Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SEC301 > 4.1 wireless security and IoT > Flashcards

4.1 wireless security and IoT Flashcards

1
Q

Wifi family

A
  • Wi-Fi or Wireless Fidelity is a group of standards put out by the Institute of Electrical and Electronics Engineers (IEEE). Note that this is very different from the protocols we discussed in networking which are open standards that anyone and everyone has input on. Here, the IEEE pretty much says, “This is what we are going to use and how it will work.”
  • The 802.11 family of standards define Wi-Fi and was originally created in 1997, but there were no usable standards until 802.11b was released in 1999 (just days before 802.11a). Since then, calling the growth of Wi-Fi “explosive” would be an understatement. And the growth is accelerating. Above, you can see the significant versions of the 802.11 Wi-Fi standard. Today, 802.11n and 802.11ac are the most important. 801.11n is going to be around for a while; it takes time for older standards to phase out. (You may still run across an 802.11b access point from time-to-time.) 802.11ac is fully supported by all major access point makers as well as computer makers (both in the Microsoft PC and Mac worlds). A new standard, 802.11ax was announced by the IEEE in 2018 and finally ratified as a formal standard on Feb 9, 2021. Products are available for purchase that support this new standard, and more will enter the market every day
  • Even if you a have 802.11ax NIC but the router is 802.11ac the router it will resort to the lowest common denominator
  • If you have a 802.11n printer and a 802.11ac router it will resort to 802.11n
  • This means that for you to get the advantages of increased speed you need an access point that supports a wifi family along with the device (computer, phone… etc)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Legacy wifi encryption: WEP and WPA

A
  • Wi-Fi was originally intended for the home network environment. Nobody foresaw it moving into the enterprise, retail, medical, and so on. With hindsight, we can agree this should have been foreseen, but it wasn’t. Therefore, the original security specification, known as WEP, was thought to be good enough for the low-risk home environment. Unfortunately, Wi-Fi did make the move into the higher-risk environment, and WEP was found to have an implementation flaw. It became possible for attackers to predict your next 40-bit WEP encryption key and decrypt data. To fix this, the IEEE changed the specification to use 128-bit keys. However, it could not fix the fundamental implementation flaw. It was soon realized that the same attack could discover the 128-bit keys in only a slightly longer time frame. (The time frame is measured in minutes.) Because the flaw that makes this attack possible is so integral to how WEP works, it was not possible to simply fix WEP. It had to be replaced
  • While the IEEE went back to the drawing board to design a permanent solution, they also gave us an interim fix called Wi-Fi Protected Access (WPA). It was never adopted as a formal standard but was simply a stopgap Band Aid to try and stop the bleeding until a long-term solution could be found.
  • One of the limitations of WPA is that because it was a temporary fix, it had to run on WEP-capable hardware. That hardware put a hard ceiling on how good the security could be. WPA utilized a key exchange protocol called Temporal Key Integrity Protocol (TKIP). The bottom line of TKIP is that each packet encrypts with its own AES key. Although TKIP was solid when WPA was in widespread use, there are now attacks for it. Attacking WPA takes about twice as long as attacking WEP, but you still measure the time in minutes, not hours.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Current Wifi encryption: WPA2 and WPA3
- elliptical-curve diffie hellman
- protected management frames
- opportunistic wireless encryption
- simultanous authentication of equals
- wifi easy connect via device provisioning protocol

