WIRELESS COMMUNICATION ISSUES • Wireless connections are becoming popular. • Network data is transmitted using radio waves. • Physical security is no longer sufficient. • Transmissions can be intercepted outside the building where the data originates.
HOW WIRELESS NETWORKING WORKS • Institute of Electrical and Electronics Engineers (IEEE) 802.11 is the standard • 802.11b & 802.11g • Security Standard • 802.1x & 802.11i (June 2004) • Can use various upper-layer protocols
WIRELESS THREATS • Theft of service • Free use of Internet access • Free use of applications • Eavesdropping • Confidential Information • Financial & Health Security Laws • Unauthorized access • Change of Data, insert viruses, disable system
WIRED EQUIVALENCY PRIVACY (WEP) • Provides encryption and access control • Media Access Control • Uses the RC4 encryption algorithm • Originally - 24-bit and 40-bit encryption • New versions support 128-bit encryption
WEP KEYS • An attacker can discover the WEP key by using a brute-force attack. • All computers use a single shared WEP key. • WEP does not define a secure means to distribute the key. • WEP designed to use manual distribution of keys
ADVANTAGES OF WEP • All messages are encrypted. • Privacy is maintained. • WEP is easy to implement. • WEP provides a basic level of security. • Keys are user definable and unlimited.
DISADVANTAGES OF WEP • A hacker can easily discover the shared key. • You must tell users about key changes. • WEP alone does not provide sufficient wireless local area network (WLAN) security. • WEP must be implemented on every client and AP.
WiFi Protected Access (WPA) • Improved encryption using Temporal Key (TKIP) • Provides integrity testing • Scrambles the key fields • Use of smart card devices with EAP • Allows for MAC filtering
802.11i PROTOCOL (June 2004) • Improved authentication (PEAP, EAP) • Certificate-based (client and RADIUS) • Do not use EAP-MD5 (No protection to client password) • Requires authentication before access • Dynamic key assignment (Every 10 minutes) • Increased encryption (128-bit) • Adding preferred networks to clients
Authentication Process • Wireless client contacts uncontrolled AP port • The AP requests identity of client • AP create a RADIUS request and transmits • RADIUS checks to see if AP is approved • Checks credentials and policies on client • If ok, AP generates WEP key and passed to client • Client access controlled port with WEP key
Wireless Threats • Attack by intruder with wireless connection • Use Switches instead of Hubs • ARP Spoofing • Warn client not to accept credential changes • Evil Twin Attack • Authentication of Access Points • WEP Attacks • www.airsnort.com & www.netstumbler.com
BASIC DEFENSES AGAINST WIRELESS ATTACKS • Limit the range of radio transmissions. • Change the default SSID. • Disable SSID broadcast. • Use newer Access Points • Search for unauthorized access points (APs). • Restrict access by limiting access to specific media access control (MAC) addresses. • Separate the wireless segment from the rest of the network.
BASIC DEFENSES AGAINST WIRELESS ATTACKS • Increase WEP encryption levels. • Change the default WEP keys. • Measure the signal strength. • Protect SNMP. • Do not use Shared Key Authentication • Secure clients • Use honeypots
CONCLUSION • Access your particular security needs • Determine efficiency versus security trade-off • Any key is hackable • Use longest key feasible (not necessarily available) • Change as often as feasible • Remember the Wireless Rule • The more flexible access to a network is made, the less secure the environment