Wireless LAN Security
INTRODUCTION
Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today's fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure. They can be made to work with a minimum of effort without relying on specialized corporate installers. Wireless LANs are a boon for organizations that don't have time to setup wired LANs, make networked temporary offices a reality and remove the wire work that goes on in setting LANs. They are reported to reduce setting up costs by 15%. But, with these benefits come the security concerns. One doesn't need to have physical access to your wires to get into your LANs now. Any attacker, even though sitting in your parking lot, or in your neighboring building, can make a mockery of the security mechanisms of your WLAN. If you don't care about security, then go ahead; buy those WLAN cards/ Access Points. But, if you do, watch out for the developments on the security front of 802.11. As this report and many such others tell, contrary to 802.11's claims, WLANs have very little security. An attacker can listen to you, take control of your laptops/desktops and forge him to be you. He can cancel your orders, make changes into your databases, or empty your credit cards. So, what is the remedy? Don't trust anybody!!!
Think like an attacker and take proper countermeasures. Have dynamic system administrators. Those attackers won't be lucky every time! The key is, be informed! Wireless LANs (WLANs) are quickly gaining popularity due to their ease of installation and higher employee mobility. Together with PDAs and other mobility devices, they go on to improve the quality of life
Types of Wireless LANS 1
The part of success behind the popularity of WLANs is due to the availability of the 802.11 standard from IEEE. The standard specifies operation of WLANs in three ways: •
•
•
Infrastructure Mode: Every WLAN workstation (WS) communicates to any machine through an access point (AP). The machine can be in the same WLAN or connected to the outside world through the AP. Ad Hoc Network Mode: Every WS talks to another WS directly. Mixed Network Mode: Every WS can work in the above two modes simultaneously. This is also called the Extended Basic Service Set (EBSS)
Wireless Fidelity 2
Definition
Wi-Fi, or Wireless Wireless Fidelity is freedom : it allows you you to connect to the internet from your couch at home, in a hotel room or a conference room at work without wires wires . Wi-Fi is a wireless technology like a cell phone. Wi-Fi enabled computers send and receive data indoors and out; anywhere within the range of a base station. And the best thing of all, it is fast. However you only have true freedom to be connected any where if your computer is configured with a Wi-Fi CERTIFIED radio (a PC card c ard or similar device). Wi-Fi certification means that you will be able to connect anywhere there are other Wi-Fi CERTIFIED products - whether you are at home , office , airports, coffee shops and other public areas equipped with a Wi-Fi access availability. Wi-Fi will be a major face behind hotspots , to a much greater extent. More than than 400 airports and hotels in in the US are targeted as Wi-Fi hotspots. The Wi-Fi CERTIFIED logo is your only assurance that the product has met rigorous interoperability testing requirements to assure products from different vendors will work together. The Wi-Fi CERTIFIED logo means that it is a "safe" buy. Wi-Fi certification comes from the Wi-Fi Alliance, a non profit international trade organisation that tests 802.11 based wireless equipment to make sure that it meets the Wi-Fi standard and works with all other manufacturer's Wi-Fi equipment on the market. The Wi-Fi Alliance (WELA) also has a Wi-Fi certification program for Wi-Fi products that meet interoperability standards. It is an international organisation devoted to certifying interoperability of 802.11 products and to promoting 802.11as the global wireless LAN std across all market segment.
•
Wi-Fi (short for “Wireless Fidelity") is the popular term for a high-frequency wireless local area network (WLAN) –
•
Promoted by the Wi-Fi Alliance (Formerly WECA - Wireless Wireless Ethernet Carriers Association)
Used Used generi generical cally ly when when referri referring ng to any type type of 802.11 802.11 netw network ork,, whether whether 802.1 802.11a, 1a, 802.11b, 802.11g, dual-band, etc. The term is promulgated by the Wi-Fi Alliance
WLAN Components 3
One important advantage of WLAN is the simplicity of its installation. Installing a wireless LAN system is easy and can eliminate the needs to pull cable through walls and ceilings. The physical architecture of WLAN is quite simple. Basic components of a WLAN are access points (APs) and Network Interface Cards (NICs)/client adapters. Access Points Access Point (AP) is essentially the wireless equivalent of a LAN hub. It is typically connected with the wired backbone through a standard Ethernet cable, and communicates with wireless devices by means of an antenna. An AP operates within a specific frequency spectrum and uses 802.11 standard specified modulation techniques. It also informs the wireless clients of its availability, and authenticates and associates wireless clients to the wireless network. Network Interface Cards (NICs)/client adapters Wireless client adapters connect PC or workstation to a wireless network either in ad hoc peer-to-peer mode or in infrastructure mode with APs (will be discussed in the following section). Available in PCMCIA (Personal Computer Memory Card International Association) card and PCI (Peripheral Component Interconnect), it connects desktop and mobile computing devices wirelessly to all network resources. The NIC scans the available frequency spectrum for connectivity and associates it to an access point or another wireless client. It is coupled to the PC/workstation operating system using a software driver. The NIC enables new employees to be connected instantly to the network and enable Internet access in conference rooms.
WLAN Architecture The WLAN components mentioned above are connected in certain configurations. There are three main types of WLAN architecture: Independent, Infrastructure, and Microcells and Roaming. Independent WLAN The simplest WLAN configuration is an independent (or peer-to-peer) WLAN. It is a group of computers, each equipped with one wireless LAN NIC/client adapter. In this type of configuration, no access point is necessary and each computer in the LAN is configured at the same radio channel to enable peer-to-peer networking. Independent networks can be set up whenever two or more wireless adapters are within range of each other.
4
Infrastructure WLAN
Infrastructure WLAN consists of wireless stations and access points. Access Points combined with a distribution system (such as Ethernet) support the creation of multiple radio cells that enable roaming throughout a facility. The access points not only provide communications with the wired network but also mediate wireless network traffic in the immediate neighborhood. This network co nfiguration satisfies the need of large-scale networks arbitrary coverage size and complexities.
5
Microcells and Roaming
The area of coverage for an access point is called a "microcell’. The installation of multiple access points is required in order to extend the WLAN range beyond the coverage of a single access. One of the main benefits of WLAN is user mobility. Therefore, it is very important to ensure that users can move seamlessly between access points without having to log in again and restart their applications. Seamless roaming is only possible if the access points have a way of exchanging information as a user connection is handed off from one access point to another. In a setting with overlapping microcells, wireless nodes and access points frequently check the strength and quality of transmission. The WLAN system hands off roaming users to the access point with the strongest and highest quality signal, in accommodating roaming from one microcell to another.
6
IEEE 802.11 ARCHITECTURES
In IEEE's proposed standard for wireless LANs (IEEE 802.11), there are two different ways to configure a network: ad-hoc and infrastructure. In the ad-hoc network, computers are brought together to form a network "on the fly." As shown in Figure 1, there is no structure to the network; there are no fixed points; and usually every node is able to communicate with every other node. A good example of this is the aforementioned meeting where employees bring laptop computers together to communicate and share design or financial information. Although it seems that order would be difficult to maintain in this type of network, algorithms such as the spokesman election algorithm (SEA) [4] have been designed to "elect" one machine as the base station (master) of the network with the others being slaves. Another algorithm in ad-hoc network architectures uses a broadcast and flooding method to all other nodes to establish who's who.
Basic WLAN Architecture:
Some of the business advantages of WLANs include: 7
" Mobile workers can be continuously connected to their crucial applications and data; " New applications based on continuous mobile connectivity can be deployed; " Intermittently mobile workers can be more productive if they have continuous access to email, instant messaging, and other applications; " Impromptu interconnections among arbitrary numbers of participants become possible. " But having provided these attractive benefits, most existing WLANs have not effectively addressed security-related issues.
Background 1. Ad hoc implementations 8
a. Rapid growth (~1000 Access Points, 90% in Factory) b. Endless variety of client devices c. WEP encryption used inconsistently d. No WLAN security architecture or policy e. Deployed as extensions of the wired network 2.
Caused the Access Points to be shut down in Aug 2001 while security architecture and policies were developed
Uses:
1) Flight line assembly a) Moving aircraft assembly line requires wireless connections to workstations b) Wireless wearable computers provide information directly to workers 2) Conference rooms a) WLANs provide consistent access to mobile workers 3) Office areas a) WLANS simplify cabling and provide ubiquitous coverage
Client Types 1) Laptops and other computers a) Can use existing and future solutions 2) Resource challenged devices a) Palm, Pocket PC, Bar Code scanners, etc b) Can use some security solutions 3) Devices without a user interface a) Printers, embedded machine controllers b) Automated device authentication needed 4) Really, really dumb devices a) Sensors, RFID tags b) No OS, no crypto support, etc.
Issues
1) IEEE 802.11 Wired Equivalent Privacy (WEP) protocol lacks effective security a) Group keyed access control Group9
b) c) d) e)
No user authentication Flawed encryption Radio signals extend beyond Boeing property nterception is hard to detect
2) VPN solution is unwieldy a) Limited availability of VPN client software b) VPN’s require frequent reconnection
Current Architecture
1) Network Services named as sole wireless LAN provider 2) WLANS treated as untrusted networks a) Partitioned from wired network b) Access via VPNs using two factor authentication and encryption twoc) Increased application security 3) WEP required a) Reduces exposure b) Provides legal barrier 4) Wireless policy established 5) Ad hoc WLANs not permitted
Target Architecture
1) Embrace IEEE 802.11i Robust Security Network (RSN) standard to enable WLANs to be trusted a) Native per user access control per b) Native strong authentication (e.g. token cards, certificates, and smart badges) c) Native strong encryption d) RSN Availability unknown 2) Evaluate and deploy Wi Fi Protected Access
Benefits of Wireless LANs
A traditionally wired 10/100 BaseT Ethernet LAN infrastructure for 100 people costs about US$15,000 and requires several days to install (see Figure 1). Enterprises that use 10
such an arrangement also incur additional costs and disruptions with every change to the physical office. (Expenses vary according to the physical layout and the quality of the equipment used.) Conversely, wireless LANs are less expensive and less intrusive to implement and maintain, as user needs change. SIMPLIFIED IMPLEMENTATION AND MAINTENANCE Wireless APs can be placed in the ceiling, where they can accommodate a virtually endless variety of office configurations (see Figure 2). Wired LANs, in contrast, consume time and resources to run cables from a network closet to user’s desktops and to difficultto-service areas such as conference room tables and common areas. With a wired LAN, each additional user or modification to the floor plan necessitates adjustments to the cabling system. EXTENDED REACH Wireless LANs enable employees to access company resources from any location within an AP’s transmission range. This flexibility and convenience can directly improve employee productivity. INCREASED WORKER MOBILITY The roaming benefits of wireless LANs extend across all industries and disciplines. The shop foreman can manage logistics from the warehouse as easily as office-based employees move about the building with their laptops or PDAs. And field sales employees can connect to public wireless LANs in coffee shops and airport lounges. REDUCED TOTAL COST OF OWNERSHIP AND OPERATION The cumulative benefits of simplified implementation and maintenance, an extended LAN reach, and the freedom to roam minimize expenses and improve organizational and employee productivity. The result is reduced total cost of ownership and operation.
