FSU Official Wireless Security Document
Wireless communications provides portability, flexibility, increased productivity and lower installation costs. Wireless technology provides the ability to move laptops from place to place within the office environment without wires and without losing connectivity. Less wiring means greater flexibility and efficiency and reduced wiring costs. Ad hoc networks allow data synchronization with network systems and application sharing. Handheld devices allow remote users to synchronize personal data and provide access to network services. This technology offers a cost savings and adds capabilities to applications.
However, wireless technology comes with risks. Some of these risks are the same as for wired networks, some are new and some are increased due to the technology. In wireless technology, the medium is the airwave, which is openly exposed to intrusion.
Loss of confidentiality, integrity and the threat of denial-of-service (DoS) attacks are typical risks. Malicious users may gain access to organizational systems and information, which may compromise the confidentiality of the organization, its users and/or its network. These same users may also intentionally or accidentally spread viruses or launch attacks to prevent users from accessing the network because their laptops are compromised.
The Internet has revealed several public web sites that provide maps of insecure wireless access points throughout the world. Intruders use this information to gain access to these systems or users' machines, which can result in the loss of data confidentiality, integrity, bandwidth or network performance. Intruder access can then be used to launch network attacks on other parties.
Specific threats/vulnerabilities of wireless networks:
- The same vulnerabilities that exist for conventional wired networks also exist for wireless networks.
- DoS attacks may be directed to or from the wireless network or device.
- Parking lots may enable malicious users to gain unauthorized access to an organization, thereby bypassing firewalls and disabling or disrupting operations.
- Intruders can use lost or stolen handheld devices to access information.
- A malicious code can be introduced to both a wired and wireless network.
- Data may be extracted without detection due to improperly configured devices.
- Unencrypted data passed between wireless devices can be intercepted easily.
- Intruders can use stolen information to masquerade as legitimate users or devices.
- Synchronization data may be intercepted and corrupted.
This document is geared toward the overview of wireless networking technologies, specifically 802.11 and ensuring the security of such.
Maintaining a secure wireless network requires significant efforts and resources. This involves:
- Maintaining an understanding of the topology.
- Labeling and keeping inventories of wireless ranges, configurations and known securities applied.
- Providing periodic testing and assessments.
- Providing ongoing audits, tracking of devices and location of new devices.
- Applying patches and updates.
- Monitoring new threats.
The risks of providing wireless technology are considerable, and most protocols and commercial products (by themselves) do not provide adequate protection. Poorly administered wireless networks are as prone to attack as a wired network. However, many concerns, such as installing a system with factory "out of the box" settings and/or no security, can be avoided.
Because there is no physical control of radio frequency (RF) signals in a wireless environment, data may be captured during transmissions/broadcasts. Building construction, frequencies, attenuation and power settings can be used for reasonable positive control over the wireless network. However, be advised that the signal can still vary up to a KILOMETER beyond its intended range.
Appropriate management and security practices are vital to operating and maintaining a secure wireless network. This is an undertaking of total effort on the part of the organization. It starts with development, documentation and implementation of policies, standards, procedures, guidelines, confidentiality, integrity and availability of information system resources.
A successful wireless security implementation involves:
- Centralized security implementation for all wireless technology.
- Configuration control and management to ensure the latest software releases and security features.
- Standardized configurations to reflect security policies.
- Security awareness and training.
Organizations should develop and implement a plan that optimizes the trade-offs of usability, performance and risk to attack.
Organizations have the legal responsibility to provide security for the wireless network and the Internet at large. They must make sure that the proper countermeasures are in place to prevent the most severe risks to the organization and educate users of changing security features, i.e., product updates.
Most equipment does not meet the Federal Information Processing Standards (FIPS) 140-2 Security Requirements for Cryptographic Modules standard, which is binding for federal agencies. It will be necessary to deploy higher-level cryptographic protocols and applications such as Secured Shell(SSH), Secure Sockets Layer(SSL), Transaction Layer Security (TLS) or Secure InternetProtocolIPSEC. This can protect information whether or not the data link security protocol (wireless network security level) is used. End-to-end cryptographic protection may be required here traffic traverses other network segments, unknown agencies or the Internet. NOTE: These cryptographic measures should be used with the strategic location of access points, firewalls and antiviral software.
Wireless technology is becoming increasingly popular. It has been said that wireless networks will possibly become more widely used than wired networks. With the onslaught of personal digital assistants (PDAs) and tablets, and access to calendars, e-mail, addresses, phone numbers and even the Internet, connectivity is becoming "a way of life." The focus of this document is 802.11 services in laptops, PDAs and handheld devices. This document will address wireless technology, outline risks, offer solutions and explain how FSU will mitigate the risks of wireless technology.
This document is for the FSU community as a whole and should be used as a baseline for wireless connectivity.
This document should not be taken as mandatory or standard in place of federal agencies, Secretary of Commerce or other federal mandates.
