEP key, secret key consists of 104bit.
The attacks on the weaknesses of WEP are:
The attack on the weaknesses of the initialization vector (IV), often called the FMS attack. FMS stands for the third name the inventor of the weakness IV Fluhrer, Mantin, and Shamir. This attack is carried out by collecting a weak IV as much as possible. The more weak IV is obtained, the more quickly find the key used
Obtain a unique IV data obtained through the packet to be processed for the process WEP key cracking faster. This is called chopping attack, the first time found by h1kari. This technique only requires a unique IV, thereby reducing Weak IV needs to do WEP cracking.
The two attacks above requires time and enough packet, to shorten time, the hackers usually do traffic injection. Traffic Injection frequently done is to collect and send back an ARP packet to the access point. This resulted in the collection of the initial vector easier and faster.
Unlike the first attack and second, to traffic injection attacks, it is necessary specification tools and applications that start rarely found in stores, ranging from
3. Only by wireless security key or WPA-PSK WPA
2-PSK
WPA is a temporary security technology that was created to replace key WEP. There are two types namely WPA Personal (WPA-PSK), and WPA-RADIUS.
Currently that can already be crack is WPA-PSK is possible with a brute force method attack offline. Brute force by using trial and error many words from a dictionary. This attack will succeed if the passphrase is used wireless indeed terapat dictionary words used in the hacker.
To prevent any attack on wireless security using WPA-PSK, use a passphrase that is long enough (one sentence).
Tools that are well known to use this attack is CoWPAtty ( http://www.churchofwifi.org/) and aircrack (http://www.aircrack-ng.org). These tools requires a list of words or wordlist, can be taken from http://wordlist.sourceforge.net/
4. MAC Filtering
Almost every wireless access point or router is facilitated by the MAC security Filtering. It is actually not much help in securing communications wireless, because MAC addresses are very easy dispoofing or even altered.
Tools ifconfig in OS Linux / Unix or a variety of tools such as network utilities, regedit, smac, machange on windows OS easily be used for spoofing or replace MAC address.
I still often find wifi in the office and even the ISP (which usually used by the cafe-cafe) that only use MAC filtering protection. With use wardriving applications like kismet / aircrack kisMAC or tools, can information obtained by the MAC address of each client that is connected to an Access Point.
After getting this information, we can connect to the Access Point with changing the MAC in accordance with the client earlier. In wireless network, MAC address duplication not lead to conflict. Only need a different IP client earlier.
5. Captive Portal
Captive Portal infrastructure originally designed for community purposes enable all people to connect (open network). Captive portals actually is a router or gateway machine that protect or not to allow any traffic until the user registration / authentication. Here's how the captive portal:
and not infrequently have to do the patching
user with a wireless client is allowed to connect wireless to get IP address (DHCP)
block all traffic except those leading to the captive portal (Registration / Authentication based web) located on the cable network.
or steered redirect all web traffic to a captive portal
after a user to register or login, please allow access to the network (Internet)
Some things to note, that the captive portal only do connection tracking clients based on IP and MAC address after authentication. This makes captive portal is still possible to use without authentication because the IP and MAC address can dispoofing. The attack by spoofing IP and MAC. Spoofing MAC address as has been described in section 4 above. Medium to IP spoofing, which required more effort by making use of ARP cache poisoning, we can redirect traffic from client been connected before.
Other attacks are fairly easy to do is to use the Rogue AP, which is set up Access Point (usually using HostAP) that uses components of the same information as AP targets such as SSID, BSSID to the frequency channel is used. So when a client which will connect to the AP made us, we can redirect traffic to the actual AP.
Not infrequently the captive portal built on a hotspot has a weakness on the configuration or design their networks. For example, authentication is still using plain text (http), management can be accessed via the wireless network (located in the same network), and much more.
Another weakness of the captive portal is that the communication of data or traffic when it authentication (connected network) will be sent is still not encrypted, so can easily be intercepted by hackers. For that need to be careful in connecting hotspot network, in order to try to use secure communications protocols such as https, pop3s, ssh, imaps
1. SSID Hiding
Many administrators conceal Services Set Id (SSID) wireless network them with intention that only knows the SSID can be connected to their network. This not true, because the hidden SSID may not actually be perfect. At the moment specific or particularly when the client will connect (associate) or when it will decide themselves (Deauthentication) of a wireless network, then the client will continue to send the SSID in form plain text (though using encryption), so if we intend menyadapnya, can easily find that information. Some tools that can be used for get ssid that dihidden among others, kismet (kisMAC), ssid_jack (airjack), aircrack, void11 and much more.