Wireless LAN Topology
11
•
Wireless LAN is typically deployed as an extension of an existing wired network as shown below.
Wi-Fi Channels
12
•
Wireless LAN communications are based on the use of radio signals to exchange information through an association between a wireless LAN card and a nearby access point.
•
Each access point in an 802.11b/g network is configured to use one radio frequency (RF) channel.
•
Although the 802.11b/g specifications indicate that there are fourteen (14) channels that can be utilized for wireless communications, in the U.S., there are only eleven channels allowed for AP use. In addition, since there is frequency overlap among many of the channels, there must be 22 MHz separation between any two channels in use.
•
In a multi-access point installation, where overlapping channels can cause interference, dead-spots and other problems, Channels 1, 6 and 11 are generally regarded as the only safe channels to use. Since there are 5 5MHz channels between 1 and 6, and between 6 and 11, or 25MHz of total bandwidth, that leaves three MHz of buffer zone between channels.
•
In practice, this constraint limits the number of useable channels to three (channels 1, 6, and 11). 802.11a wireless networks have eight non-overlapping channels which provide more flexibility in terms of channel assignment.
•
For example, 802.11a - An extension to the IEEE 802.11 standard that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. •
For the North American users, equipment available today operates between 5.15 and 5.35GHz.
•
This bandwidth supports eight separate, non-overlapping 200 MHz channels.
•
These channels allow users to install up to eight access points set to different channels without interference, making access point channel assignment much easier and significantly increasing the level of throughput the wireless LAN can deliver within a given area.
•
If two access points that use the same RF channel are too close, the overlap in their signals will cause interference, possibly confusing wireless cards in the overlapping area.
•
To avoid this potential scenario, it is important that wireless deployments be carefully designed and coordinated. 13
•
It is also critical to make sure that deployment does not cause conflicts with other pre-existing wireless implementations.
THREATS TO WLAN ENVIRONMENTS
All wireless computer systems face security threats that can compromise its systems and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats: Eavesdropping
This involves attacks against the confidentiality of the data that is being transmitted across the network. In the wireless network, eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premise of the company.
Tampering
The attacker can modify the content of the intercepted packets from the wireless network and this results in a loss of data integrity. 14
Unauthorized access and spoofing
The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network. Denial of Service
In this attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources. The attacker could also flood a receiving wireless station thereby forcing to use up its valuable battery power. Other security threats
The other threats come from the weakness in the network administration and vulnerabilities of the wireless LAN standards, e.g. the vulnerabilities of the Wired Equivalent Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard. Type of Attacks The following known attacks are known to be effective:
• Passive Attacks 1 Dictionary based attacks 2 Cracking the WEP key • Active attacks 1 Authentication Spoofing 2 Message Injection 3 Message Modification 4 Message Decryption 5 Man in the Middle Attack
As with other networks, the active attacks are riskier but provide greater powers to the attacker.
15
Passive Attacks No risk involved
Active attacks Riskier
No need to be the part of networks, because The attacker has to first get into the the WLAN cards support monitor mode, network, before doing damages whereby one can listen to the communication without being a part of the network The attacker can only listen to whatever is going on. He can not fiddle with the network
The attacker can interrupt, hijack and control the network at his will
Security Features of Wireless LANs
A message traveling by air can be intercepted without physical access to the wiring of an organization. Any person, sitting in the vicinity of a WLAN with a transceiver with a capability to listen/talk, can pose a threat. Unfortunately, the same hardware that is used for WLAN communication can be employed for such attacks. To make the WLANs reliable the following security goals were considered: • Confidentiality • Data Integrity • Access Control The following security measures are a part of the 802.11 IEEE protocol: • Authentication • Association • Encryption The need of a client to be mobile brought in the separation of authentication and association processes. Since a client frequently changes AP boundaries, he can be authenticated to various AP at a given point, yet remains associated to his chosen one. Before a client gets associated to other, he must be first authenticated.
16
Fig: Authentication & Association
Authentication 802.11 specify two authentication mechanisms: 1 Open system authentication 2 Shared key authentication
• Open system authentication A client needs an SSID for successful Association. Any new client that comes in an EBSS area is provided with an SSID. This is equivalent to no security.
Fig : Open System Authentication
17
• Shared system authentication The client cannot authenticate himself if he doesn't have the WEP shared secret key. WEP protocol is used for encryption.
Fig : Shared key authentication Association An SSID is used to differentiate two networks logically. To successfully associate to a WS, one must have the SSID of the other WS. This was not intended to be a security feature, and in fact SSID is sent in open in the beacon frame of the AP. Encryption and Decryption-The WEP Protocol The WLAN administrator has an option (if the administrator decides to send the packets unencrypted) to make all the communication over the air encrypted, i.e. every frame that is below the Ethernet Header is encrypted using the WEP protocol. The WEP protocol has three components:
• A shared secret key, k (40bit /104 bit): The fact that the secret key is shared helps reduce the load on AP, while simultaneously assuming that whoever is given the secret key is a trusted person. This shared key is never sent over the air.802.11 doesn't discuss the deployment of this key onto Work Stations. It has to be installed manually at each WS/AP. Most APs can handle up to four shared secret keys. • Initialization vector, IV (24 bit): IV is a per-packet number that is sent in clear over the air. This number is most effective if generated randomly, because it is used as one of the inputs to the RC4 algorithm. algorithm. 802.11 don’t specify generation of IV. Infact, Infact, many cards generate IVs in linear fashion, i.e., 1,2,3… • RC4 algorithm, RC4 (IV, k): This algorithm is used to generate a key stream K, length equal to that of the message to be transmitted by the data-link layer. It takes the IV and k as inputs.
18
Fig : Encryption & Decryption on WEP
• Encryption
An IV is chosen on a per-packet basis and is sent along with the Ethernet header. P = K = RC4(IV,k) 19
9 C = P⊕K where M : Message to be sent; contains all layers upto the network layer P : Plaintext C : Cipher text transmitted over the air a ir
• Decryption
The IV is extracted from the header and is used to find the K. P'=C⊕K = It is checked if c(M')=(c(M))' and the plaintext, P' is accepted.
Decryption Dictionaries The attacker passively sniffs every packet of o f the victim. He keeps storing the ciphertext along with the corresponding IV. Whenever Wheneve r the same IV repeats, he has two ciphertexts for the corresponding IV. As shown in the figure he has C31,0 and C31,1 for K 31
Using classical techniques it is possible to find find a and b from a ⊕ b. Thus the attacker attacker can get the knowledge of P31,0 ,P31,1 and K31 provided he has patience and resources to do it.
IV
Ciphertext
IV0
C0, 1
…..
….
IV31
C0,31
....
....
IVN
C0,N Table : A
Decryption Dictionary
Cracking the WEP key (The working of Airsnort) 20
This passive attack is used to find the secret key, k. The attack is based on the premise that some weak IVs exist (Fluhrer et. al., 2 ), i.e. they reveal information of a byte x of k. The following facts/assumptions are used: • The first byte of plaintext is known, it happens to be 0xAA for ARP and IP packets. We thus know the first byte K1 of the key stream K. • K1 is enough to find the byte x of k. • All the bytes of k prior to x have been deciphered correctly. • The probability of finding byte x of k correctly is more than 0.05. We illustrate here, with an example, the working of the attack: 1. We take a packet and keep its IV. 2. There can be two cases (Function classify of crack.c of Airsnort, 5) • If it is not a weak IV we dump it. • If it is a weak IV, we find that it helps us in finding 6th byte of k 3. We calculate the value of 6th byte (Function key Guess of it RC4.c of Airsnort, 5).
We find out that this weak IV w.r.t 6th byte of k calculates k6 to 0x67. We keep this Value of k6 in a table (because the calculated value 0x67 may be wrong). 4 Such a table keeps filling. After sufficient entries, we find that the calculated value 0x67 of k6 is correct because it occurred the maximum times. 5 After finding all the bytes of k, we make a try on all the packets, used above, by 12 decrypting them and checking whether indeed, CRC(M) is consistent for all of them.(This step is same as the decryption method described earlier)
21
Working of Airsnort
The actual number of packets needed to crack the WEP key was not checked by us ,but reports say that it can be done in a matter of a few hours for 40-bit secret key and a matter of days for 104-bit secret key.
Message Modification This active attack is used to change a particular part of the message M that is known to the attacker, along with its position in the packet. This field can be an email ID, HTML form.
22
Fig : Message Modification The attacker doesn't need to have the knowledge of key stream K or the secret key k for the attack. The attack is based on the fact that CRC(M) is an unkeyed function of M
Message Injection The attack assumes that the attacker has a pair of K, IV. This pair can be reused over and over again without arousing suspicions, because there is no mechanism to check continuous repetition of IVs. Again the fact that CRC (M) is an unkeyed function of M.
Fig : Message Injection 23
Authentication Spoofing This attack is another form of Message Injection. By sniffing the shared key authentication process, the attacker knows a pair of Plaintext (Random Challenge) and Cipher text (Challenge Response) and the corresponding IV. Thus he knows the required pair. This pair can be used for authentication purposes.
