WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

Similar documents
Wireless security. Any station within range of the RF receives data Two security mechanism

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WIRELESS SECURITY IN (WI-FI ) NETWORKS

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

The following chart provides the breakdown of exam as to the weight of each section of the exam.

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Certified Wireless Security Professional (CWSP) Course Overview

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

WIRELESS NETWORK SECURITY

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

The Importance of Wireless Security

Particularities of security design for wireless networks in small and medium business (SMB)

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

Security in IEEE WLANs

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Network Access Security. Lesson 10

The next generation of knowledge and expertise Wireless Security Basics

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Authentication in WLAN

Chapter 2 Wireless Networking Basics

Extensible Authentication Protocol (EAP) Security Issues

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

Wireless Networks. Welcome to Wireless

Distributed Systems Security

Wireless Technology Seminar

CS 356 Lecture 29 Wireless Security. Spring 2013

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Optimizing Converged Cisco Networks (ONT)

Recommended Wireless Local Area Network Architecture

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Lecture 3. WPA and i

WIRELESS NETWORKING SECURITY

Developing Network Security Strategies

Wireless LAN Access Control and Authentication

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Security Awareness. Wireless Network Security

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

chap18.wireless Network Security

Huawei WLAN Authentication and Encryption

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Configuring Security Solutions

7.1. Remote Access Connection

Lecture 2 Secure Wireless LAN

Application Note: Onsight Device VPN Configuration V1.1

vwlan External RADIUS 802.1x Authentication

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Chapter 6 CDMA/802.11i

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Link Layer and Network Layer Security for Wireless Networks

How To Secure Wireless Networks

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

IEEE Wireless LAN Security Overview

Network Access Control and Cloud Security

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

Cisco SAFE: Wireless LAN Security in Depth

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Secure SCADA Network Technology and Methods

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Chapter 10 Security Protocols of the Data Link Layer

Implementing Security for Wireless Networks

m-trilogix White Paper on Security in Wireless Networks

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Chapter 1 Network Security

Authentication and Security in IP based Multi Hop Networks

Network security, TKK, Nov

Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones

Cisco Which VPN Solution is Right for You?

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

CS549: Cryptography and Network Security

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

1.1 Demonstrate how to recognize, perform, and prevent the following types of attacks, and discuss their impact on the organization:

Wireless Security for Mobile Computers

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

Network Access Control and Cloud Security

Unified Services Routers

WLAN and IEEE Security

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Computer Networks. Secure Systems

Apple AirPort Networks

CISCO WIRELESS SECURITY SUITE

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

ClickShare Network Integration

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Transcription:

WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking Passing by in cars, pedestrians Attack software available on Internet to assist Access to an insecure WLAN network is potentially much easier than to a fixed network Without authentication and encryption, WLANs are extremely vulnerable IDS must be monitored as with a fixed network Anybody with shareware tools, WLAN card, antenna and GPS is capable of war driving 4 Wireless LAN - Good Security Principles 5 WLAN - Good Security Principles Problems with bad WLAN architecture Located behind firewall in trusted network No authentication Best to locate on DMZ with authentication Must consider security options: Infrastructure design to enhance security? Open access or MAC restricted? Implement WEP or not? Problem with rogue WLAN Can give access to trusted network as connection/installation as easy as connecting to 6 a hub and without knowledge of administrator 1

WLAN - Good Security Principles Wireless LAN - out of the box Enable WEP (in spite of some issues) Change default/identifiable SSID (Service Set Identifier) as network name not encrypted Use products with dynamic key generation or security architectures which do the same Do not use MAC address Authentication - tools are readily available to sniff a MAC address 7 WLAN - Good Security Principles Use MAC filters - particularly for lost or stolen cards, VPNs and encryption tunnels to control access Lock down access point management interfaces and use anti-virus and firewall systems Implement Layer 3 (or higher) functions: IEEE 802.1x which supports EAP (Extensible Authentication Protocol) AAA (Authentication, Authourisation and Accounting) WEP dynamic session keys Directory Enabled Authentication 8 PBNM (Policy Based Network Management) WLAN - Good Security Principles WEP (basic) Enable WEP to make attacks difficult Choose WEP key not in dictionaries Association Block association by MAC Address Restrict DHCP to selected MAC address clients Firewall filters On a need to know basis Isolate to specific segment 9 Example of War Driving in Hong Kong* Background: Dates: 7 July, 2002 and 5 Oct, 2003 Equipment: Notebook + Avaya Gold Wireless LAN card + Windows XP + NetStumbler Notebook + Avaya Gold Wireless LAN card + Antenna + Windows 2000 + NetStumbler *Ref: www.pisa.org/projects/wlan2003/wd2003.htm War Driving Comparison - (July, 2002 and 5 Oct, 2003) War Driving in Hong Kong Route: Admiralty MTR Stations -> Pacific Place -> Tram (Admiralty to Kennedy Town) -> Tram (Kennedy Town to Causeway Bay) 11 2

