1 / 40

Wireless Security – Let the Nightmare End!

Wireless Security – Let the Nightmare End!. Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com. Alun Rogers Principal Consultant - Lynx alun.rogers@lynxtec.com. Agenda. Public Key Infrastructure and Cryptography(PKI)

britney
Download Presentation

Wireless Security – Let the Nightmare End!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security – Let the Nightmare End! Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com Alun Rogers Principal Consultant - Lynx alun.rogers@lynxtec.com

  2. Agenda • Public Key Infrastructure and Cryptography(PKI) • What’s wrong with wireless out of the box? • Protected Extensible Authentiction Protocol(PEAP) • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)

  3. Symmetric Key Cryptography Plain-text input Plain-text output Cipher-text “The quick brown fox jumps over the lazy dog” “The quick brown fox jumps over the lazy dog” “AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%” Encryption Decryption Same key(shared secret)

  4. Symmetric Pros and Cons • Strength: • Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms) • Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael) • Weakness: • Must agree the key beforehand • Securely pass the key to the other party

  5. Public Key Cryptography • Knowledge of the encryption key doesn’t give you knowledge of the decryption key • Receiver of information generates a pair of keys • Publish the public key in a directory • Then anyone can send him messages that only she can read

  6. Clear-text Input Clear-text Output Cipher-text “The quick brown fox jumps over the lazy dog” “The quick brown fox jumps over the lazy dog” “Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs” Encryption Decryption private public Different keys Recipient’s private key Recipient’s public key Public Key Encryption

  7. Public Key Pros and Cons • Weakness: • Extremely slow • Susceptible to “known ciphertext” attack • Problem of trusting public key (see later on PKI) • Strength • Solves problem of passing the key • Allows establishment of trust context between parties

  8. Symmetric encryption (e.g. DES) *#$fjda^j u539!3t t389E *&\@ 5e%32\^kd Symmetric key encrypted asymmetrically (e.g., RSA) Digital Envelope User’s public key (in certificate) As above, repeated for other recipientsor recovery agents DigitalEnvelope Randomly- Generated symmetric“session” key Other recipient’s or agent’s public key (in certificate) in recovery policy RNG Hybrid Encryption (Real World) Launch key for nuclear missile “RedHeat” is...

  9. Hybrid Decryption *#$fjda^j u539!3t t389E *&\@ 5e%32\^kd Symmetricdecryption (e.g. DES) Launch key for nuclear missile “RedHeat” is... Symmetric “session” key Recipient’s private key Asymmetric decryption of “session” key (e.g. RSA) Session key must be decrypted using the recipient’s private key Digital envelope contains “session” key encrypted using recipient’s public key Digital Envelope

  10. PKI References • "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" on http://www.microsoft.com/pki

  11. Agenda • Public Key Infrastructure and Cryptography(PKI) • What’s wrong with wireless out of the box? • Protected Extensible Authentiction Protocol(PEAP) • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)

  12. The challenge • Huge fear of wireless • Rooted in misunderstandings of security • Wireless can be made secure • Takes work • Need to understand problem • Need to plan for secure solution

  13. Securing Wireless • Need to control who and with what (authenticate) • Need to control what they access (authorise) • Ensure integrity of communications (Encrypt) • Ensure safe transfer of credentials (Encrypt Authentication) • Need to audit and report

  14. WEP setup and RC4 • Secret key shared between access point and all clients • Encrypts traffic before transmission • Performs integrity check after transmission • WEP uses RC4, a stream cipher • [key] XOR [plaintext]  [ciphertext] • [ciphertext] XOR [key]  [plaintext]

  15. Common attacks • Bit-flipping (encryption ≠ integrity) • Flipping bit n in ciphertext flips same bit in plaintext • Statistical attacks • Multiple ciphertexts using same key permit determination of plaintext XOR • Enables statistical attacks to recover plaintext • More ciphertexts eases this • Once one plaintext is known, recovering others is trivial

  16. WEP’s “defenses” • Integrity check (IC) field • CRC-32 checksum, part of encrypted payload • Not keyed • Subject to bit-flipping  can modify IC to make altered message appear valid • Initialization vector (IV) added to key • Alters key somewhat for each packet • 24-bit field; contained in plaintext portion • Alas, this small keyspace guarantees reuse

  17. More IV problems • Say an AP constantly sends 1500-byte packets at 11mbps • Keyspace exhausted in 5 hours • Could be quicker if packets are smaller • Key reuse causes even more collisions • Some cards reset IV to 0 after initialization • Some cards increment by 1 after each packet • 802.11 standard does not mandate new per-packet IV!

