Page 239 - StudyBook.pdf
P. 239

Communication Security: Wireless • Chapter 4  223

                 have to either identify the WEP secret key or capture the key through malware or
                 stealing the user’s notebook.

                 Protecting Against Spoofing and Unauthorized Attacks

                 Protecting against these attacks involves adding several additional components to
                 the wireless network.The following are examples of measures that can be taken:
                      ■  Using an external authentication source such as RADIUS or SecurID, will
                         prevent an unauthorized user from accessing the wireless network and the
                         resources with which it connects.

                      ■  Requiring wireless users to use a VPN to access the wired network also
                         provides a significant stumbling block to an attacker.

                      ■  Another possibility is to allow only SSH access or SSL-encrypted traffic
                         into the network.

                      ■  Many of WEP’s weaknesses can be mitigated by isolating the wireless net-
                         work through a firewall and requiring that wireless clients use a VPN to
                         access the wired network.

                 Network Hijacking and Modification


                 Numerous techniques are available for an attacker to “hijack” a wireless network or
                 session.And unlike some attacks, network and security administrators may be
                 unable to tell the difference between the hijacker and a legitimate “passenger.”
                    Many tools are available to the network hijacker.These tools are based on basic
                 implementation issues within almost every network device available today.As
                 TCP/IP packets go through switches, routers, and APs, each device looks at the
                 destination IP address and compares it with the IP addresses it knows to be local. If
                 the address is not in the table, the device hands the packet off to its default gateway.
                    This table is used to coordinate the IP address with the MAC addresses that are
                 known to be local to the device. In many situations, this is a dynamic list that is
                 compiled from traffic passing through the device and through Address Resolution
                 Protocol (ARP) notifications from new devices joining the network.There is no
                 authentication or verification that the request received by the device is valid.Thus,
                 a malicious user is able to send messages to routing devices and APs stating that his
                 MAC address is associated with a known IP address. From then on, all traffic that
                 goes through that router destined for the hijacked IP address will be handed off to
                 the hacker’s machine.





                                                                              www.syngress.com
   234   235   236   237   238   239   240   241   242   243   244