War Driving in Hong Kong Results Number of Discovered Access Point with antenna: 187 (2002), up to 784 (2003) Number of Discovered Access Point without antenna: 52 (subset of above) War Driving in Hong Kong Result WEP Usage: WEP Enable: 43 WEP Disable: 144 (2002) WEP Usage: WEP Enable: 142 WEP Disable: 474 (2003) 30% (2003) 70% (2003) War Driving in Hong Kong Results (2002 and 2003) SSID Usage: Default SSID: 77 Use Non Default SSID: 87 Unknown: 5 Other: 18 War Driving in Hong Kong Result Channel ID Setting Behaviour and Distribution: 43% (2003) Other means well known SSID, ie PCCW & i-cable Some of the Default SSID list is referenced from http://wlana.net/acc_point.h tm Most common channels still 1, 6 and 11 (2003) Final Comments on the Hong Kong Experiment... The Hong Kong study demonstrated than there has been little improvement in the use of WEP and non-default SSID The range reached in these experiments was 10 km!! (Sau Mou Ping - Victoria Peak) In another test direct drive from Melbourne airport to the city (September 2003) revealed 19 unprotected Wireless LAN networks Test in San Francisco revealed 140 WLANs from a central city point No WEP WLAN - Security Options WEP Shared Key IEEE802.1x with EAP - SRP, MD5 PEAP, EAP-TLS, TTLS, LEAP (CISCO) WPA (Wi-Fi Protected Access) using TKIP & MIC RADIUS Authentication Kerberos Authourisation 802.11 Security Level VPN using IPSec WPA2/AES (Future) 18 3

WEP Security Features WEP (Wired Equivalent Privacy) RC4 encryption Uses 40 or 104 bit shared key + 24 bit IV Encrypts payload while frame is in the air Wireless LAN Encrypted by WEP Wired LAN Not encrypted by WEP Traffic flow 19 20 WEP Security Features WEP Encryption / Decryption WEP (Wired Equivalent Privacy) WEP has two main design goals: Protection from eavesdropping Prevent unauthourised access IEEE 802.11 defines mechanism for encrypting frames using WEP as follows... Combine /add Exclusive-OR 21 22 WEP Encryption / Decryption WEP Encryption Plaintext Message CRC X-OR Keystream = RC4(iv,k) Combine /add Exclusive-OR 23 iv Ciphertext Transmitted Data k = key iv = Initialisation Vector RC4 = Rivest Cipher 4 Stream Cipher 24 4

WEP Decryption WEP Security Features X-OR iv k = key iv = Initialisation Vector Ciphertext Transmitted Data Keystream = RC4(iv,k) Plaintext Message CRC Protocol for encryption and authentication Operation based upon RC4 symmetric cipher with shared symmetric key 40-bit key with a 24-bit IV (Initialisation Vector) 104-bit keys (+24-bit IV) also possible Integrity check using CRC-32 IV used to avoid encrypting two plaintexts with same key by augmenting shared RC4 key and thus produce different RC4 key for each packet RC4 = Rivest Cipher 4 Stream Cipher 25 26 WEP Security Features WEP was never intended to be complete end-to-end solution Business policy will dictate if additional security mechanisms required such as: access control, end-to-end encryption, password protection, authentication, VPNs, firewalls, etc WECA believe many reported attacks are difficult to carry out IEEE 802.11 working on extensions to WEP 27 (IEEE 802.11i) WEP Symmetric Key Operation Secret Message over Wireless LAN Symmetric Key Symmetric Key Secret Message over Wireless LAN The same symmetric (RC4) key is used to encrypt and decrypt the data WEP Integrity Check Using CRC-32 Message Message CRC-32 Polynomial Match CRC-32 WEP Security Weaknesses Number of flaws discovered in WEP: Passive attacks to decrypt traffic using statistical analysis Active attacks - inject new traffic from unauthourised stations based upon known plaintext Active attacks to decrypt traffic based upon tricking the AP (Access Point) Dictionary-building attacks. After analysis of about a days traffic, realtime automated decryption of all traffic is possible Integrity check used to ensure packets not modified during transit Need for user/node Authentication (EAP/802.1x) 30 5