A
  • In 2004, the IEEE released the 802.11i standard that has since become widely known as WPA2 or RSN (Robust Secure Network)
  • The WPA2 specification requires new, more powerful hardware. It is not possible to install and run WPA2 on WEP-capable or WPA-capable hardware.
  • WPA2 uses AES encryption up to the 256-bit key. To date, there are no known attacks against the WPA2 specification. However, in October 2017, a researcher discovered a flaw in the way many vendors implemented that specification (known as the Krack attack). The flaw would allow for the decryption, and occasionally the manipulation of data. Most vendors have issued patches that fix this flaw (though that will be slow in coming for some Android and most Internet of Things (IoT) devices). The Krack attack exploits one of the methods of deploying WPA2 using a Pre-Shared Key (PSK). Note this is the most common way WPA2 is deployed in the home and small office environment. It is possible for an attacker to brute force the PSK because it is a form of password. If you deploy PSK, ensure you have a proper, long PSK with plenty of entropy (unpredictability or randomness). The author recommends a minimum of 20 characters in the PSK. You should also change it periodically. It is also possible to use authentication methods that utilize authentication servers, which is typically more secure.
  • Back in January of 2018, the Wi-Fi Alliance announced the release of a new Wi-Fi encryption certification to certify devices as compatible with a new IEEE security standard called WPA3. Manufacturers have to go through a certification process, so once products are available, you will have to have both a wireless NIC and wireless access point that support the new standard to get the new features. Note that as of July 1, 2020, a device cannot be certified as Wi-Fi 6/6E unless it supports WPA3
  • The specification implements four new main features:
    o Elliptic-Curve Diffie-Hellman is the key exchange mechanism throughout WPA3.
    o Protected Management Frames (PMF) – Several of the older attacks against Wi-Fi relied on the fact that management frames (the packets that maintain your connection) were plaintext and there was no authentication of origin. This meant they were easy to spoof and manipulate. Now, we have Protected Management Frames which provide authentication and encryption. They should be much harder to hack!
    o Opportunistic Wireless Encryption (OWE) & Wi-Fi Enhanced Open – Right now, when you connect to Wi-Fi in a coffee shop for example, you are often on an “open network”. This means there is no authentication, so it is easy to connect, you just choose the network name and you are ready to surf! The drawback is that there is also no encryption on an open network. Further, even when you connect to a private network where you have to know the Pre-Shared Key, all users on that network share a single encryption key. Meaning that anyone authorized to connect to the network can sniff the traffic of everyone else on that network. With WPA3, we get OWE, which provides for “individualized data encryption”. Every person on a network has their own, unique encryption key whether they are using a private or open network. This will be true even in the coffee shop type setting
    o Simultaneous Authentication of Equals (SAE) – The Pre-Shared Key in WPA2 is susceptible to a rapid brute force attack of up to 400,000 guesses per second. WPA3 eliminates this type of brute-force dictionary attack by implementing a new form of handshake between the devices. Note that this handshake does not prevent an attacker from simply guessing your Pre-Shared Key
    o Wi-Fi Easy Connect via Device Provisioning Protocol (DPP) with WPA2, connecting Internet of Things or IoT devices is problematic. Many of those devices have no screens or keyboards, making configuring their security difficult at best. WPA3 implements DPP to create Wi-Fi Easy Connect intended to solve this problem. While there are several possible options to link devices to your access point, the one that appears most likely is that you will use an app on your phone to scan a QR code on the device. From there, the app on your phone communicates with the IoT device and your access point to do the configuration
    One of the most important things you can do to secure your home and work environments is to get rid of any WEP/WPA hardware and upgrade to WPA2 only as a minimum. Upgrading to WPA3 is even better. Moving to WPA3 should be a top priority both at home and at work.
    As you update your equipment, ensure you select devices that support WPA3. There are distinct security advantages. Just remember that even though you upgrade your phone, laptop, tablet, etc., you will not get the benefits of WPA3 unless the wireless access point is also upgraded.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Limitations to wifi encryption
- MAC addresses
- management frames
- plaintext