The purpose of this document is to provide departments with guidelines for establishing a secure wireless network. Everything in this document is to be used with existing campus security measures. Keep in mind that security is a compromise between system security and customer satisfaction. Customer satisfaction usually predominates over system security.
This document mainly addresses 802.11 technologies: wireless local area networks (WLANs), Bluetooth 802.11/ad hoc (peer-to-peer networks) and other handheld 802.11 devices. Anything else is considered to be beyond the scope of this document.
A WLAN is a local area network (LAN) that uses high-frequency radio waves rather than wires to communicate between nodes. It allows mobile users to connect to a LAN through a wireless radio frequency (RF) connection. FSU views this network as a data communication system that can extend, enhance, or replace (in some instances) a wired LAN. It provides connectivity where wiring is unavailable or cost prohibitive. It is a flexible, cost-effective alternative to providing additional functionality to our existing LAN. Wireless technology can range from WLANs to cell phones and from headphones to microphones. They include infrared (IR) devices such as remote controls, cordless keyboards and mice, all of which have a transmitter and a receiver and require direct line-of-sight between devices. As technology advances we are coming closer and closer to non-line-of-sight products.
WLANs follow the IEEE 802.11 standards. Ad hoc networks follow proprietary techniques or are based on the Bluetooth standard. Many handheld devices have followed the wireless application protocol (WAP) standard. Although there are other standards that offer varying levels of security features, this document will discuss 802.11 standards only.
WLANs serve as the transport mechanism between and among devices and the wired network. WLANs are diverse and many, but are usually clumped together.
WLANs allow greater flexibility and portability than traditional LANs. Unlike a LAN, a WLAN connects computers and other components to the wired network using an access point device. An access point communicates with devices equipped with wireless network adapters. It then connects to the wired network via an RJ-45 port. An access point typically covers an area of up to 300 feet in diameter. This coverage area is called a cell. Users move freely within the cell. Access points can be linked together to allow users to "roam" within a building or area. This "roaming" without connectivity loss is called "seamless roaming."
Ad hoc networks are designed to connect directly between devices, i.e., from laptop to laptop directly with no access point. These are dynamic networks that shift as users move in and out of this type of network. For more information, see Overview of Ad Hoc and Bluetooth Networks, Figure 1, on page 12.
Bluetooth may be the primary ad hoc network standard. It operates at 2.4GHz and supports rates of 720kbps. This product uses short-range wireless connections to allow devices to synchronize e-mail, access personal computers and access the Internet. This form of wireless networks has the framework for voice and uses a different frequency-hopping scheme than those mentioned above. This product has reduced power to reduce interference with other personal area networks (PAN).
There are a wide range of devices that use wireless technologies. The most commonly used are handheld devices. The devices with push or pull technologies are beyond this document - (Research In Motion (RIM), Blackberry devices). However, PCs, laptops, PDAs and other handheld devices using 802.11 standards are referenced in this document.
PDAs are data organizers. These devices allow access to database applications, address books, schedulers, and to-do lists and allows users to synchronize data between two PDAs or between a PDA and a personal computer. Newer versions allow users to download their e-mail and to connect to the Internet.
WLANs started in the 1980s as the Federal Communications Commission (FCC) made radio frequency spectrums available. Motorola started with a product that was expensive, provided low data rates, had interference and was proprietary. IEEE started the 802.11 specifications that developed the groundwork. This project dealt with the connectivity of fixed, portable and moving stations. A technology equivalent to the 802.3 Ethernet standard that took into account wireless technology and frequencies, applications and reduced interference and that span multiple physical encoding types was developed.
The IEEE 802.11b standard provides wireless networking in the 2.4GHz-2.5GHz-frequency range and uses spread-spectrum technology with bandwidth of 11Mbps. Direct Sequence Spread Spectrum (DSSS) divides the data signal across 11 separate sub-carriers to provide transmissions of 1, 2, 5.5 and 11Mbps.
The 802.11a standard is from 5.15-5.35GHz and 5.725-5.825GHz. Within this spectrum, there are twelve, 20MHz channels and each band has different output power limits. OFDM (Orthogonal Frequency Division Multiplexing - type of modulation) divides the data signal across 48 separate sub-carriers to provide transmissions of 6, 9, 12, 18, 24, 36, 48 or 54Mbps of which 6, 12 and 24Mbps are mandatory for all products. For each of the sub-carriers, OFDM uses PSK (phase shift keying) or QAM (quadrature amplitude modulation) to modulate the digital signal depending on the selected data rate of transmission. In addition, four pilot sub-carriers provide a reference to minimize frequency and phase shifts of the signal during transmission. This form of transmission enables OFDM to operate extremely efficiently, which leads to the higher data rates and minimizes the affects of multipath propagation.
|Standard Approved||September 1999||September 1999||July 1997|
|Number of Nonoverlapping Channel||
4 (Indoor), 4 (Indoor/Outdoor),|
|3 (Indoor/Outdoor)||3 (Indoor/Outdoor)|
|Data Rate per Channel||6, 9, 12, 18, 24, 36, 48, 54 Mbps||1, 2, 5.5, 11 Mbps||1, 2 Mbps|
|Modulation Type||OFDM||DSSS||FHSS, DSSS|
The IEEE 802.11 standard permits devices to establish peer-to-peer (P2P) networks or networks based upon fixed access points (AP). These two structures are ad hoc and infrastructure, respectively. The P2P is meant to allow users to share files with no one machine as an actual server. The infrastructure network is meant to extend the range of the wired LAN to wireless cells. A laptop or other mobile device may move from cell to cell (from AP to AP) while maintaining access to the resources of the LAN. By deploying multiple APs with overlapping
coverage areas, broad network coverage can be achieved.