WEP Security Weaknesses These attacks possible with inexpensive off-the-shelf equipment (opinion) These attacks apply to both 40-bit and 104- bit versions of WEP These also apply to any version of the IEEE 802.11 standards (802.11b in particular) that use WEP IEEE 802.11i recommend replacement of WEP by WPA and ultimately AES 31 WEP Security Weaknesses Both IC (Integrity Check) & IV (Initialisation Vector) implementations have weaknesses: IC using CRC-32 designed for detecting line errors, not as security mechanism, therefore has vulnerabilities (not a digital signature) Use of a 24-bit IV guarantees reuse within 5 hours or less (operating with 1500 byte packets at 11 Mbps). Hence attacker has multiple ciphertexts encrypted with same 32 key. WEP Security Weaknesses WEP standard does not discuss how shared keys are established Most installations use single key shared between all mobile stations & access points More sophisticated key management disciplines (PKI + IKE) can be used to improve attack defence. Few commercial systems implement such systems yet 33 Enhancements to WEP Ongoing development: WEP being enhanced (WPA, TKIP, AES) Increases size of IV space to 48 or 128 bits Key may be changed periodically via IEEE 802.1x re-authentication to avoid staleness Message Integrity Check (MIC) adds key to layer 2 WEP payload to prevent common attacks Re-authentication option for reassociate Protection against common attacks Kerberos for authentication within IEEE 802.1x Although security is improving, additional solutions may be required (policy) 34 IEEE 802.1x and EAP (Extensible Authentication Protocol) IEEE802.1x Model Implementation 35 36 6

IEEE802.1x Model Implementation 802.1X (EAPoL) 802.11b/g EAP-TLS EAP Out of scope of 802.11 standard Wireless Client Access Point Authentication Server RADIUS 802.3 37 IEEE 802.1x Authentication Synopsis: Defines generic framework for port-based MAC authentication (not user) and key distribution Authenticates before giving access to network IEEE 802.1x provides carrier for secure delivery of session keys between supplicant and authenticator Requires central RADIUS server running EAP EAP acts an authenticator (eg Ethernet switch or wireless AP) and authenticates a supplicant 38 (Ethernet or Wireless NIC) by consulting an authentication server such as RADIUS or Kerberos IEEE 802.1x Authentication Synopsis contd: IEEE 802.1x - implemented with different EAP types 1. EAP-MD5 for Ethernet LANs (= Wireless CHAP) 2. EAP-TLS for IEEE 802.11b WLANs but supplicant and authenticator must be able to handle digital certificates - hence PKI/CA infrastructure may be required 3. EAP-SRP (Secure Remote Password) authentication 4. CISCO - LEAP, FAST 5. Microsoft - PEAP 39 WLAN Security with 802.1X/EAP Supplicant (Client) or Encryption / Authentication Encryption / Authentication Access Point / Authenticator EAP Authentication (MD5, Wireless CHAP, TLS, LEAP, etc) 802.1X / EAPoL RADIUS RADIUS Authentication Server 40 WLAN Security with 802.1X/EAP 7. Negotiation [EAPoL] 6. Forwards challenge + EAP Type [EAPoL] 3. Client Identity IEEE 802.1x [EAPoL] 2. Request Identity IEEE 802.1x [EAPoL] 1. Request Connection IEEE 802.1x [EAPoL] 10. Secure Connection Established 9. RADIUS Server Accepts [RADIUS] 8. Response Forwarded [RADIUS] 5. Challenge + EAP Type [RADIUS] 4. Access Request [RADIUS] WLAN Security with 802.1X/EAP EAP carries authentication dialogue: client (supplicant) AAA server (authenticator) EAPOL (EAP Over LAN) - encapsulation technique for EAP packets in WLAN using IEEE 802.1x EAP/RADIUS carries EAP over fixed network AAA authourises session on behalf of AP Includes WEP keys from AP WEP keys from client created during/after EAP dialogue IEEE 802.11b Ethernet Access 41 42 Client Point Server 7

