400 likes | 678 Views
802.11 Network Security Architecture. Chapter 13. Outline. 802.11 security basics Legacy 802.11 security Robust security Segmentation Infrastructure security VPN wireless security. 802.11 Security Basics. Data privacy Authentication, authorization, and accounting (AAA) Segmentation
E N D
802.11 Network Security Architecture Chapter 13
Outline • 802.11 security basics • Legacy 802.11 security • Robust security • Segmentation • Infrastructure security • VPN wireless security
802.11 Security Basics • Data privacy • Authentication, authorization, and accounting (AAA) • Segmentation • Monitoring and policy
802.11 Security Basics • Data privacy • Using cipher encryption technologies to obscure information is mandatory to provide proper data privacy • The two most common algorithms used to protect data • RC4 • AES (Advanced Encryption Standard)
802.11 Security Basics • Data privacy • RC4 • Streaming cipher • Often used to protect Internet traffic, such as Secure Sockets Layer (SSL). • The RC4 algorithm is used to protect 802.11 wireless data and is incorporated into two encryption methods known as WEP and TKIP
802.11 Security Basics • Data privacy • AES • Block cipher • Offers much stronger protection than the RC4 streaming cipher. • AES is used to encrypt 802.11 wireless data using an encryption method known as Counter mode with Cipher Block Chaining–Message Authentication Code (CCMP) • The AES algorithm encrypts data in fixed data blocks with choices in encryption key strength of 128, 192, or 256 bits.
802.11 Security Basics • Authentication, Authorization, and Accounting (AAA) • Authentication is the verification of user identity and credentials • Authorizationinvolves granting access to network resources and services • Accounting is tracking the use of network resources by users • Monitoring and Policy
802.11 Security Basics • Segmentation • Segmentation can be achieved through a variety of means, including firewalls, routers, VPNs, and VLANs. • The most common wireless segmentation strategy often used in 802.11 enterprise WLANs is layer 3 segmentation using Virtual LANs (VLANs). • Segmentation is often intertwined with role-based access control (RBAC) Monitoring and Policy • A full-time monitoring solution is still needed to protect against possible attacks a WLAN
Legacy 802.11 Security • Legacy Authentication • The original 802.11 standard specifies two different methods of authentication: • Open System authentication • Shared Key authentication • More-secure 802.1X/EAP authentication methods maybe used
Legacy 802.11 Security • Legacy Authentication • Static WEP Encryption • Wired Equivalent Privacy (WEP) is a layer 2 encryption method that uses the RC4 streaming cipher • The three main intended goals of WEP encryption include confidentiality, access control, and data integrity • Confidentialitywas to provide data privacy by encrypting the data before transmission. • Access control, client stations that do not have the same matching static key as an access point are refused access to network resources. • A data integrity checksum known as the Integrity Check Value (ICV) is computed on data before encryption and used to prevent data from being modified.
Legacy 802.11 Security • Legacy Authentication • Static WEP Encryption • 64-bit WEP encryption • Uses a secret 40-bit static key, which is combined with a 24-bit number that is selected by the card’s device drivers. • This 24-bit number, known as the Initialization Vector (IV), is sent in clear text and is different on every frame. • There are only 16,777,216 different IV combinations, therefore you are forced to reuse the IV values. • The effective key strength of combining the IV with the 40-bit static key is 64 bit encryption. • 128-bit WEP encryption • Uses a 104-bit secret static key that is also combined with a 24-bit Initialization Vector.
Legacy 802.11 Security • Legacy Authentication • Static WEP Encryption • A static WEP key can be entered as hexadecimal (hex) characters (0–9 and A–F) or ASCII characters. • A 40-bit static key consists of 10 hex characters or 5 ASCII characters • A 104-bit static key consists of 26 hex characters or 13 ASCII characters.