In the WLAN, the AP acts as a bridge between the wireless and wired networks. The AP functions as a base station for the wireless network allowing multiple users to connect to the wired infrastructure. An AP has a radio modem-wireless network interface card (NIC)-to connect clients to the wired backbone. All communications between the client stations and between clients and the wired network go through the AP. NOTE: This can be as simple as one AP and a laptop or PDA or as complicated as many APs, laptops, PDAs, tablets, wireless scanners and other devices.
Theoretical ranges are from a few feet (for 11Mbps) in a closed office area, up to two thousand feet (for 1Mbps) in an open area. NOTE: WLANs depend on several factors including data rate required, capacity, source of RF interference, power, connectivity and antenna usage. Actual ranges are often less than the theoretical. Also, this distance can be up to several miles in outdoor space.
- User Mobility-Users can access files, network resources and the Internet without having to physically connect to the network with wires. Users can be mobile yet retain high-speed, real-time access to the enterprise LAN.
- Rapid Installation-The time required for installation is reduced because network connections can be made without moving or adding wires, or pulling them through walls or ceilings.
- Flexibility-Enterprises can also enjoy the flexibility of installing and taking down WLANs in locations as necessary. Users can quickly install a small WLAN for temporary needs such as a conference, trade show, or meeting.
- Scalability-WLAN network topologies can easily be configured to meet specific application and installation needs and to scale from small P2P networks to very large enterprise networks that enable roaming over a broad area.
OVERVIEW OF AD HOC AND BLUETOOTH NETWORKS
This section provides a detailed overview of ad hoc networks. Ad hoc is usually based upon Bluetooth technology, but includes 802.11, as a wireless card can operate in this mode. Therefore, there will be some information about both in this section. Ad hoc networks are networks that do not need an AP to get connectivity. They primarily are used with laptops that "talk amongst" themselves. These devices connect "on-the-fly" with each other and are usually used to share files and printers. They can, however, become very complex and become an extension of a wireless or wired network. These devices keep their own listings of end-user locations.
Bluetooth is an open standard for short-range radios and is the primary technology used in ad hoc networks. These products are gaining interest due to their low-cost and low power requirements. This technology provides a small wireless network called a "personal area network" (PAN) as it is usually only transmitted in a 30' area or less. These products have much the same abilities of other wireless networks in that they can provide voice and data, eliminate cables, bridge two networks and has support for PDAs, mobile phones, printers, faxes, microphones and even earpieces. The main function of Bluetooth is to provide an ad hoc network to synchronize between personal devices.
These networks are usually temporary networks that change as ad hoc devices enter and exit the coverage area. One device is a "master" and can support up to seven devices within its network. All of these devices use the same frequency, but can be in multiple networks. This means a slave device in one network can be a master in another network, extend the distance and support more users. An example would be a master laptop talking to two other master laptops in a different network.
Bluetooth also operates in the 2.4GHz ISM band, which is similar to WLAN and other 802.11 devices. Bluetooth uses a different modulation and employs a different spread spectrum. Theoretically, it has a bandwidth of 1Mbps, 79 different radio channels, frequency changes of 1,600 times per second and little interference with a single WLAN products. However, in reality the network cannot support such data rates because the forward error correction (FEC) may interfere with 802.11 networks for a short time. The second generation of Bluetooth should support 2Mbps, but look for faster rates in the future.
|Type||Power Level||Operating Range|
|Class 3 Devices||100mW||Up to 100 meters|
|Class 2 Devices||10mW||Up to 10 meters|
|Class 1 Devices||1mW||0.1-10 meters|
Each has its usage. Class 1 is a cable replacement for a mouse or keyboard. Class 2 is to connect a laptop to PDA, PDA to PDA, or laptop to laptop. Class 3 can compete with 802.11b and could be used for all of the above, or it can provide wireless connectivity for a whole building.
Bluetooth has five benefits besides low cost:
- Cable Replacement-These replacements include mouse and keyboard connections but can also include printers, microphones and headsets.
- Ease of File Sharing-Bluetooth enables file sharing between devices. This is a quick way to share documents in a meeting, to move files from a laptop to a desktop or to move files from a phone to a computer. Also, a cell phone could be used as a network connection for a laptop.
- Wireless Synchronization-Bluetooth provides automatic synchronization among PDAs, laptops, mobile phones and other devices. This automation occurs without the knowledge of the users as devices get within range of one another.
