Transcript Security+ Guide to Network Security Fundamentals

Wireless and Instant Messaging
Chapter 8
Learning Objectives




Understand security issues related to
wireless data transfer
Understand the 802.11x standards
Understand Wireless Application Protocol
(WAP) and how it works
Understand Wireless Transport Layer
Security (WTLS) protocol and how it
works
continued…
Learning Objectives



Understand Wired Equivalent Privacy
(WEP) and how it works
Conduct a wireless site survey
Understand instant messaging
802.11


IEEE group responsible for defining interface
between wireless clients and their network access
points in wireless LANs
First standard finalized in 1997 defined three
types of transmission at Physical layer



Diffused infrared - based on infrared transmissions
Direct sequence spread spectrum (DSSS) - radiobased
Frequency hopping spread spectrum (FHSS) - radiobased
continued…
802.11




Established WEP as optional security
protocol
Specified use of 2.4 GHz industrial,
scientific, and medical (ISM) radio band
Mandated 1 Mbps data transfer rate and
optional 2 Mbps data transfer rate
Most prominent working groups: 802.11b,
802.11a, 802.11i, and 802.11g
802.11a




“High-Speed Physical Layer in the 5 GHz
Band”
Sets specifications for wireless data
transmission of up to 54 Mbps in the
5 GHz band
Uses an orthogonal frequency division
multiplexing encoding scheme rather than
FHSS or DSSS
Approved in 1999
802.11b





“Higher-Speed Layer Extension in the 2.4 GHz
Band”
Establishes specifications for data transmission
that provides 11 Mbps transmission (with
fallback to 5.5, 2, and 1 Mbps) at 2.4 GHz band
Sometimes referred to as “Wi-Fi” when
associated with WECA certified devices
Uses only DSSS
Approved in 1999
802.11c


Worked to establish MAC bridging
functionality for 802.11 to operate in other
countries
Folded into 802.1D standard for MAC
bridging
802.11d


Responsible for determining requirements
necessary for 802.11 to operate in other
countries
Continuing
802.11e


Responsible for creating a standard that
will add multimedia and quality of service
(QoS) capabilities to wireless MAC layer
and therefore guarantee specified data
transmission rates and error percentages
Proposal in draft form
802.11f


Responsible for creating a standard that
will allow for better roaming between
multivendor access points and distribution
systems
Ongoing
802.11g


Responsible for providing raw data
throughput over wireless networks at a
throughput rate of 22 Mbps or more
Draft created in January 2002; final
approval expected in late 2002 or early
2003
802.11h


Responsible for providing a way to allow for
European implementation requests regarding the
5 GHz band
Requirements



Limits PC card from emitting more radio signal than
needed
Allows devices to listen to radio wave activity before
picking a channel on which to broadcast
Ongoing; not yet approved
802.11i



Responsible for fixing security flaws in
WEP and 802.1x
Hopes to eliminate WEP altogether and
replace it with Temporal Key Integrity
Protocol (TKIP), which would require
replacement of keys within a certain
amount of time
Ongoing; not yet approved
802.11j


Worked to create a global standard in the
5 GHz band by making high-performance
LAN (HiperLAN) and 802.11a
interoperable
Disbanded after efforts in this area were
mostly successful
Wireless Application Protocol (WAP)




Open, global specification created by the
WAP Forum
Designed to deliver information and
services to users of handheld digital
devices
Compatible with most wireless networks
Can be built on any operating system
WAP-Enabled Devices
WAP-Enabled Devices
How WAP 1x Works

WAP 1.x Stack



Set of protocols created by the WAP Forum
that alters the OSI model
Five layers lie within the top four (of seven)
layers of the OSI model
Leaner than the OSI model

Each WAP protocol makes data transactions as
compressed as possible and allows for more
dropped packets than OSI model
WAP 1.x Stack Compared to
OSI/Web Stack
Differences Between Wireless and
Wired Data Transfer


WAP 1.x stack protocols require that data
communications between clients (wireless
devices) and servers pass through a WAP
gateway
Network architectural structures
WAP versus Wired Network
The WAP 2.0 Stack



Eliminates use of WTLS; relies on a lighter
version of TLS – the same protocol used on the
common Internet stack – which allows end-toend security and avoids any WAP gaps
Replaces all other layers of WAP 1.x by standard
Internet layers
Still supports the WAP 1.x stack in order to
facilitate legacy devices and systems
Additional WAP 2.0 Features