A
  • While the fact that there is good encryption available in Wi-Fi via WPA2 is a very good thing, it is also a fact that the implementation has some limitations. Please note that these limitations are inevitable. This is not a failing in the implementation, it is simply a fact that certain information cannot be encrypted in order for Wi-Fi to work
  • First, the MAC addresses cannot be encrypted. If you did encrypt them, the wireless client (i.e. your laptop or cell phone) and the wireless access point could not tell that the packet is destined for them. Because it is wireless, every system sees every packet of data. It is the MAC address that indicates to the systems which system the packet is destined to
    o Think about your SEC301 classroom. You and every other student in the room are connected to a wireless access point in the classroom. When that wireless access point sends a packet of information to your computer, how do all the other student’s computers know that the information is not destined to them? The answer is that each of those computers sees the packet and looks at the MAC address. If the MAC address matches the MAC address of that computer’s wireless NIC, then the computer processes the packet. If the MAC address does not match, the computer ignores the packet. If you encrypt the MAC address computers won’t know if it’s for them.
  • Second, for much the same reason, the various management frames cannot be encrypted in WPA2. These frames (or packets) of information are how the wireless environment is managed, hence the name “management frames”. Combining the fact that MAC addresses and WPA2 management frames cannot be encrypted means that it is trivial to spoof management frames that look like they came from someone else’s computer. Take, for example, the deauthenticate frame that a computer sends whenever it wishes to disconnect from an access point. Even when WPA2 encryption is in use, an attacker can see your MAC address in all the packets to and from your computer, and deauthenticate frames are never encrypted. So, an attacker can simply send a plaintext deauthenticate frame spoofing your MAC address and disconnect you from the access point. This is a very simple Denial of Service (DoS) attack. This is also why it is such a major step forward that WPA3 does allow for encrypted management frames, or Protected Management Frames (PMF) as they are called in WPA3
  • Third, regardless of the encryption method being used (WEP, WPA, WPA2, or WPA3), the wireless signal encrypts from your computer to the wireless access point. Once it arrives at the access point, it is decrypted and sent across the wired network in plaintext. When we say “plaintext” in that statement, remember that there can be variation. For example, if you are surfing the web and in the browsers URL line you type https://sec301.com – then TLS will encrypt the data portion of the packet. That TLS encryption is still present after the WPA3 encryption is removed. By contrast, if you type http://sec301.com (without the ”s”), your data travels plaintext. Likewise, if you establish an IPSec VPN tunnel, the IPSec encryption is present regardless of the WiFi security settings.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SSID broadcast

A
  • A Service Set IDentifier (SSID) is a network name. On some home access points, there is only one SSID, or sometimes two if there is a “guest network.” For example, you might have one access point in your home with two networks. One is called “family” and one is called “family-guest”
  • Each SSID can have its own security settings. In the example above, the “family” SSID might use WPA2 encryption, have a very long Pre-Shared Key (PSK), and use a 10.1.1.0 network address. Whereas “family-guest” might also use WPA2 encryption but have a simple PSK and a network address of 192.168.1.0. Note that in implementations as described here, the wireless access point employs firewall technology (almost always stateful inspection) to keep the internal and guest networks separate.
  • At one time, it was considered an industry best practice to disable SSID broadcast to make your wireless network undiscoverable by attackers. This is now considered BAD ADVICE. When you have SSID broadcast enabled, your access point transmits the SSID every few seconds. This makes it easy for any wireless client (including the attacker’s) to discover the SSID of an access point
  • However, discovering the SSID of a wireless network when broadcast is disabled is still trivial. When you disable SSID broadcast, the access point does not transmit the SSID except when someone connects to the access point. At that time, the SSID must be transmitted on the airwaves and can still be intercepted by anyone within range (yes, the SSID is unicast to a specific MAC address, but it is still transmitted). So, it might take attackers a little longer to discover the SSID, but they can still discover it easily. Also, when SSID broadcast is disabled, wireless clients must continually beacon for the SSID, meaning they continually transmit queries to see if an SSID they are configured to connect to is present. To use the SSID from the example above, this means that the wireless client (your laptop, cell phone, etc.) continually shouts out, “Hey, family access point—are you there?
  • One example of an attack is the pineapple wifi – take the example of me going to the airport, my device beacons out to SSID’s to ask for who’s there – the Pineapple says I’m here and establishes connection. Since the access point dictates security, it can tell the device to turn off security measures and the device would do so. The pineapple access point then becomes a man-in-the-middle.
    o How would you detect a pineapple? Set out devices to beacon out to SSID’s with different names, then you can see if it’s a pineapple. You could also tell it’s a pineapple sometimes by its SSID name.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access point authentication
- at the home and enterprise level