2. Wireless security with WEP key only
WEP is a security & encryption standard first used on the wireless, WEP has many weaknesses, among others:
The problem of weak key, the RC4 algorithm used can be solved.
WEP uses static keys
Problem initialization vector (IV) WEP
Problem message integrity Cyclic Redundancy Check (CRC-32)
WEP consists of two levels, namely 64 bit key, and 128 bits.
Actually, the secret key in 64 bit WEP key is only 40 bits, is a 24bit Initialization Vector (IV). Likewise on 128-bit WEP key, secret key consists of 104bit.
The attacks on the weaknesses of WEP are:
The attack on the weaknesses of the initialization vector (IV), often called the FMS attack. FMS stands for the third name the inventor of the weakness IV Fluhrer, Mantin, and Shamir. This attack is carried out by collecting a weak IV as much as possible. The more weak IV is obtained, the more quickly find the key used
Obtain a unique IV data obtained through the packet to be processed for the process WEP key cracking faster. This is called chopping attack, the first time found by h1kari. This technique only requires a unique IV, thereby reducing Weak IV needs to do WEP cracking.
The two attacks above requires time and enough packet, to shorten time, the hackers usually do traffic injection. Traffic Injection frequently done is to collect and send back an ARP packet to the access point. This resulted in the collection of the initial vector easier and faster.
Unlike the first attack and second, to traffic injection attacks, it is necessary specification tools and applications that start rarely found in stores, ranging from
3. Only by wireless security key or WPA-PSK WPA
2-PSK
WPA is a temporary security technology that was created to replace key WEP. There are two types namely WPA Personal (WPA-PSK), and WPA-RADIUS.
Currently that can already be crack is WPA-PSK is possible with a brute force method attack offline. Brute force by using trial and error many words from a dictionary. This attack will succeed if the passphrase is used wireless indeed terapat dictionary words used in the hacker.
To prevent any attack on wireless security using WPA-PSK, use a passphrase that is long enough (one sentence).
Tools that are well known to use this attack is CoWPAtty ( http://www.churchofwifi.org/) and aircrack (http://www.aircrack-ng.org). These tools requires a list of words or wordlist, can be taken from http://wordlist.sourceforge.net/
4. MAC Filtering
Almost every wireless access point or router is facilitated by the MAC security Filtering. It is actually not much help in securing communications wireless, because MAC addresses are very easy dispoofing or even altered.
Tools ifconfig in OS Linux / Unix or a variety of tools such as network utilities, regedit, smac, machange on windows OS easily be used for spoofing or replace MAC address.
I still often find wifi in the office and even the ISP (which usually used by the cafe-cafe) that only use MAC filtering protection. With use wardriving applications like kismet / aircrack kisMAC or tools, can information obtained by the MAC address of each client that is connected to an Access Point.
After getting this information, we can connect to the Access Point with changing the MAC in accordance with the client earlier. In wireless network, MAC address duplication not lead to conflict. Only need a different IP client earlier.
5. Captive Portal
Captive Portal infrastructure originally designed for community purposes enable all people to connect (open network). Captive portals actually is a router or gateway machine that protect or not to allow any traffic until the user registration / authentication. Here's how the captive portal:
and not infrequently have to do the patching
user with a wireless client is allowed to connect wireless to get IP address (DHCP)
block all traffic except those leading to the captive portal (Registration / Authentication based web) located on the cable network.
or steered redirect all web traffic to a captive portal
after a user to register or login, please allow access to the network (Internet)
Some things to note, that the captive portal only do connection tracking clients based on IP and MAC address after authentication. This makes captive portal is still possible to use without authentication because the IP and MAC address can dispoofing. The attack by spoofing IP and MAC. Spoofing MAC address as has been described in section 4 above. Medium to IP spoofing, which required more effort by making use of ARP cache poisoning, we can redirect traffic from client been connected before.
Other attacks are fairly easy to do is to use the Rogue AP, which is set up Access Point (usually using HostAP) that uses components of the same information as AP targets such as SSID, BSSID to the frequency channel is used. So when a client which will connect to the AP made us, we can redirect traffic to the actual AP.
Not infrequently the captive portal built on a hotspot has a weakness on the configuration or design their networks. For example, authentication is still using plain text (http), management can be accessed via the wireless network (located in the same network), and much more.
Another weakness of the captive portal is that the communication of data or traffic when it authentication (connected network) will be sent is still not encrypted, so can easily be intercepted by hackers. For that need to be careful in connecting hotspot network, in order to try to use secure communications protocols such as https, pop3s, ssh, imaps