Legacy 802.11 Security • Legacy Authentication • Static WEP
Legacy 802.11 Security • Legacy Authentication • Static WEP • IV collision attack • Because the 24bit IV is in cleartext and is different in every frame, all 16 million IVs will eventually repeat themselves in a busy WEP encrypted network • Weak key attack • Because of the RC4 key-scheduling algorithm, weak IV keys are generated. An attacker can recover the secret key much easier by recovering the known weak IV keys • Reinjection attack • Hacker tools exit that implement a packet reinjection attack to accelerate the collection of weak IV on a network with little traffic • Bit-flipping attack • The ICV data integrity check is considered weak. WEP encrypted packets can be tampered with
Legacy 802.11 Security • Legacy Authentication • MAC Filters • MAC filters can be configured to either allow or deny traffic from specific MAC addresses • MAC addresses can be “spoofed,” or impersonated, and any amateur hacker can easily bypass any MAC filter by spoofing an allowed client station’s address • The 802.11 standard does not define MAC filtering and any implementation of MAC filtering is vendor specific
Legacy 802.11 Security • Legacy Authentication • SSID Cloaking • Access points typically have a setting called Closed Network or Broadcast SSID. By either enabling a closed network or disabling the broadcast SSID feature, you can hide, or cloak, your wireless network name. • When you implement a closed network, the SSID field in the beacon frame is null (empty), and therefore passive scanning will not reveal the SSID to client stations that are listening to beacons
Legacy 802.11 Security • Legacy Authentication • SSID Cloaking • An access point in a closed network will respond to any configured client station that transmits probe requests with the properly configured SSID • The 802.11 standard does not define SSID cloaking, and therefore all implementations of a closed network are vendor specific
Robust Security • Security Standards and Certifications Comparison
Robust Security • Robust Security Network (RSN) • Two station must establish a procedure to authenticate and associate with each other as well as create dynamic encryption keys through a process know as the 4 way handshake
Robust Security • Authentication and Authorization • Authentication is the verification of user identity and credentials • Authorization involves granting access to network resources and services
Robust Security • 802.11X/EAP Framework • The 802.1X standard is a port-based access control standard • An 802.1X framework may be implemented in either a wireless or wired environment • 802.1X provides an authorization framework that allows or disallows traffic to pass through a port and thereby access network resources
Robust Security • 802.11X/EAP Framework • SupplicantA host with software that is requesting authentication and access to network resources. • Authenticator • A device that blocks or allows traffic to pass through its port entity. • Authentication traffic is normally allowed to pass through the authenticator while all other traffic is blocked until the identity of the supplicant has been verified. • The authenticator maintains two virtual ports: an uncontrolled port and a controlled port. • The uncontrolled port allows EAP authentication traffic to pass through, • The controlled port blocks all other traffic until the supplicant has been authenticated. • Authentication server (AS) • A server that validates the credentials of the supplicant that is requesting access and notifies the authenticator that the supplicant has been authorized. • The authentication server will maintain a user database or may proxy with an external user database to authenticate user credentials.
Robust Security • 802.11X/EAP Framework
Robust Security • EAP Types • EAP stands for Extensible Authentication Protocol • The protocol is very flexible, and many different flavors of EAP exist. • Cisco’s Lightweight Extensible Authentication Protocol (LEAP), are proprietary • Protected Extensible Authentication Protocol (PEAP), are considered standard-based. • Some may provide for only one-way authentication, while others provide two way authentication. • Mutual authentication not only requires that the authentication server validate the client credentials, but the supplicant must also authenticate the validity of the authentication server. • Most types of EAP that require mutual authentication use a server-side digital certificate to validate the authentication server.
Robust Security • Dynamic Encryption-Key Generation • The dynamic keys are generated per session per user, meaning that every time a client station authenticates, a new key is generated and every user has a unique and separate key • This dynamic session key is often referred to as the unicast key because it is the dynamically generated key that is used to encrypt and decrypt all unicast data frames. • After the key is created, the AS delivers its copy of the unicast key to the access point. The access point and the client station now both have unique unicast keys that can be used • A second static key exists on the access point known as the broadcast key. The broadcast key is used to encrypt and decrypt all broadcast and multi-cast data frames. • Each client station has a unique and separate unicast key, but every station must share the same broadcast key. • The broadcast key is delivered from the access point in a unicast frame encrypted with each individual client station’s unicast key
Robust Security • 4-Way Handshake • Two master keys: Group Master Key (GMK) and Pairwise Master Key (PMK). • These keys are created as a result of 802.1X/EAP authentication. • A PMK can also be created from a presharedkey • These master keys are the seeding material that is used to create the final dynamic keys that are actually used for encryption and decryption. • The final encryption keys: Pairwise Transient Key (PTK) and Group Temporal Key (GTK). • PTK is used to encrypt/decrypt unicast traffic • GTK is used to encrypt/decrypt broadcast and multicast traffic • The 4-way handshake will always be the final four frames exchanged during either 802.1X/EAP authentication or passphrase authentication. • Whenever TKIP/RC4 or CCMP/AES dynamic keys are created, the 4-way handshake must occur
Robust Security • WPA/WPA2-Personal • Because most of us do not have a RADIUS server in our basement, the 802.11i amendment offers a simpler method of authentication using a preshared key (PSK) • This simple method of authentication and encryption key generation is known as WPA/WPA2 Personal. Other names include WPA/WPA2 Pre-Shared Key and WPA/WPA2 PSK • An algorithm is run that converts the passphrase to a Pairwise Master Key (PMK) used with the 4-way handshake to create the final dynamic encryption keys
Robust Security • TKIP Encryption • The optional encryption method defined by the 802.11i amendment is Temporal Key Integrity Protocol (TKIP) • TKIP starts with a 128-bit temporal key that is combined with a 48-bit Initialization Vector (IV) and source and destination MAC addresses in a complicated process known as per-packet key mixing • TKIP uses a stronger data integrity check known as the Message Integrity Check (MIC) • When TKIP is implemented, because of the extra overhead from the extended IV and the MIC, a total of 20 bytes of overhead is added to the body of an 802.11 data frame
Robust Security • CCMP Encryption • The default encryption method defined under the 802.11i amendment is known as Counter mode with Cipher Block Chaining-Message Authentication Code (CCMP) • CCMP/AES uses a 128-bit encryption key size and encrypts in 128-bit fixed length blocks. • Because of the strength of the AES cipher, per-packet key mixing is unnecessary. • All CCMP encryption keys are dynamically generated as a final result of the 4-way handshake
Robust Security • CCMP Encryption • CCMP/AES encryption will add an extra 16 bytes of overhead to the body of an 802.11 data frame • Software solutions will always perform substantially slower. • For wireless security solutions, it is recommended that a device is selected with a CCMP/AES solution implemented on the card’s chipset.