- Automated Wireless Applications-Bluetooth supports LAN and Internet connections and applications such as e-mail where files can be queued or labeled as "offline."
- Internet Connectivity-Bluetooth can join other devices to each other and also can be used as the primary means for each of these devices to connect to the Internet.
|Browser-Based Authentication||Most compatible with all platforms||No encryption; easy session hijacking and packet capturing|
|WEP-Based Encryption||Easy to establish and configure||Long-lived encryption keys; management difficult in large environments|
|IEEE 802.1x||Flexible authentication; encryption for rest of session||New standards; not universal; needs several parts for successful scheme|
|IPSEC||Highest security with per packet authentication and encryption||IP only solution|
Bluetooth provides security only over the radio link, from each device to all other devices. Bluetooth has three security specifications:
- Confidentiality-The intent is to prevent information eavesdropping.
The encryption of the data is to prevent the payload of the packet from eavesdropping. There are three types of encryption. Encryption mode 1 has no encryption on any traffic. Encryption mode 2 allows broadcast traffic to be unprotected but individually addressed traffic is encrypted. Encryption mode 3 encrypts all traffic.
- Authentication-This addresses the identity of each communicating device.
The sender sends an encrypted authentication request frame to the receiver. The receiver sends an encrypted challenge frame back to the sender. Both perform a pre-defined algorithm. The sender sends its findings back to the receiver, which in turn either allows or denies the connection.
- Authorization-This allows control of resources.
Bluetooth has three security modes. Security mode 1 is an insecure mode. The security functions of encryption and authentication are completely bypassed. Security mode 2 is a service level security. This allows security just after the data link layer provides connectivity to the upper layers of the OSI model. Security mode 3 is a link-level security. This is a device initiating security before the connection is established and is based upon a shared key that is generated when the two devices talk for the first time.
In addition to security modes, Bluetooth has three security service levels. Service level 1 is authorization and authentication granting access to trusted devices. Service level 2 is authentication only; for example, access to an application after an authentication procedure. Service level 3 is an open system. Here, access is granted to all devices without authentication.
These are known security problems within the Bluetooth and ad hoc schemes.
- The Bluetooth challenge-response key generation is weak. This scheme may use a static number or a number for a period of time, which can reduce the effectiveness of the authentication.
- The challenge-response is simplistic. A one-way challenge for authentication is susceptible to "man-in-the-middle" attacks. Mutual authentication via user verification should be used.
- The keys used are weak. The initialization key needs to be more robust and the unit key is a public-generated key that can be reused. A set of keys should be used instead.
- The master key is shared between the connections. This key is a broadcast and should have a better scheme than what is used.
- The encryption algorithm scheme uses a single algorithm and allows repeat authentication. A more robust method that limits authentication and increases the encryption should be used.
- The PIN number range is limited. A PIN number is usually only four digits and the scalability for large environments is difficult.
- End-to-end security is not established. Most of the data traveling this network does not have security on all aspects of the transmission. This is usually left to higher level applications.
- Preventative security is difficult to implement. Because of the nature of this technology, it is difficult to audit, combat and prevent known insecurities.
OVERVIEW OF WIRELESS HANDHELD DEVICES
Wireless handheld devices include one- and two-way text messaging devices. They are PDAs (Palms, Compaq iPAQs, HP Joranadas and other WindowsCE devices), RIM/Blackberry (text-messaging devices), smart phones (phones with web and/or PDA capabilities) and tablets. The use of these devices introduces new security risks. These devices have their own IP and MAC addresses, allowing them to either be attacked or become the attacker.
Advantages and disadvantages of wireless handheld devices include:
- The small size of handheld devices makes them mobile, but susceptible to loss, theft and misuse.
- Physical security measures that work for desktops or laptops do not work the same for handhelds. A laptop case will be searched, but a handheld device can be concealed.
- Handheld devices have limited computing power, memory and peripherals. The same software for desktops or laptops may not be available for protection.
- Laptops and handheld devices should provide the same security levels to protect information, but laptops and PDAs can have different risks.
- Personally owned handheld devices usually do not get the same security scheme setup as an organizational deployed device.
- Handheld devices can have multiple interfaces such as expansion modules, wireless modems, Bluetooth, IR ports and 802.11 connections. These can be separate from the existing wired network.
- Users have limited security awareness, as the technology is new.
- Handheld devices can download Trojans, freeware, shareware and other untrusted software unknown to administrators.
- There are few auditing and security tools for handheld devices.
- There are several operating systems, applications and new vulnerabilities.
PDAs were first introduced in the 1980s as palm-sized computers that would serve as personal information organizers. PDAs provide productivity as if sitting in the office. Users can get e-mail, get to network resources and even get on the Internet. Their uses are becoming limitless. Through synchronization, all the information on a PDA can be backed-up on a PC. This synchronization (when connected to a PC) is sometimes called "beaming' when using the IR ports. As the use of the PDAs and mobile phones grew, manufacturers began combining these technologies to become "smart phones." These phones usually have no actual computing power and run C, Java or third-party applications. Since these devices have little computing power, they are not usually viewed as a security threat. However, the ease of use, access to network devices and the exchange of data are making them noteworthy for potential risks.
