WHITE PAPER. WEP Cloaking for Legacy Encryption Protection



Similar documents
WHITE PAPER. WEP Cloaking TM Maximizing ROI from Legacy Wireless LAN

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Motorola AirDefense Network Assurance Solution. Improve WLAN reliability and reduce management cost

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Enterprise A Closer Look at Wireless Intrusion Detection:

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Chapter 2 Configuring Your Wireless Network and Security Settings

PCI Wireless Compliance with AirTight WIPS

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Motorola RF Management Suite

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Best Practices for Deploying Wireless LANs

Wireless Networks. Keeping your network running smooth and secure with the latest security and site analyses

Ensuring HIPAA Compliance in Healthcare

CISCO WIRELESS CONTROL SYSTEM (WCS)

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

How To Manage A Wireless Network With Avaya Wlan 9100 Series (Wlan) System (Wos)

Cisco Wireless Control System (WCS)

Integrating Wired IDS with Wi-Fi Using Open-Source IDS to Complement a Wireless IDS/IPS Deployment

Best Practices for Outdoor Wireless Security

Motorola RF Management Suite

Motorola Wireless Broadband. Point-to-Multipoint (PMP) Access Network Solutions

Observer Analyzer Provides In-Depth Management

Centralized WLAN Troubleshooting

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Avaya WLAN Orchestration System

All You Wanted to Know About WiFi Rogue Access Points

Cloud-based Wireless LAN for Enterprise, SMB, IT Service Providers and Carriers. Product Highlights. Relay2 Enterprise Access Point RA100 Datasheet

Designing, Securing and Monitoring a/b/g/n Wireless Networks

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

The All-in-One, Intelligent WLAN Controller

HANDBOOK 8 NETWORK SECURITY Version 1.0

Avaya WLAN Orchestration System

Wi-Fi, Health Care, and HIPAA

How To Unify Your Wireless Architecture Without Limiting Performance or Flexibility

Deploy WiFi Quickly and Easily

Wireless LAN Security: Securing Your Access Point

Link Layer and Network Layer Security for Wireless Networks

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

Ensuring HIPAA Compliance in Healthcare

Air Marshal. White Paper

ROGUE ACCESS POINT DETECTION: AUTOMATICALLY DETECT AND MANAGE WIRELESS THREATS TO YOUR NETWORK

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

OptiView XG Network Analysis Tablet - Wireless Version The tablet for WiFi network engineers and integrators

CWNA Instructor Led Course Outline

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

Security in Wireless Local Area Network

Testing a Wireless LAN

Wireless Network Standard and Guidelines

How To Set Up A Cisco Wap121 Wireless N Access Point With Single Point Setup

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Don t Let Wireless Detour Your PCI Compliance

Optimizing Wireless Networks.

Spectrum Analysis How-To Guide

The next generation of knowledge and expertise Wireless Security Basics

Networking: Certified Wireless Network Administrator Wi Fi Engineering CWNA

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

Top 10 Security Checklist for SOHO Wireless LANs

Legacy Security

Chapter 2 Wireless Settings and Security

A Division of Cisco Systems, Inc. GHz g. Wireless-G. Access Point with SRX. User Guide WIRELESS WAP54GX. Model No.

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Configuration Guide. How to Configure the AP Profile on the DWC Overview

Attenuation (amplitude of the wave loses strength thereby the signal power) Refraction Reflection Shadowing Scattering Diffraction

Firewall and UTM Solutions Guide

Key Features. Multiple Operation Modes ENH500 can operate into four different modes with Access Point, Client Bridge, Client Router and WDS Mode.

Chapter 3 Safeguarding Your Network

Wireless Security with Cyberoam

APC series overview. Copyright 2014 Deliberant LLC

Wireless g CF Card User Manual

Clean wireless. High-performance clean wireless solutions

PREVENTING WIRELESS LAN DENIAL OF SERVICE ATTACKS

Recommended Wireless Local Area Network Architecture

Motorola SMART Branch. Easy, cost-effective n wireless networking for branch offices

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Certified Wireless Security Professional (CWSP) Course Overview

CISCO SMB CLASS MOBILITY AND WIRELESS SOLUTIONS: THE RESPONSIVE WORKFORCE

Meraki Wireless Solution Comparison

Chapter 2 Wireless Networking Basics

Closing Wireless Loopholes for PCI Compliance and Security

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

Access Point Configuration

Transcription:

WHITE PAPER WEP Cloaking for Legacy TM Encryption Protection

Introduction Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area Networks (WLANs). Several known vulnerabilities and attack tools have compromised WEP, making it unsuitable for secure WLAN implementations without additional layers of security. Motorola s WEP Cloaking solution is designed to make WEP virtually invulnerable to known attacks and tools, making existing WEP deployments much stronger than they otherwise would be. Motorola s WEP Cloaking module leverages the Motorola Wireless Intrusion Prevention System (WIPS) using wireless monitoring sensors to protect handheld devices, in use at thousands of retailers world-wide, from passive and active attempts to crack WEP encryption keys. These wireless handheld devices, such as point of sale systems, barcode scanners and VoIP handsets commonly support only WEP encryption which can be easily broken with popular cracking tools. Motorola Wireless IPS in combination with the WEP Cloaking module provides enterprises peace of mind from security and compliance issues.