Segmentation • VLANs • Virtual Local Area Networks (VLAN) are used to create separate broadcast domains in a layer 2 network and are often used to restrict access to network resources without regard to physical topology of the network • VLANs are used extensively in switched 802.3 networks for both security and segmentation purposes • In a WLAN environment, individual SSIDs can be mapped to individual VLANs and users can be segemented by the SSID/VLAN pair, all while communicating through a single access point • Each SSID can also be configured with separate security settings
Segmentation • RBAC • Role-based access control (RBAC) is an approach to restricting system access to authorized users. • The three main components of an RBAC approach are users, roles, and permissions • Individuals or groups of users are assigned to one of these roles. • Permissions can be defined as firewall permissions, layer 2 permissions, layer 3 permissions, and bandwidth permissions and can be time based. • The permissions are then mapped to the roles • When wireless users authenticate via the WLAN, they inherit the permissions of whatever roles they have been assigned to
Infrastructure Security • Physical Security • Enclosure units with locks can be mounted in the ceiling or to the wall. • Access points locked inside the enclosure units are safeguarded against theft • The enclosure units also prevent unwanted individuals from using a serial cable or console cable to try to gain access to the AP. • Secure enclosure units may also meet aesthetic demands by keeping the access point out of plain sight.
Infrastructure Security • Interface Security • Any interface that is not used should be turned off • At a minimum, all the passwords for these configuration options should be changed from the factory defaults • Most infrastructure devices should also support some type of encrypted management capabilities: secure command-shell, HTTPS, or SNMPv3
VPN Wireless Security • VPNs are typically not recommended to provide wireless security due to the overhead and since there are faster, more-secure solutions now available. • VPNs are often used for WLAN security because the VPN solution was already in place inside the wired infrastructure. • Use of VPN technology is mandatory for remote access. • The VPN user will need to bring the security to the hot spot in order to provide a secure connection. • It is imperative that users implement a VPN solution coupled with a personal firewall whenever accessing any public access Wi-Fi networks.
VPN Wireless Security • Layer 3 VPN • VPNs provide encryption, encapsulation, authentication, and data integrity • VPN tunneling therefore protects your original layer 3 addresses and also protects the data payload of the original packet • The two major types of layer 3 VPN technologies are Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (IPSec)
VPN Wireless Security • Layer 3 VPN • MPPE uses 128-bit Microsoft Point-to-Point Encryption (MPPE), which uses the RC4 algorithm. • PPTP encryption is considered adequate but not strong. PPTP uses MS-CHAP version 2 for user authentication • VPNs using PPTP technology typically are used in smaller SOHO environments. • IPSec VPNs use stronger encryption methods and more secure methods of authentication. • IPSec supports multiple ciphers including DES, 3DES, and AES. • Device authentication is achieved by using either a server side certificates or a pre-shared key
VPN Wireless Security • Layer 3 VPN • IP address is needed before a VPN tunnel can be established. • The potential attacker can get both a layer 2 and layer 3 connection before the VPN tunnel is established. • 802.1X/EAP requires that all security credentials and transactions are completed before any layer 3 connectivity is even possible.
VPN Wireless Security • Layer 3 VPN • IP address is needed before a VPN tunnel can be established. • The potential attacker can get both a layer 2 and layer 3 connection before the VPN tunnel is established. • 802.1X/EAP requires that all security credentials and transactions are completed before any layer 3 connectivity is even possible.
The END Chapter 13