Security-Wireless Handheld Devices
Handheld devices have the same security issues as ad hoc and 802.11- confidentiality, integrity and availability. On a handheld device, confidentiality can be lost due to the IR port "beaming" information from one machine to another without the knowledge of the user. Because of the synchronization mechanism, data can be vulnerable in many different locations. First, you have the PDA itself. Second, you have a storage module (MicroDrives, compact flash, secure disc) attached to the PDA. Third, you have the PC the data is being "synced" with, and last, you have the airwaves the device is using (802.11, Bluetooth, IR, USB, serial ports).
The airwaves are also susceptible in many different aspects. There are 802.11 and Bluetooth insecurities, along with IR. This allows two machines within a small proximity of each other to start communications without acknowledgement of the user. These are usually "request to send" commands that can introduce Trojans into your network. NOTE: An 802.11-enabled device mis-configured as a P2P device can expose your 802.11 networks.
The importance of integrity and accountability is that, on a handheld device, the risk is in each connection and each of these connections have different insecurities. For example, a 1G cell connection has little to no security in comparison to a digital connection. Text-messaging services can introduce spam and "the always on" networks eliminate the need to log in each time a user sits at a machine, which allows anyone to be on a machine.
Overview of Wireless Security Threats and Risks
Threats and risks happen on wired and wireless networks alike. Authorized and unauthorized users of the system may commit fraud and theft. Theft is more likely to occur with wireless devices because of their portability. Malicious hackers break into systems without authorization, usually for personal gain or to do harm. These hackers are usually from outside of the organization and hackers may gain access to the network by eavesdropping on wireless communications. Malicious code involves viruses, worms, Trojan horses or other unwanted software that damages or can bring down a system.
- Integrity-The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. The information must be protected from unauthorized, unanticipated, or unintentional access.
- Authenticity-A third party must be able to verify that the content of a message has not been changed in transit. Also, a company should verify who is allowed entry into the network.
- Non-repudiation-The origin or the receipt of a specific message must be verifiable by a third party.
- Accountability-The actions of an entity must be traceable uniquely to that entity.
- Network availability-The property is accessible and usable upon demand by an authorized entity.
Security threats fall into one of nine categories: errors and omissions, fraud and theft, employee sabotage, loss of physical and infrastructure support, malicious hackers, industry espionage, malicious code, foreign government espionage and threats to personal privacy. Those more specific to wireless systems are:
- The same vulnerabilities that exist for conventional wired networks also exist for wireless networks.
- DoS attacks may be directed to or from the wireless network or device.
- Malicious entities may gain unauthorized access to an organization's computer network through wireless connections, bypassing firewall protections.
- Malicious entities may, through wireless connections, connect to other organizations for the purposes of launching attacks and concealing their actions.
- Malicious entities may steal the identity of legitimate users and masquerade on internal or external corporate networks.
- Malicious entities may be able to violate the privacy of legitimate users and be able to track their actual movements.
- Malicious entities, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
- Sensitive information that is not encrypted and that is transmitted between two wireless devices may be intercepted and disclosed.
- Sensitive data may be corrupted during improper synchronization.
- Viruses or malicious code may corrupt data on a wireless device and be introduced to a wired network and vice-versa.
- Handheld devices are easily stolen and can reveal sensitive information.
- Data may be extracted without detection due to improperly configured devices.
Security Threats and Types
There have been numerous published reports and papers describing attacks on 802.11 WLANs and exposing risks to any organization deploying the technology. This subsection will briefly cover the risks to security.
Passive Attack-An attack in which an unauthorized party simply gains access to an asset and does not modify its content (i.e., eavesdropping). Passive attacks can be either simple eavesdropping or traffic analysis (sometimes called traffic flow analysis).
- Eavesdropping-The attacker simply monitors transmissions for message content. An example of this attack is a person listening into the transmissions on a LAN between two workstations or tuning into transmissions between a wireless handset and a base station.
- Traffic Analysis-The attacker, in a more subtle way, gains intelligence by monitoring the transmissions for patterns of communication. A considerable amount of information is contained in the flow of messages between communicating parties.
Active Attack-An attack whereby an unauthorized party makes modifications to a message, data stream, or file. It is possible to detect this type of attack but it may not be preventable. Active attacks may take the form of one of four types (or combination thereof): masquerading, replay, message modification and DoS.
- Masquerading-The attacker impersonates an authorized user and thereby gains certain unauthorized privileges.
- Replay-The attacker monitors transmissions (passive attack) and re-transmits messages as the legitimate user.
- Message Modification-The attacker alters a legitimate message by deleting, adding to, changing or reordering it.
- Denial-of-Service-The attacker prevents or prohibits the normal use or management of communications facilities.