Fig : Authentication Spoofing
Message Decryption
There are two methods of decrypting the message by active attacks. 1. IP Redirection 2. Reaction Attack • IP Redirection This attack is an extension to message modification. The attacker modifies the destination IP in the IP header of the packet. By doing this, the attacker sends a packet from WEP encrypted zone to No WEP Zone, where he holds a machine.
24
Fig : IP Redirection
To do this he has to make changes in the IP Header Checksum. In most cases the initial IP Checksum is not known although the attacker is assumed to have the initial destination IP address. So the attacker keeps sending packets with various values of checksum till he gets the packet across to his machine in No WEP Zone. We did a simulation of this attack. The number of packets required, as a function of initial and final destination IPs, before getting a hit is open for interpretation.
• Reaction Attack This attack only works for TCP Packets. If TCP checksum is valid w.r.t. to the checksum, an ack is sent, otherwise the packet is dropped silently. This attack is based on the receiver’s willingness to decrypt arbitrary cipher text and feed them to another component of the system that leaks a tiny bit of information about it's inputs. The attack is rightly called reaction attack as it works by monitoring the recipient’s reaction to our forgeries.
25
Fig : Reaction Attack We have coded a simulation that verifies the property of TCP checksum that if bits Pi and Pi+16 are complements of each other then putting complemented values into each, Pi and Pi+16 doesn't affect the TCP checksum. Thus, the attack works in following fashion: 1. Take complements of Ci and Ci+16. 2. Make appropriate changes in the CRC checksum (this is not to be confused with the IP or TCP checksums) of message, CRC (M), and send the packet to the recipient. 3. There are two cases: a) ACK received: Pi and Pi+16} were complements of each other. b) No ACK: Pi and Pi+16 were same.
Man in the Middle Attack This is a standard attack employed on all sorts of networks. In WLANs, the attack works in the following fashion:
Fig : Man in the Middle
Steps in Man in Middle attack: 26
1. The attacker sets up a fake AP near to existing AP using a WS to masquerade network logons. 2. The user connects, in error, to the fake AP, and enters username and password. 3. The intruder collects data and informs user of incorrect password, then sleeps for five minutes, and successfully logs on to the real AP.
Security options
There are three principal ways to secure a wireless network. •
•
•
For closed networks (like home users and organizations) the most common way is to configure access restrictions in the access points. Those restrictions may include encryption and checks on MAC address. Another option is to disable ESSID broadcasting, making the access point difficult for outsiders to detect. Wireless Intrusion Prevention Systems can be used to provide wireless LAN security in this network model. For commercial providers, hotspots, and large organizations, the preferred solution is often to have an open and unencrypted, but completely isolated wireless network. The users will at first have no access to the Internet nor to any local network resources. Commercial providers usually forward all web traffic to a captive portal which provides for payment and/or authorization. Another solution is to require the users to connect securely to a privileged network using VPN. Wireless networks are less secure than wired ones; in many offices intruders can easily visit and hook up their own computer to the wired network without problems, gaining access to the network, and it's also often possible for remote intruders to gain access to the network through backdoors like Back Orifice. One general solution may be end-to-end encryption, with independent authentication on all resources that shouldn't be available to the public.
27
Access Control at the Access Point level
One of the simplest techniques is to only allow access from known, approved MAC addresses. However, this approach gives no security against sniffing, and client devices can easily spoof MAC addresses, leading to the need for more advanced security measures. Another very simple technique is to have a secret ESSID (id/name of the wireless network), though anyone who studies the method will be able to sniff the ESSID. Today all (or almost all) access points incorporate Wired Equivalent Privacy (WEP) encryption and most wireless routers are sold with WEP turned on. However, security analysts have criticized WEP's inadequacies, and the U.S. FBI has demonstrated the ability to break WEP protection in only three minutes using tools available to the general public (see aircrack ). The Wi-Fi Protected Access (WPA and WPA2) security protocols were later created to address these problems. If a weak password, such as a dictionary word or short character string is used, WPA and WPA2 can be cracked. Using a long enough random password (e.g. 14 random letters) or passphrase (e.g. 5 randomly chosen words) makes pre-shared key WPA virtually uncrackable. The second generation of the WPA security protocol (WPA2) is based on the final IEEE 802.11i amendment to the 802.11 standard and is eligible for FIPS 140-2 compliance. With all those encryption schemes, any client in the network that knows the keys can read all the traffic. Restricted access networks
Solutions include a newer system for authentication, IEEE 802.1x, that promises to enhance security on both wired and wireless networks. Wireless access points that incorporate technologies like these often also have routers built in, thus becoming wireless gateways. End-to-End encryption
One can argue that both layer 2 and layer 3 encryption methods are not good enough for protecting valuable data like passwords and personal emails. Those technologies add encryption only to parts of the communication path, still allowing people to spy on the traffic if they have gained access to the wired network somehow. The solution may be encryption and authorization in the application layer , using technologies like SSL, SSH, GnuPG, PGP and similar. The disadvantage with the end to end method is, it may fail to cover all traffic. With encryption on the router level or VPN, a single switch encrypts all traffic, even UDP and DNS lookups. With end-to-end encryption on the other hand, each service to be secured must have its encryption "turned on," and often every connection must also be "turned on" separately. For sending emails, every recipient must support the encryption method, 28
and must exchange keys correctly. For Web, not all web sites offer https, and even if they do, the browser sends out IP addresses in clear text. The most prized resource is often access to Internet. An office LAN owner seeking to restrict such access will face the non trivial enforcement task of having each user authenticate himself for the router. Open Access Points
Today, there is almost full wireless network coverage in many urban areas - the infrastructure for the wireless community network (which some consider to be the future of the internet) is already in place. One could roam around and always be connected to Internet if the nodes were open to the public, but due to security concerns, most nodes are encrypted and the users don't know how to disable encryption. Many people consider it proper etiquette to leave access points open to the public, allowing free access to Internet. Others think the default encryption provides substantial protection a t small inconvenience, against dangers of open access that they fear may be substantial even on a home DSL router. The density of access points can even be a problem - there are a limited number of channels available, and they partly overlap. Each channel can handle multiple networks, but places with many private wireless networks (for example, apartment complexes), the limited number of Wi-Fi radio channels might cause slowness and other problems. According to the advocates of Open Access Points, it shouldn't involve any significant risks to open up wireless networks for the public: •
•
•
The wireless network is after all confined to a small geographical area. A computer connected to the Internet and having improper configurations or other security problems can be exploited by anyone from anywhere in the world, while only clients in a small geographical range can exploit an open wireless access point. Thus the exposure is low with an open wireless access point, and the risks with having an open wireless network are small. However, one should be aware that an open wireless router will give access to the local network, often including access to file shares and printers. The only way to keep communication truly secure is to use end-to-end encryption. For example, when accessing an internet bank, one would almost always use strong encryption from the web browser and all the way to the bank - thus it shouldn't be risky to do banking over an unencrypted wireless network. The argument is that anyone can sniff the traffic applies to wired networks too, where system administrators and possible crackers have access to the links and can read the traffic. Also, anyone knowing the keys for an encrypted wireless network can gain access to the data being transferred over the network. If services like file shares, access to printers etc. are available on the local net, it is advisable to have authentication (i.e. by password) for accessing it (one should never assume that the private network is not accessible from the outside). 29
•
•
•
Correctly set up, it should be safe to allow access to the local network to outsiders. With the most popular encryption algorithms today, a sniffer will usually be able to compute the network key in a few minutes. It is very common to pay a fixed monthly fee for the Internet connection, and not for the traffic - thus extra traffic will not hurt. Where Internet connections are plentiful and cheap, freeloaders will seldom be a prominent nuisance.
Tools available for attacking WLANs These are few of the tools that are available for attacking the WLANs: 1. Airsnort (Linux) - cracks the WEP key. 2. WEPCrack (Linux) - cracks the WEP key. 3. NetStumbler (Windows) - finds the network parameters like, SSID, Channels, MAC Addresses, Type of Encryption used, Vendor of the card, tells the default secret key of the vendor can be used with a GPS for locating APs. 4. Kismet (Linux) - a WLAN sniffer 5. Thc-Wardrive (Linux) - for war driving 6. dsniff (Linux) - counterpart of NetStumbler 7. dstumbler (FreeBSD) - counterpart of NetStumbler
Summary of 802.11 vulnerabilities The following 802.11 vulnerabilities come out on the basis of the known attacks • SSID is required for associating a WS to an AP, and it is in the beacon frame. So, anyone can get it easily. • IV size is very small. • Many vendors increase the IVs in a linear fashion(0,1,2,3..) • An IV that has occurred before is bound to occur after 2^{24} times, and infact after 5000 packets due to birthday paradox. This infact make the dictionary attack possible, because this translates to keeping a data of 2^{24}* 1500 = 16 GB. • The strength of stream ciphers is based on the fact that a same seed never repeats, while the contrary has been described in the above point. • Despite knowing that a secret key should be changed frequently, no known mechanisms have come for good key management. • Only four secret keys are generally used in a network simultaneously, that too, most people don't change them from the default key provided by the vendor. • CRC(M) is an unkeyed function of M, message. • In the next chapter, we have recommended ACLs, but even MAC address spoofing can 30
fool them.
Countermeasures If there are vulnerabilities, then there are their co untermeasures also, which cannot overcome them fully but can protect to a great extent. Here are few countermeasures, which can help a lot in retaining security of WLAN. ! Do not trust WLAN and work under the coverage of a VPN (Virtual Private Networks). ! Maintain a good key management system, which changes the key before the sufficient no of packets required for cracking the key are transmitted. ! Increasing the bit length of IV and secret key is also a partial solution. ! Use of strong algorithm like AES ! Making the checksum of the message a keyed function, using algorithms like HMAC: keyed Hashing.
