Transcript Document 7417187

Internet Security Principle
Wireless LAN/WAN Protection
Group Member
• Jia-Wei Tsay
• Taesun(Andy) Park
Contents
•
•
•
•
•
•
•
•
Introduction
Applications
Technologies
Threats
Recent security mechanism
Protection solutions
Conclusion
Reference
Introduction
•
•
•
•
Abstract
What is the wireless LAN
What is the wireless WAN
The importance of wireless LAN/WAN protection
Abstract
• Wireless LAN/WAN are becoming a respectable
alternative in indoor communications. It offers
flexibility and mobility in networking
environments, as the user is not bound to a certain
workplace anymore
• Wireless technology allows the network to go
where wire cannot go. Mobile workforce who
require real time access to data benefit from
wireless LAN/WAN connectivity since they can
access it almost any time any place. Wireless
LAN/WAN are also ideal for providing mobility in
home and hot spot environments
Abstract(cont)
• Unfortunately, disgruntled employees, hackers,
viruses, industrial espionage, and other forms of
destruction are not uncommon in today's
Networks
• This project addresses the vulnerabilities and the
security to the wireless LAN/WAN
What is the wireless LAN
• A wireless LAN (WLAN) is a flexible data
communication system implemented as an
extension to, or as an alternative for, a wired LAN
within a building or campus. Using
electromagnetic waves, WLANs transmit and
receive data over the air, minimizing the need for
wired connections. Thus, WLANs combine data
connectivity with user mobility, and, through
simplified configuration, enable movable LANs
What is the wireless LAN(cont)
• A wireless local area network (WLAN) is a
flexible data communication system using radio
frequency (RF) technology to transmit and receive
data over the air. It can be integrated with existing
campus network seamlessly and easily so that we
can enjoy network computing without looking for
a physical network port
• wireless LAN is a collection of two or more
devices connected via an open air medium in order
to share data
What is the wireless WAN
• Wireless WANs, which can bridge branch
offices of a company, cover a much more
extensive area than wireless LANs. Unlike
WLANs, which offer limited user mobility and
instead are generally used to enable the mobility
of the entire network, WWANs facilitate
connectivity for mobile users such as the traveling
businessman. In general, WWANs allow users to
maintain access to work-related applications and
information while away from their office.
What is the wireless WAN (cont)
• In wireless WANs, communication occurs
predominantly through the use of radio signals
over analog, digital cellular, or PCS networks,
although signal transmission through microwaves
and other electromagnetic waves is also possible.
Today, most wireless data communication takes
place across 2G cellular systems such as TDMA,
CDMA, PDC, and GSM, or through packet-data
technology over old analog systems such as
CDPD overlay on AMPS.
What is the wireless WAN (cont)
• Although traditional analog networks, having been
designed for voice rather than data transfer, have
some inherent problems, some 2G (second
generation) and new 3G (third generation) digital
cellular networks are fully integrated for
data/voice transmission. With the advent of 3G
networks, transfer speeds should also increase
greatly.
The importance of wireless
LAN/WAN protection
• Security is an important aspect in wireless
LAN/WAN since it is hard to restrict access to
network resources physically, which can be made
with wired LAN/WAN by physical access control
in the premises
Application
• Doctors and nurses in hospitals are more
productive because hand-held or notebook
computers with wireless LAN capability deliver
patient information instantly.
• Consulting or accounting audit engagement teams
or small workgroups increase productivity with
quick network setup.
• Network managers in dynamic environments
minimize the overhead of moves, adds, and
changes with wireless LANs, thereby reducing the
cost of LAN ownership.
Application(cont)
• Training sites at corporations and students
at universities use wireless connectivity to
facilitate access to information, information
exchanges, and learning.
• Network managers installing networked
computers in older buildings find that
wireless LANs are a cost-effective network
infrastructure solution.
• Retail store owners use wireless networks to
simply frequent network reconfiguration.
Application(cont)
• Trade show and branch office workers minimize
setup requirements by installing preconfigured
wireless LANs needing no local MIS support.
• Warehouse workers use wireless LANs to
exchange information with central databases and
increase their productivity.
• Network managers implement wireless LANs to
provide backup for mission-critical applications
running on wired networks.
• Senior executives in conference rooms make
quicker decisions because they have real-time
information at their fingertips.
LAN/WAN Technologies
•
•
•
•
•
•
•
•
•
•
WAP
Bluetooth
AMPS
TDMA
CDMA
GSM
G3 IMT-2000 International Mobile
GPRS
LMDS
100BaseRadio
WAP
•
•
•
•
•
WAP stands for Wireless Application Protocol
WAP is an application communication protocol
WAP is used to access services and information
WAP is inherited from Internet standards
WAP is for handheld devices such as mobile
phones
• WAP is a protocol designed for micro browsers
• WAP enables the creating of web applications for
mobile devices.
• WAP uses the mark-up language WML
WAP(cont)
• The WAP standard is based on Internet standards
(HTML, XML and TCP/IP). It consists of a WML
language specification, a WMLScript specification,
and a Wireless Telephony Application Interface
(WTAI) specification.
• WAP is published by the WAP Forum, founded in
1997 by Ericsson, Motorola, Nokia, and Unwired
Planet
Bluetooth
• Bluetooth technology is a forthcoming wireless
personal area networking (WPAN) technology that
has gained significant industry support and will
coexist with most wireless LAN solutions. The
Bluetooth specification is for a 1 Mbps, small
form-factor, low-cost radio solution that can
provide links between mobile phones, mobile
computers and other portable handheld devices
and connectivity to the internet.
Bluetooth(cont)
• This technology, embedded in a wide range of
devices to enable simple, spontaneous wireless
connectivity is a complement to wireless LANs —
which are designed to provide continuous
connectivity via standard wired LAN features and
functionality
Wireless WAN (Summary)
• 1G – First generation (Analog voice) AMPS
- Advanced Mobile Phone Service
• 2G – Second Generation (Digital voice and messages)
- TDMA - Time Division Multiple Access (D-AMPS, NA-TDMA,
IS-54, IS-136)
- CDMA - Code Division Multiple Access (CDMA-One, IS-95a)
GSM - Global System for Mobile communication
• 2.5G
- EDGE – Enhanced Data rate for Global Evolution
- GPRS – General Packet Radio Service
• 3G – Third Generation (Broadband Data and Voice over IP)
- IMT-2000 – backbone of 3G world
- W-CDMA – Wideband CDMA
- Cdma2000 – Broadband CDMA
- LMDS / MMDS – Local Multipoint / Multipoint Microwave
Distribution Systems
Wireless WAN (Summary)
2001
Cingular
VoiceStream
AT&T Wireless
2002
GSM
GPRS
EDGE
2004
W-CDMA
TDMA
iDEN
Nextel
Verizon Wireless CDMA
Sprint PCS
2G
2003
2.5G
3G
1x
CDMA-2000
3x
Easy upgrade
Upgrade requires new modulation
Upgrade requires entire new radio system
Wireless WAN
Cellular Telephony
- bandwidth: 9.6-14.4 Kbps (2G); 28.2-128 Kbps (2.5G); 200-2000
Kbps (3G)
- standards: GSM, CDMA, TDMA, GPRS common use: national
coverage
Paging
- bandwidth: 9.6 Kbps standard: CDPD common use: two-way
short text messages
Satellite
- bandwidth: 400-1500 Kbps (downlink); 256 Kbps (uplink)
AMPS - Advanced Mobile Phone
Service
-First generation wireless tech
- analog cellular phone system (in USA and South
Africa)
- uses FDMA - Frequency Division Multiple Access –
- (800-900)MHz frequency Spectrum Subdivided
into 25 KHz Channels(4000 channels)
- one subscriber at a time to each channel (no
sharing)
- the system based on fixed cells (geographic zones)
- 3 components: cellular phone, base station, MTSO
- Mobile Telephone Switching Office
TDMA - Time Division Multiple
Access (2G)
– operate at 800 MHz (806-902 MHz; digital cellular
system) or 1900 MHz (1850-1990 MHz; PCS Personal Communication Service)
– 1900 MHz system requires more cells than 800 MHz
system
– 30-KHz radio channels are divided into 6 time slots
( a fraction of the second). Each time slot is assigned
among 8 subscribers
– referred to as D-AMPS - Digital AMPS NA-TDMANorth America TDMA IS-54 - the first
implementation of TDMA IS-136 - next generation
TDMA (transmission up to 43.2 Kbps)
– http://www.uwcc.org/
TDMA
CDMA - Code Division Multiple
Access (2G)
– operate at 800 MHz (digital cellular system) and 1900 MHz
(PCS) frequency bands
– 10-20 times the capacity of analog AMPS 4- 6 times the
capacity of TDMA; up to 384 Kbps
– referred to as IS-95 CDMA (or CDMA One) standard by TIA
– CDMA assigns digital codes to activate subscribes ; CDMA
divides the radio spectrum into channels that are 1.25 MHz
wide
– Lack of international roaming capabilities
– there are 2 competing standards: cdma2000
- American implementation, backward compatible with GSM
and other second-generation wireless systems
- W-(for Wideband)-CDMA developed by European
Telecommunications Standards Institute; Incompatible with
existing CDMA or GSM infrastructure
– http://www.3gpp.org/
CDMA
GSM - Global System for Mobile
communication (2G)
– European version of TDMA, very popular in Europe
– support for "Short message service" (short test
messages)
– operates at 900 MHz and 1800 MHz (Europe); 1900
MHz in USA as PCS
– very popular in Europe, Asia, India, Africa
combination of FDMA and TDMA: FDMA divides
the 25 MHz bandwidth into 124 carrier frequencies
of 200 KHz each; each 200 Kbps channel in divided
into 8 time slots using TDMA
– up to 384 Kbps; based on 60 orbiting satellites
– international roaming capabilities in more than 170
countries
– Vendors: Alcatel, Ericsson, Lucent, Nokia, Nortel
G3 IMT-2000 International Mobile
Telecommunication - Year 2000
– project started in 1992
– wireless access through satellite and terrestrial
systems packet services: 144 Kbps, 384 Kbps, 2
Mbps
– circuit-switched services: 144 Kbps, 284 Kbps,
2Mbps
– 3 modes of operation:
- based on CDMA ONE
- IS 95B based on CDMA 2000
- IXMC, IXTREME, HDR, 3XMC based on
TDMA/GSM
- EDGE Global roaming
– http://www.itu.int/imt2000/
GPRS, LMDS, 100 BaseRadio
GPRS – General Packet Radio Service (2.5 G)
- packet switched intermediate step to transport high-speed
data efficiently over GSM- and TDMA-based networks
- GPRS uses 8 time slots in the 200 KHz channel and can
support IP-based packet data speeds between 14.4 Kbps and
115 Kbps
LMDS - Local Multi-point Distribution Service
- not popular yet, terrestrial broadband wireless tech. - versions: 24, 28, 31,38,40 GHz
- 1 Mbps - 45 Mbps
- operates at very high frequences
100BaseRadio
- operates at 5.2 GHz, 5.3 GHz and 5.775 GHz
- the standard complies with IEEE802.3, 802.1d, VLANs
Wireless WAN (Summary)
• 1G – First generation (Analog voice) AMPS
- Advanced Mobile Phone Service
• 2G – Second Generation (Digital voice and messages)
- TDMA - Time Division Multiple Access (D-AMPS, NA-TDMA,
IS-54, IS-136)
- CDMA - Code Division Multiple Access (CDMA-One, IS-95a)
GSM - Global System for Mobile communication
• 2.5G
- EDGE – Enhanced Data rate for Global Evolution
- GPRS – General Packet Radio Service
• 3G – Third Generation (Broadband Data and Voice over IP)
- IMT-2000 – backbone of 3G world
- W-CDMA – Wideband CDMA
- Cdma2000 – Broadband CDMA
- LMDS / MMDS – Local Multipoint / Multipoint Microwave
Distribution Systems
Wireless WAN (Summary)
2001
Cingular
VoiceStream
AT&T Wireless
2002
GSM
GPRS
EDGE
2004
W-CDMA
TDMA
iDEN
Nextel
Verizon Wireless CDMA
Sprint PCS
2G
2003
2.5G
3G
1x
CDMA-2000
3x
Easy upgrade
Upgrade requires new modulation
Upgrade requires entire new radio system
Threats
•
•
•
•
•
•
•
Inherent flaws
Hackers
Distribution file and quality of password
Interception
Masquerading
denial-of-service attack
transitive trust attack
Inherent flaws
• Attacks from within the networks user community
• Unauthorized access to network resources via the wireless
hardware typically high capability receiver
• Eavesdropping on the wireless signaling from outside the
company or work group
• In a wireless LAN cannot be physically restricted. Any
registered user of the network can access data that he has
no business accessing. Disgruntled current and exemployees have been known to read, distribute, and even
alter, valuable company data files.
Hackers
• Remote access products allows people to dial in
for their email, remote offices connected via dialup lines, on-site Web sites, and "Extranets" that
connect vendors and customers to own network
which can make network vulnerable to hackers
Distribution file and quality of
password
• On the other hand, the user needs to have the file
distributed when he wants to access the Intranet.
Typically, this distribution file would reside on the
hard disk of the user's personal laptop. The quality
of the password that opens access to the keys in
the file, is essential to the whole security of the
system: if a malicious user finds out the password
and gains access to the distribution file, she can
log on to the server and thus create a tunnel to the
intranet
Interception
• A kind of identity interception, in which the
identity of a communicating party is observed for
a later misuse, or data interception in which an
unauthorized user is observing the user data
during a communication
Masquerading
• Masquerading takes place when an attacker
pretends to be an authorized user in order to gain
access to information or to a system
DOS attack
• A denial-of-service attack could be launched against a
wireless LAN by deliberately causing interference in
the same frequency band the wireless LAN operates
• Due the nature of the radio transmission the wireless
LANs are very vulnerable against denial of service
attacks
• If attacker has powerful enough transceiver, he can
easily generate such radio interference that our wireless
LAN is unable to communicate using radio path
Transitive trust attack
• If the attacker can fool wireless LAN to trust
the mobile he controls, then there is one hostile
network node inside all firewalls of enterprise
network and it is very difficult to prevent any
hostile actions after that
• fooling the mobile to trust the base controlled
by attacker as our base
Recent security mechanism
• Service Set ID (SSID)
• Wired Equivalent Privacy (WEP)
• Wireless Transport Layer Security (WTLS)
SSID
• Service Set ID (SSID) is a network name. This
name is sometimes considered secret
• An access point can be configured either to allow
any client to connect to it or to require that a client
specifically must request the access point by name.
Even though this was not meant primarily as a
security feature, setting the access point to require
the SSID can let the ID act as a password.
WEP
• Wireless LANs using the IEEE 802.11b standard
have been growing rapidly over the past two years
• WEP is the optional security mechanism defined
within the 802.11 standard designed to make the
link integrity of the wireless medium equal to that
of a cable
• A WEP is based on protecting the transmitted data
over the RF medium using a 64-bit or 128-bit seed
key and the RC4 encryption algorithm
WTLS
• WAP uses WTLS as the security mechanism
• WAP uses WTLS which is a wireless relative of
the more common SSL mechanism used by all
major web browsers. WTLS resembles SSL in that
both rely on certificates on the client and server to
verify the identity of the participants involved.
• While SSL implementations generally rely on
RSA encryption, WTLS supports RSA, DiffieHellman, and Elliptic Curve encryption. WTLS
doesn't provide for end-to-end security due to
WAP's current architecture and limitations of
server-side Transport Layer Security (SSL)
Problems
• The SSID can typically be found by "sniffing" the
network. Therefore this lends very little to securing a
network
• WEP, when enabled, only protects the data packet
information and does not protect the physical layer
header so that other stations on the network can listen
to the control data needed to manage the network
• WEP can be cracked by simply modifying several
device driver settings on your wireless LAN-equipped
mobile device
Problems(cont)
• Weaknesses in the Key Scheduling Algorithm of RC4
which would allow an intruder to pose as a legitimate
user of the network in WEP
• Wireless network Wi-fi used by American Airlines,
Starbucks and several hotel chains having no
encryption at all, so almost everything sent from a
customer's laptop can be picked up by a nearby hacker
Protection solutions
• Use higher-level security mechanisms such as
IPsec and SSH for security, instead of relying
on WEP.
• Treat all systems that are connected via 802.11
as external. Place all access points outside the
firewall
• users should augment the protocol with extra
layers of security, such as a VPN (virtual
private network) or a firewall
Protection solutions(cont)
• Cisco is going to release in the up coming year x.509
certificate authentication. So each person will be
required to unlock their x.509 certificate with a
password and then present their certificate over an
encrypted channel before they are allowed access to the
network. Early indications from Cisco are that there
will be some sort of session key based on this certificate.
So even if you have the keys for the 128 bit encryption
you will still not be able to understand or "sniff" the
traffic without a session key produced when the
individual is authenticated
Protection solutions(cont)
• do not use the default key — change the key
immediately and change it regularly; don't tell anyone
the key, ever; and conduct WLAN audits regularly to
ensure there are no rogue WLAN connections
• The WAP Forum has addressed this issue in WAP 2.0,
offering end-to-end security
• You should now have an operating RADIUS server and
access points that deny access to unauthorized users.
Spoofing IP addresses won't work -- MAC addresses
that don't successfully authenticate are not allowed to
pass through the access point. Your wireless network is
now secured against hackers
Conclusion
• The only applications that should be developed for
a wireless environment are those that are not
mission-critical or that are protected with firewalls,
token devices for authentication, encryption, and
Intrusion Detection Systems
• Despite proponents' claims to the contrary,
wireless data technologies still possess a level of
insecurity, particularly if custom security measures
(such as encryption) are not put in place by the
enterprise or application developer
Conclusion(cont)
• These are among the security enhancements that
are being proposed by Cisco, Microsoft, Intel and
others to the 802.11 standards committee for
stronger security capabilities in the standard
• Only when these products and technologies are
proven to be secure from end to end will mobile
commerce begin to take off.
Reference
• http://www.fortresstech.com/
• http://techupdate.zdnet.com/techupdate/stories
http://www.nwfusion.com/newsletters/wireless/2001/0076553
8.html
• http://www.informit.com/content
• http://www.hktechnology.com/hktnet/Solutions%20for%20w
lan/what_is_wlan/overview.htm
• http://www.cityu.edu.hk/csc/deptweb/publications/techreport.htm
• http://www.pcworld.com/news/article/0,aid,55146,00.asp
• http://www.google.com/search?q=cache:35upR5YLz3M:ww
w.wirelessethernet.org/pdf/WiFiWEPSecurity.pdf+threat+of+wireless+Lan+&hl=zh-TW
Reference(cont)
• http://www.networkcomputing.com/1004/1004buyer
side1.html
• http://www.sans.org/infosecFAQ/wireless/wireless_L
AN.htm
• http://www.futurelooks.com/features/Articles/80211
b/page3_frame.htm
• http://www.itworld.com/Sec/2306/NWW010426issla
n/
• http://www.practicallynetworked.com/support/wirel
ess_secure.htm
Reference(cont)
•
•
•
•
•
•
•
•
http://www.uwcc.org
http://www.3gpp.org
http://www.itu.int/imt2000
http://www.cdpd.org
http://www.wirelesswans.com
http://www.x.net.au/Wireless_WAN_Howto.htm
http://www.pinnaclecomm.com/wireless/
http://www.wwan.com/about/case_studies/story9.html
• http://www.pdamd.com/vertical/features/wireless_4.
xml
Reference(cont)
• http://www.shopforacomputer.com/wireless_081601/
wireless_wan.htm
• http://archive.ncsa.uiuc.edu/edu/nie/overview/netwo
rk/educate.html
• http://www.wireless-nets.com/articles.htm
• http://www.securityfocus.com/cgibin/library.pl?cat=176
• http://www.its.state.ut.us/contents/services/wan/wan
hardware.shtml