A
  • Once you set up security such as WPA2, there needs to be some method by which you authenticate to a wireless access point. For wireless in the home environment (and in some enterprise environments as well), the most common authentication method is called a “Pre-Shared Key” or PSK. Some devices refer to this as a “Shared Secret.” This is a string that you enter in the wireless access point’s configuration. When you attempt to connect to the wireless access point for the first time, you enter the same string on your wireless client such as your laptop. If the string on the access point and the string on the client match, you are authenticated. You normally do not have to re-enter the PSK on the client again unless you change the PSK on the access point. This is basically the password for Wifi.
  • At the enterprise level, access points have the ability to tie into the organization’s central authentication system. There may be several options available for this. Any central authentication such as RADIUS, TACACS+, or Active Directory are candidates for enterprise level authentication. More secure than the PSK. One way that you can increase security is to break down networks based on teams like accounting, and when you connect to the central authentication system and you authenticate, it would direct you to the accounting network so you only have access to that
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Wifi protected setup
- PIN mode
- push-button mode
- near-field and USB

A
  • Wi-Fi Protected Setup, or WPS, is a protocol designed for automated setup and synchronization of wireless devices. When you use WPS, the access point shares all of the security settings (including the PSK) with a wireless client. This is extremely simple to use and does not require the user to have any knowledge of security settings or to even know the PSK. Imagine this being on 24-hours a day with everyone having that information to your network.
  • There are three modes of WPS:
    o PIN mode has the user enter a PIN on the access point’s configuration. Then, when connecting a new wireless client to the network, the user only has to enter this PIN. Since the PIN is much shorter and easier to enter than the PSK, this is much simpler to use. Unfortunately, a major security flaw was discovered in 2011 that allows the PIN to be brute forced. It is now a recommendation that you disable PIN mode if the access point allows you to do so.
    o Push-Button mode is just what it sounds like. You push a button on the access point that temporarily enables WPS, typically for between 30 seconds and 2 minutes. You then instruct the client device to connect. As soon as the two devices synchronize, the WPS feature disables (it also disables after the time-out period).
    o Neither the Near-Field Communication mode (requiring the two devices to be held close to each other) or the USB mode (requiring the use of a USB thumb drive between the devices) is common.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

WarXing

A
  • Years ago, someone connected a high-gain antenna to their laptop, installed a piece of software called Network Stumbler, and went driving around finding wireless access points. This became known as Wardriving. Then someone did it while walking around and it was Warwalking. From a parking lot, it is Warparking; from a park bench, it is Warsitting … you get the idea.
  • There is now a great deal of software available for WarXing in whatever method you prefer. You can do it with Windows, Android, Apple iOS products, Linux, and more. Some of this software is extremely good.
  • Why do you care? You want to warwalk your own network, you could find an extra access point – someone can hide a wireless access point that others can connect to and join your internal network – you want to find those rouge access points
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Wifi security and distance

A
  • When you build a wireless network, you need to worry about distance. All your wireless clients have to be close enough to the access point to connect. When you secure a wireless network, ignore distance! Do a quick internet search on Wi-Fi Pringles Can. You will get more than 1.5 million results: This is a well-known trick!
  • But the point remains. When you need to secure a wireless network, the limited distance of the technology should not be part of your consideration
  • In the enterprise environment, you can address this distance problem in a couple of ways. First, you need to conduct a site survey. Meaning that you employ Wi-Fi scanners (such as those mentioned previously) and determine exactly how far the wireless signal of your devices is traveling. If it is traveling outside of your facility, and it almost certainly will be, then you need to address the issue by deploying WPA2 encryption and strong authentication mechanisms.
  • You can dial down the power of the antenna or, more specifically, of the transmitter. This keeps the access point from sending its signal as far and therefore makes it harder to intercept from greater distances. The setting you look for to make this adjustment is called the “Transmit Power Control,” or TPC
  • You will often see recommendations to use directional antennas in order to address the distance problem. This is actually BAD ADVICE. This simply causes the signal to travel farther out the far side of the building, which actually makes the problem even worse
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rouge access points

