Black_Hole · 2016/02/24 10:11
0 x00 preface
Many companies do not have a security team, only operation and maintenance is responsible for the safety of the whole company, so the security problem is greatly reduced. I have been doing safety testing for each company recently, and I will write down my own experience and hope to supplement what I lack.
0x01 Wireless Security
Many companies don’t pay much attention to their radio security. Companies with money buy equipment, and companies with no money buy manpower. But the human technology is good, without the assistance of equipment, manpower in niubi also have no egg to use. A good router/switch/IDS is as good as you are equipped with endless, fanatical, killer books.
A lot of companies basically use WPA/WPA2 for WIFI authentication and then add a second WEB authentication, thinking that this is safe, but in fact it doesn’t work, crack WPA/WPA2, as you all know, You can use aircrack-ng, airmon-ng, airodump-ng, aireplay-ng to achieve brute force cracking, no good password cracking, you can send cap package to “549011522” seven yuan a time (I did not break, do not guarantee absolutely not to be taken in). And we all know that there is a magic called “wifi master key”, you can go to see the wifi master key can be solved, can not be solved then broken. After connecting to WIFI, you will be prompted to perform WEB secondary authentication. You can leave it at that, because it doesn’t work. WEB secondary authentication is hard to say, but it doesn’t work. Because you are WPA/WPA2 authentication mode, when you connect to WIFI, the switch will immediately assign you an Intranet IP (I encountered a switch, may also be a router). What a hacker wants you to do is to use the Intranet resources of the company. Being off the Internet is no problem for hackers. When I was doing a security check for a company, skeleton key cracking — man-in-the-middle sniffing. Less than a minute to get their official website backstage administrator authority. WEB authentication in my opinion is not for hackers, it is for employees, because hackers do not need external resources, but employees do.
Here’s what I drew:
After the hacker connects to the WIFI, the WEB fails to authenticate again, but the hacker is already on the Intranet and can access any resources on the Intranet.
Repair suggestions:
- Replace WPA/WPA2 wireless authentication with 802.1x (802.1x wireless authentication requires switch support)
- Buy wireless detection/defense equipment
- Wireless devices cannot access Intranet resources, but only wired devices can access Intranet resources (physically isolating the problem).
His schematic diagram for 802.1x authentication is as follows:
Even if the hacker is connected to the company’S WIFI, he or she cannot pass 802.1x authentication. As a result, the company’s devices (routers and switches) cannot assign you the qualifications of Intranet IP and extranet IP.
0x02 Deeper wireless security
As mentioned above, it is only managed for the company’s open WIFI. Of the above three solutions, only the first one is relatively convenient and free (the equipment room needs to support 802.1x wireless protocol, otherwise it still costs money).
Second, if the company does not want to spend money, it will not choose, and buy the configuration, the early workload is particularly large.
Third, the workload is heavy and the company network needs to be restructured.
If the company does not want to spend money or the operation and maintenance do not want to rebuild the structure, the first is a good choice, but there is a problem here, 360/ Baidu portable WIFI, the existence of this thing, to those who do not have much security is worse. When 360/ Baidu portable WIFI is inserted into the company computer, ICS service will be enabled and AP function of wireless network card will be added. When you connect to this portable WIFI, it’s like a small local area network. That’s when we can hack into the PC with the WIFI plugged in, and use it to hack the entire company. If you only need one port, you don’t need to hack into a PC with WIFI plugged in. Assuming that “WHAT I need is the background of this website, but if I want to access the background of this website, I need to export the IP of this company’s external IP”, we do not need to invade the PC with portable WIFI. Why is that? I’ve drawn a picture for you.
After the hacker accesses WIFI, there is no need for WEB secondary authentication, because the hacker uses the employee’s network, and the employee must have authenticated it. The employee uses the Intranet of the company, and the Intranet has a unified egress IP address. The server only recognizes this IP address, and other IP addresses cannot connect to the server.
Solutions, a lot of online, can refer to the online tutorial.
If you have a better solution, come up with it. My own thinking is limited. If there is any inadequacy, please forgive me.