1 / 22

WLAN Access Zones

This article discusses the various threats and vulnerabilities in WLAN access networks, such as eavesdropping, DoS attacks, interference, and replay attacks. It also explores solutions including encryption, authentication, MAC address filtering, and vendor-specific solutions. Additionally, it addresses the need for customized network elements and user education in implementing secure WLAN access networks.

rosalynm
Download Presentation

WLAN Access Zones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WLAN Access Zones Karri Huhtanen <karri.huhtanen@wnsonline.net>

  2. WLAN Access Network

  3. eavesdropping and recording radio traffic and recording IP traffic / traffic on the MAC level (e.g. tcpdump) denial of service IP DoS attacks Radio DoS attacks Interference from other devices on unlicensed 2.4GHz band (e.g Bluetooth, microwave ovens, other links) integrity / replay MAC address forging, IP hijacking replay registration attacks against WLAN access point IP replay / integrity / man-in-the-middle attacks (e.g. forging email, capturing keys) ... threats

  4. WEP (Wireless Equivalent Privacy) encryption unique and common shared secrets changing the shared secret often, key exchange secured by vendor specific solution IPSEC / VPN, encrypting traffic on IP level, the authentication of user to network and the network to user MAC address access filtering in WLAN access point (AP) Vendor specific solutions like Lucent’s ”closed network” setting. Legislation concerning deliberate interference of telecommunications ... solutions

  5. There are several known weaknesses in the structure of WEP encryption WEP shared secret is useless when it’s common knowledge WEP key exchange is not yet a defined standard, different vendors have implemented their own solution that usually are not interoperable. MAC address can be faked very easily => additional authentication is required Radio DoS attacks may only be prevented by legislation, radio interference from other devices cannot be prevented, only avoided The only methods to authenticate radio network on non-IP level to user are network id (essid) and the possible shared secret Replay attacks may be prevented to some extent with WEP but the network is as vulnerable as every other IP network ... problems

  6. Regional Access Zone

  7. router / wireless router ... network structure application servers and databases • security gw / firewall • authentication server (e.g. Radius) operator x core network Internet IPSEC/VPN secured tunnel through regional access zone to operator network Point of Presence (PoP) regional access zone regional access zone regional access zone

  8. Denial of service due to radio interference or malicious user Unauthorized or unaccounted access to the network and Internet Eavesdropping and recording other users’ traffic Faked servers and networks, intercepting other users’ traffic Network performance loss due to extensive traffic using private network addresses and bypassing the security gateway ... threats

  9. Network management that can determine overloaded access points and based on e.g. GPS coordinates of the access points also pinpoint the area where the disturbance is Some radio interference can be avoided by careful radio network planning, using licensed frequencies, VPN/IPSEC client and security gateway IPSEC protected traffic between routers Filters, firewall / class of service rules, traffic shaping in (wireless) routers The selection of secure management / dynamic routing protocol Filtering out routing/management protocols in routers that may be potentially dangerous ... solutions

  10. Most of the vendor products available on market today do not have the features needed to handle the threats or implement the solutions => need for customized/homemade network elements VPN IPSEC implementations and their interoperability (key exchange and authentication) Faked servers and services can still cause trouble within one cell => need for network elements that can handle also this kind of problems, and also need of user education Double tunneling if two VPNs are used, one to secure access through radio way and other to connect for example company intranet What if some devices / users do / can not have an interoperable VPN client installed? How to create and combine public access to this scenario? ... problems

  11. Public Access Zone

  12. ... network structure security gw / firewall operator x core network Internet company intranet IPSEC secured access to company intranet with company certified client public access service provider’s network User Database WEP ”personal key” server public access controller / firewall public access zone public access zone public access zone nonencrypted websurfing access to Internet

  13. Denial of service due to radio interference or malicious user Unauthorized and unaccounted access to the network and Internet Eavesdropping and recording other users’ traffic Faked servers and networks, intercepting/diverting other users’ traffic The lack of traceability if many-to-one NAT is used Possible access to IP-level without authentication => better possibilities to eavesdrop traffic ... threats