A
  • First, it describes an unauthorized access point on your network. These are sometimes put in place by your own users, especially if the use of wireless is limited within your organization. These have also been discovered being put in place by outside attackers who gain physical access to office space. Indeed, this can be done as simply as walking into your organization carrying a magazine. In April of 2013, a Microsoft advertisement in Forbes magazine had the magazine embed a small wireless access point inside the magazine
  • Second, this term also applies to access points set up in areas where public Wi-Fi is available (airports, hotels, coffee shops, and such). People attempt this because if you connect to their access point, they can become a man in the middle, potentially seeing all your data. Train your users on the need to ensure they connect to the correct access point SSID when connecting in public areas (if they connect at all). When they see two SSIDs, “CoffeShopFree” and “CoffeeShopSuperFast,” (evil twin access point) they need to double-check with the establishment before connecting to either one.
    o Once it gets to the access point remember that the traffic gets decrypted
    o You can mitigate that with an IPSec VPN tunnel
  • When you’re in a coffee shop and there are two access points within range and they have the same SSID, I will connect with the one with the stronger signal – I can use the legitimate SSID, another man in the middle attack
  • The barista who works in the coffee shop controls their access point – they are the main in the middle – you could see all unecrypted traffic
  • The ISP which is the default gateway is also vulnerable to a man in the middle attack – maybe not them, but maybe they got hacked
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Bluetooth

A
  • According to the Bluetooth SIG at Bluetooth.com, several billion Bluetooth devices per year are sold. The number of devices has been growing at a Combined Annual Growth Rate (CAGR) of around 12%. Extrapolate that out over the next few years and you have their projection of 5.2 billion devices sold in the year 2022. Frankly, given the explosive growth of the Internet of Things (IoT), we think that is a very conservative estimate. The point of this slide: Bluetooth is here to stay. We will deal with more and more of it as time goes by. Therefore, we need to understand Bluetooth and how to secure it.
  • The idea behind Bluetooth is straightforward. If you can send it over a cable of any kind, you can send it over Bluetooth. It is, simply put, a cable replacement technology. There are three classes of Bluetooth: 1 (100 meters), 2 (10 meters), and 3 (1 meter). By far, the most common is Class 2, which has a 10- meter range. This is what you find on your headset and most other Bluetooth devices.
  • There are many versions of the Bluetooth specification released through the years. Some improved functionality or capability. Some focused on battery life. Occasionally, there was a focus on security. The result is that later versions of the Bluetooth specification have far better security features and capabilities than earlier versions. Of course, only more modern gadgets have the newer versions of Bluetooth. Interestingly, one of Bluetooth’s strengths is also a significant security weakness. The strength is that modern devices can connect with and use older legacy devices. For backward compatibility, this is terrific. However, to accommodate this backward compatibility, the new device must revert to using only the capabilities of the older device; including the security capabilities. In other words, if you connect a new device (version 4.2 came out in 2014) to an old 2.0 device from 2004, the new device will revert to version 2.0 capabilities and be far less secure. One of the most critical security recommendations surrounding Bluetooth is to upgrade to the latest devices you can. Of course, you also have to ensure the new devices support the better security mechanisms (not all do).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secure simple pairing
- numeric comparasion
- passkey entry
- just works
- out of band