WAP Push
User agent profile
Wireless Telephony Application
Extended Functionality Interface (EFI)
Multimedia Messaging Service (MMS)
Wireless Transport Layer Security
(WTLS) Protocol


Provides authentication, data encryption, and
privacy for WAP 1.x users
Three classes of authentication

Class 1


Class 2


Anonymous; does not allow either the client or the gateway
to authenticate each other
Only allows the client to authenticate the gateway
Class 3

Allows both the client and the gateway to authenticate each
other
WTLS Protocol:
Steps of Class 2 Authentication
1. WAP device sends request for authentication
2. Gateway responds, then sends a copy of its
certificate – which contains gateway’s public
key – to the WAP device
3. WAP device receives the certificate and public
key and generates a unique random value
4. WAP gateway receives encrypted value and
uses its own private key to decrypt it
WTLS Security Concerns


Security threats posed by WAP gap
Unsafe use of service set identifiers
(SSIDs)
Wired Equivalent Privacy (WEP)



Optional security protocol for wireless local area
networks defined in the 802.11b standard
Designed to provide same level of security as a
wired LAN
Not considered adequate security without also
implementing a separate authentication process
and providing for external key management
Wireless LAN (WLAN)


Connects clients to network resources
using radio signals to pass data through the
ether
Employs wireless access points (AP)


Connected to the wired LAN
Act as radio broadcast stations that transmit
data to clients equipped with wireless network
interface cards (NICs)
How a WLAN Works
APs
NICs
How WEP Works



Uses a symmetric key (shared key) to
authenticate wireless devices (not wireless
device users) and to guarantee integrity of
data by encrypting transmissions
Each of the APs and clients need to share
the same key
Client sends a request to the AP asking for
permission to access the wired network
continued…
How WEP Works


If WEP has not been enabled (default), the
AP allows the request to pass
If WEP has been enabled, client begins a
challenge-and-response authentication
process
WEP’s Weaknesses

Problems related to the initialization vector
(IV) that it uses to encrypt data and ensure
its integrity



Can be picked up by hackers
Is reused on a regular basis
Problems with how it handles keys
Other WLAN Security Loopholes




War driving
Unauthorized users can attach themselves to
WLANs and use their resources, set up their own
access points and jam the network
WEP authenticates clients, not users
Wireless network administrators and users must
be educated about inherent insecurity of wireless
systems and the need for care
Conducting a Wireless Site Survey
1. Conduct a needs assessment of network
users
2. Obtain a copy of the site’s blueprint
3. Do a walk-through of the site
4. Identify possible access point locations
5. Verify access point locations
6. Document findings
Instant Messaging (IM)





AOL Instant Messenger (AIM)
MSN Messenger
Yahoo! Messenger
ICQ
Internet Relay Chat (IRC)
Definition of IM




Uses a real-time communication model
Allows users to keep track of online status
and availability of other users who are also
using IM applications
Can be used on both wired and wireless
devices
Easy and fast
continued…
Definition of IM

Operates in two models:

Peer-to-peer model


May cause client to expose sensitive information
Peer-to-network model

Risk of network outage and DoS attacks making
IM communication unavailable
Problems Facing IM


Lack of default encryption enables packet
sniffing
Social engineering overcomes even
encryption
Technical Issues Surrounding IM


Files transfers
Application sharing
Legal Issues Surrounding IM



Possible threat of litigation or criminal
indictment should the wrong message be
sent or overheard by the wrong person
Currently immune to most corporate efforts
to control it
Must be monitored in real time
Blocking IM


Install a firewall to block ports that IM
products use; IM will be unavailable to all
employees
Limited blocking not currently possible
Cellular Phone Simple Messaging
Service (SMS)


Messages are typed and sent immediately
Problems


Tracking inappropriate messages
Risk of having messages sniffed
Chapter Summary


Efforts of IEEE, specifically 802.11x
standards, to standardize wireless security
Security issues related to dominant
wireless protocols

WAP


Connects mobile telephones, PDAs, pocket
computers, and other mobile devices to the Internet
WEP

Used in WLANs
continued…
Chapter Summary



WTLS protocol
Conducting a site survey in advance of
building a WLAN
Security threats related to using (IM)