WLAN Security with EAP 43 WLAN Security with EAP Extensible Authentication Protocol checklist: Does it provide for secure exchange of user information during authentication? Does it permit mutual authentication of the client and network thus preventing intrusion? Does it require dynamic encryption keys for user and session? Does it support generation of new keys at set intervals? Is it easy to implement and manage, eg EAP- TLS requires client-side certificates? 44 EAP (Extensible Authentication Protocol) RFC 2284 Many basic protocols such as PAP, CHAP and WEP offer very limited security EAP over IEEE802.1x provides extensions to allow arbitrary authentication mechanisms to validate connection (eg PPP, IEEE 802.11b, etc) EAP can link to 3rd party plug-in authentication modules: EAP (Extensible Authentication Protocol) RFC 2284 contd... EAP is available with Windows 2000 & XP Common EAP authentication types include: 1. EAP-SRP (Secure Remote Password) offers a cryptographically strong user authentication mechanism suitable for negotiating secure connections and performing secure key exchange using a user-supplied password 2. MD5 (Message Digest 5) - Wireless CHAP. Also released as PEAP - encrypts EAP Token cards, PKI, vendor specific options 45 46 transaction in tunnel (Windows XP) EAP (Extensible Authentication Protocol) RFC 2284 contd... 3. LEAP (Lightweight EAP) and FAST (Flexible Authentication and Secure Tunneling) CISCO vendor-specific authentication provides mutual authentication and dynamic WEP key generation 4. EAP-TLS (Transport Layer Security) offers full authentication consistent with PKI public/private keys, PKI and digital certificates. RFC 2716 PPP EAP TLS Authentication Protocol 5. TTLS (Tunnelled Transport Layer Security) - Some Authentication Options WEP Authenticates node (via MAC address only) EAP-MD5 / PEAP / LEAP (Wireless CHAP) Authenticates user (via encrypted password using challenge/response and key management) EAP-TLS Authenticates node and user (via digital certificates) 47 48 requires server, but not client certificate 8

EAP-TLS Authentication EAP-TLS Exchange 49 EAP-TLS Exchange Source: 50 www.cisco.com Security Infrastructure and Options Network Security Layer 3 C Layer 2 B Gatew ay Firew all Application Serv er PEAP Exchange Source: www.cisco.com 51 Internet A Wireles Sw itch Client s Router Access Gatew a Point y A Firew all Client Gatew ay Authentication D Firew all & Transport IEEE 802.1x AAA Local AAA MS-CHAP/V2 EAP-MD5 (Wireless CHAP) B PEAP Wireless EAP-TLS (Win XP) Network Security C WEP L2/L3 End to End Kerberos WPA/WPA2 Network Security Vendor Proprietary, eg VPN SSID EAP-TTLS PPTP MAC filter Cisco LEAP/FAST L2TP TKIP/MIC Other IPSec AES Source: Bell (Modified) AAA Remote AAA D SQL D SS7 Server Authentication RADIUS Kerberos Windows Active Directory LDAP Unix 52 SS7/HLR DB HLR VLR 53 Source: M eetinghouse 54 9

Typical VPN Implementation VPN Architecture in WLANs 55 56 WLAN VPN Structure Application SSL/TLS Secure Protocols for Wireless LAN VPN Encryption Application SSL/TLS Transport (TCP, UDP) Router Transport (TCP, UDP) Network (IP) (VPN) Network (IP) IPSec Tunnels Network (IP) Network (IP) (VPN) Firewalls and tunnels configured using: IPSec, IKE, TLS, Digital Certificates 57 802.11b Link WEP 802.1b Physical 802.11b Link WEP 802.1b Physical Ethernet Link Ethernet Physical Ethernet Link Ethernet Physical Authentication Principles AAA (Authentication, Authourisation, Accounting) 59 AAA - Authentication, Authourisation, Accounting RADIUS - Remote Authentication Dial-in User Service RADIUS - originally developed to manage dialin access to Internet. Now being used to manage access control for other systems including Wireless LANs ( Diameter) Mobile users require access to resources over both fixed and mobile networks (must be transparent to user) 60 10