A
  • Old Bluetooth used remarkably insecure pairing methods involving PIN numbers. The PIN number was almost always four zeros, and on most devices, you could not change it. This was a significant problem since the encryption key was a combination of the PIN number and MAC address of the initiating device. Meaning that if someone sniffed the MAC address (which can never be encrypted) and “guessed” the 0000 PIN, they knew the encryption key and could “listen in” on your Bluetooth session.
  • Version 2.1 introduced Secure Simple Pairing (SSP). It was a significant improvement, but it still had issues. Version 4.1 updates SSP and makes it pretty good. SSP not only simplifies the pairing process, but it also makes it more secure. For example, there is the opportunity to prevent Man-in-the-Middle attacks. Note that not all implementations take advantage of these security features, but they are there. With SSP, there is: * A level of authentication (sometimes a significant degree) * Secure key exchange using Elliptic Curve Diffie-Hellman * AES 256-bit encryption of data SSP also provides for four “Association Models,” which we will look at next.
  • Secure Simple Pairing supports four Association Models for pairing devices. On this page and the next, we will explain each in turn
    o Numeric Comparison: When both Bluetooth devices can display a 6-digit number, and both have the ability for the user to enter a “yes” or “no” response. When pairing the devices, each device displays a 6-digit number and provides a “Yes” or “No” response capability (e.g., a pair of buttons on a screen). If the numbers match, the user inputs a “Yes” on both devices. The devices then pair with each other. If they do not match, the user enters “No” and pairing fails. Note that unlike older Bluetooth security implementations, this 6-digit number is not part of the cryptographic key generation process. Therefore, even if an attacker obtains the 6-digit number, it provides no insight into the crypto key
    o Passkey Entry: In a situation where one Bluetooth device has an input capability (e.g., a keyboard), and the other device has a display, but no input capability, you cannot use Numeric Comparison (it requires input on both devices). Passkey Entry displays a 6-digit number on the display only device. The user enters this number on the device with the keyboard. If the number entered matches the number displayed, pairing is successful.
     Note that both methods provide a level of protection against Man-in-the-Middle (MitM) attacks. This attack occurs when you pair two devices, but an attacker inserts themselves into the process. You unknowingly pair your device with the attacker’s Bluetooth device and perhaps share information with them. With these two Association Models, the attacker does not have prior knowledge of the 6-digit number and therefore cannot insert themselves into the process quickly enough
    o Just Works: In situations where at least one device you are pairing has neither a display nor a keyboard, you will have to use the Just Works model. It is a very apt name in that it really does “just work.” However, because there is no opportunity to verify the 6-digit number between the devices, the user must accept the connection without being certain it is the legitimate device. In other words, there is a distinct possibility of a MitM attack with Just Works. You should, therefore, only use this pairing method in trusted environments whenever possible.
    o Out of Band (OOB): A small number of devices support the OOB model. Here, both devices must have either Near Field Communication (NFC) capability or be able to connect via a wired connection. With the NFC method, you can simply “tap” the devices together, and they pair. This method must guard against MITM attacks in some way. However, with the limited range of NFC (approximately 4 centimeters), the opportunity for an attacker is fairly limited.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Bluetooth WarXing

A
  • Just as with Wi-Fi, there is WarXing with Bluetooth. Using standard dongles and specialty hacking tools such as Ubertooth, locating Bluetooth connection points becomes trivial. A tool called Blue Hydra was released at DEF CON 2016. This tool continually scans the airwaves to almost instantly detect a Bluetooth device coming in range. As soon as it detects a Bluetooth device, it probes that device to determine the device name, firmware version, Bluetooth version they’re running, the manufacturer, and what services the device offers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bluetooth attacks
- replay attack
- privacy attack
- remote command execution

A
  • Unfortunately, there are attacks in Bluetooth. For example, a Bluetooth relay attack allows for an attacker to effectively proxy the security, meaning that while the Bluetooth signal itself is secured, the attacker has impersonated the device on the distant end. The security negotiation was with the attacker instead of with the device it was intended for, so the attacker can decrypt and read the data. This attack would require two attackers to participate simultaneously.
  • There are also privacy attacks whereby a Bluetooth can be used to track a device. For example, if you leave Bluetooth enabled on your cell phone, you can potentially be tracked via that signal.
  • And of course, every operating system that has implemented Bluetooth has had at least one bug that allowed attackers to remotely issue commands in that operating system. Any attack that allows for remote command execution is a serious problem.

