6.3 Wireless Attack
Be aware of the following to mitigate and protect your network against rogue access points: Monitor the radio frequencies in your area to identify access points broadcasting in your area. Put access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access. When you find an unauthorized access point, unplug the Ethernet cable on the access point to disconnect it from the wired network.
...
Eavesdropping on Bluetooth is difficult because it implements authentication and key derivation with custom algorithms based on the SAFER+ block cipher and it uses the E0 stream cipher for encrypting packets. Bluetooth is one of the most secure protocols for mobile device communication, but it is susceptible to the following
...
To mitigate the risks with Bluetooth: Disable Bluetooth completely if not required. Bluetooth and the 802.11b wireless standard both operate on the same frequency range and can lead to signal interference. Turn off discovery mode if a Bluetooth connection is used on a mobile device.
...
To mitigate threats caused by data emanation: Do not place access points near outside walls. Conduct a site survey to identify the coverage area and optimal placement for wireless access points to prevent signals from going beyond identified boundaries. A site survey uses tools to identify the presence and strength of wireless transmissions. Implement a Faraday cage or Faraday shield to mitigate data emanation. A Faraday cage is an enclosure that prevents radio frequency signals from emanating out of a controlled environment. It is an enclosure formed by conducting material, or a mesh of conducting material that blocks external static electrical fields. Faraday cages can prevent the use of a cell phone. Encrypt all data transmitted through your access point. Use firewalls on each network access point.
...
gives an attacker access to all mobile phone commands that use Bluetooth technology, such as initiating phone calls, sending and receiving messages, eavesdropping, and reading and writing phonebook contacts. Bluebugging can be accomplished only by highly-skilled individuals.
Bluebugging
is a rather harmless practice which entails an unknown sender sending business cards anonymously to a Bluetooth recipient within a distance of 10-100 meters, depending on the class of the Bluetooth device. The business cards usually include a flirtatious message, used by the attacker to see a visual reaction from the recipient. Multiple messages will be sent to the device if the attacker thinks there is a chance they will be added as a contact. Bluetooth devices are not susceptible to bluejacking if they are set to non-discoverable mode.
Bluejacking
allows access to view the calendar, e-mails, text messages, and contact lists. Many Bluetooth devices have built-in features to prevent bluesnarfing, but it is still a known vulnerability.
Bluesnarfing
is the use of a Bluetooth connection to gain unauthorized access to an existing Bluetooth connection between phones, desktops, laptops, or PDAs.
Bluesnarfing
Is designed for longer distances than IR and for lower power consumption. Devices need to be in discovery mode to find each other and synchronize. Operate in the 2.4 GHz frequency range and uses adaptive frequency hopping (AFH).
Bluetooth
PAN devices include cell phones, personal digital assistants (PDAs), printers, mice, and keyboards.
Bluetooth
is designed to allow devices to communicate within a personal area network (PAN) of close proximity.
Bluetooth
is interference caused by motors, heavy machinery, and fluorescent lights.
Electromagnetic Interference
is the interception and possible decoding of wireless transmissions. Wireless transmissions can be easily intercepted. Encrypt all data transmitted through to and from your access point to mitigate threats from packet sniffing on the wireless network.
Packet sniffing
is interference on the radio channel and can be caused by nearby wireless devices using the same channel, cordless phones, or microwave ovens.
Radio Frequency Interference
are marks outside of buildings that indicate the presence of a wireless network. Attackers might use these marks to alert others of open or secured wireless networks. Businesses might even use these marks to advertise their free wireless networks.
War chalking
is a technique that hackers use to find wireless networks. They use detection tools that locate wireless access points within an area, even if the SSID broadcast has been disabled. Once the wireless network has been detected, it is often easy to gain access to the network, even without being physically present in your building or even on your property.
War driving
A rogue access point that is configured to mimic a valid access point is known as an
evil twin
is a seed value used in encryption. The seed value and the key are used in an encryption algorithm to generate additional keys or to encrypt data. WEP encryption reuses initialization vectors which can be observed through patterns and ultimately can be cracked (known as an IV attack). For security, the initialization vector should be large and it should be unpredictable.
initialization vector
affects the availability of a network because normal communications are not possible.
interference
is a signal that corrupts or destroys the wireless signal sent by access points and other wireless devices
interference
An attacker configures a wireless access point in a public location, and then monitors traffic of those who connect to the access point to capture sensitive information such as usernames and passwords.
rogue access point
An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point.
rogue access point
An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a method for remotely accessing the network.
rogue access point
is any unauthorized access point added to a network.
rogue access point