Motorola WEP Cloaking TM WEP Cloaking does not require any hardware or software modifications to the legacy WLAN infrastructure. It is designed to work seamlessly through the Motorola Wireless Intrusion Prevention System. The remote monitoring sensors analyze all the received packets locally, collect several statistics and events of interest, and use a bandwidth efficient secure TCP/IP communication link to aggregate information in a centralized server appliance. The Motorola Wireless IPS system provides: a centralized repository of all current and historical information management and troubleshooting policy definition wizards reporting and compliance modules WEP Cloaking is an add-on module to the Motorola Wireless IPS platform that uses the same WIPS sensors to constantly protect access points (AP s), laptops and handheld devices, by intelligently injecting chaff WEP frames designed to confuse WEP attack tools. By default, the sensor is a passive wireless monitoring device and does not transmit (provided AirLockdown is not active). Enabling the sensors for WEP cloaking will cause the sensors to actively transmit on the channels of the AP s it is protecting. WIPS sensors communicate with the server to coordinate cloaking operation. The server can be configured to instruct a group of sensors to cloak authorized devices in a given location. Sensors are designed to intelligently adjust their frequency scanning patterns to maximize cloaking effectiveness while performing regular Wireless IPS scanning on other channels. More than one sensor can cloak a single wireless device depending on spatial coverage. Once configured for cloaking, sensors intelligently analyze local traffic and insert carefully timed cloaking frames as shown in Figure 1. To attackers, who do not have the secret WEP key, these cloaking frames appear as legitimate WEP traffic between authorized devices. Authorized devices, configured with the production WEP key, automatically ignore the cloaking frames as their integrity test fails. Figure 1: WEP Cloaking with Motorola Sensors 3 WHITE PAPER: WEP Cloaking TM for Legacy Encryption Protection

An attacker sniffing traffic will not be able to distinguish between cloaking frames and legitimate frames, and therefore, cannot filter out the cloaked frames. When statistical WEP cracking tools are run on the captured data, they simply fail to decode the key. Figure 2 depicts a screenshot of aircrack-ng with WEP Cloaking enabled. Figure 2: Screen shot of WEP cracking failure with Aircrack-ng In the event of a wired network outage, if sensors lose connection with the centralized server, they will continue to cloak. In addition, WEP Cloaking is optimized to not disturb the wireless environment or impact Wireless LAN performance. The sensors use countermeasures, correlation through the server and mutual coordination over the air to maximize the effectiveness of cloaking with nominal wired and wireless bandwidth consumption. Sensor Deployment Motorola Wireless IPS uses remote sensors to collect data transmitted by 802.11a-, b-, and g compliant devices in the 2.4 GHz and/or 5 GHz spectrum. Every site is unique in terms of actual sensor coverage. This section merely describes sensor placement and respective coverage in a simplified way. Actual radio frequency (RF) signal propagation is a very complex issue due to environmental factors like the reflection and absorption properties of different building materials such as walls, furniture, elevator shafts, large moving objects, etc. Please refer to the WIPS User Guide for more detailed information on sensor deployment considerations such as: Building Structure - Many materials used in building construction may significantly impact the propagation of signals in the 2.4GHz or 5 GHz spectrum. Device Density and Location - You should consider the density and location of your wireless 802.11a, b, and g devices. Assets to be Protected - Wireless-capable devices that contain sensitive data must be protected. Power and Data cabling - Sensors are often placed in areas that take advantage of preexisting power and data cabling. 4 WHITE PAPER: WEP Cloaking TM for Legacy Encryption Protection

Application choice will significantly impact the sensor density and sensor placement. For example, rogue detection in a no wireless zone needs fewer sensors as even sporadic emanations from a wireless device, at the lowest data rate and longest range, can reveal the presence of a rogue. As the applications become more complex, they may require a representative sample of frames or meet certain minimum signal level thresholds, increasing the sensor density requirement. Using these factors in baseline decisions with regard to sensor placement, the following coverage area guidelines may be applied to establish an effective deployment: 802.11 b/g (2.4GHz) WEP Cloaking & Location Tracking Connection Termination Policy Enforcement Rogue Detection Indoor/Office 15,000 17,000 20,000 30,000 Warehouse, Distribution, Manufacturing 19,000 22,000 30,000 45,000 Outdoor, Hangar 25,000 30,000 40,000 60,000 802.11a(5 GHz) WEP Cloaking & Location Tracking Connection Termination Policy Enforcement Rogue Detection Indoor/Office 11,000 14,000 17,000 25,000 Warehouse, Distribution, Manufacturing 17,000 19,000 26,000 35,000 Outdoor, Hangar 19,000 24,000 30,000 45,000 Figure 3: Baseline sensor coverage numbers (in square feet) by application 5 WHITE PAPER: WEP Cloaking TM for Legacy Encryption Protection

