Wireless Networking. WLAN Security Basics

Transcription

1 Wireless Networking WLAN Security Basics Jerry Bernardini Community College of Rhode Island 11/6/2013 Wireless Networking J. Bernardini 1 REFERENCES CWTS Chapter-9 Edition-2 The California Regional Consortium for Engineering Advances in Technological Education (CREATE) project Sybex Publishing powerpoints CCRI Engineering and Technology 2 Jbernardini 2 1

2 Introduction to IEEE Wireless LAN Security The importance of network security is often underestimated WLANs have become part of many enterprise networks in various industries and businesses In the early days of IEEE wireless networking, security was weak Why were they weak? WLANs are not bounded by any physical media such as an Ethernet cable What are you trying to protect What are you trying to prevent 3 Wireless LAN Threats and Intrusion Wireless LANs are subject to many potential security threats Concerns and Threats Eavesdropping RF denial of service (DoS) MAC spoofing Hijacking Man-in-the-middle attacks Peer-to-peer attacks Management interface exploits Encryption cracking Authentication cracking Social engineering 4 2

3 Early WLAN Security Mechanisms Media access control (MAC) filtering Wired Equivalent Privacy (WEP) Service Set Identifier (SSID) Hiding Allows the SSID to be removed from broadcast beacon frames A feature added by manufacturers of WLAN equipment Should NOT be used as a way to secure a wireless network 5 SSID Filtering Disable SSID broadcast. By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join the wireless network. Change the default SSID. Wireless AP s have a default SSID set by the factory. Linksys wireless products use Linksys. Change the network's SSID to something unique, and make sure it doesn't refer to the networking products, your company, department function, or location. 3

4 MAC Security Mechanisms? Media Access Control (MAC) Address MAC Address filtering restricting which MAC addresses can authenticate MAC Spoofing Tricking the wireless access point into thinking a MAC address is something other than what is encoded in an actual network card MAC addresses are sent in the clear in the frame header! User/attacker can change their MAC address via software (SMAC) changes the registry in Windows Impersonate or masquerade under the address. Evade/Hide Network Presence Bypass Access Control Lists Authenticated User Impersonation 7 IEEE Standard Security Open or Shared-Key IEEE Open System Authentication Null authentication Two way frame exchange The only valid authentication type allowed with i, WPA and WPA2.0 IEEE Shared-key Authentication Four way frame exchange Requires the use of WEP therefore is weak Used for authentication and data encryption Flawed and should never be used 8 4

5 Open System Authentication Vulnerabilities Inherently weak Based only on match of SSIDs SSID beaconed from AP during passive scanning Easy to discover Vulnerabilities: Beaconing SSID is default mode in all APs Not all APs allow beaconing to be turned off Or manufacturer recommends against it SSID initially transmitted in plaintext (unencrypted) Vulnerabilities -If an attacker cannot capture an initial negotiation process, can force one to occur SSID can be retrieved from an authenticated device Many users do not change default SSID Several wireless tools freely available that allow users with no advanced knowledge of wireless networks to capture SSIDs 9 Wired Equivalent Privacy (WEP) Was designed as a way to protect from casual eavesdropping The original standard states that the use of WEP is optional With open system authentication will encrypt the data With shared key authentication authentication and data encryption The original standard specified only 64-bit WEP 10 5

6 WEP Implementation IEEE cryptography objectives: Efficient Exportable Optional Reasonably strong Self-synchronizing WEP relies on secret key shared between a wireless device and the AP Same key installed on device and AP A form of Private key cryptography or symmetric encryption 11 WEP Characteristics WEP shared secret keys must be at least 40 bits Most vendors use 104 bits Options for creating WEP keys: 40-bit WEP shared secret key (5 ASCII characters or 10 hexadecimal characters) 104-bit WEP shared secret key (13 ASCII characters or 16 hexadecimal characters) Passphrase (16 ASCII characters) APs and wireless devices can store up to four shared secret keys Default key one of the four stored keys Default key used for all encryption Default key can be different for AP and client 12 6

7 WEP Encryption Process Initialization Vector (IV) Secret Key Plain text recommends IV change per-frame same packet is transmitted twice resulting cipher-text will be different C1 Seed Pseudorandom Number Generator PRNG C2 Integrity Algorithm Integrity Check Value (ICV) Key Stream Exclusive-OR IV Cipher text What is Transmitted WEP Initialization Vector The IV is a 24-bits that augments a 40-bit WEP key to 64 bits and a 104-bit WEP key to 128 bits. The IV is sent in the clear in the frame header so the receiving station knows the IV value and is able to decrypt the frame Although 40-bit and 104-bit WEP keys are often referred to as 64-bit and 128-bit WEP keys, the effective key strength is only 40 bits and 104 bits, respectively, because the IV is sent unencrypted. CCRI J. Bernardini 14 7

