Wireless security let the nightmare end
This presentation is the property of its rightful owner.
Sponsored Links
1 / 40

Wireless Security – Let the Nightmare End! PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

Wireless Security – Let the Nightmare End!. Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb [email protected] Alun Rogers Principal Consultant - Lynx [email protected] Agenda. Public Key Infrastructure and Cryptography(PKI)

Download Presentation

Wireless Security – Let the Nightmare End!

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wireless security let the nightmare end

Wireless Security – Let the Nightmare End!

Steve Lamb

Technical Security Advisor

http://blogs.msdn.com/steve_lamb

[email protected]

Alun Rogers

Principal Consultant - Lynx

[email protected]


Agenda

Agenda

  • Public Key Infrastructure and Cryptography(PKI)

  • What’s wrong with wireless out of the box?

  • Protected Extensible Authentiction Protocol(PEAP)

  • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)


Symmetric key cryptography

Symmetric Key Cryptography

Plain-text input

Plain-text output

Cipher-text

“The quick brown fox jumps over the lazy dog”

“The quick brown fox jumps over the lazy dog”

“AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%”

Encryption

Decryption

Same key(shared secret)


Symmetric pros and cons

Symmetric Pros and Cons

  • Strength:

    • Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms)

      • Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael)

  • Weakness:

    • Must agree the key beforehand

    • Securely pass the key to the other party


Public key cryptography

Public Key Cryptography

  • Knowledge of the encryption key doesn’t give you knowledge of the decryption key

  • Receiver of information generates a pair of keys

    • Publish the public key in a directory

  • Then anyone can send him messages that only she can read


Public key encryption

Clear-text Input

Clear-text Output

Cipher-text

“The quick brown fox jumps over the lazy dog”

“The quick brown fox jumps over the lazy dog”

“Py75c%bn&*)[email protected]=&nmdFg$5knvMd’rkvegMs”

Encryption

Decryption

private

public

Different keys

Recipient’s private key

Recipient’s public key

Public Key Encryption


Public key pros and cons

Public Key Pros and Cons

  • Weakness:

    • Extremely slow

    • Susceptible to “known ciphertext” attack

    • Problem of trusting public key (see later on PKI)

  • Strength

    • Solves problem of passing the key

    • Allows establishment of trust context between parties


Hybrid encryption real world

Symmetric encryption

(e.g. DES)

*#$fjda^j

u539!3t

t389E *&\@

5e%32\^kd

Symmetric key encrypted asymmetrically (e.g., RSA)

Digital Envelope

User’s

public key

(in certificate)

As above, repeated for other recipientsor recovery agents

DigitalEnvelope

Randomly-

Generated symmetric“session” key

Other recipient’s or agent’s public key (in certificate)

in recovery policy

RNG

Hybrid Encryption (Real World)

Launch key

for nuclear

missile

“RedHeat”

is...


Hybrid decryption

Hybrid Decryption

*#$fjda^j

u539!3t

t389E *&\@

5e%32\^kd

Symmetricdecryption (e.g. DES)

Launch key

for nuclear

missile

“RedHeat”

is...

Symmetric “session” key

Recipient’s private key

Asymmetric decryption of “session” key (e.g. RSA)

Session key must be decrypted using the recipient’s private key

Digital envelope contains “session” key encrypted using recipient’s public key

Digital Envelope


Pki references

PKI References

  • "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" on http://www.microsoft.com/pki


Agenda1

Agenda

  • Public Key Infrastructure and Cryptography(PKI)

  • What’s wrong with wireless out of the box?