WEP Cloaking will typically require a higher density of sensor deployment than most other applications. This puts WEP cloaking in the highest category sensor density deployments similar to Location Tracking. For effective WEP Cloaking, there are two other important considerations: 1. Spatial coverage - The sensors enabled with WEP Cloaking must at a minimum cover the same area as the authorized Access Points and Stations they are protecting. For this requirement, you should leverage any site surveys you conduct or have conducted for placement of Access Points as aids to sensor placement decisions. Another option is using a WLAN simulation tool such as LANPlanner. Figure 4 below shows a simulation of access point coverage based on the building s RF properties loaded into the system. For example, in a typical retail location most wireless point-of-sale devices will be in the front of the store near the check-out stations. Assuming the hacker would be outside of the building, sitting in the front parking lot, it would make sense to place at least 2 sensors in each of the corners in the front of the store. If there is public access from the back of the building, or the retail location is surrounded by parking areas, you may want to consider additional sensors in the back for complete protection. 2. Channel coverage - A single sensor should not be required to cloak more than 3 authorized access points at a time. For effective cloaking there must be sufficient chaff WEP frames to confuse the statistical WEP cracking tools. At the same time the sensors must perform regular Wireless IPS scanning on other channels. The sensors are designed to intelligently adjust their frequency scanning patterns. However, to maximize cloaking effectiveness and scan all other channels for possible intrusions, sensors should not be expected to cloak more than three authorized AP s, or more specifically 3 unique communication channels, at a time. Figure 4: WLAN AP coverage simulation with LANPlanner 6 WHITE PAPER: WEP Cloaking TM for Legacy Encryption Protection

Typically, it will take several sensors deployed at the perimeter of the building to adequately protect all wireless devices with WEP Cloaking. This also implies that, even in small stores, it may take more than one sensor for adequate WEP Cloaking protection; the higher the density of sensors you deploy, the better your legacy encryption devices will be protected. Any deployment should start with a site survey or RF simulation of the WLAN environment, followed by a mapping of sensor coverage to access point coverage of unique channels. WEP Cloaking Best Practices Although wireless security professionals have long recognized the need to use technologies stronger than WEP, organizations may require months or years before such a change can be fully implemented. There are millions of legacy WEP devices already deployed, such as wireless scanners, barcode readers, Wi-Fi phones, and embedded Wi-Fi clients. Many of these devices may not be firmware upgradeable to stronger encryption protocols. The Motorola WEP Cloaking solution extends the shelf-life of existing WLAN infrastructure deployments or protects companies that are in the process of upgrading to a stronger protocol during that transition. The only way for organizations to fortify their wireless networks is to use a layered approach to security. Following is a list of recommendations for securing a wireless network that must include WEP wireless devices: When choosing your WEP key, it is best to use a randomly chosen hexadecimal key. Analyze the power output of the APs to ensure that the AP is not transmitting any further than is necessary. Authorize only specific data rates: o Check the AP s allowed data rates to ensure that unnecessarily distant wireless associations, which would result in a low negotiated data rate, do not provide a wireless client access to the network through the AP. o If the AP is 802.11b/g and the stations which require WEP are 802.11b devices and not 802.11g, disable the AP from supporting data rates higher than 11 Mbps. Product Documentation Additional documentation for Motorola s Wireless IPS system can be found in: Online Help Resident in the Wireless IPS application Motorola User Guide Quick Start Guides These guides include WIPS installation and setup instructions for the WIPS Server, Sensors, and User access. Updated Quick Starts are shipped with your WIPS server software. Use Motorola WEP Cloaking to protect the wireless network using WEP Encryption. Enable policy-based termination on a Rogue Station and Replay Injection Attack alarms If the access points support PSPF (Public Secure Packet Forwarding) mode, also referred to as AP isolation, you must enable it. PSPF mode prevents wireless client to wireless client communication and will limit the effectiveness of typical replay attack. 7 WHITE PAPER: WEP Cloaking TM for Legacy Encryption Protection

motorola.com Part number WP-WEBCLOAK. Printed in USA 06/08. MOTOROLA and the Stylized M Logo and Symbol and the Symbol Logo are registered in the US Patent & Trademark Office. WEP Cloaking is a registered trademark of AirDefense. All other product or service names are the property of their respective owners. Motorola, Inc. 2008. All rights reserved. For system, product or services availability and specific information within your country, please contact your local Motorola office or Business Partner. Specifications are subject to change without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information