Transcript Security of Wireless Networks

Security of
Wireless Networks
Martha Bowen
ISM6021
12/9/2002
Wireless Networking
Concept
TO INTERNET
OR LAN
Traditional networks
communicate over a variety
of wired connection media.
Wireless devices utilize a
combination of broadcast and
reception technologies to
communicate without wires.
Flexible Connectivity
Potential Security
Vulnerabilities
Confidentiality

Unauthorized Disclosure


C
Internal and external!
Man-in-the-middle attacks
Integrity


Unauthorized Modification
Data Corruption
Availability


A
Denial of Service Attacks
Consumer electronics interference
More complicated for Wireless!
I
Sources of Wireless
Vulnerabilities
67% of networks use Factory Settings!




Encryption off
Vendor-specific default network names
Broadcast on
Maximum range
Distributed authentication management


Insufficient access control
Inefficient monitoring & auditing
Physical nature of wireless devices
Wireless Hackers
Little forensic evidence left by wireless
devices

More corporate liability!
New vulnerabilities utilized by hackers during
two hours of monitoring at DefCon X (8/02).
War-driving


Driving around ‘sniffing’ for unprotected wireless
networks
Published at www.wigle.net or www.wifinder.com
Wireless Access Points
Map from www.wigle.net showing known
wireless access points for U.S.
Spread-Spectrum
Wireless Standards
Developed in WWII for secure military comms


Torpedo guidance system
Frequency-hopping
4 Basic security modes




Low power
Scrambling
User-specific network address
Encoding
Spread-Spectrum
Wireless Standards
802.11b


Most widely implemented - 11Mbps in the 2.4GHz band
Potential interference from 2.4GHz cordless phones
802.11a



54 Mbps in the 5 GHz band
Limited interoperability with 802.11b/g
Potential interference from cell phones (harmonics)
802.11g

54 Mbps in the 2.4GHz band - Backwards compatible to
802.11b
Developing Standards


802.11e -Quality of Service
802.11i - Security Issues
Industry Solutions
Wired Equivalency Protocol (WEP)




Ships with most wireless devices (disabled!)
Same level of protection as wired network
Up to 128-bit encryption
Limitations

Public accessibility, key length issue, one-way authentication
802.1x Encryption & Authentication


Extensible Authentication Protocol (EAP)
Currently implemented in Cisco products as LEAP


Mutual authentication, Dynamic WEP keys (per-user/persession), WEP key timeouts (configurable)
Limitations

Hijacking, Man-in-the-middle attack
Alternative wireless technologies

18GHz microwave, Infrared
Pending Technology
Improvements
Wi-Fi Protected Access


Wi-Fi Alliance solution
TKIP encryption



802.1X-based authentication




Input from leading cryptographers
Compatible with existing hardware
Initial communication with wireless access point, which
authenticates through login server
Username/password, biometric, or smart-card
Home version with improved WEP password method
Expected to start shipping early next year

Required for Wi-Fi certification by end of 2003
Pending Technology
Improvements
802.11i


Official standard from IEEE
Two proposed encryption standards


TKIP
Advanced Encryption Standard




Government-developed
Stronger encryption method
Requires hardware upgrade
Expected release months later than Wi-Fi
Protected Access
Home Wireless
Networking Solutions
Review configuration of Access Points!


Turn on encryption – even if it is WEP!
Change the vendor-specific default site ID




Pick generic names
Change WEP password daily or weekly
Disable broadcast
Enable MAC address filtering
Location/configuration of variable range/
variable speed access points
Frequent security audits
Keeping honest people honest…
Enterprise Networking
Solutions
Encryption key automation

RADIUS server
Virtual Private Network (VPN)
Centralized administration & monitoring
Update firmware/software frequently
Wireless Security Auditing Tools
Use multiple firewalls to isolate wireless,
Internet, and local wired connections
Summary
Significant vulnerabilities do exist in
many current wireless implementations.

It is possible to address many of these
vulnerabilities using technology which is
currently available to consumers and
enterprises.
IEEE, Wi-Fi alliance, and vendors are
currently focused on addressing existing
security issues.
Expect rapid changes!
Stay informed!
Questions?
Thank you!