! Configuring AP for allowing only few MAC addresses, which are there in his Access Control Lists (ACLs). ! Define the ACL depending upon Signal strength. ! One must take care of the physical security also. You should take care that no unauthorized person gets access of your laptop or any Work Station, which is in the network because he can just copy the secret key. ! Enable RADIUS or Kerberos authentication for workstation to Access Point. ! Enable IPSec or Application level encryption for secure data communications
Fake Access points or Honey Pots. Honey pots are devices placed on the periphery of a network for luring attackers to compromise them. By making attackers send their energy and resources on honey pots, effectively the real network is protected. Wireless honeypots consist of devices that transmit fake beacon frames. These devices emulate hundreds of fake access points, this results that the attacker is confused and tries to connect to any one of the fake access points. The attacker activity can be logged and studied. This also protects the network from attackers by hiding the network behind a mask.
Wireless Network Auditing Wireless network auditing is an important part of WLAN security policy. The network needs to be regularly audited for rouge hardware. In this method the network is scanned and mapped for all access points and WLAN nodes. Then this is compared with previous network map.
31
Commonly available network mapping tools like netstumbler and wavelan tool can be used to do this. Specialized tools such as Airsnort can be used for WEP cracking and auditing the network for weak keys, key reuse and WEP security settings. These methods include the same tests as those carried out by hackers for breaking into the network.
Future of Wireless LAN Security Advanced encryption Standard (AES) Advanced Encryption Standard is gaining acceptance as appropriate replacement for RC4 algorithm in WEP. AES uses the Rijandale Algorithm and supports the following key lengths " 128 bit " 192 bit " 256 bit AES is considered to be un-crackable by most Cryptographers. NIST has chosen AES for Federal Information Processing Standard (FIPS). In order to improve wireless LAN security the 802.11i is considering inclusion of AES in WEPv2. Temporal Key Integrity Protocol (TKIP) The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an interim solution that fixes the key reuse problem of WEP, that is, periodically using the same key to encrypt data. The TKIP process begins with a 128-bit "temporal key" shared among clients and access points. TKIP combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP also prevents the passive snooping attack by hashing the IV.
TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network. An advantage of using TKIP is that companies having existing WEP-based access points and radio NICs can upgrade to TKIP through relatively simple firmware patches. In addition, WEP only equipment will still interoperate with TKIP-enabled devices using WEP. TKIP is a temporary solution, and most experts believe that stronger encryption is still needed 802.1X and Extensible Authentication Protocol Combined with an authentication protocol, such as EAP-TLS, LEAP, or EAP-TTLS, IEEE 802.1X provides port-based access control and mutual authentication between clients and access points via an authentication server. The use of digital certificates makes this process very effective. 802.1X also provides a method for distributing encryption keys dynamically to wireless LAN devices, which solves the key reuse problem found in the current version of 32
802.11. Initial 802.1X communications begins with an unauthenticated supplicant (i.e., client device) attempting to connect with an authenticator (i.e., 802.11 access point). The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS). Once authenticated, the access point opens the client's port for other types of traffic.
ManageEngine WiFi Manager Wireless LAN monitoring Tool
ManageEngine WiFi Manager is an integrated and centralized management and security solution for wireless networks (WLANs) for enterprises. It enhances the availability and security of your WLANs by continuously monitoring the network as well as the airspace. WiFi Manager offers wireless device monitoring, one-click configuration, access po int firmware management, wireless security management and a variety of reports that remove the complexity of wireless network management. WiFi Manager can detect almost all major wireless threats including rogue attacks, intrusions, sniffers, DoS attacks, and vulnerabilities. With WiFi Manager you'll have complete control over your wireless devices as well as your airspace, and more time to focus on core IT operations. How It Works
WiFi Manager comprises of 2 components: • •
WiFi Manager Server RF Sensors
Administrators can download the WiFi Manager server from our website and install it in the LAN to perform integrated wireless and wired network management. RF sensors are optional hardware components that are distributed throughout the physical environment, providing WLAN protection wherever needed. The WiFi Manager server aggregates, analyzes, and persists the data fed by the sensors. WiFi Manager presents a neat Web based user interface that can be accessed from anywhere using a standard HTML browser.
Use WiFi Manager To • • • •
Identify rogue wireless devices Know who is using your WLAN Know what access points are connected to your WLAN Monitor your WLAN devices 33
• • • • •
• • • •
Monitor Access Point bandwidth utilization Configure your WLAN Access Points Enhance and enforce wireless LAN security. Proactively manage the network problems before they impact the network. Identify network bottlenecks, reduce downtime, and to improve network health and performance. Troubleshoot network problems. Capture and decode wireless traffic for testing and troubleshooting. Upgrade firmware, schedule upgrades, and audit them. Enforce no WLAN policy.
Features Continuous RF Monitoring Using integrated RF sensors WiFi Manager analyses the RF spectrum for all 802.11 conversations and identifies intrusions, attacks, vulnerabilities, and policy violations. Local analysis and intelligent data forwarding ensures low bandwidth consumption between sensors and the software. These sensors require zero configurations making it truly plugand- play.
34
Rogue Detection & Blocking Multiple techniques involving RF and wired side inputs are employed to detect rogue access points. Once detected, WiFi Manager provides details such as nearest sensor and switch port mapping for the administrators to locate and block the rogue AP from the network. Attack Mitigation WiFi Manager reduces the impact of wireless attacks by detecting them before hand. It detects all major attacks including RF jamming attack, AirJack attack, ASLEAP attack, Fata-jack attack, EAPoL logoff Storm, EAPoL Start Storm etc. Access Point Configuration Using WiFi Manager administrators can configure access point for b asic settings, radio settings, access control settings, security settings, and services settings. Administrators can either fill in predefined configuration templates and push the values to select access points or group access points based on model, firmware version etc., and configure them in bulk. Firmware Upgrade WiFi Manager facilitates remote firmware upgrade of access points. Upgrades can also be scheduled for later execution. Wired & Wireless Network Monitoring WiFi Manager monitors access points and other network devices for availability, SNMP reachability, traffic, and utilization. It generates specific reports for WLANs including radio reports, error reports, association reports, and security reports. Troubleshooting Web-based GUI enables quick access to alarms, reports, configuration history etc., facilitating easy troubleshooting
Security Risks and Technical Challenges
Security is a principal consideration when planning, designing, implementing, and managing a network infrastructure. This is especially true for wireless LANs, which present a unique set of challenges to IT and security professionals. In addition to the typical problems that new network and device technologies engender, including incompatibilities and ongoing support issues, non-secure wireless LANs can expose an organization’s network traffic and resources to unauthorized outsiders. 35
Such individuals may capture data and exploit network-based resources, including Internet access, fax servers, and disk storage. More importantly, wireless access to a network can represent the entry point for various types of attacks, which can crash an entire network, render services unavailable, and potentially subject the organization to legal liabilities. “LEAKY” BUILDINGS Wireless LAN radio signals can extend beyond the intended perimeter and “leak” through the physical boundaries of a floor or building. As these transmissions seep into common, public, or private areas such as roads, parking lots, and other buildings, they may fall prey to “war driving” or a “drive-by hacking” attack. Using off-the shelf hardware and freely available Internet software, unscrupulous individuals can defeat WEP encryption capabilities and access corporate wireless data. UNAPPROVED DEPLOYMENTS Insiders, including employees and contractors, may choose “not to wait for the IT Department.” They succumb to the low price and easy installation of WiFi starter kits (two wireless NICs and a WiFi Access Point), which can be purchased for about US$300 and set up with minimal technical know-how in under ten minutes. When unapproved technology is plugged into a corporate network, a number of challenges ensue, including end user and equipment support difficulties as well as potential disruptions to existing services. Malicious outsiders who gain office physical access could quickly place an unobtrusive wireless AP in a conference room or lobby area. Such devices are easy to hide and simple to implement; history is replete with stories of such “bugs” even in supposedly secure foreign embassies. Operating from a nearby location, malicious outsiders can capture data, access company resources, and interrupt services EXPOSURE OF WIRELESS DEVICES Many of today’s laptops ship with embedded WiFi capabilities. Hackers can access a device’s data and the organization’s wireless LAN even if that particular device has nev er been used to send or receive wireless transmissions. Most new machines, including gateway servers, do not ship with optimal security settings. The default settings are intended for easy installation and deployment, not for protecting assets.
SIGNAL INTERFERENCE Walls, columns, and other building features can reduce signal strength between a wireless NIC and an AP, severely limiting a wireless LAN’s range and connection quality. These problems may be mitigated with additional equipment. Other wireless technologies sharing the same public spectrum—such as Bluetooth, cordless phones, and other wireless equipment—can also adversely impact transmission range and quality. EVOLVING IEEE STANDARDS Organizations contemplating a wireless LAN deployment can choose to implement an 36
802.11b-based wireless LAN today, or wait for upcoming variations, which are intended to address performance and security issues. IEEE and its workgroups are continually defining and refining standards in light of emerging needs and perceived weaknesses in existing technologies. To the extent that vendors’ 802.11 implementations deviate from the various IEEE standards, their equipment can create interoperability challenges.
a) b) c) d)
Sniffing and War Driving Default installation allow any wireless NIC to access the network Drive around (or walk) and gain access to wireless networks Provides direct access behind the firewall Heard reports of an 8 mile range using a 24dB gain parabolic dish antenna. Rogue Networks
a) Network users often set up rogue wireless LANs to simplify their lives b) Rarely implement security measures c) Network is vulnerable to War Driving and sniffing and you may not even know it
Policy Management
a) Access is binary b) Full network access or no network access c) Need means of identifying and enforcing access policies
MAC Address
a) Can control access by allowing only defined MAC addresses to connect to the network b) This address can be spoofed c) Must compile, maintain, and distribute a list of valid MAC addresses to each access point d) Not a valid solution for public applications
d) e)
SSID SSID is the network name for a wireless network WLAN products common defaults: “101” for 3COM and “tsunami” for Cisco Can be required to specifically request the access point by name (lets SSID act as a password) The more people that know the SSID, the higher the likelihood it will be misused. Changing the SSID requires communicating the change to all users of the network
WEP
a) b) c)
a) Designed to be computationally efficient, self-synchronizing, and exportable 37
b) Vulnerable to attack a. Passive attacks to decrypt traffic based on statistical analysis b. Active attacks to inject new traffic from unauthorized mobile stations, based on known plaintext c. Dictionary-building attack that, after analysis of a day’s worth of traffic, allows real-time automated decryption of all traffic c) All users of a given access point share the same encryption key d) Data headers remain unencrypted so anyone can see the source and destination of the data stream
Recommendations : Even as new 802.11 vulnerabilities are identified and exploited, organizations can mitigate or eliminate many of wireless LAN’s security risks with careful education, planning, implementation, and management.
The following steps aid this process: • Establish wireless LAN security policies and practices • Design for security • Logically separate internal networks • Enable VPN access only • Remove unnecessary protocols • Restrict AP connections • Protect wireless devices.
ESTABLISH WIRELESS LAN SECURITY POLICIES AND PRACTICES The cornerstone of an effective wireless LAN strategy involves defining, standardizing, documenting, disseminating, and enforcing wireless LAN security policies and practices. These include specifying the make, model, configuration, and settings of the wireless LAN equipment authorized for use, as well as documenting and managing the APs and connected network infrastructure. Employee education increases awareness of security risks. Some employees may not realize that deploying an unauthorized wireless LAN or using a WiFi product “out of the box” may increase security risks. Clear and frequently conveyed guidelines usually promote active cooperation.
DESIGN FOR SECURITY When placing wireless APs for strategic coverage, installers should consider signal bleed into uncontrolled areas where transmissions can be intercepted. Wireless coverage should be implemented only where needed. 38
LOGICALLY SEPARATE INTERNAL NETWORKS The LAN segments that connect to wireless APs should connect to a corporate Virtual Private Network (VPN) gateway, but not directly to the production network. Eliminating APs from the production network minimizes the risk of attack techniques such as packet sniffing. ENABLE VPN ACCESS ONLY Requiring users to connect to the wireless LAN via a VPN is recommended. Once authenticated, authorized users communicate using an encrypted tunnel between the connecting device and the LAN, reducing the risk that a transmission will be captured. RESTRICT UNNECESSARY PROTOCOLS Restricting unnecessary or redundant protocols from the LAN segments that connect the APs to the VPN gateway reduces the possibility of unidentified holes and vulnerabilities. Retaining the Domain Name System (DNS) and IP Security (IPSec) protocols is recommended to support the VPN. RESTRICT AP CONNECTIONS Administrators can use authorization tables to selectively enable LAN connections only to devices with approved NIC addresses. Each NIC has a unique address that can be added to a table of authorized users; most vendors’ APs support Media Access Control (MAC) restrictions through the use of authorization tables. As a result, instead of editing each AP individually, APs can be pointed to a centrally managed database. PROTECT WIRELESS DEVICES Personal firewalls can protect individual devices from attacks launched via the “air connection” or from the Internet. IT administrators should disable all unused features of new client devices (e.g., shared drive access) and reconfigure default settings according to the organization’s particular needs.
Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) is a standard encryption for wireless networking. It is a user authentication and data encryption system from IEEE 802.11 used to overcome the security threats. Basically, WEP provides security to WLAN by encrypting the information transmitted over the air, so that only the receivers who have the correct encryption key can decrypt the information. The following section explains the technical functionality of WEP as the main security protocol for WLAN. How WEP Works?
39
When deploying WLAN, it is important to understand the ability of WEP to improve security. This section describes how WEP functions accomplish the level of privacy as in a wired LAN. WEP uses a pre-established shared secret key called the base key, the RC4 encryption algorithm and the CRC-32 (Cyclic Redundancy Code) checksum algorithm as its basic building blocks. WEP supports up to four different base keys, identified by KeyIDs 0 thorough 3. Each of these base keys is a group key called a default key, meaning that the base keys are shared among all the members of a particular wireless network. Some implementations also support a set of nameless per-link keys called key-mapping keys. However, this is less common in first generation products, because it implies the existence of a key management facility, which WEP does not define. The WEP specification does not permit the use of both key-mapping keys and default keys simultaneously, and most deployments share a single default key across all of the 802.11devices. WEP tries to achieve its security goal in a very simple way. It operates on MAC Protocol Data Units (MPDUs), the 802.11 packet fragments. To protect the data in an MPDU, WEP first computes an integrity check value (ICV) over to the MPDU data. This is the CRC-32 of the data. WEP appends the ICV to the end of the data, growing this field by four bytes. The ICV allows the receiver to detect if data has been corrupted in flight or the packet is an outright forgery. Next, WEP selects a base key and an initialization vector (IV), which is a 24-bit value. WEP c onstructs a per-packet RC4 key by concatenating the IV value and the selected shared base key. WEP then uses the per packet key to RC4, and encrypt both the data and the ICV. The IV and KeyID identifying the selected key are encoded as a four-byte string and pre-pended to the encrypted data.
40
The IEEE 802.11 standard defines the WEP base key size as consisting of 40 bits, so the per-packet key consists of 64 bits once it is combined with the IV. Many in the 802.11 community once believed that small key size was a security problem, so some vendors modified their products to support a 104-bit base key as well. This difference in key length does not make any different in the overall security. An attacker can compromise its privacy goals with comparable effort regardless of the key size used. This is due to the vulnerability of the WEP construction which will be discussed in the next section. Overview of WEP Parameters • Before enabling WEP on an 802.11 network, you must first consider what type of encryption you require and the key size you want to use. Typically, there are three WEP Encryption options available for 802.11 products: – Do Not Use WEP: The 802.11 network does not encrypt data. For authentication purposes, the network uses Open System Authentication. – Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving device decrypts the data using the same WEP Key. For authentication purposes, the wireless network uses Open System Authentication. – Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving 802.11 device decrypts the data using the same WEP Key. For authentication purposes, the 802.11 network uses Shared Key Authentication. • Note: Some 802.11 access points also support Use WEP for Authentication Only (Shared Key Authentication without data encryption).
Weaknesses of WEP WEP has undergone much scrutiny and criticism that it may be compromised. What makes WEP vulnerable? The major WEP flaws can be summarized into three categories: No forgery protection There is no forgery protection provided by WEP. Even without knowing the encryption key, an adversary can change 802.11 packets in arbitrary, undetectable ways , deliver data to unauthorized parties, and masquerade as an authorized user. Even worse, an adversary can also learn more about the encryption key with forgery attacks than with strictly passive attacks. No protection against replays WEP does not offer any protection again replays. An adversary can create forgeries without changing any data in an existing packet, simply by recording WEP packets and then retransmitting later. Replay, a special type of forgery attack, can be used to derive information about the encryption key and the data it protects.
41
Reusing initialization vectors
By reusing initialization vectors, WEP enables an attacker to decrypt the encrypted data without the need to learn the encryption key or even resorting to high-tech techniques. While often dismissed as too slow, a patient attacker can compromise the encryption of an entire network after only a few hours of data collection. A report done by a team at the University of California's computer science department [2] presented the insecurity of WEP which expose WLAN to several types of security breaches. The ISAAC (Internet Security, Applications, Authentication and Cryptography) team which released the report quantifies two types of weaknesses in WEP. The first weakness emphasizes on limitations of the Initialization Vector (IV). The value of the IV often depends on how vendor chose to implement it because the original 802.11 protocol did not specify how this value is derived. The second weakness concerns on RC4's Integrity Check Value (ICV), a CRC-32 checksum that is used to verify whether the contents of a frame have been modified in transit. At the time of encryption, this value is added to the end of the frame. As the recipient decrypts the packet, the checksum is used to validate the data. Because the ICV is not encrypted, however, it is theoretically possible to change the data payload as long as you can derive the appropriate bits to change in the ICV as well. This means data can be tampered and falsified.
WEP Encryption and Its Weaknesses WEP is based on the RC4 algorithm, which is a symmetric key stream cipher. As noted previously, the encryption keys must match on both the client and the access point for frame exchanges to succeed. The following section will examine stream ciphers and provide some perspective on how they work and how they compare to block ciphers. Stream Ciphers and Block Ciphers A stream cipher encrypts data by generating a key stream from the key and performing the XOR function on the key stream with the plain-text data. The key stream can be any size necessary to match the size of the plain-text frame to encrypt
Figure: Stream Cipher Operation
42
Block ciphers deal with data in defined blocks, rather than frames of varying sizes. The block cipher fragments the frame into blocks of predetermined size and performs the XOR function on each block. Each block must be the predetermined size, and leftover frame fragments are padded to the appropriate block size (Figure 12). For example, if a block cipher fragments frames into 16 byte blocks, and a 38-byte frame is to be encrypted, the block cipher fragments the frame into two 16-byte blocks and one six-byte block. The six-byte block is padded with 10 bytes of padding to meet the 16-byte block size.
Figure : Block Cipher Operation
43
The process of encryption described above for stream ciphers and block ciphers is known as Electronic Code Book (ECB) mode encryption. With ECB mode encryption, the same plain-text input always generates the same cipher-text output. As Figure : illustrates, the input text of “FOO” always produces the same cipher-text. This is a potential security threat because eavesdroppers can see patterns in the cipher-text and start making educated guesses about what the original plain-text is.
Figure : Electronic Code Book Encryption
There are two encryption techniques to overcome this issue: • Initialization vectors • Feedback modes Initialization Vectors
An initialization vector (IV) is used to alter the key stream. The IV is a numeric value that is concatenated to the base key before the key stream is generated. Every time the IV changes, so does the key stream. Figure shows the same plain-text “FOO” with the XOR function performed with the IV augmented key stream to generate different cipher-text. The 802.11 standard recommends that the IV change on a per-frame basis. This way, if the same packet is transmitted twice, the resulting cipher-text will be different for each transmission.
44
Figure Encryption with an Initialization Vector
The IV is a 24-bit value (Figure 15) that augments a 40-bit WEP key to 64 bits and a 104 bit WEP key to 128 bits. The IV is sent in the clear in the frame header so the receiving station knows the IV value and is able to decrypt the frame (Figure : Although 40-bit and 104-bit WEP keys are often referred to as 64-bit and 128-bit WEP keys, the effective key strength is only 40 bits and 104 bits, respectively, because the IV is sent unencrypted.
Figure : Initialization Vector in a WEP-Encrypted Frame
45
Feedback Modes Feedback modes are modifications to the encryption process to prevent a plain-text message from generating the same cipher-text during encryption. Feedback modes are generally used with block ciphers, and the most common feedback mode is known as cipher block chaining (CBC) mode. The premise behind CBC mode is that a plain-text block has the XOR function performed with the previous block of cipher-text. Because the first block has no preceding ciphertext block, an IV is used to change the key stream. Figure illustrates the operation of CBC mode. Other feedback modes are available, and some will be discussed later in this paper.
Figure : CBC Mode Block Cipher
46
Practical Solutions for Securing WLAN
Despite the risks and vulnerabilities associated with wireless networking, there are certainly circumstances that demand their usage. Even with the WEP flaws, it is still possible for users to secure their WLAN to an acceptable level. This could be done by implementing the following actions to minimize attacks into the main networks Changing Default SSID
Service Set Identifier (SSID) is a unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to a particular WLAN. The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. In fact, it is the only security mechanism that the access point requires to enable association in the absence of activating optional security features. Not changing the default SSID is one of the most common security mistakes made by WLAN administrators. This is equivalent to leaving a default password in place. The SSID is advertised in plain-text in the access point beacon messages (Figure 8). Although beacon messages are transparent to users, an eavesdropper can easily determine the SSID with the use of an 802.11 wireless LAN packet analyzer, like Sniffer Pro. Some access-point vendors, including Cisco, offer the option to disable SSID broadcasts in the beacon messages. The SSID can still be determined by sniffing the probe response frames from an access point. The SSID is not designed, nor intended for use, as a security mechanism. In addition, disabling SSID broadcasts might have adverse effects onWi-Fi interoperability for mixed-client deployments. Therefore, Cisco does not recommend using the SSID as a mode of security.
47
Securing a wireless AP
• SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier) – Each AP has an SSID that it uses to identify itself. Network configuration requires each wireless client to know the SSID of the AP to which it wants to connect. – SSID provides a very modest amount of control. It keeps a client from accidentally connecting to a neighboring AP only. It does not keep an attacker out. – The SSID is a token that identifies an 802.11 network. The SSID is a secret key that is set by the network administrator. Clients must know the SSID to join an 802.11 network; however, network sniffing can discover the SSID. – The fact that the SSID is a secret key instead of a public key creates a management problem for the network administrator. • Every user of the network must configure the SSID into their system. If the network administrator seeks to lock a user out of the network, the administrator must change the SSID of the network, which requires reconfiguration of every network node. Some 802.11 NICs allow you to configure several SSIDs at one time.
48
Basic 802.11 Security
• MAC filters – Some APs provide the capability for checking the MAC address of the client before allowing it to connect to the network. – Using MAC filters is considered to be very weak security because with many Wi-Fi client implementations it is possible to change the MAC address by reconfiguring the card. – An attacker could sniff a valid MAC address from the wireless network traffic . •
Static WEP keys – Wired Equivalent Privacy (WEP) is part of the 80 2.11 specification. – Static WEP key operation requires keys on the client and AP that are used to encrypt data sent between them. With WEP encryption, sniffing is eliminated and session hijacking is difficult (or impossible). – Client and AP are configured with a set of 4 keys, and when decrypting each are used in turn until decryption is successful. This allows keys to be changed dynamically. – Keys are the same in all clients and AP. This means that there is a “community” key shared by everyone using the same AP. The danger is that if any one in the community is compromised, the community key, and hence the network and everyone else using it, is at risk.
Utilize VPN A VPN is a much more comprehensive solution in a way that it authenticates users coming from an untrusted space and encrypts their communication so that someone listening cannot intercept it. Wireless AP is placed behind the corporate firewall within a typical wireless implementation. This type of implementation opens up a big hole within the trusted network space. A secure method of implementing a wireless AP is to place it behind a VPN server. This type of implementation provides high security for the wireless network implementation without adding significant overhead to the users. If there is more than one wireless AP in the organization, it is recommended to run them all into a common switch, then connecting the VPN server to the same switch.
Then, the desktop users will not need to have multiple VPN dial-up connections configured on their desktops. They will always be authenticating to the same VPN server no matter which wireless AP they have associated with .
Utilize Static IP 49
By default, most wireless LANs utilize DHCP (Dynamic Host Configuration Protocol) to more efficiently assign IP addresses automatically to user devices. A problem is that DHCP does not differentiate a legitimate user from a hacker. With a proper SSID, anyone implementing DHCP will obtain an IP address automatically and become a genuine node on the network. By disabling DHCP and assigning static IP addresses to all wireless users, you can minimize the possibility of the hacker obtaining a valid IP address. This limits their ability to access network services. On the other hand, someone can use an 802.11 packet analyzer to sniff the exchange of frames over the network and learn what IP addresses are in use. This helps the intruder in guessing what IP address to use that falls within the range of ones in use. Thus, the use of static IP addresses is not fool proof, but at least it is a deterrent. Also keep in mind that the use of static IP addresses in larger networks is very cumbersome, which may prompt network managers to use DHCP to avoid support issues.
Access Point Placement
WLAN access points should be placed outside the firewall to protect intruders from accessing corporate network resources. Firewall can be configured to enable access only by legitimate users based on MAC and IP addresses. However, this is by no means a final or perfect solution because MAC and IP addresses can be spoofed even though this makes it difficult for a hacker to mimic.
Minimize radio wave propagation in non-user areas
Try orienting antennas to avoid covering areas outside the physically controlled boundaries of the facility. By steering clear of public areas, such as parking lots, lobbies, and adjacent offices, the ability for an intruder to participate on the wireless LAN can be significantly reduced. This will also minimize the impact of someone disabling the wireless LAN with jamming techniques.
Authentication Type
•
An access point must authenticate a station before the station can associate with the access point or communicate with the network. The IEEE 802.11 standard defines two types of authentication: – Open System Authentication – Shared Key Authentication
Open System Authentication • The following steps occur when two devices use Open System Authentication: – The station sends an authentication request to the access point. 50
•
– The access point authenticates the station. – The station associates with the access point and joins the network. The process is illustrated below.
Shared Key Authentication
•
The following steps occur when two devices use Shared Key Authentication: 1. The station sends an authentication request to the access point. 2. The access point sends challenge text to the station. 3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and sends the encrypted text to the access point. 4. The access point decrypts the encrypted text using its configured WEP Key that corresponds to the station’s default key. 5. The access point compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP Key and the access point authenticates the station. 6. The station connects to the network.
•
If the decrypted text does not match the original challenge text (i.e., the access point and station do not share the same WEP Key), then the access point will refuse to authenticate the station and the station will be unable to communicate with either the 802.11 network or Ethernet network. • The process is illustrated in below.
51
Shared Key Authentication Vulnerabilities
Shared key authentication requires the client use a preshared WEP key to encrypt challenge text sent from the access point. The access point authenticates the client by decrypting the shared key response and validating that the challenge text is the same. The process of exchanging the challenge text occurs over the wireless link and is vulnerable to a man-in-the-middle attack. An eavesdropper can capture both the plaintext challenge text and the cipher-text response. WEP encryption is done by performing an exclusive OR (XOR) function on the plain-text with the key stream to produce the cipher-text. It is important to note that if the XOR function is performed on the plain-text and cipher-text are XORed, the result is the key stream. Therefore, an eavesdropper can easily derive the key stream just by sniffing the shared key authentication process with a protocol analyzer
52
MAC Address Authentication Vulnerabilities MAC addresses are sent in the clear as required by the 802.11 specification. As a result, in wireless LANs that use MAC authentication, a network attacker might be able to subvert the MAC authentication process by “spoofing” a valid MAC address. MAC address spoofing is possible in 802.11 network interface cards (NICs) that allow the universally administered address (UAA) to be overwritten with a locally administered address (LAA). A network attacker can use a protocol analyzer to determine a valid MAC address in the business support system (BSS) and an LAA-compliant NIC with which to spoof the valid MAC address.
53
New Standards for Improving WLAN Security
Apart from all of the actions in minimizing attacks to WLAN mentioned in the previous section, we will also look at some new standards that intend to improve the security of WLAN
Advanced encryption Standard (AES) Advanced Encryption Standard is gaining acceptance as appropriate replacement for RC4 algorithm in WEP. AES uses the Rijandale Algorithm and supports the following key lengths
" 128 bit key " 192 bit key " 256 bit key AES is considered to be un-crackable by most Cryptographers. NIST has chosen AES for Federal Information Processing Standard (FIPS). In order to improve wireless LAN security the 802.11i is considering inclusion of AES in WEPv2. Temporal Key Integrity Protocol (TKIP) The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an interim solution that fixes the key reuse problem of WEP, that is, periodically using the same key to encrypt data. The TKIP process begins with a 128-bit "temporal key" shared among clients and access points. TKIP combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP also prevents the passive snooping attack by hashing the IV.
TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network. The Temporal Key Integrity Protocol is part of the IEEE 802.11i encryption standard for wireless LANs. TKIP is the next generation of WEP, the Wired Equivalency Protocol, which is used to secure 802.11 wireless LANs. TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP.
54
An advantage of using TKIP is that companies having existing WEP-based access points and radio NICs can upgrade to TKIP through relatively simple firmware patches. In addition, WEPonly equipment will still interoperate with TKIP-enabled devices u sing WEP. TKIP is a temporary solution, and most experts believe that stronger encryption is still needed. The temporal key integrity protocol (TKIP) which initially referred to as WEP2, was designed to address all the known attacks and deficiencies in the WEP algorithm. According to 802.11 Planet [6], the TKIP security process begins with a 128-bit temporal-key, which is shared among clients and access points. TKIP combines the temporal key with the client machine's MAC address and then adds a relatively large 16octet initialization vector to produce the key that will encrypt the data. Similar to WEP, TKIP also uses RC4 to perform the encryption. However, TKIP changes temporal keys every 10,000 packets. This difference provides a dynamic distribution method that significantly enhances the security of the network. TKIP is seen as a method that can quickly overcome the weaknesses in WEP security, especially the reuse of encryption keys. The following are four new algorithms and their function that TKIP adds to WEP: i. A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries. ii. A new IV sequencing discipline, to remove replay attacks from the attacker’s arsenal. iii. A per-packet key mixing function, to de-correlate the public from weak keys. iv. A re-keying mechanism, to provide fresh encryption and integrity keys, undoing the threat of attacks stemming from key reuse.
What is 802.11?
55
802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. 802.11 Family Members There are several specifications in the 802.11 family: •
•
•
•
802.11 – Applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS). 802.11a – An extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS. 802.11b – (also referred to as 802.11 High Rate or Wi-Fi) is an extension to 802.11 that applies to wireless LANs and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. 802.11g – Applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.
What Exactly Is 802.1x? • Standard set by the IEEE 802.1 working group. • Describes a standard link layer protocol used for transporting higher-level authentication protocols. • Works between the Supplicant (Client Software) and the Authenticator (Network Device). • Maintains backend communication to an Authentication (Typically RADIUS) Server.
What Does it Do?
• •
• •
Transport authentication information in the form of Extensible Authentication Protocol (EAP) payloads. The authenticator (switch) becomes the middleman for relaying EAP received in 802.1x packets to an authentication server by using RADIUS to carry the EAP information. Several EAP types are specified in the standard. Three common forms of EAP are – EAP-MD5 – MD5 Hashed Username/Password 56
– –
EAP-OTP – One-Time Passwords EAP-TLS – Strong PKI Authenticated Transport Layer Security (SSL)
802.1x One of the standards is 802.1x which was originally designed for wired Ethernet networks. This standard is also part of the 802.11i standard that will be discussed later. The following discussion of 802.1x is divided into three parts, starting with the concept of Point-to-Point Protocol (PPP), followed by Extensible Authentication Protocol (EAP), and continues with the understanding of 802.1x itself.
•
•
•
IEEE802.1x is the denotation of a standard that is titled “Port Based Network Access Control”, which indicates that the emphasis of the standard is to provide a control mechanism to connect physically to a LAN. The standard does not define the authentication methods, but it does provide a framework that allows the application of this standard in co mbination with any chosen authentication method. It adds to the flexibility as current and future authentication methods can be used without having to adapt the standard.
802.1x Components
IEEE 802.1x relates to EAP in a way that it is a standard for carrying EAP over a wired LAN or WLAN. There are four important entities that explain this standard . i. Authenticator Authenticator is the entity that requires the entity on the other end of the link to be authenticated. An example is wireless access points.
ii. Supplicant Supplicant is the entity being authenticated by the Authenticator and desiring access to the services of the Authenticator. iii. Port Access Entity (PAE) It is the protocol entity associated with a port. It may support the functionality of Authenticator, Supplicant or both. iv. Authentication Server Authentication server is an entity that provides authentication service to the Authenticator. It maybe co-located with Authenticator, b ut it is most likely an external server. It is typically a RADIUS (Remote Access Dial In User Service) server. The supplicant and authentication server are the major parts of 802.1x.
•
The 802.1x standard recognizes the following concepts: • Port Access Entity (PAE) 57
•
which refers to the mechanism (algorithms and protocols) associated with a LAN port (residing in either a Bridge or a Station) • Supplicant PAE • which refers to the entity that requires authentication before getting access to the LAN (typically in the client station) • Authenticator PAE • which refers to the entity facilitating authentication of a supplicant (typically in bridge or AP) • Authentication server which refers to the entity that provides authentication service to the Authenticators in the LAN (could be a RADIUS server)
58
Fig:802.1x Traffic
59
• As the picture indicates, EAP information, when transmitted from Supplicant to Authentication Server, is first encapsulated within a (wireless) LAN frame (referred to as EAP over LAN or EAPoL). Once received by the Authenticator it is extracted from the LAN frame and placed in a packet that conforms to the RADIUS protocol. • This RADIUS packet is then transmitted to the Authentication using the RADIUS (UDP) protocol. • Traffic coming from the Authentication Server to the Supplicant follows the reverse process. PPP The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for transporting IP traffic over point-to-point links. PPP also established a standard for the assignment and management of IP addresses, asynchronous (start/stop) and bit-oriented synchronous encapsulation, network protocol multiplexing, link configuration, link quality testing, error detection, and option negotiation for such capabilities as networklayer address negotiation and data-compression negotiation. By any measure, PPP is a good protocol. However, as PPP usage grew, people quickly found its limitation in terms of security. Most corporate networks want to do more than simple usernames and passwords for secure access. This leads to the designation of a new authentication protocol, called Extensible Authentication Protocol (EAP).
EAP The Extensible Authentication Protocol (EAP) is a general authentication protocol defined in IETF (Internet Engineering Task Force) standards. It was originally developed for use with PPP. It is an authentication protocol that provides a generalized framework for several authentication mechanisms. These include Kerberos, public key, smart cards and one-time passwords. With a standardized EAP, interoperability and compatibility across authentication methods become simpler. For example, when user dials a remote access server (RAS) and use EAP as part of the PPP connection, the RAS does not need to know any of the details about the authentication system. Only the user and the authentication server have to be coordinated. By supporting EAP authentication, RAS server does not actively participate in the authentication dialog. Instead, RAS just re packages EAP packets to hand off to a RADIUS server to make the actual authentication decision .
60
•
EAP was originally designed as part of the PPP (Point-to-Point Protocol) – The PPP Extensible Authentication Protocol (EAP) is a general protocol for PPP authentication which supports multiple authentication mechanisms. It was developed in response to an increasing demand for remote access user authentication that uses other security devices. • By using EAP, support for a number of authentication schemes may be added by defining EAP-Types. Support might include token cards, one-time passwords, public key authentication using smart card, certificates, and others. • EAP hides the details of the authentication scheme from those network elements that need not know – For example in PPP, the client and the AAA server only need to know the EAP type, and the Network Access Server does not • •
RFC 2284 defines PPP Extensible Authentication Protocol. EAP does not select a specific authentication mechanism at Link Control Phase, but rather postpones this until the Authentication Phase. – This allows the authenticator to request more information before determining the specific authentication mechanism. – This also permits the use of a "back-end" server which actually implements the various mechanisms while the PPP authenticator merely passes through the authentication exchange. 61
EAP Architecture
EAP Elements • EAP basically consists of four different protocol elements: – Request packets (from Authenticator [AP] to client [Supplicant]) – Response packets (from Client to Authenticator) 62
– –
Success packet Failure packet
EAP messages are encapsulated in Ethernet LAN packets (EAPOL) to allow communications between the supplicant and the authenticator. The following are the most common modes of operation in EAPOL: i.
The authenticator sends an "EAP-Request/Identity" packet to the supplicant as soon as it detects that the link is active.
ii. Then, the supplicant sends an "EAP-Response/Identity" packet to the authenticator, which is then passed to the authentication (RADIUS) server. iii. Next, the authentication server sends back a challenge to the authenticator, with a token password system. The authenticator unpacks this from IP and repackages it into EAPOL and sends it to the supplicant. Different authentication methods will vary this message and the total number of messages. EAP supports client-only authentication and strong mutual authentication. Only strong mutual authentication is considered appropriate for the wireless case. iv. The supplicant responds to the challenge via the authenticator and passes the response onto the authentication server. If the supplicant provides proper identity, the authentication server responds with a success message, which is then passed to the supplicant. The authenticator now allows access to the LAN, which possibly was restricted based on attributes that came back from the authentication server.
EAP Flow • After the Link Establishment phase is complete, the authenticator sends one or more Requests to authenticate the peer. • The Request has a type field to indicate what is being requested. Examples of Request types include Identity, MD5-challenge, One-Time Passwords, Generic Token Card, etc. – The MD5-challenge type corresponds closely to the CHAP authentication protocol. • Typically, the authenticator will send an initial Identity Request followed by one or more Requests for authentication information. However, an initial Identity Request is not required, and MAY be bypassed in cases where the identity is presumed (leased lines, dedicated dial-ups, etc.). • The peer sends a Response packet in reply to each Request. As with the Request packet, the Response packet contains a type field which corresponds to the type field of the Request. 63
•
The authenticator ends the authentication phase with a Success or Failure packet.
EAP Authentication • Physical connection between the client station and the network is established first, which for wireless operation means that 802.11 Association has to be completed (this is the equivalent of plugging in a wired station in an Ethernet wall socket). • After Association the 802.1x authentication commences, initiated by the Authenticator (i.e. the AP or NAS), which sends an EAP Request to the Supplicant (i.e. the client station) asking for its credentials. These credentials could be machine name or user name, depending on the authentication method that is used. • The Supplicant transmits its identity information as part of an EAP response to the Authenticator, which takes the packet from the LAN frame and encapsulates it in a RADIUS protocol message for transmission to the Authentication Server. • At this point a sequence of exchanges will take place between the Authentication Server and the Supplicant (via the Authenticator), of which the exact details depend on the Authentication method used. The ultimate result of the complete sequence is either a positive result, where the supplicant is successfully authenticated, or a negative one where the authentication has failed. In the first case the “door” to network is opened and all network resources are now available for the client device, while in the second case the network access remains blocked.
802.11i In addition to 802.1x standard created by IEEE, one up-and-coming 802.11x specification, which is 802.11i, provides replacement technology for WEP security. 802.11i is still in the development and approval processes. In this paper, the key technical elements that have been defined by the specification will be discussed. While these elements might change, the information provided will provide insight into some of the changes that 802.11i promises to deliver to enhance the security features provided in a WLAN system. The 802.11i specification consists of three main pieces organized into two layers. On the upper layer is the 802.1x, which has been discussed in the previous section. As used in 802.11i, 802.1x provides a framework for robust user authentication and encryption key distribution. On the lower layer are improved encryption algorithms. The encryption algorithms are in the form of the TKIP (Temporal Key Integrity Protocol) and the CCMP (counter mode with CBC-MAC protocol). It is important to und erstand how all of these three pieces work to form the security mechanisms of 802.11i standard. Since the concept of 802.1x has been discussed in the previous section, the following section of this paper will only look at TKIP and CCMP. Both of these encryption protocols provide enhanced data integrity over WEP, with TKIP being targeted at legacy equipment, while CCMP is being targeted at future WLAN equipments. However, a true 802.11i system uses either the TKIP or CCMP protocol for all equipments. 64
CCMP
As explained previously, TKIP was designed to address deficiencies in WEP; however, TKIP is not viewed as a long-term solution for WLAN security. In addition to TKIP encryption, the 802.11i draft defines a new encryption method based on the advanced encryption standard (AES). The AES algorithm is a symmetric block cipher that can encrypt and decrypt information. It is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits [3]. More robust than TKIP, the AES algorithm would replace WEP and RC4. AES based encryption can be used in many different modes or algorithms. The mode that has been chosen for 802.11 is the counter mode with CBCMAC protocol (CCMP). The counter mode delivers data privacy while the CBC-MAC delivers data integrity and authentication. Unlike TKIP, CCMP is mandatory for anyone implementing 802.11i .
Recommended 802.11 Security Practices
• •
• •
• •
Change the default password for the Admin account SSID • Change the default • Disable Broadcast • Make it unique • If possible, Change it often Enable MAC Address Filtering Enable WEP 128-bit Data Encryption. Please note that this will reduce your network performance • Use the highest level of encryption possible • Use a “Shared” Key • Use multiple WEP keys • Change it regularly Turn off DHCP Refrain from using the default IP subnet
Tools for Protecting WLAN There are some products that can minimize the security threats of WLAN such as:
AirDefense 65
It is a commercial wireless LAN intrusion protection and management system that discovers network vulnerabilities, detects and protects a WLAN from intruders and attacks, and assists in the management of a WLAN. AirDefense also has the capability to discover vulnerabilities and threats in a WLAN such as rogue APs and ad hoc networks. Apart from securing a WLAN from all the threats, it also provides a robust WLAN management functionality that allows users to understand their network, monitor network performance and enforce network policies [1]. Isomair Wireless Sentry This product from Isomair Ltd. automatically monitors the air space of the enterprise continuously using unique and sophisticated analysis technology to identify insecure access points, security threats and wireless network problems. This is a dedicated appliance employing an Intelligent Conveyor Engine (ICE) to passively monitor wireless networks for threats and inform the security managers when these occur. It is a completely automated system, centrally managed, and will integrate seamlessly with existing security infrastructure. No additional man-time is required to operate the system. Wireless Security Auditor (WSA) It is an IBM research prototype of an 802.11 wireless LAN security auditor, running on Linux on an iPAQ PDA (Personal Digital Assistant). WSA helps network administrators to close any vulnerabilities by automatically audits a wireless network for proper security configuration. While there are other 802.11 network analyzers such as Ethereal, Sniffer and Wlandump, WSA aims at protocol experts who want to capture wireless packets for detailed analysis. Moreover, it is intended for the more general audience of network installers and administrators, who want a way to easily and quickly verify the security configuration of their networks, without having to understand any of the details of the 802.11 protocols.
Conclusion The general idea of WLAN was basically to provide a wireless network infrastructure comparable to the wired Ethernet networks in use. It has since evolved and is still currently evolving very rapidly towards offering fast connection capabilities within larger areas. However, this extension of physical boundaries provides expanded access to both
66
authorized and unauthorized users that make it inherently less secure than wired networks. WLAN vulnerabilities are mainly caused by WEP as its security protocol. However, these problems can be solved with the new standards, such as 802.11i, which is planned to be released later this year. For the time being, WLAN users can protect their networks by practicing the suggested actions that are mentioned in this paper based on the cost and the level of security that they wish. Wireless LAN security has a long way to go. Current Implementation of WEP has proved to be flawed. Further initiatives to come up with a standard that is robust and provides adequate security are urgently needed. The 802.1x and EAP are just mid points in a long journey. Till new security standard for WLAN comes up third party and proprietary methods need to be implemented. While there are serious vulnerabilities when using WLANs. Taking certain precautions to safeguard the confidentiality and integrity of your data can make your WLAN as safe as the wired equivalent. Although these precautions may cost more effort and money, they are necessary if you have an existing WLAN or intend to implement one. The 802.11 Tgi group is working on new ways to replace WEP with schemes such as replacing the RC4 with AES and adding sequence numbers to packets to prevent replay attacks. Until such schemes are finalized and available as the 802.11i standard, there will be no complete fix for these existing vulnerabilities.
Like most advances, wireless LANs pose both opportunities and risks. The technology can represent a powerful complement to an organization’s networking capabilities, enabling increased employee productivity and reducing IT costs. To minimize the attendant risks, IT administrators can implement a range of measures, including establishment of wireless security policies and practices, as well as implementation of various LAN design and implementation measures. Achieving this balance of opportunity and risk allows enterprises to confidently implement wireless LANs and realize the benefits this increasingly viable technology offers.
References
Nikita Borisov, Ian Goldberg, and David Wagner, UC Berkeley, “Security of the WE Algorithm,” (http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html) 67
Wayne Caswell, “Wireless Home Networks: Disconnected Connectivity,” Home Toys, April 2000 (http://www.hometoys.com/mentors/caswell/apr00/wireless.htm) Joel Conover, “Wireless LANs Work Their Magic,” Networking Computing, July 2000 (http://www.networkcomputing.com/1113/1113f2full.html) Joel Conover, “First Things First—Top 10 Things to Know About Wireless,” Networking Computing, July 2000 (http://www.networkcomputing.com/1113/1113f2side2.html) John Cox, “LAN Services Set to Go Wireless,” Network World, August 20, 2001 (http://www.nwfusion.com/news/2001/0820wireless.html) Andy Dornan, “Emerging Technology: Wireless LAN Standards,” 2/6/02, o NetworkMagazine.com (http://networkmagazine.com/article/NMG20020206S0006) Dale Gardner, “Wireless Insecurities,” Information Security magazine, o January 2002 (http://www.infosecuritymag.com/articles/january02/cover.shtml) IEEE Working Group for WLAN Standards o (http://grouper.ieee.org/groups/802/11/index.html) o Dave Molta, “The Road Ahead for Wireless,” Network Computing, July 9, 2001 (http://www.networkcomputing.com/1214/1214colmolta.html) Practically Networked, “Wireless Encryption Help” (http://www.practicallynetworked.com/ support/wireless_encrypt.htm) Practically Networked, “Securing Your Wireless Network” (http://www.practicallynetworked.com/ support/wireless_secure.htm) Practically Networked, “Mixing WEP Encryption Levels” (http://www.practicallynetworked.com/ support/mixed_wep.htm) Practically Networked, “Should I Use NetBeui?” (http://www.practicallynetworked.com/ sharing/netbeui.htm) Peter Rysavy, “Break Free with Wireless LANs,” Network Computing, October 29, 2001 (http://www.networkcomputing.com/1222/1222f1.html) Search Networking.com, Wireless LAN links (http://searchnetworking.techtarget.com/ bestWebLinks/0,289521,sid7_tax286426,00.html) Vicomsoft Wireless Networking Q&A (http://www.vicomsoft.com/knowledge/reference/ wireless1.html) 17. “Wireless Within Corporate Reach” eWeek, May 3, 2000 (http://techupdate.zdnet.com/ techupdate/stories/main/0,14179,25302011,00.html) Cisco Wireless LAN Security Web site http://www.cisco.com/go/aironet/security Cisco Aironet Wireless LAN Security Overview 68
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_brochure09186a0 0801f7d0b.html SAFE: Wireless LAN Security in Depth http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutio ns_white_paper09186a008009c8b3.shtml Your 802.11 Wireless Network Has No Clothes http://www.cs.umd.edu/%7Ewaa/wireless.pdf Cisco response to Your 802.11 Wireless Network Has No Clothes http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00 8009246e.html An Initial Security Analysis of the IEEE 802.1x Standard http://www.cs.umd.edu/~waa/1x.pdf Authentication with 802.1x and EAP Across Congested WAN Links http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper0 9186a00800a9e8e.shtml IEEE 802.11 Working Group Web site http://grouper.ieee.org/groups/802/11/ [1] AirDefense™, Inc. “Wireless LAN Security: Intrusion Detection and Monitoring for the Enterprise.” 4 Dec. 2002. URL: http://www.airdefense.net/products/index.shtm (30 Oct. 2002). [2] Borisov, Nikita, Goldberg, Ian and Wagner, David. “Security of the WEP Algorithm.” 13 Dec. 2002. URL: http://www.isaac.cs.berkeley.edu/isaac/wepfaq. html (3 Dec. 2002). [3] Computer Security Research Centre, National Institute of Standards and Technology. “Announcing the Advanced Encryption Standard (AES).”Federal Information Processing Standards Publications 197. 13 Dec. 2002. URL: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (3 Dec. 2002). [4] Eaton, Dennis.” Diving into the 802.11i Spec: A Tutorial.” 3 Jan. 2003. URL: http://www.commsdesign.com/design_corner/OEG20021126S0003 (18 Dec. 2002). [5] Geier, Jim. “Guarding Against WLAN Security Threats.” 2 Dec. 2002. URL: http://www.80211-planet.com/tutorials/article.php/1462031 (28 Oct. 2002). [6] Geier, Jim. “802.11 Security Beyond WEP”. 2 Dec. 2002. URL: http://www.80211-planet.com/tutorials/article.php/1377171 (28 Oct. 2002). [7] IBM Corporation. “Wireless Security Auditor (WSA).” 4 Dec. 2002. URL: http://researchweb.watson.ibm.com/gsal/wsa/ (30 Oct. 2002). [8] Isomair.com. “Isomair Security for Wireless World” 4 Dec. 2002. URL: http://www.isomair.com/products.html (30 Oct. 2002). [9] Knowledge Systems (UK) Ltd. “Wireless LAN Security Issues.” 2 Dec. 2002. URL: http://www.ksys.info/wlan_security_issues.htm (28 Oct. 2002). [10] Penton Media, Inc. “Use a VPN for Wireless Security.” 20 Dec. 2002. URL: 69