All risks against 802.11 are the result of one or more of these attacks. The consequences of these attacks include loss of proprietary information, legal and recovery costs, tarnished image and loss of network service.
Due to the nature of RF, it may not be possible to control the distance of the signal. The signal may travel outside the building perimeters making it is susceptible to wireless packet analyzers such as AirSnort and WEPcrack. These products monitor the airwaves, capture the data, compute the encryption key and allow users entrance into the network. If the AP is connected to a hub instead of a switch, all information is vulnerable to monitoring. NOTE: Rogue APs usually pose the most risks as they are usually misconfigured or configured with default settings.
Once a hacker has gotten the appropriate usernames, passwords or encryption keys, the hacker can masquerade as a known person. The hacker can setup relay agents for DoS, modify information or become the "man-in-the-middle."
Security-802.11 Wireless LANs
Usually authentication, authorization and access are lumped together under authentication. However, you can have one without the other, thus they are all different. It is also easy to have one accomplished without the other. For this document, we will discuss authentication as authorization and access.
- Authentication-Used to verify the identity of the communicating client stations.
Authorization-Used to grant a known user access.
Access-Used to gain connectivity to a network.
There are several means of authentication. The first is called Cryptographic (RC4), which is a station with the proper Wired Equivalent Privacy (WEP) key. The second is Non-cryptographic which has two types: Open System Authentication, which is a station that is allowed to join a network without any information (no Service Set Identification- SSID) and the Closed System Authentication, which is a station with the correct SSID.
- Confidentiality-Used to provide privacy of the communications.
Confidentiality is usually achieved through encryption. The most common are 40- to 128-bit. This is usually set via the WEP key.
- Integrity-Used to assure data is not modified in transit.
The IEEE 802.11b specification uses Cyclic Redundancy Check (CRC) to reject messages that have been changed by an outside source. If the CRC is not equal on both the sending and receiving components, the message is considered an error and discarded.
Security Flaws in the IEEE 802.11b Standard Security-WEP
- Security features are not enabled when shipped, and users do not enable them when installed. Bad security is generally better than no security.
- 24-bit IVs cause the generated key stream to repeat. Repetition allows easy decryption of data for a moderately sophisticated adversary.
- 40-bit keys are inadequate for any system. It is generally accepted that key sizes should be greater than 80-bits in length. The longer the key, the less likely a brute-force attack will work.
- Keys that are shared can compromise a system. A fundamental tenant of cryptography is that the security of a system is largely dependent on the secrecy of the keys.
- Cryptographic keys should be changed often to prevent brute-force attacks.
- The combination of revealing 24-bit keys in the IV and a weakness in the initial few bytes of the RC4 keystream lead to an efficient attack that recovers the key. Most other applications of RC4 do not expose the weaknesses of RC4 because they do not reveal key bits and do not restart the key schedule for every packet. This attack is available to moderately sophisticated adversaries.
- CRC32 and other linear block codes are inadequate for providing cryptographic integrity. Message modification is possible. Linear codes are inadequate for the protection against inadvertent attacks on data integrity. Cryptographic protection is required to prevent deliberate attacks. Use of noncryptographic protocols often facilitates attacks against the cryptography.
- Only the device is authenticated. A device that is stolen can access the network.
- Identity-based systems are highly vulnerable, particularly in a wireless system.
- Device authentication is simple shared-key challenge-response-One-way challenge-response authentication is subject to "man-in-the-middle" attacks. Mutual authentication is required to provide verification that users and the network are legitimate.
WIRELESS NETWORK SECURITY IMPLEMENTATIONS
In this section, ways to combat the forms of attacks on a wireless network will be discussed. Remember, it all starts with a comprehensive security policy that is implemented. A WLAN policy should:
- Identify who may use the network.
- Determine whether access is permitted.
- Describe who can install access points and other wireless equipment.
- Provide limitations on location of access points to reduce risks including location, power, cell size, frequency, encryption and other security measures.
- Describe the types of information that is allowed over the wireless link.
- Describe conditions for which wireless devices are allowed.
- Define standard security settings for wireless equipment.
Security Measures That Fail and Why-Misconceptions
One thing people do, as a form of security, is disable the broadcast of the SSID. This does not perform any security measure. The reason is that information must be sent in the header in order for the client to speak with the AP. Because of this, the SSID of the AP can be found simply by monitoring the header of the client. NOTE: The user has to be talking to the AP at the time of monitoring to capture this information.
WEP alone is not a security measure in that it can be cracked. NOTE: A user must capture "x" amount of data before it can be cracked, even if you are using keys that rotate the pattern of how often the key changes.
Operational Countermeasures 802.11
Most installations are made without making adjustments. Physical security of the access point is important. It should be placed in a location that is secure and possibly locked. Access to the building should include some form of security, either keys or biometrics. The building should have surveillance cameras for the perimeter and the network equipment.
Under physical security, consider the placement of the antenna. The antennas should be inconspicuous. Keep in mind that different antennas can give different results. This means that the "cell size" can change. Changing an antenna could give unintended results. Make sure to use the appropriate antenna for coverage area and signal strength and remember that antennas have a "back pattern."
The range of the antennas should include how far beyond the interior of the building a connection can travel. This is important as "wardriving" is increasing in popularity, and minimizing RF leakage should be top priority. This should also include building-to-building connections. Ideally, the antenna should be placed within the building to not exceed the building perimeter. This prevents unauthorized access and prevents eavesdropping beyond the intended coverage perimeter.
Access point configuration should be based upon your security policy. Your policy should ensure that APs are not using default settings, as they are well known. NOTE: This includes rogue APs, which should be monitored. Improperly configured APs can lead to:
- Administrative password changes, guessing, dictionary attacks and/or bad encryption/authentication schemes.
- Access points without proper software patches and upgrades that provide malicious entities with known software and hardware vulnerabilities.
- Authentication and improperly configured Access Control Lists (ACLs) that can allow unauthorized users into the network.
- Default SNMP settings that can give away all settings including passwords, SSID, channel and default cryptographic keys (some cases), or that allow hardware resets, which can result in returning to default settings.
There are also software and hardware security solutions. Software includes proper AP configurations, hard to guess passwords, software updates and encryption.
Other software security measures to look into implementing are personal firewalls as they protect the most vulnerable aspect of the network. Firewalls may need to run in conjunction with other security measures, as they do not protect against all forms of attacks. They do, however, provide a good-layered approach and a modifiable configuration.
Hardware security solutions include biometrics. Understand that biometrics is being considered as hardware because they require a hardware device to perform the authentication method. They add a layered approach to the security scheme. These can introduce a new overhead to the security solution and troubleshooting techniques.
Virtual Private Networks (VPNs) are used as tunnels, encrypting data within a packet and encapsulated within a protocol. An example of this would be a WEP connection from the client to the AP and then a VPN tunnel to the VPN device. Know that there are several protocols that may be used including IPSEC, Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP).
Because of these risks, periodic audits of the network should be performed. New technology requires readdressing these issues as distances and signals to noise levels may change where connectivity may occur. By covering a smaller area, you may help prevent unintended coverage.
Operational Countermeasures Ad Hoc and Bluetooth Networks
Bluetooth has the same vulnerabilities as an 802.11 network. In this section, countermeasures will be discussed.
The best way to prevent the insecurities is through three countermeasures.
- Management- This includes a security policy and user knowledge/training.
- Operational- Since Bluetooth devices are normally not registered when they join a network, this is extremely hard to administer. However, try to set a security perimeter for wireless connectivity and use appropriate power for such locations.
- Technical- Technical countermeasures are software and hardware measures. Software refers to using strong PIN codes and VPNs. Hardware includes biometrics.
Operational Countermeasures Wireless Handheld Devices
Label devices with name, telephone number and postal address. Periodically track devices. Install software for tracking over the Internet and for deleting data after failed login attempts (more than one attempt). Make sure to store the devices and modules in a secure location when not in use. Delete/move sensitive materials as soon as possible or when not used for long periods of time.
Handheld devices should authenticate and encrypt data on the network. They should be held to the same level of security and use as all other devices. This has to be done on a case-by-case basis as some devices have storage and some do not. Some have IR connections and some do not.
Authentication should be via passwords, tokens, biometrics, smart cards, flash IDs, device IDs, electronic serial numbers or other means.
Encryption should be the highest level offered by the handheld device. Users should not use the same password for network connectivity as they would for their home security system, ATM or other services. Do not store the passwords on the device in a file, even if encrypted. Remember to encrypt information on storage modules.
PDAs can get a virus just like any other device. Make sure to have the latest scanning files, update often and scan on all open ports (IR/beaming, synchronizing, e-mail and Internet downloads).
Use some sort of VPN, firewall or Public Key Infrastructure (PKI) product. VPNs will secure all data from the handheld device to the end location. Firewall software will close all open ports and allow access only after configured to do so. PKIs will issue a digital key to the device for entry into the network. Disable all ports and services not used, as this will deter leakage.
Enterprise handheld device management software allows network administrators to discover handheld devices, install and remove applications, back up and restore data, collect inventory information, synchronize data with corporate servers and databases and perform various configuration management functions from a central location.
To counter these risks, organizations need security measures and practices that bring these risks to a manageable level. Organizations need to perform security assessments that consider existing security policies, known threats and vulnerabilities and technical requirements. Once the assessment is completed, the organization can begin planning and implementing the measures it will put into place to safeguard its systems and lower its security risks. Periodic reassessment should be performed as threats are continually changing and networks are always evolving.
As wireless is a new technology, consideration should be given to waiting for the full maturity of the products. A number of new vulnerabilities may be uncovered as well as new solutions.
Wireless Security Approaches
There are four different approaches for building a "secure" workable and interoperable wireless network. Each of these approaches have a different level of security. This document focuses on the characteristics of each approach.