  14. Denial of service attack sources are more easy to find as the average public access zone may be only one cell, network management also helps Public Access Controller (PAC) and related vendor solutions use WWW (https) secured authentication and MAC address based access filtering the usage of VPN client for corporate access after the PAC has opened the hole to Internet limit the access to Internet only to few ports (WWW, IMAP, etc.) => attacking hosts in Internet does not seem to be feasible use real IP addresses if possible ... solutions

  15. WEP cannot be used shared keys cannot be used how to do the WEP key exchange with multiple vendor products Authentication WWW authentication may be the only feasible method MAC address by itself is not reliable nor does every card have a smart card reader embedded into them => more authentication is needed Accounting how to bill random users (paying with credit card for access)? combined GSM/WLAN billing is a pretty good idea, how to do it with every vendor’s card? VPN trouble with NAT interoperability key distribution is hard for every terminal there’s not a client users cannot be ”forced” to use just one single vendor solution ... problems

  16. Corporate Access Zone

  17. ... network structure Internet operator x core network company intranet Noncrypted access to Internet and possibility to use own VPN client security gw / firewall security gw Access servers net (e.g. DHCP, possible WEP ”personal key” server”) firewall corporate visitor access zone corporate access zone corporate access zone IPSEC/VPN secured access to company intranet

  18. Unauthorized and unaccounted access to the intranet Eavesdropping and recording intranet / users’ traffic Faked servers and networks, intercepting/diverting/modifying other users’ traffic Denial of service attack threat is not in author’s opinion very likely. However denial of service of network elements may cause losses depending on the company ... threats

  19. IPSEC/VPN client Also WEP encryption (helps in authenticating network to user and user to network) Firewalls Company policies / standards (client, software/hardware configuration, security) Personnel security training Careful selection of software/hardware solutions to minimize interoperability problems Redundancy for high availability and load balancing ... solutions

  20. the different requirements of different users and business units (R&D requires more flexibility, but also more security, production may not need only standard solution etc.) People and their attitudes towards security, company policies and standards. These must not feel like paper pushing because of the paper pushing. Questions like: can the service provider be trusted to terminate company user’s IPSEC tunnel and then create another one? how can the user terminal be protected outside company network so that it won’t serve as a host for trojan horses or reveal sensitive data to non-employes about the network? Creating the security policy and rules. ... problems

  21. (In)Security of the WEP algorithm by Nikita Borisov, Ian Goldberg, and David Wagner (http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html) Wireless LANs –course at Tampere University of Technology http://www.cs.tut.fi/kurssit/83800/ and the seminar presentation there About Access Zones and WLAN, check Nokia’s Operator WLAN concept as well as Cisco’s and Lucent’s WLAN pages and solutions and of course the author’s seminar report About Wireless Network Services Oy (http://www.wnsonline.net/) More Information

  22. Esittele yksi WLAN-verkoissa käytettävän WEP-algoritmin heikkous ja sitä vastaan toimiva hyökkäys sekä niiden periaatteet. Miksi heikkous on heikkous ja kuinka hyökkäys käyttää heikkoutta hyväkseen? Millä tavoin voit torjua WLAN-verkoissa radiotien salakuuntelun uhkaa? Sinulle on annettu tehtäväksi suunnitella WLAN-pääsyalue yhtiön työntekijöille yhtiön sisäiseen verkkoon, minkälainen on suunnittelemasi verkon rakenne ja mitä ratkaisuja käytät tietoturvallisuuden varmistamiseen. Torjutut uhat ja perustelut ratkaisuille mukaan. Julkisten pääsyalueiden suojaamisen IPSEC:llä ja muilla VPN-tekniikoilla liittyy useita ongelmia. Esittele näistä muutamia. Tehtävänäsi on suunnitella julkinen WLAN-pääsyalue Internet-palveluntarjoajan käyttöön. Piirrä pääsyalueen verkon rakenne laitteineen ja analysoi mitkä turvallisuusuhat olet pystynyt välttämään, mitä et ja miksi? Mahdollisia koekysymyksiä

More Related