See If You Can Find It

Tuesday, September 22, 2020

WLAN Security 2 - Maintenance and Utilization

 

 

Welcome back to KaosSec!

 

Before we get started, I just wanted to apologize for not having this up when I said I would. Between work, school, being with my son, studying for certifications, and taking part in Trace Labs, I didn't have the time I had hoped. But since we're here now, thank you for reading!

 

Now, let's take a look at some more things you should consider with your wireless network. Again, this is not an all-inclusive guide. However, this should get you going pretty well until you're ready to take a deeper dive.

 

Maintenance 

Maintaining is of the utmost importance - whether it applies to your network, your body, or your car - if you don't maintain, all of your hard work has been for nothing.

To start off with, you need to maintain a record of some sort on how many devices there are on your network at any given time. Make sure you know what kind of devices there are - phones, laptops, desktops, IoT devices, etc. Additionally, keep track of WHO is using these devices. If you keep up with this, it will be easier to spot an intruder in the future.

Keep networking and end user devices up to date. We've all been there. No one wants to restart their computer to let an update run its course. But it's a necessary part of tech-life. If you don't keep your devices up to date, you could potentially be leaving a gaping hole for intruders to walk right in. 

Conduct periodic scans in order to detect unauthorized devices, including rogue access points or evil-twins.

Monitor your traffic and devices. Get familiar with wireshark - take a look at what's happening on your network. Go through any event logs in your antivirus. It wouldn't hurt to have a free SIEM running either.


Utilization

When utilizing your network, you want to take as many precautions as you can (well, without making the network unusable). If you aren't cautious with how you're using the network you're on, you aren't performing defense-in-depth.

Disable automatic connections. Seriously. If you have automatic connections enabled, you're spraying out your network info any time you're away - as well as any other network you've forgotten to delete.

Utilize a VPN and/or anonymizer on the network. Having your own private connection on the network will prevent attackers from intercepting your data. Utilizing an anonymizer (such as orbot on Android) will help prevent anyone outside the network from identifying you.


 

 Don't share your credentials. You're most likely to be targeted by someone who knows you personally and is close to you. If this person has your credentials, it's that much easier for them to wreak havoc on your life.

Use a password manager - you should be using unique passwords/passphrases on all of your accounts. You don't want an attacker having access to everything if they get one password. But how are you supposed to remember all of those passwords? You don't. Utilizing a password manager not only keeps you from having to constantly reset your unique passwords, but it also saves time when logging in.

Understand what phishing is and how to recognize it. If an attacker is successful in their phishing attempt, it doesn't matter what technical controls you have in place. They're in. They own you. It's going to be quite the challenge to recover from.


Thank you for reading, please let me know what you think!

All images were sourced from unsplash, and all metadata has been left intact. Feel free to examine this and thank the author!


Monday, September 7, 2020

WLAN Security 1 - Setup, Configuration, Sharing, and Physical Security


Happy Monday everyone! I hope you've all had a good and safe Labor Day. Today I'm going to talk about WLAN (Wireless Local Area Network) Security. What you're going to read here is not an all inclusive guide, but it should set you up pretty well. Keep in mind that a lot of this is geared towards home use, but many concepts can be applied to business as well.



Getting Set Up

When worrying about our equipment, most of us at home are just going to use whatever our ISP (Internet Service Provider) provides, but it's not a bad idea to go out and purchase different equipment and give them their stuff back. With this being said, you should always get your equipment from well-known, reputable vendors. Doing this lowers the risk of occurrence of supply-chain attacks. These larger vendors will also have the resources necessary to provide support for their products as well as provide necessary security patches to their equipment.

 

You should also consider the age of the device(s) you're purchasing. You typically do not want equipment that has just been released, as this gear will most likely have bugs and security flaws. This isn't exactly priority for those putting these devices on the shelf, they're more worried about profit up front. Additionally, you most definitely will not want to use anything that's outdated. That 20 year old modem you found for free at a garage sale? Don't even think about it. Legacy devices, systems, and software typically are not supported by vendors. This means that any vulnerabilities and flaws found with them will not be fixed. It's time to move on to bigger and better things. Looking at you, Vladimir Putin (or anyone else still using WinXP).


Configuration

Now that you have your equipment and you're all plugged in, it's time to begin securely configuring your devices. For starters, change all of the defaults that come on the router. Change your default password to login to the router, change the network name, change the network password/passphrase. For businesses, don't name your wireless network in a way that is indicative of what it's being used for. When you're changing your credentials for the network, be sure to utilize best practices- a passphrase consisting of more than 2 words, lower-case and upper-case letters, numbers, as well as special characters.

Once you've changed all of the default information, it's time to get a little more technical. Or as technical as you can be with a home router's GUI. For starters, disable broadcasting off your SSID (Service Set Identifier). Keep in mind, this is not a security measure, there are still ways an attacker can get your SSID. This is advice I give as it's a step towards defense-in-depth. Next, you'll want to lower the power levels of your signal. You don't want your neighbors being able to have great reception of your network, and you don't want an attacker to come wardriving through your neighborhood and picking up your network from the street. Now you'll need to disable your WPS (Wi-Fi Protected Setup) push button. If you don't want someone on your network that's visiting or perhaps performing maintenance, a button could thwart all other actions. There is also an attack called a pixie-dust attack that relies on this feature.

 

The last bit of configurations you'll need to check on are your security protocols. For authentication, you're going to want to use WPA2 (Wi-Fi Protected Access) (or WPA3 when it's available). Anything prior to WPA2 is going to be very easy to crack. Next you'll need to disable UPnP (Universal Plug-n-Play). The utilization of UPnP allows applications to essentially unlock the way into your network at any point. If malicious software were to find its way on your systems, you can see how this would be a problem. Lastly, you'll need to protect your management frames wherever possible. To do this you'll need to use a standard called 802.11w. Different vendors will call this different things on their equipment, so just dig around and see what's available.



Sharing

Something I have heard a few people discuss with differing opinions is whether or not to share your network with others. If you're considering this in your business environment, this might be a more complicated discussion than for home use. However, in either situation, it's perfectly fine to share your wireless network. Here are some things you should do when sharing your network:

1: Create a separate VLAN (Virtual Local Area Network), or utilize guest network at home, for your guests. This will keep guests from accessing your primary network and any sensitive resources/systems that they shouldn't have access to.

2: Restrict what kind of content your guests can access. You wouldn't want someone downloading pornography on your corporate network, or accessing malicious sites thus infecting your network. By restricting content you can keep your this guest network (as well as your primary) clean and safe.

3: Restrict protocols that can be utilized. If you allow protocols such as FTP to be utilized, what's to stop an attacker to transfer malicious files? You should also force secure protocols such as HTTPS so that it is harder for attackers to intercept information.

 

 

Physical Security

We're talking about wireless networks here. So you may have done a double take when you read this heading (or the title). But physical security is one of the most important aspects of any secure setup. You should always keep any and all networking equipment either out of reach from someone unauthorized, or in plain view where it would be hard for someone snooping around to go unnoticed. You should also monitor for anyone that may be attempting to wardrive, or go around collecting network information to record and possibly attempt to crack at a later date.


Part 2 Coming Soon...

I hope you've enjoyed reading! Next week I'll be publishing another article covering the rest of the topics you should consider when operating on a secure wireless network. In the meantime, please let me know what you think!!


All images seen here have been sourced from Unsplash. All metadata should be intact if you would like to examine it to thank the creators.