  • Protected Extensible Authentiction Protocol(PEAP)

  • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)


The challenge

The challenge

  • Huge fear of wireless

  • Rooted in misunderstandings of security

  • Wireless can be made secure

    • Takes work

    • Need to understand problem

    • Need to plan for secure solution


Securing wireless

Securing Wireless

  • Need to control who and with what (authenticate)

  • Need to control what they access (authorise)

  • Ensure integrity of communications (Encrypt)

  • Ensure safe transfer of credentials (Encrypt Authentication)

  • Need to audit and report


Wep setup and rc4

WEP setup and RC4

  • Secret key shared between access point and all clients

    • Encrypts traffic before transmission

    • Performs integrity check after transmission

  • WEP uses RC4, a stream cipher

    • [key] XOR [plaintext]  [ciphertext]

    • [ciphertext] XOR [key]  [plaintext]


Common attacks

Common attacks

  • Bit-flipping (encryption ≠ integrity)

    • Flipping bit n in ciphertext flips same bit in plaintext

  • Statistical attacks

    • Multiple ciphertexts using same key permit determination of plaintext XOR

    • Enables statistical attacks to recover plaintext

    • More ciphertexts eases this

    • Once one plaintext is known, recovering others is trivial


Wep s defenses

WEP’s “defenses”

  • Integrity check (IC) field

    • CRC-32 checksum, part of encrypted payload

    • Not keyed

    • Subject to bit-flipping  can modify IC to make altered message appear valid

  • Initialization vector (IV) added to key

    • Alters key somewhat for each packet

    • 24-bit field; contained in plaintext portion

    • Alas, this small keyspace guarantees reuse


More iv problems

More IV problems

  • Say an AP constantly sends 1500-byte packets at 11mbps

    • Keyspace exhausted in 5 hours

    • Could be quicker if packets are smaller

  • Key reuse causes even more collisions

    • Some cards reset IV to 0 after initialization

    • Some cards increment by 1 after each packet

  • 802.11 standard does not mandate new per-packet IV!


Classes of attacks

Classes of attacks

  • Key and IV reuse

  • Known plaintext attack

  • Partial known plaintext attack

  • Weaknesses in RC4 key scheduling algorithm

  • Authentication forging

  • Realtime decryption


Wireless security let the nightmare end

Pros

Familiarity

Hardware Independent

Proven Security

Cons

Lacks user transparency

Only user logon (not computer)

Roaming profiles, logon scripts, GPOs broken, shares, management agents, Remote desktop

No reconnect on resume from standby

Complex network structure

VPNs


Wireless security let the nightmare end

More Cons

No protection for WLAN

Bottleneck at VPN devices

Higher management & hardware cost

Prone to disconnection

Yet more cons! (non-MS VPNs)

3rd party licensing costs

Client compatibility

Many VPN auth schemes (IPsec Xauth) are as bad as WEP!

VPNs


Agenda2

Agenda

  • Public Key Infrastructure and Cryptography(PKI)

  • What’s wrong with wireless out of the box?

  • Protected Extensible Authentiction Protocol(PEAP)

  • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)


Peap encapsulation

PEAP encapsulation

1. Server authenticates to client

2. Establishes protected tunnel (TLS)

3. Client authenticates

inside tunnel to server

  • No cryptographic binding between PEAP tunnel and tunneled authN method

  • Fix: constrain client (in GPO) to trust only a specific corporate root CA

    • Foils potential MitM attacks


The many flavors of peap

The many flavors of PEAP…

  • Common point of customer confusion:

    • Microsoft released PEAPv0 (a.k.a MSFT-PEAP) while…

    • Cisco released PEAPv1 (a.k.a Cisco-PEAP)

  • Support for PEAP

    • Most RADIUS servers on market now support PEAP version 0:

      • Cisco ACS (RADIUS server)

      • Funk Steal Belted RADIUS

      • Interlink RADIUS

      • MeetingHouse RADIUS

  • PEAP is supported in the following families:

    • Natively - Microsoft® Windows® 2003, Windows XPSP1+, Windows® 2000 SP4, Tablet

    • Application or system upgrade - Windows 98, Windows NT 4.0 and Pocket PC 2002

  • Internet Authentication Service (IAS) in Microsoft® Windows® 2000 Server family and Windows Server® 2003 family support PEAP

    • no need to install third party RADIUS software.


Agenda3

Agenda

  • Public Key Infrastructure and Cryptography(PKI)

  • What’s wrong with wireless out of the box?

