Guide to Wireless Network Security

Guide to Wireless Network Security

Guide to Wireless Network Security by John R. Vacca USA Springer

John R. Vacca Author and IT Consultant 34679 TR 382 Pomeroy, Ohio 45769 e-mail: jvacca@hti.net http://www.johnvacca.com/ Library of Congress Control Number: 2005939009 Guide to Wireless Network Security by John R. Vacca ISBN-13: 978-0-387-95425-7 ISBN-10: 0-387-95425-2 e-isbn-13: 978-0-387-29845-0 e-isbn-10: 0-387-29845-2 Printed on acid-free paper. 2006 Springer Science+Business Media, LLC All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if the are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed in the United States of America. 987654321 springer.com

Dedication This book is dedicated to Hunter,

Contents Dedication Preface Foreword Acknowledgments v xi xxi xv PART I: OVERVIEW OF WIRELESS NETWORK SECURITY TECHNOLOGY 1 Chapter 1: Wireless Network Security Fundamentals 3 Chapter 2: Types of Wireless Network Security Technology 57 Chapter 3: Standards 85 Chapter 4: Enhanced Security For Wireless Lans And Wans In The Enterprise: Hands On 115 Chapter 5: Handling Wireless Private Information 151 PART II: DESIGNING WIRELESS NETWORK SECURITY 161 Chapter 6: Wireless Network Security Design Issues 163

viii Contents Chapter 7: Cost Justification And Consideration 177 Chapter 8: Standards Design Issues 187 Chapter 9: Authenticating Architectural Design Issues 201 PART III: PLANNING FOR WIRELESS NETWORK SECURITY 213 Chapter 10: Implementation Plan Development 215 Chapter 11: Wireless Network Security Planning Techniques 253 PART IV: INSTALLDsJG AND DEPLOYING WIRELESS NETWORK SECURITY 261 Chapter 12: Testing Techniques 263 Chapter 13: Internetworking Wireless Security 271 Chapter 14: Installation And Deployment 285 Chapter 15: Securing Your Wireless E-Commerce Storefront 295 Chapter 16: Certification Of Wireless Network Security Performance 321 PART V: MAINTAINING WIRELESS NETWORK SECURITY 327 Chapter 17: Configuring Secure Access 329 Chapter 18: Management Of Wireless Network Security 335 Chapter 19: Ongoing Maintenance 345 Chapter 20: Standards Development 353 Chapter 21: Ensuring Site Security 359 PART VI: INFORMATION WARFARE COUNTERMEASURES: THE WIRELESS NETWORK SECURITY SOLUTION 369 Chapter 22: Defensive Wireless Network Security Strategies For Governments And Industry Groups 371

Contents ix Chapter 23: The Information Warfare Wireless Network Security Arsenal And Tactics Of The Military 409 Chapter 24: The Information Warfare Wireless Network Security Arsenal And Tactics Of Terrorists And Rogues 459 Chapter 25: The Information Warfare Wireless Network Security Arsenal And Tactics Of Private Enterprises 519 Chapter 26: The Information Warfare Wireless Network Security Arsenal Of The Future 557 Chapter 27: Wireless Network Security Surveillance Tools For Information Warfare Of The Future 601 Chapter 28: Civilian Casualties: The Victims And Refugees Of Information Warfare Wireless Network Security 639 PART VII: RESULTS AND FUTURE DIRECTIONS 681 Chapter 29: Providing Wireless Network Security Solutions For ISP Intranet, Internet And E-Commerce 683 Chapter 30: Enhancing Wireless Web Server Security 735 Chapter 31: Wireless Network Security Solutions For Consideration 745 Chapter 32: Summary, Conclusions, and Recommendations 763 PART VIII: APPENDICES 781 Appendix A: Ensuring Built-in Frequency Hopping Spread Spectrum Wireless Network Security 783 Appendix B: Configuring Wireless Internet Security Remote Access Points 785 Appendix C: Wireless Network Security Management, Resiliency And Security With CDMA 793 Appendix D: List Of Top Wireless Network Security Implementation And Deployment Enterprises 801 Appendix E: List Of Wireless Network Security Products 805

Preface 1. INTRODUCTION With the increasing deployment of wireless networks (802.11 architecture) in enterprise environments, IT enterprises are working to implement security mechanisms that are equivalent to those existing today for wire-based networks. An important aspect of this is the need to provide secure access to the network for valid users. Existing wired network jacks are located inside buildings already secured from unauthorized access through the use of keys, badge access, and so forth. A user must gain physical access to the building in order to plug a client computer into a network jack. In contrast, a wireless access point (AP) may be accessed from off the premises if the signal is detectable (for instance, from a parking lot adjacent to the building). Thus, wireless networks require secure access to the AP and the ability to isolate the AP from the internal private network prior to user authentication into the network domain. Furthermore, as enterprises strive to provide better availability of mission-critical wireless data, they also face the challenge of maintaining that data's security and integrity. While each connection with a client, a supplier or a enterprise partner can improve responsiveness and efficiency, it also increases the vulnerability of enterprise wireless data to attack. In such an environment, wireless network security is becoming more important every day. Also, with the growing reliance on e-commerce, wireless network-based services and the Internet, enterprises are faced with an ever-increasing responsibility to protect their systems from attack. Intrusion detection

xii Preface systems (IDSs) and intrusion prevention systems (IPSs)~used in conjunction with information warfare countermeasures-are the latest and most powerful tools for identifying and responding to network- and host-based intrusions. With that in mind, this book begins by discussing the basic access control methods that form the basis of the 802.11 architecture. These methods are best suited to small wireless networks with low-to-medium security requirements. The book then presents the more-robust virtual private network (VPN)-based security solution that provides better security and scales well to large networks. The book concludes with possible future solutions based on the 802. IX security standard, which enables port-level access control. 2. PURPOSE The purpose of this book is to show experienced (intermediate to advanced) wireless network security professionals how to install and maintain the security of mission-critical wireless data and systems. It also shows through extensive hands-on examples, how you can install and configure firewalls, evaluate, implement and manage wireless secure remote access technologies, and deploy a variety of intrusion detection systems and intrusion prevention systems in conjunction with information warfare countermeasures. 3. SCOPE Throughout the book, extensive hands-on examples will provide you with practical experience in installing, configuring and troubleshooting wireless network security applications and Internet and intranet Firewalls; Virtual Private Networks; intrusion prevention systems and intrusion detection systems. In addition to advanced wireless network security application technology considerations in commercial enterprises and governments, the book addresses, but is not limited to completing the following line items as part of installing wireless network security-based systems: Analyze network traffic and detect attacks using the latest tools and techniques. Authenticate remote users with passwords, security servers and digital certificates. Automate responses to detected intrusions. Be able to describe methods of advanced data modulation.

Preface xiii Be able to describe methods of detection, disruption (denial of service or jamming), and interception and understand appropriate countermeasures. Be able to describe the use of wireless security technologies such as frequency hopping, time hopping, direct-sequence spread spectrum, etc. Build a firewall to protect your wireless network. Create an effective response strategy (via information warfare) based on your organizational needs Deploy and manage an IDS and IPS. Deploy Internet and intranet firewalls: hands-on. Deploying intrusion detection systems and intrusion prevention systems: hands-on. Design, configure and deploy an IDS and IPS; and, analyze your current wireless network security risks. Design, install and configure virtual private networks (VPNs). Detect and respond to wireless network- and host-based intruder attacks. Detect attacker scans and probes. Evaluate, install, configure and manage secure virtual private networks (VPNs) for remote users, sites and business partners. Gain extensive hands-on experience installing and configuring a firewall. Gain extensive hands-on experience using an IDS and IPS to identify and respond to intruder attacks. Gain hands-on experience with a range of security tools and techniques for maintaining the integrity of your wireless network security operations. Gain the skills to respond to potential attacks before they become problematic by recognizing the scans and probes used by a potential intruder. Identify buffer overruns, fragmentation and other attacks. Identify methods hackers use to break into wireless network systems. Implement information privacy using standardized encryption techniques. Implement information warfare countermeasures. Implement publicly accessible servers without compromising wireless network security, provide access to HTTP and FTP services on the Internet, and implement a firewall-to-firewall virtual private network (VPN). Integrate intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) into your current network topology Install and configure proxy-based and stateful-filtering firewalls. Knowledge of how attackers break into wireless networks and how an IDS and IPS (used in conjunction with information warfare

xiv Preface countermeasures) can play a key role in detecting and responding to these events, Learn about a variety of technologies available, including software, hardware and firewall add-on products. Learn how to allow access to key services while maintaining your enterprise's security, as well as how to implement firewall-to-firewall virtual private networks (VPNs). Protect internal IP addresses with Network Address Translation (NAT) and deploy a secure DNS architecture. Select the best secure remote wireless access technologies for your organization. Understand basic electronic countermeasures and electronic countercountermeasures for wireless communications. Understand issues of network communications such as service, confidentiality, authentication, reliability, access control, and availability. Understand the functions of the layers in a wireless communication system. Understand the relationship between network layers, network services and functions. Understand the security problems with wireless transmissions. Using router logging to detect a DoS attack. This book will leave little doubt that a new architecture in the area of advanced wireless network security installation is about to be constructed. No question, it will benefit enterprises and governments, as well as their wireless network security professionals. 4. TARGET AUDIENCE This book is primarily targeted toward domestic and international network and systems administrators; IT administrators; IT managers; wireless network security specialists; computer and network security personnel; security professionals; and, consultants and IT/IS directors who plan to select, implement and maintain secure wireless access solutions for an enterprise. Basically, the book is targeted for all types of people and enterprises around the world that are involved in planning and implementing wireless network security and other wireless Internet systems.

Preface 5. ORGANIZATION OF THIS BOOK xv The book is organized into eight parts as well as an extensive glossary of security, wireless network and Internet networking terms and acronyms at the back. It provides a step-by-step approach to everything you need to know about wireless network security; as well as, information about many topics relevant to the planning, design, and implementation of intrusion detection systems and intrusion prevention systems; and, how to conduct information warfare. The following detailed organization speaks for itself. 5.1 Part I: Overview Of Wireless Network Security Technology Part One discusses wireless network security fundamentals; types of wireless network security technology; standards; enhanced wireless network security; and, handling wireless private information. Chapter 1, "Wireless Network Security Fundamentals," presents a classification of denial-of-service attacks according to the type of the target (firewall, Web server, router), a resource that the attack consumes (wireless network bandwidth, TCP/IP stack) and the exploited vulnerability (bug or overload). Chapter 2, *Types of Wireless Network Security Technology," presents some common types of wireless network security technologies to help guide your path. Chapter 3, "Standards," discusses the following wireless network security standards: WEP, IEEE 802.11b, IEEE 802.111, IEEE 802.1X, Bluetooth, SSL, WTLS, WPA and WPA2. Chapter 4, "Enhanced Security For Wireless Lans And Wans In The Enterprise: Hands On," helps managers get a grasp of basic WLAN and WWANs security issues. Chapter 5, "Handling Wireless Private Information," covers the pitfalls of wireless- LANs and WANs, with regards to the security risks to private information. 5.2 Part II: Designing Wireless Network Security The second part of this book discusses wireless network security- design issues; cost justification and consideration; standards design issues; and, authenticating architectural design issues. Chapter 6, "Wireless Network Security- Design Issues," covers enterprise critical systems security, by first illustrating the importance of and potential difficulties in protecting information that traverses networks; and, then

xvi Preface examining wireless network security as a holistic concept before focusing specifically on the IEEE 802. IX enterprise edge security standard. Chapter 7, "Cost Justification And Consideration," assesses the costs associated with the security risks and vulnerabilities to the wireless network. Chapter 8, ''Standards Design Issues," discusses particular aspects of wireless security architecture standards design issues in detail, that can be used for enterprise wireless networks standards design. Chapter 9, ''Authenticating Architectural Design Issues," presents the architecture and the underlying mechanism of the WMTIP. 5.3 Part III: Planning For Wireless Network Security Part Three covers the implementation plan development and wireless network security planning techniques. Chapter 10, "Implementation Plan Development," describes the overall security implementation plan development for wireless networks. Chapter 11, "Wireless Network Security Planning Techniques" briefly discusses wireless network security planning techniques by providing an overview of the security risks and technical challenges in this area, as well as summarizing key recommendations for secure wireless LANs and WWANs.. 5.4 Part IV: Installing And Deploying Wireless Network Security Part Four covers testing techniques; internetworking wireless security; installation and deployment; securing your wireless e-commerce storefront; and, certification of wireless network security performance. Chapter 12, "Testing Techniques," focuses more on a cracker attempting to penetrate your wireless network and hacking one of the servers held therein. Chapter 13, "Internetworking Wireless Security," focuses on the concept of performance enhancing proxies (PEPs), which were introduced in a working group of the Internet Engineering Task Force (DETF). Chapter 14, "Installation And Deployment," eases your concerns about the security of wireless networks installations and deployments, by increasing your knowledge on the subject. Chapter 15, "Securing Your Wireless E-Commerce Storefront," focuses on two "flavors" of wireless service, as provided by the WAP Forum and by NTT DoCoMo of Japan. Chapter 16, "Certification Of Wireless Network Security Performance," focuses on IEEE 802.11 networks, and how the Service Set Identifier (SSID)

Preface xvii is viewed by some security professionals as an unneeded advertisement of the wireless network to attackers. It also discusses how these professionals assert that all measures should be taken to hide the SSID. 5.5 Part V: Maintaining Wireless Network Security Part Five covers configuring secure access; management of wireless network security; ongoing maintenance, standards development and ensuring site security. Chapter 17, ''Configuring Secure Access," focuses on how to configure your wireless network security access. Chapter 18, "Management Of Wireless Network Security," focuses on the management of wireless network security. Chapter 19, "Ongoing Maintenance," discusses the ongoing maintenance of integrated wireless network analyzers; and, how they have several advantages over laptop computers and handheld, personal digital assistant (PDA)-style devices, as well as centralized systems. Chapter 20, "Standards Development," focuses on the development of wireless network security standards. Chapter 21, "Ensuring Site Security," focuses wireless network site security and integrity. 5.6 Part VI: Information Warfare Countermeasures: The Wireless Network Security Solution Part Six discusses wireless network security with regards to how to fight against macro threats-defensive strategies for governments and industry groups; the information warfare arsenal and tactics of the military; the information warfare arsenal and tactics of terrorists and rogues; the information warfare arsenal and tactics of private enterprises; the information warfare arsenal of the future; surveillance tools for information warfare of the future; and civilian causalities- the victims and refugees of information warfare. Chapter 22, ''Defensive Wireless Network Security Strategies For Governments And Industry Groups," is an in-depth examination of the implications of IW for the U.S. and allied infrastructures that depend on the unimpeded management of information that is also required in the fight against macro threats-defensive strategies for governments and industry groups. Chapter 23, 'The Information Warfare Wireless Network Security Arsenal And Tactics Of The Military," focuses on two goals. First, you need to find a way to protect yourself against catastrophic events. Second, you

xviii Preface need to build a firm foundation on which you can make steady progress by continually raising the cost of mounting an attack and mitigating the expected damage of the information warfare arsenal and tactics of the military. Chapter 24, "The Information Warfare Wireless Network Security Arsenal And Tactics Of Terrorists And Rogues," recommends a number of specific steps that could better prepare the U.S. military and private enterprises to confront "the new terrorism" and its information warfare arsenal and tactics. Chapter 25, "The Information Warfare Wireless Network Security Arsenal And Tactics Of Private Enterprises," deals with the IW tools and strategies of private enterprises and how they're used against the aggressors. It will also help to realistically guide the process of moving forward in dealing with the information warfare arsenal and tactics of private enterprises. Chapter 26, "The Information Warfare Wireless Network Security Arsenal Of The Future," discusses how the increasing dependence on sophisticated information systems brings with it an increased vulnerability to hostile elements, terrorists among them, in dealing with the information warfare arsenal of the future. Chapter 27, "Wireless Network Security Surveillance Tools For Information Warfare Of The Future," discusses the basic concepts and principles that must be understood and that can help guide the process of moving forward in dealing with the surveillance tools for the information warfare of the future. Chapter 28, "Civilian Casualties: The Victims And Refugees Of Information Warfare Wireless Network Security," considers the application of civilian information operations (CIOs) to the conventional warfare environment. Although the array of CIO tools and techniques has been presented as discrete elements in a schematic diagram, the CIO environment is complex, multidimensional, interactive, and still developing. 5.7 Part VII: Results and Future Directions Finally, Part Seven discusses how to provide wireless ISP intranet, Internet and e-commerce solutions; enhance wireless web server security; wireless network security solutions for consideration and finally the summary, conclusions and recommendations. Chapter 29, "Providing Wireless Network Security Solutions For ISP Intranet, Internet And E-Commerce," outlines the new security concerns for an enterprise to deploy Intranets and extranets.

Preface xix Chapter 30, ^'Enhancing Wireless Web Server Security," discusses what you can do to protect your wireless Web server from wireless network security risks. Chapter 31, "Wireless Network Security Solutions For Consideration," This chapter describes the various security challenges and solutions for consideration of Wi-Fi wireless LANs; attempts the industry has made to address those challenges; shortcomings of those initial attempts; and, the best possible practices, for enterprises and residential users who want to take advantage of the real benefits of WLANs., Chapter 32, "Summary, Conclusions, and Recommendations," addresses at a summary level, the most significant security risks in the wireless computing environment. The chapter also introduces in a centralized fashion, the scope of the problem and the most significant talking points on the issue of wireless security and to summarize, conclude and recommend where the industry is in addressing these problems and where it is going. Finally, this chapter presents WPA, then end to end encryption, and finally the services appropriate for larger enterprises. 5,8 Part VIII: Appendices Eight appendices provide additional resources that are available for computer forensics. Appendix A shows how to ensure built-in frequency hopping spread spectrum wireless network security. Appendix B shows how to configure wireless Internet security remote access. Appendix C covers wireless network security management, resiliency and security. Appendix D contains a list of top wireless network security implementation and deployment enterprises. Appendix E contains a list of wireless network security products. Appendix F contains a list of wireless network security standards. Appendix G contains a list of miscellaneous wireless network security resources. The book ends with Appendix H~a glossary of wireless network security and information-warfare-related terms and acronyms. 6. CONVENTIONS This book uses several conventions to help you find your way around, and to help you find important sidebars, facts, tips, notes, cautions, and warnings. They alert you to critical information and warn you about problems. John R. Vacca Author and IT Consultant, e-mail: jvacca@hti.net visit us at http://www.johnvacca.com/

Foreword The use of wireless networks is increasingly popular among personal, academic, business, and government users. Everyone wants to be connected and everyone wants to be connected with out the need for a physical cable plugged into his or her technology. Mobility is a real requirement for business in the 2V^ century. Wireless networks offer a wide range of benefits to government federal agencies, private sector business and individual citizens. These include increased flexibility and ease of network installation. However, without security electronic communications hold little value of in competitive arena of business management and operations. Wireless networks present significant security challenges, including protecting against attacks to wireless networks, establishing physical control over wirelessenabled devices, and preventing unauthorized deployments of wireless networks. Security professionals, application developers, along with IT and network staff in all types of organizations will eventually need to address wireless network security issues. To secure wireless devices and networks and protect information and systems, it is crucial for user organizations to implement controls such as developing wireless security policies, configuring their security tools to meet policy requirements, monitoring their wireless networks, and training their staffs in wireless security. Ease of installation is often cited as a key attribute of wireless networks. Generally, deployments of wireless networks do not require the complicated undertakings that are associated with wired networks. The ability to connect the network without having to add or pull wires through walls or ceilings or modify the physical network infrastructure can greatly expedite the installation process. As a result, a wireless network can offer a cost-effective alternative to a wired network. In addition to their increased ease of

xxii Foreword installation, wireless networks can be easily scaled from small peer-to-peer networks to very large enterprise networks that enable roaming over a broad area. This book provides an extensive analysis of wireless network security practices, procedures, and technologies. Design issues and architectures are also expertly covered. But this book goes beyond theory and analysis to explain numerous implementation issues. This book is written for people that need to cut through the confusion about wireless network security and get down to adoption and deployment. The book starts with the basic concepts and takes readers through all of the necessary learning steps to enable them to effectively secure wireless networks. Michael Erbschloe Security Consultant and Author St. Louis, Missouri

Acknowledgements There are many people whose efforts on this book have contributed to its successful completion. I owe each a debt of gratitude and want to take this opportunity to offer my sincere thanks. A very special thanks to my Springer Publishing Editor/CS, Susan Lagerstrom-Fife, without whose initial interest and support would not have made this book possible; and, for her guidance and encouragement over and above the business of being a Publishing Editor. And, thanks to Editorial Assistant, Sharon Palleschi of Springer, whose many talents and skills are essential to a finished book. Many thanks also to Deborah Doherty of Springer Author Support, whose efforts on this book have been greatly appreciated. Finally, a special thanks to Michael Erbschloe who wrote the foreword for this book. Thanks to my wife, Bee Vacca, for her love, her help, and her understanding of my long work hours. Finally, I wish to thank all the organizations and individuals who granted me permission to use the research material and information necessary for the completion of this book.