Distance with bluetooth : Just like with Wi-Fi, when securing Bluetooth, ignore distance. The tomsguide.com website (and several others now) gives instructions on how to build a “BlueSniper Rifle.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Mobile device security

A
  • When youre looking at how secure a computer platform is, you always have to look at what part of the environment the manufacture controls and what part they don’t because you cannot secure what you cannot control
  • Microsoft is a software company, they don’t produce hardware, so they said requirements to HP or Dell or any 3rd party on what the hardware must be but they don’t control that production – whereas Apple is both the OS and produces the hardware so they can do more for security… but doesn’t mean they actually do
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Smartphone security
- apps
- app testing

A
  • There is an app for just about anything, and the vast majority of them are completely innocent and useful. However, some are anything but innocent. In fact, they are in the category of malware (malicious software)
  • One of the first rules of thumb to follow when securing a smartphone is this: When you install an app for whatever function, look at the permissions required by that app. Does a simple calculator need access to your GPS coordinates, your contacts, your phone calls? If the app needs more permissions than logical, don’t install the app. There are dozens more that can do the same thing and don’t need the extra permissions
  • That advice can be hard to follow when you need an app that legitimately does need all those permissions. Now what do you do? We agree; it is tough. The best advice at this point follows: * Use the most trusted app store you can (Google’s Play store, Apples iTunes app store, Microsoft’s app store) * Go with the most reputable app developer you can
  • There’s also app testing :
    o Google – fully automated – takes 24 hours from submission to posting
    o Apple – done by humans – takes 2 weeks to 2 months from submission to posting – third party apps are trying to argue to be able to sell apps on itune without app testing and itunes is saying no because they would give up that control
  • The anti-malware apps available for smartphones and tablets are increasing. This is a good thing. However, you should understand some limitations of this software
  • On a PC, anti-malware (aka antivirus) often runs with special capabilities and permissions. It literally becomes a trusted part of the operating system’s kernel. This is good because it makes it more difficult for malware to attack and shut down your anti-malware solution. In tablets and smartphones, antimalware is just another app. It has no special permissions or capabilities. Other apps can potentially shut it down and evade detection by other means because of this
    o Note that we are only discussing anti-malware for Android because it does not exist for Apple’s iOS on the iPhone and iPad. Because Apple has such total control of the platform and implements security beginning in the hardware, it is not possible for one iPhone app to scan another iPhone app for malware. Therefore, anti-malware for the platform cannot do what it needs to do
    o That is not to say security software for iPhone and Android does not exist. As an example, Malwarebytes makes security software for both platforms. But it is not anti-malware in the traditional sense. It blocks robo-calls, filters SPAM SMS texts, etc. But it does not scan for malware.
  • Most smartphones and tablets today allow screen locks. Use them! One of the less secure methods is the finger swipe. There is a series of dots displayed on your screen and you swipe your finger in a presaved pattern. Two clear problems with this method include the fact that the patterns are easy to “shoulder surf” and the screen tends to get smudged with the pattern.
  • More and more, phones now allow for PIN numbers and passwords. These are more secure than the finger swipe method, provided you have a good PIN/password and change it from time to time. A 4- digit PIN number isn’t strong enough. You should consider an absolute minimum of 8 digits. 10 digits is even better
17
Q

Android and iOS update

A
  • While Android is globally more common than Apple’s iOS, an argument could be made that the iOS update model is more secure. The problem can be summed up simply—Android device makers make money selling devices, not by providing updates to the Android operating system. You are disincentivized to provide updates since not updating old devices forces people to buy new devices
  • By contrast, Apple makes money from iPhone sales, but it makes far more from App sales. The more up-to-date the iOS is, the longer it can continue selling apps for the devices. Therefore, iOS updates come out for the iPhone on a more regular basis than what is common on the Android.
    o It wants you to buy a new phone every 4 years since that’s how long iOs DEVICES have a lifetime
  • One of the most important things you can do to keep any kind of computer both functional and secure is to keep it up-to-date. The chart above, shows the disparity in updates between the two platforms well. While Google’s new contract requirements have improved this picture dramatically, iOS devices still tend to have a more current OS installed.
18
Q

Smartphone security bypass
- picture on page 102

A
  • Another huge problem with smartphones in particular: They can act as Wi-Fi access points and “tether” to a PC via USB cable. In either case, your users can now access the internet directly from their corporate PC without going through the organization’s security perimeter—meaning phones allow users to bypass firewalls, gateway antivirus, content filters, and so on. This is an extraordinarily difficult thing to prevent and manage. Pretty much, if you allow cell phones into the environment, you allow for this possibility. You can write policy and monitor for it, and then punish employees who violate the policy.
19
Q