8 WEP Encryption Process Data Key Stream Cipher Stream (Transmitted and Received) Key Stream Data WEP Weaknesses Key management and key size. 40-bit The IV is too small. 24-bit = 16,777,216 different cipher streams. The ICV algorithm is not appropriate Uses CRC-32 when MD5 or SHA-1 would be better. Authentication messages can be easily forged IV 24 - bits PRNG Seed Secret Key 40 - bits 63 8

9 Temporal Key Integrity Protocol - TKIP Part of the IEEE i encryption standard for wireless LANs (Pronounced tee-kip ) TKIP is the next generation of WEP (initially call WEP2). Provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP TKIP Process begins with a 128-bit "temporal key" shared among clients and access points Combines the temporal key with the client's MAC address then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data This procedure ensures that each station uses different key streams to encrypt the data. Older WEP based devices can be upgraded to TKIP and not processor intensive SOHO and Enterprise Security Solutions i amendment to the standard improvement included: Robust Secure Network Association (RSNA) Counter mode with Cipher-block chaining Message authentication code Protocol (CCMP) Temporal Key Integrity Protocol (TKIP) are supported The Wi-Fi Alliance has released the following: Wi-Fi Protected Access (WPA) Pre i certification Wi-Fi Protected Access 2 (WPA 2.0) Post i certification Wi-Fi Protected Setup (WPS) Intended for home users 18 9

10 Wi-Fi Protected Setup certification (WPS) PIN-Based Security PIN-based security requires a unique PIN to be entered on all devices that will be part of the same secure wireless network Push-Button Configuration (PBC) Security Push-button security or push button configuration (PBC) allows users to configure wireless LAN security with the push of a button In December 2011 a security flaw was reported with WPS 19 Designed with the SOHO user or home-based user in mind Passphrase characteristics 8 to 63 ASCII or 64 hexadecimal characters Creates a 256-bit preshared key The longer and more unique the passphrase, the more secure Weak passphrases can be compromised Passphrase-Based Security 20 10

11 IEEE 802.1X Framework WPA and WPA2 Enterprise Security 802.1X IEEE 802.1X is a port-based access control method Was designed to work with wired IEEE networks Adapted into the wireless world as an alternate, more powerful solution to legacy IEEE security 802.1X technology terminology Supplicant Authenticator Authentication Server 11/6/2013 Wireless Networking J. Bernardini 21 Extensible Authentication Protocol (EAP) EAP (details of operation beyond scope of course CCNP subject) The authentication process used with 802.1X is Extensible Authentication Protocol (EAP) There are many types of EAP available in the industry that can be used with wireless networking IEEE 802.1X and EAP together create IEEE 802.1X/EAP This authentication process is typically used for enterprise-level network security The EAP type chosen will depend on the environment in which the wireless LAN is deployed Many Proprietary Solutions of EAP EAP-TLS TTLS PEAP EAP-FAST 22 11

12 Remote Authentication Dial in User Service (RADIUS) RADIUS was originally as a way to authenticate and authorize dial-up network users Now used with access points to authenticate and authorize wireless networks users 23 Authentication, Authorization, and Accounting (AAA) A framework to allow secure access and authorization keep track of the user s activities on a computer network including wireless networks part of a RADIUS functionality Three components protocol that work together Authentication Validating credentials Authorization Access control Accounting Keeping track of use 24 12

13 Cryptography and Encryption Cryptography: Science of transforming information so that it is secure while being transmitted or stored scrambles data Guard the Confidentiality of CIA Ensure only authorized parties can view it Used in IEEE to encrypt wireless transmissions Scrambling Encryption: Transforming plaintext to ciphertext Decryption: Transforming ciphertext to plaintext Cipher: An encryption algorithm Given a key that is used to encrypt and decrypt messages Weak keys: Keys that are easily discovered 25 Encryption Evolution: WEP/TKIP/CCMP Wired Equivalent Privacy (WEP) Legacy Temporal Key Integrity Protocol (TKIP) Good Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) The best and most secure 26 13

14 Encryption: WEP Wired Equivalent Privacy (WEP) An optional encryption method specified in the original IEEE standard Intended to protect wireless network users against casual eavesdropping Cracking WEP a very simple process WEP is vulnerable to intrusion because of the 24 bit initialization vector (IV) The 24-bit IV is broadcast in the clear or unencrypted 27 Encryption: TKIP Temporal Key Integrity Protocol (TKIP) Designed as a firmware upgrade to fix WEP TKIP added several enhancements Per-packet key mixing of the IV to separate IVs from weak keys A dynamic rekeying mechanism to change encryption and integrity keys 48-bit IV and IV sequence counter to prevent replay attacks Message Integrity Check (MIC) to prevent forgery attacks Use of the RC4 stream cipher, thereby allowing backward compatibility with WEP 28 14