Approach 1: Browser-Based Authentication
The most common denominator to all users is that they have a web browser. Through this browser interface, authentication can occur. A wireless client is attempting to connect to the network, but cannot until they go to a web page and enter authentication information. Once authentication is completed, the user can go beyond the authentication gateway.
This system is based upon maximum compatibility with user systems and equipment. This system only encrypts the initial login via Secure Socket Layer (SSL) and all other data is sent as clear text unless higher application securities are used Secured Shell (SSH).
Approach 2: WEP-Based Encryption
Even though WEP has problems, it is still better than nothing and is supported by virtually all access points. WEP is a privacy protocol that is supposed to protect users from eavesdropping.
This system is based upon a simple deployment effort. This is generally as simple as entering keys into the clients' machines and the same keys into the access points. This system isn't very scalable in that a large client community can be very time consuming to enter the keys, assuring the latest patches/firmware are installed on every piece of equipment. Also, changing keys for this large client community is difficult.
Approach 3: IEEE 802.1x
802.1x is a new standard that authenticates users on both the wired and wireless networks. This standard allows users to authenticate to the network and enforces roles/services based upon how a user logged in. This technique can be very simple (AP and RADIUS logins) or very complex (bi-directional PKI digital certificates).
This system is based upon a highly secure authentication method with encryption. The technique can accommodate different operating systems and fix several risks associated with WEP. This system does not take into account that the technology is new and the number of vendors supporting it is limited.
Approach 4: IPSEC
This approach supports encryption and authentication over IP. This allows clients to connect to a security gateway immediately behind the access point. This gateway will not allow anyone to connect from the wireless access point to the rest of the network unless the user has an IPSEC session.
The IPSEC system is based on the highest security levels and wide-area network compatibility. This approach is IP only, does not protect non-IP protocols and does not depend on WEP. This approach can, however, protect a simple wireless link completely across the entire Internet.
Four Approaches: Advantages and Disadvantages
The purpose of this section is to provide departments with guidelines establishing a secure wireless network. Although there are insecurities in wireless, with a layered approach, a secure network can be established. This section will explain how a secure network can be achieved with a scalable installation base.
FSU Approach to WLAN Security
FSU is taking the approach that a secure WLAN will have to rely on all departments and users. Through everyone’s help we can install a layered installation. This approach will take the form of training users, installing a personal firewall and setting up a machine for IPSEC.
FSU has chosen a two-tier hardware system. One is a control console that ACNS has purchased. This controls the authentication, layer-3 roaming and network logging, and enforces policies. The other is an access manager that resides on the edge of the network and connects access points or switches and enforces user rights, roaming, IPSEC termination and network redirects.
The goals of this security scheme are to provide the following:
- Provides a seamless look and feel for all users of wireless network and expand to labs, classrooms, etc.
- Ensures seamless deployment in every FSU environment.
- Maintain a seamless integrated authentication with backend services (LDAP, RADIUS).
- Increase bandwidth by restricting network access to authorized users.
- Provide network access control.
- Provide a mechanism for guest logins.
- Meet responsibilities to protect the Internet community at large.
- Provide seamless access services to the campus community while protecting internal digital assets.
- Provide authentication access to private resources for authorized users.
- Restrict access of private resources to authorized users only.
- Provide central logging of users and their usage, so malicious misconduct can be dealt with swiftly.
- Provide a mechanism for an auditing trail.
- Standardize a platform to minimize maintenance and support and to maximize ROI.
- Provide standardized layered security for end-users.
- Provide this level of security while requiring little or no administration.
- Ensure that network administrators will need to provide little or no administration of wireless network.
- Give departmental network administrators the ability to fully control their internal network.
- Continue with higher application security scheme (SSH/SSL).
- Continue layered security approach.
- Make underlying security transparent to users.
- Create an "airwave" security scheme.
- Do not install client software, as there is not enough assistance for user community and liabilities of operating system corruption.
- Use a hardware solution as it is more reliable, easier to configure and easier to manage.
Our plan consists of three steps:
- Educate- The first thing to do is to educate users about the risks of wireless networks. We hope that this document is the start of a discussion about wireless networks for the campus community.
- Software-The next thing to do is to encourage the use of personal firewalls, which protect the weakest link, the end-user. A personal firewall protects the end-user from intrusion attempts and Internet-borne threats like worms, Trojan horses and spyware. They offer controls for ad blocking, cookie control, e-mail attachments and pop-up ads. However, they do not provide any form of authentication. FSU encourages users to use ZoneAlarms, either the free version or the pay version. However, most firewall products will work.
Antivirus software protects against malicious code. This is usually in the form of Trojan horses and worms. A virus is sent as a cookie, e-mail attachment, pop-up ad or spyware.
Personal firewall and antivirus software should always be updated. These updates are needed to combat known attacks or viruses.
- Network Management System-Last, deploy a wireless network management system. The wireless network management system being deployed around campus is a two-tier architecture that offers two benefits. First is a centralized service. From a central point, policies can be created, modified or deleted. Second is scalability.