Thoughts of an Angel
  • Home
  • Blog
  • Portfolio/Resume
  • Contact Me

MS TechEd - Monty WiFion and the Quest for the Holy Grail of Network Security

5/17/2011

0 Comments

 
I promise you that I did not come up with this title.  :)  It was our speaker Andy Malone who came up with this title.  He spoke about the 802.1x protocols, but mostly about others such as GPRS, WAP, Ricochet, Bluetooth, Blackberry, RFID, and NFC.

On Bluetooth - it is meant to be a cable replacement tool and it is a short range communicator (10m).

He then focused on RFID and how it can be hacked: 
RFID Tags can be cloned
Hacking tools are in Backtrack 4
Hardware is getting cheaper, which means that the interrogators (the RFID readers) are also getting cheaper.
Hacked cards with authorized ID numbers can be used to unlock doors
And of course, all RFID tags can be read, some from many meters away

NFC - Near Field Communicator
It's a set of short-range technologies
Requires a distance of at least 4cm
There are ways to configure it through:
Emulation
Reader-active situations
P2P Mode - Two NFC's communicating together and exchanging information
Some security concerns with NFC include:
Difficult due to distance factors
It is a radio signal that can be picked up
Applications use cryptography protocols
They are susceptible to relay attacks
And of course, if you lose your phone, you've lost security of your wireless device

Some of the LAN security goals included:
Access Controls
Key management
No abuse of wireless network
Data Integrity
Data packets are not modified during transit
Confidentiality
Data packets are encrypted

The current wireless standards are as follows:
802.11 WEP
802.11 + 802.1x
802.11 + WPA
802.11 + WPA2
AES

Shared Key Authentication
Utilizes the challenge/response
Requires and matches key
Is very weak

WEP-Wired Equivalent Privacy...or not.
It also utilizes a shared key encryption
Initialization Vector = 24-bit
And it uses RC4 for encryption

TKIP was meant to improve WEP, but ultimately did not because it also uses the RC4 encryption algorithm.

So far, 
0 Comments



Leave a Reply.

    About This Blog

    Thank you for reading my blog. Here, I will post random thoughts, technical findings new to me, and professional experiences.

    Archives

    August 2011
    July 2011
    June 2011
    May 2011
    February 2011

    Categories

    All
    C++
    Computers
    Information Security
    Java
    Microsoft
    Nerdism
    Random
    Teched
    Technical Events
    Women In Technology

    RSS Feed

Powered by Create your own unique website with customizable templates.