15 Encryption: CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) CCMP is a mandatory part of the IEEE i amendment (now part of IEEE standard) CCMP uses the Advanced Encryption Standard (AES) algorithm, a block cipher Older hardware may not support it and it is the strongest encryption method 29 Improved Security with CCMP and AES Counter Mode with Cipher Block Chaining-Message Authentication Code (CCMP) CCMP uses Advanced Encryption Standard (AES) instead of RC4 algorithm CCMP/AES uses 128-bit encryption, encrypts 128-bit blocks, uses 8-bytes integrity check AES is very processor intensive Not upgradable for older devices 11/6/2013 Wireless Networking J. Bernardini 30 15

16 Advanced Encryption Standard - AES Relatively new U.S. National Institute of Standards and technology (NIST) for single-key encryption; approved in byte Block Cipher based on Rijndael (pronounced Rain Doll ) Key Lengths of 128, 192, and 256-bit Time to brute-force break an AES 256-bit key several years. AES Encryption is a four step process AES Four Steps /6/2013 Wireless Networking J. Bernardini 32 16

17 WPA Modes There are 2 modes of WPA and WPA2 certification Enterprise and Personal Enterprise Mode (Business & Government) Personal Mode (Personal & SOHO) WPA Authentication: IEEE 802.1X/EAP Encryption: TKIP/MIC Authentication: PSK Encryption: TKIP/MIC WPA2 Authentication: IEEE 802.1X/EAP Encryption: AES-CCMP Authentication: PSK Encryption: AES-CCMP Role-Based Access Control (RBAC) Way of restricting access to only authorized users Designed to ease the task of security administration on large networks A method of regulating access to computer or network resources based on the roles of individual users Access based according to job competency, authority, and responsibility within the enterprise Enables users to carry out a wide range of authorized tasks Roles can be easily created, changed, or discontinued as the needs of the enterprise evolve, without having to individually update the privileges for every user 34 17

18 Virtual Private Networking The capability to create private communications over a public network infrastructure such as the internet Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Components of a VPN Solution Client side Endpoint Network infrastructure Public or private Server side Endpoint 35 Wireless Intrusion Prevention Systems (WIPS) Capture information by 24/7/365 monitoring Detect threats to the wireless infrastructure such as DoS attacks and rogue access points Notify about threats through a variety of mechanisms Support for integrated RF spectrum analysis Capture information by 24/7/365 monitoring Detect threats to the wireless infrastructure such as DoS attacks and rogue access points Notify about threats through a variety of mechanisms Support for integrated RF spectrum analysis 36 18

19 Wireless Intrusion Prevention Systems (WIPS) Two types of WIPS Overlay and Integrated WIPS Technology 37 Overlay WIPS sensors Overlay WIPS Overlay WIPS sensors are dedicated wireless devices Have physical characteristics similar to those of wireless access points Are passive and only used for scanning the air and sending data to a WIPS server 38 19

20 Integrated WIPS Overlay and Integrated WIPS Technology Integrated WIPS sensors Part of a wireless access point s functionality May have a dedicated radio for full-time WIPS monitoring, or it may share a radio with the access point for part-time WIPS monitoring 39 The Captive Portal Captive Portal A process that redirects a user to an authentication source of some type before they will be allowed wireless network access Authentication source in the form of a web page will require a user to authenticate in some way Enter user credentials (username and password) Input payment information Agree to terms and conditions 40 20

21 Wireless Network Management and Monitoring Systems (WNMS) Allows a wireless network engineer to both control and administer wireless infrastructure devices Collect information that may be used to troubleshoot and resolve wireless LAN issues Cloud-based Wireless Network Monitoring Physical Layer Monitoring See what is happening in the air as it relates to radio frequency Data Link Layer Monitoring View the wireless LAN frames that traverse the air and provides the opportunity to view both potential performance and security issues 41 Regulatory Compliance PCI Compliance Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy HIPAA Compliance Other Regulatory Compliances 42 21

22 Review Network intrusion and the impact it can have on a wireless LAN IEEE security methods IEEE authentication types IEEE Open system IEEE Shared key Early WLAN security techniques IEEE SOHO and enterprise security technologies Passphrase-based authentication User-based authentication 802.1X/EAP Radius Authentication, Authorization, and Accounting (AAA) IEEE encryption methods 43 22