  • Protected Extensible Authentiction Protocol(PEAP)

  • Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)


Secure wireless deployment components

Secure Wireless Deployment Components


Secure wireless deployment ms offerings

Secure Wireless Deployment MS Offerings


Secure wireless deployment benefits

Secure Wireless Deployment Benefits


Wireless security let the nightmare end

Security Best Practices What NOT to do

  • Hidden SSID

    • Does not provide any real security

    • Easily discoverable in well-used environments

    • Windows client experience is impacted

  • MAC Filtering

    • Does not scale

    • NIC management issue

    • MAC is spoofable

  • “Shared” mode

    • Sounds like more security but is actually worse

    • Not to be confused with Pre-Shared Key (PSK) which is more secure

  • Open networks and VPN’s

    • Grants everyone access to the wireless segment

    • Great for hotspots, not for your business


Security best practices what to do

Security Best Practices What to do

  • Chose a security authentication

    • WPA with EAP-TLS and both user and computer certificates

    • WPA with PEAP-MS-CHAP v2 and enforce strong user passwords

    • WEP with 802.1X authentication, EAP-TLS with both user and computer certificates, and periodic re-authentication

    • WEP with 802.1X authentication, PEAP-MS-CHAP v2, periodic re-authentication, enforce strong user passwords

  • Preventing rogues

    • User education and policy

    • Ongoing Monitoring

    • Don’t use Hidden SSIDs

    • Do use Wireless Group Policy


Wireless security let the nightmare end

Best Practices: ScalabilityMicrosoft RADIUS – Internet Authentication Service (IAS)

  • Install at least two IAS RADIUS servers

  • For best performance, install IAS on domain controllers

  • Use strong RADIUS shared secrets

  • Use as many different RADIUS shared secrets as possible

  • Use IAS RADIUS proxies to scale authentication traffic

  • Use IAS RADIUS proxies for separate account databases


Wireless security let the nightmare end

Using IAS RADIUS proxiesLoad balancing of RADIUS traffic

IAS servers

IAS

RADIUS

proxies

Wireless

APs


Using ias radius proxies cross forest authentication

Using IAS RADIUS proxiesCross-forest authentication

Forest 2

Forest 1

IAS servers

IAS servers

IAS

RADIUS

proxies

Wireless

APs


Best practices management

Best Practices: Management

  • Use the Wireless Network (IEEE 802.11) Policies Group Policy settings to automatically configure wireless clients running Windows XP and Windows Server 2003 with your SSID

  • If you have a native-mode domain, use universal groups and global groups to organize your wireless computer and user accounts into a single group.

  • Use certificate auto-enrollment for computer certificates

  • Use certificate auto-enrollment for user certificates

  • "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" on http://www.microsoft.com/pki.


Aligning with other security initiatives

Aligning with other security initiatives

  • Network Health Compliance

    • Lays down both the network infrastructure and ID Management elements needed for NAP (Network Access Protection)

      • Preserves investment in infrastructure

    • RADIUS is the center of policy making, enforcement and access control for Secure Wireless and NAP

    • Single sign-on

  • Secure Network Segmentation

    • IPSec and 802.1X work together by providing a defense in depth strategy

      • 802.1X – hard outside – offers isolation

      • IPSec – hard inside – offers resource protection


Best practices as applied to microsoft

Best Practices as applied to Microsoft


Microsoft it secure wireless deployment

Microsoft IT Secure Wireless Deployment


Microsoft future wireless deployment

Microsoft Future Wireless Deployment


Tools

Tools

  • WEPCrack—breaks 802.11 keys

    • http://wepcrack.sourceforge.net/

  • AirSnort—breaks 802.11 keys

    • Needs only 5-10 million packets

    • http://airsnort.shmoo.com/

  • NetStumbler—access point reconnaissance

    • http://www.netstumbler.com


Resources

Resources

  • The Advantages of Protected Extensible Authentication Protocol (PEAP)

    • http://www.microsoft.com/windowsserver2003/techinfo/overview/peap.mspx

  • Designing and Deploying Wireless LAN Connectivity for the Microsoft Corporate Network

    • http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/wlandply.mspx

  • "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure"

    • http://www.microsoft.com/pki

  • Best Practices article in Technet Magazine – Spring 2005

  • Discussion Alias = “wireless”

  • *WPA2 Beta = “wpa2beta”


Wireless security let the nightmare end

© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.


  • Login