  18. Classes of attacks • Key and IV reuse • Known plaintext attack • Partial known plaintext attack • Weaknesses in RC4 key scheduling algorithm • Authentication forging • Realtime decryption

  19. Pros Familiarity Hardware Independent Proven Security Cons Lacks user transparency Only user logon (not computer) Roaming profiles, logon scripts, GPOs broken, shares, management agents, Remote desktop No reconnect on resume from standby Complex network structure VPNs

  20. More Cons No protection for WLAN Bottleneck at VPN devices Higher management & hardware cost Prone to disconnection Yet more cons! (non-MS VPNs) 3rd party licensing costs Client compatibility Many VPN auth schemes (IPsec Xauth) are as bad as WEP! VPNs

  21. Agenda • Public Key Infrastructure and Cryptography(PKI) • What’s wrong with wireless out of the box? • Protected Extensible Authentiction Protocol(PEAP) • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)

  22. PEAP encapsulation 1. Server authenticates to client 2. Establishes protected tunnel (TLS) 3. Client authenticates inside tunnel to server • No cryptographic binding between PEAP tunnel and tunneled authN method • Fix: constrain client (in GPO) to trust only a specific corporate root CA • Foils potential MitM attacks

  23. The many flavors of PEAP… • Common point of customer confusion: • Microsoft released PEAPv0 (a.k.a MSFT-PEAP) while… • Cisco released PEAPv1 (a.k.a Cisco-PEAP) • Support for PEAP • Most RADIUS servers on market now support PEAP version 0: • Cisco ACS (RADIUS server) • Funk Steal Belted RADIUS • Interlink RADIUS • MeetingHouse RADIUS • PEAP is supported in the following families: • Natively - Microsoft® Windows® 2003, Windows XPSP1+, Windows® 2000 SP4, Tablet • Application or system upgrade - Windows 98, Windows NT 4.0 and Pocket PC 2002 • Internet Authentication Service (IAS) in Microsoft® Windows® 2000 Server family and Windows Server® 2003 family support PEAP • no need to install third party RADIUS software.

  24. Agenda • Public Key Infrastructure and Cryptography(PKI) • What’s wrong with wireless out of the box? • Protected Extensible Authentiction Protocol(PEAP) • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)

  25. Secure Wireless Deployment Components

  26. Secure Wireless Deployment MS Offerings

  27. Secure Wireless Deployment Benefits

  28. Security Best Practices What NOT to do • Hidden SSID • Does not provide any real security • Easily discoverable in well-used environments • Windows client experience is impacted • MAC Filtering • Does not scale • NIC management issue • MAC is spoofable • “Shared” mode • Sounds like more security but is actually worse • Not to be confused with Pre-Shared Key (PSK) which is more secure • Open networks and VPN’s • Grants everyone access to the wireless segment • Great for hotspots, not for your business

  29. Security Best Practices What to do • Chose a security authentication • WPA with EAP-TLS and both user and computer certificates • WPA with PEAP-MS-CHAP v2 and enforce strong user passwords • WEP with 802.1X authentication, EAP-TLS with both user and computer certificates, and periodic re-authentication • WEP with 802.1X authentication, PEAP-MS-CHAP v2, periodic re-authentication, enforce strong user passwords • Preventing rogues • User education and policy • Ongoing Monitoring • Don’t use Hidden SSIDs • Do use Wireless Group Policy

  30. Best Practices: ScalabilityMicrosoft RADIUS – Internet Authentication Service (IAS) • Install at least two IAS RADIUS servers • For best performance, install IAS on domain controllers • Use strong RADIUS shared secrets • Use as many different RADIUS shared secrets as possible • Use IAS RADIUS proxies to scale authentication traffic • Use IAS RADIUS proxies for separate account databases

  31. Using IAS RADIUS proxiesLoad balancing of RADIUS traffic IAS servers IAS RADIUS proxies Wireless APs

  32. Using IAS RADIUS proxiesCross-forest authentication Forest 2 Forest 1 IAS servers IAS servers IAS RADIUS proxies Wireless APs

  33. Best Practices: Management • Use the Wireless Network (IEEE 802.11) Policies Group Policy settings to automatically configure wireless clients running Windows XP and Windows Server 2003 with your SSID • If you have a native-mode domain, use universal groups and global groups to organize your wireless computer and user accounts into a single group. • Use certificate auto-enrollment for computer certificates • Use certificate auto-enrollment for user certificates • "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" on http://www.microsoft.com/pki.

  34. Aligning with other security initiatives • Network Health Compliance • Lays down both the network infrastructure and ID Management elements needed for NAP (Network Access Protection) • Preserves investment in infrastructure • RADIUS is the center of policy making, enforcement and access control for Secure Wireless and NAP • Single sign-on • Secure Network Segmentation • IPSec and 802.1X work together by providing a defense in depth strategy • 802.1X – hard outside – offers isolation • IPSec – hard inside – offers resource protection

  35. Best Practices as applied to Microsoft

  36. Microsoft IT Secure Wireless Deployment

  37. Microsoft Future Wireless Deployment

  38. Tools • WEPCrack—breaks 802.11 keys • http://wepcrack.sourceforge.net/ • AirSnort—breaks 802.11 keys • Needs only 5-10 million packets • http://airsnort.shmoo.com/ • NetStumbler—access point reconnaissance • http://www.netstumbler.com

  39. Resources • The Advantages of Protected Extensible Authentication Protocol (PEAP) • http://www.microsoft.com/windowsserver2003/techinfo/overview/peap.mspx • Designing and Deploying Wireless LAN Connectivity for the Microsoft Corporate Network • http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/wlandply.mspx • "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" • http://www.microsoft.com/pki • Best Practices article in Technet Magazine – Spring 2005 • Discussion Alias = “wireless” • *WPA2 Beta = “wpa2beta”

  40. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

More Related