Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    EAP-TLS Detailed as WiFi Security Best Practice at SecTor

    By
    Sean Michael Kerner
    -
    November 14, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Gabriel Ryan Sector

      TORONTO—There are a lot of ways to hack a A security researcher explains how WPA2 Enterprise wireless security can be bypassed and why the EAP-TLS wireless authentication protocol should be more widely deployed to help mitigate risks. WiFi network, and Gabriel Ryan, security engineer at security firm Gotham Digital Science, detailed many of them in a session at the SecTor conference here on Nov. 14.

      During his session, titled “The Black Art of Wireless Post-Exploitation,” Ryan demonstrated the new EAPhammer tool that he created to hack WPA2-Enterprise networks. He also detailed new attack methods to bypass misconfigured WPA2 WiFi networks, including a wireless pivot attack. While there is no shortage of attack methods, Ryan also strongly advocated for the use of the EAP-TLS (Extensible Authentication Protocol Transport Layer Security) protocol to help stop multiple forms of WiFi attack.

      Ryan explained that while WPA2 WiFi protection encrypts data sent wirelessly, an area of weakness where potential attacks can be performed is during the initial “handshake” connection, when the wireless user starts a connection.

      The EAPhammer toolkit that Ryan developed and demonstrated during his SecTor session can help security researchers perform what is known as an “evil twin” attack against WPA2-Enterprise networks. In an evil twin attack, a rogue access point is set up to mimic the address and connectivity of an authentic WiFi access point.

      “It [EAPhammer] is designed to be used in full scope wireless assessments and red team engagements,” the GitHub project page states. “As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration.”

      Among the new attacks that EAPhammer can help execute is one that Ryan calls an indirect wireless pivot using a hostile portal attack. In that attack scenario, a WiFi access point that has a captive portal is attacked, with the hacker gaining access to the back-end restricted virtual LAN (VLAN). Captive portals are commonly used in hotels among other places, requiring users to log into a page first to provide payment information and gain access.

      Ryan also detailed how it is possible to outmaneuver wireless client isolation to attack other devices on a WiFi network. Wireless client isolation is a commonly deployed best practice to help protect public networks, where administrators don’t want end users to be able to connect to a restricted VLAN or to other users on the same WiFi access point.

      “The problem with WiFi client isolation is that it’s a logical control and not a physical control,” he said. 

      Among the tools that can help security researchers bypass WiFi client isolation is WiFitap. Also, the Aircrack suite of tools now has client isolation bypass capabilities, Ryan said.

      EAP-TLS

      While WPA2 can be attacked by multiple mechanisms, Ryan noted that the EAP-TLS authentication framework for WiFi provides protection against the attacks he described.

      EAP-TLS requires security certificates on both sides of the wireless connection, providing a more resilient approach to connecting to a WiFi access point. Ryan said that using EAP-TLS effectively eliminates the ability of attackers to execute a rogue access point attack. The challenge, he added, is that EAP-TLS has long been difficult to implement in an enterprise network.

      Ryan noted that security versus convenience is an issue with EAP-TLS, with the ease-of-use limiting usage, even though it is more secure than other WiFi authentication protocols.

      “There is no magic bullet here, and security with convenience is often a paradox,” he said. “The current trend is now to focus more on breach containment than breach prevention.”

      In the final analysis, Ryan noted that implementing EAP-TLS in 2017 is not as difficult as it once was. He suggested that organizations use mobile device management (MDM) technologies to help deploy and use EAP-TLS as part of a new device on-boarding process.

      “As a community, we should question whether it is truly a sound business decision to neglect EAP-TLS in favor of a more reactive approach that focuses on access control and threat containment,” Ryan said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×