USB devices and external storage

A
  • Not that many years ago, most data was stored inside the computer only. Sure, some documents might have been on floppy disks, but the storage capacity on them was so small it was difficult to have much data stored that way. (Not to mention, they were REALLY slow.)
  • Fast forward to today. External storage is remarkably cheap and plentiful. As of December 2017, an Amazon.com search for external USB hard drive returned over 25,000 results. A good quality 1TB (one terabyte) USB hard drive costs $50 and a 4TB is just $99. That 4TB hard drive could hold approximately 2 billion pages of text. With some of the new external Solid-State USB drives, the rate at which you can write data to those drives is incredible
  • You may have a digital camera that uses the SecureDigital SDXC cards. They are slightly bigger than a postage stamp. Those are not just for use in cameras. They can also be used to store data files on a PC. You can’t buy an SDXC card this large yet, but the specification allows the storage on those devices to go to 2TB—1 billion pages of text—on a postage stamp—walking out of your organization. That is extremely difficult to detect.
  • Therefore, the perimeter is not what it once was – it is very easy to go into a building with USB devices and steal A LOT of data
  • The proliferation of USB devices has created other problems as well. They are a fantastic infection vector because people plug a stranger’s USB thumb drive into their computer without even pausing to think about it. Several methods of infecting a computer come about at that point. One of the most common is called Bad USB, which infects a PC as soon as a malicious thumb drive is plugged in – they have autorun script that runs automatically as soon as a USB is plugged in
  • This ties directly into USB Seeding. (It goes by many names.) Think about a malicious USB thumb drive left sitting on top of the paper towel dispenser in the restroom. The thumb drive is marked “Corporate Layoffs” or “2018 Salary Info.” How many employees would grab that thumb drive, rush back to their desk, and plug it in? As soon as that happens, you have an infection spreading across your corporate network
20
Q

IoT
- IIoT
- the S in IoT is for security
- rush to market mentality

A
  • To put it simply, any device connected to the internet is part of the Internet of Things or IoT. On the consumer side, this includes a rapidly growing number of devices in our “smart home”. We can tell our smart speaker, such as Amazon’s Echo, to turn on the lights, close the blinds, open the garage door, turn on the coffee maker, start the garden sprinkler, and a host of other things
  • A newer but rapidly growing category is IIoT or Industrial Internet of Things. Municipalities are flocking to this technology to control parking meters, remotely read gas or electric meters, monitor traffic patterns, etc. Companies use it to control Heating Ventilation and Air-conditioning (HVAC), lighting, and other services. Keeping the lights and HVAC off in unoccupied areas saves companies money on utilities and raises profits
  • Most of the buzz you hear about on the news centers around the consumer smart home technology, but that will probably be the much smaller category. Most estimates show there will be thousands of times more IIoT devices than IoT devices.
  • It is unfortunate but true, there really are no current standards for IoT security. Yes, there are some proposals, but nothing formal. At present, it looks like it may be years before we do have formal standards. The problem is that if you look at the growth statistics on the previous slide, security is being overtaken by events. One simple example: A few years ago, a really serious vulnerability was discovered in the Linux operating system shell Bash. The name of the vulnerability is “ShellShock”. It is estimated that over 80% of IoT devices run Linux and are, therefore, susceptible to the ShellShock vulnerability. Look at the prior slide, figure out how many billions and billions of devices we are talking about, and then come up with a plan to patch the ShellShock vulnerability on all of them. It is a monumental task
  • Part of the problem is that too many vendors are trying to rush to market with minimal expenditure. This means that they: * implement older chipsets (for example, chips with older, less-secure Bluetooth), * do little or no security testing, * and they release the devices with little thought to updating them after the sale.
  • There are definite exceptions to those statements. Some vendors are doing a very fine job of security. Unfortunately, there is nothing forcing anyone to implement security, and doing so would cost extra

SEC301 (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions