1 / 19

Wireless LAN Security

Wireless LAN Security. Wireless LAN Security. Wireless Threats Basic Security IEEE 802.11 Standards Wireless Security Issues 802.11i and 802.1x Recommendations / Countermeasures. Wireless Threats. Spoofing Pretending to be another host Hijacking Taking over a data exchange session

inari
Download Presentation

Wireless LAN Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless LAN Security

  2. Wireless LAN Security • Wireless Threats • Basic Security • IEEE 802.11 Standards • Wireless Security Issues • 802.11i and 802.1x • Recommendations / Countermeasures

  3. Wireless Threats • Spoofing • Pretending to be another host • Hijacking • Taking over a data exchange session • Sniffing • Monitoring network traffic • Man-in-the-Middle • Intercepting network traffic

  4. Basic Security • Critical functions necessary to ensure security • Access Control • restricting unauthorized users from gaining admission to the network • Confidentiality • prevent reading or copying of data as it travels across the Internet • Data Integrity • ensuring that no one tampers with data as it travels across the Internet • Authentication • ensuring that the data originates at the source that it claims

  5. Wireless Security Concepts • Network attacks fall into four basic categories: • Impersonation • Impersonation attacks are those in which an attacker masquerades as another person. • Integrity • Integrity attacks result in the undetected modification of user data; for example, changing the contents of an electronic mail message in transit. Integrity attacks are generally impossible to prevent; the best that can be done is to detect the modification. Digital signatures of various types are useful defenses against integrity attacks. • Disclosure • Disclosure attacks result in the exposure of data to an unintended person. The damage caused by disclosure attacks often depends on the content of the data revealed: A routine meeting request may have little value to an opponent, but the disclosure of confidential sales projections could be ruinous. The typical defense against disclosure attacks is the use of strong encryption to hide network traffic. • Denial of service • Denial of service attacks are the hardest attacks to defend against, and the easiest to perpetrate. The purpose of these attacks, as the name suggests, is to deny service to valid users. They go by many names e.g. teardrop, NetWare and syn flooding.

  6. Attributes for privacy in the interchange of sensitive information • Authorization - is the user authorized to use a given resource? • Authentication - are the users who they claim to be? • Accounting - does the system keep the appropriate records for accounting purposes? • Non-repudiation - can the message origination be proven? • Integrity - was the data changed during transit? • Confidentiality - can unauthorized entities "read" the data? • Resource protection has the following attributes: • The address of the resource is hidden. • Unwanted attempts to use the resource are filtered out. • The extent to which a particular type of VPN provides the above attributes is dependent on the type and configuration of the VPN.

  7. Communication and Encryption • A message is plaintext (sometimes called cleartext). The process of disguising a message in such a way as to hide its substance is called encryption. • An encrypted message is ciphertext. The process of turning ciphertext back into plaintext is called decryption. • Decryption Algorithms and Keys • A cryptographic algorithm, also called a cipher, is the mathematical function used for encryption and decryption. • The security of a modern cryptographic algorithm is based on a secret key. This key might be any one of a large number of values. The range of possible key values is called the keyspace. • Both encryption and decryption operations are dependent on the key K and this is denoted by the K subscript in the functions EK(P) = C and DK(C) = P

  8. Encryption Illustration

  9. Components of a Wireless LAN • Access point • An AP operates within a specific frequency spectrum and uses a 802.11 standard specified modulation technique. It also informs the wireless clients of its availability and authenticates and associates wireless clients to the wireless network. An AP also coordinates the wireless clients’ use of wired resources. • Network interface card (NIC)/client adapter • A PC or workstation uses a wireless NIC to connect to the wireless network. The NIC scans the available frequency spectrum for connectivity and associates it to an access point or another wireless client. The NIC is coupled to the PC/workstation operating system using a software driver. • Antenna • An antenna radiates the modulated signal through the air so that wireless clients can receive it. Characteristics of an antenna are defined by propagation pattern (directional versus omnidirectional), gain, transmit power, and so on.

  10. 802.11 WLAN Concepts Infrastructure Mode: The Client connects to the Access Pointwhich acts as a Bridge to the Wired Network Ad Hoc Mode: Clients communicate with each other directly

  11. The Wireless Medium • No Physical Boundaries • More Susceptible to Interference and Eavesdropping • Less Secure Physically • Device Size - Theft / Lost • Mobility / Roaming • May Change Point of Network Connection Frequently • Moble systems tend to have Less Processing Power - Memory - Disk Space - Limited Battery Power • Generally Lower Bandwidth • Higher Latency and Signal Variability • Higher Error Rate

  12. Wireless LAN Standards • 802.11 • The original standard operating at either 1 Mbps or 2 Mbps • 802.11b • The battle between wireless technologies such as Bluetooth, HomeRF, and the IEEE 802.11b standard is effectively over. With its better throughput and longer range, 802.11b -- which operates in the unlicensed 2.4-GHz frequency spectrum -- is now well established in both corporate and home wireless markets. • 802.11a • Multiple standards are currently competing for dominance in the high bandwidth WLAN market. To date, the IEEE 802.11a standard, which offers nearly five times the bandwidth of 802.11b, has achieved substantial momentum. • 802.11g • A late entrant into the 802.11 family, 802.11g, like 802.11a, boasts a top data rate of 54 Mbps but operates in the same unlicensed portion of the 2.4-GHz spectrum as 802.11b. While this makes the 802.11g backward compatible with 802.11b devices, the new standard will also be limited to the same three channels and crowded 2.4-GHz band as 802.11b, creating possible scalability and interference issues. • Reference: http://standards.ieee.org/wireless/

  13. First Generation WLAN Security • WEP (Wired Equivalent Privacy) • One commonly used feature in WLANs is the use of a naming handle, SSID, which provides a rudimentary level of security. The SSID is analogous to a common network name for the wireless stations and access-points in a given WLAN subsystem. WEP (Wired Equivalent Privacy) • The main goal with WEP is: Deny access to the network by unauthorized users that do not possess the appropriate WEP key. Prevent the decoding of captured WLAN traffic that is WEP encrypted without the possession of the WEP key. • IEEE 802.11 Authentication • There are other issues with the 802.11 security methods that have to do with administration of the network. One of these considerations is that the WEP encryption is a one-way authentication, the AP does not authenticate itself to the Client. The client is authenticated with the AP, but not vice-versa so the client has no way of knowing if the AP is actually a valid AP or possibly a rogue AP. The keys must be entered statically and there is no way to generate or administer keys remotely. One of the best methods of improving security is to frequently change WEP Keys. But without the ability to remotely administer these keys, this is difficult if not impossible. There is also no way to integrate with existing network authentication methods, now in common use on wired LANs. • Authentication is device-based. Identification is based upon MAC address, not username. And keys are typically stored in the flash memory of the card. • If a user loses a device with a configured NIC but doesn’t tell anyone Without user authentication, Intranet now accessible by Crackers • If it is reported with global keys, large scale reconfiguration (re-keying) required on many devices • Without Centralized Accounting and Auditing, no means to detect unusual activity e.g.: • Users who don’t log on for periods of time • Users who transfer too much data, stay on too long • Multiple simultaneous logins • Logins from the “wrong” machine account

  14. MAC Address Filtering • MAC Address Filtering • Control access to the AP by MAC Address • Not really part of the 802.11 standard • Most AP vendors support it (Not all) • Large Administrative Task • Not Foolproof • Easy to Sniff a MAC address and Spoof it.

  15. War Driving • War Drivers cruise around and try to gain access to wireless networks • Non-secure installations allow any wireless NIC to access the network • Provides access to the network behind the firewall • Possible 8 mile range - hi-gain parabolic dish antenna

  16. 802.11i • WEP 2 - 802.11i • Incorporating 802.1x (EAP) Authentication • Additional Enhancements • Frequent Key and Initialization Vector Rotations • Two Encryption Algorithms • WEP2 - (TKIP) Temporal Key Integrity Protocol • Advanced Encryption Standard (AES) • Flexibility • Security from enterprise network access to public wireless LANs. • Secured seamless roaming • Authentication regardless of location • A user authenticated by an AP can Roam without Connection or Security gaps.

  17. 802.1x • 802.1x is an IEEE Standard (in progress ) • EAP • Improved user authentication: username and password • Dynamic, session-based encryption keys • Centralized user administration • Extensible authentication support • EAP designed to allow additional authentication methods to be deployed with no changes to the AP or client NIC • Password authentication • One-Time Passwords • Smartcard authentication and Security Dynamics

  18. Recommendations/Countermeasures • Do not leave defaults • Use 128 bit WEP • Change the SSID • Register your NICs with your AP(s) • Don’t deploy 802.11b for Mission-Critical Applications • Treat all wireless LANs as if they were UNTRUSTED! UNTRUSTED! • Always assume someone’s listening • Isolate your wired LAN and your WLAN (Firewall) • Use VPNs if possible for your WLAN

  19. Additional Recommendations/Countermeasures • Use very secure VPNs (IPSec) • Use strong authentication (one-time passwords) • Firewall WLAN from the rest of your network • Use personal firewalls on WLAN Laptops • Probe often for new wireless devices

More Related