Authentication Principles Access control authourises who is allowed to enter network and which services can/cannot be accessed Managing a single database of users that contains authentication (user name and credentials), as well as access policy and provisioning information, is an effective way to achieve authentication AAA - Authentication Principles Authentication Validating a User s Identity Authentication protocols operate between user and AAA server: PAP, CHAP, RADIUS, DIAMETER, IEEE 802.1x, EAP Network Access Server (NAS) acts as relay device 61 62 AAA - Authourisation Principles AAA - Accounting Principles Authourisation What is user allowed to do? Controls access to network services & applications Access policy can be applied on a per user, group, global, or location basis Attributes from an access request can be checked for existence or for specific values Other attributes, eg time-of-day or number of active sessions with same username can also be checked Outcome of policy decisions can be sent back to 63 access device as Access Reply attributes Accounting Collecting Usage Data Data for each session is collected by access device and transmitted to AAA server Usage data may include: User Identities Session Duration Number of Packets, and Number of Bytes Transmitted Accounting data may be used for: Billing Capacity Planning Trend Analysis Security Analysis Auditing 64 AAA Server Architecture AAA can offer Distributed Security Billing & Invoicing Services RADIUS Protocol Services User Developed Plug-in Central AAA Server Policy-Based Management Services User Directory Services Analysing and Reporting Services 65 Distributed Client/Service Model Network Access Servers (NAS) authenticate user through single, central authentication server Network Access Servers are clients of Authentication Server AAA clients are authenticated through a list of trusted servers Authentication Server stores all information about users, their passwords and access privileges Authentication Server can be accessed locally or 66 remotely over WAN connections 11

AAA can offer Distributed Security 67 Benefits of Distributed Security Security A central database is more secure than distributing user information over different devices in the LAN/WLAN Scalability A central authentication server allows for growth in number of access servers or clients without major change to the security configuration Centralised Management A flexible way to configure users and customise 68 service Improvements in Wireless Security New Developments Beyond WEP - WPA, 802.11i, WPA2, AES, RSN 69 70 Recent Enhancements to WEP Temporary Key Integrity Protocol (TKIP) incorporated in intermediate standard (WPA) (2003) and in WPA2 (late 2004) 128 bit encryption key + 40 bit Client MAC 48 or 128 bit initialisation vector (IV) Backward compatibility with WEP Still uses RC4 Temporary Key changed every 10,000 packets 71 Recent Developments - TKIP TKIP provides mechanism for WEP key hashing between client and access point, removing predictability of IV Message Integrity Check (MIC) adds key to layer 2 WEP payload to prevent bit-flip or man-in-the-middle attacks Wi-Fi Protected Access (WPA) combines TKIP and MIC (2003) and can be implemented with firmware upgrade only 72 12

WPA (WiFi Protected Access) WPA (WiFi Protected Access) WPA (2003) was temporary fix pending release of WPA2 (IEEE 802.11i) late 2004 Provides for dynamic key distribution and can be used across multiple vendor s equipment Good for legacy systems because firmware upgrade only required Step en route to IEEE 802.11i which has AES rather that RC4 encryption However AES will require more powerful 73 processors (= H/W upgrade) Includes TKIP and 802.1x mechanisms dynamic key encryption + mutual authentication AP can periodically generate unique key for clients TKIP mechanism introduces: extended 48 or 128-bit IVs per packet key construction key derivation functions message integrity codes links to RADIUS Authentication servers using 802.1x with EAP 74 WiFi Networking News: www.wifinetnews.com Advanced Encryption Standard (AES) Since TKIP is designed to enhance WEP temporarily, a stronger encryption method - AES will replace the RC4 cipher AES is a block cipher, which makes prediction of the location of specific data within the encrypted stream more difficult Can be used to avoid the integrity check Recent Developments - RSN RSN (Robust Security Network) in process of being standardised (part of 802.11i). Includes: AES (128 bit) encryption AES is operated in CCMP mode (Counter mode with CBC-MAC Protocol) (encryption) CCM or CBC-MAC used to compute MIC (Message Integrity Check) value to protect data integrity (authentication). Replaces old CRC-32 checksum used with WEP vulnerabilities 75 76 Key management using EAP IEEE 802.11i & WPA Comparison 802.11i WPA 802.1X Basic Service Set (BSS or infrastructure) Independent BSS (IBSS or ad-hoc) No Pre-authentication (moving between APs) No Key Hierarchy Key Management Cipher & Authentication Negotiation TKIP AES-CCMP No 77 Cipher Key Size Key Life Packet Key Data Integrity Header Integrity Key Management WEP, WPA and WPA2 RC4 None None WEP 40 bits 24-bit IV Concatenated CRC-32 RC4 48/128-bit IV Mixing Function MIC MIC EAP-based WPA 128 bits encryption 64 bits authentication WPA2 (802.11i) AES 128 bits 48/128-bit IV Not Needed CCM CCM EAP-based 78 13

Conclusions - Good Security Principles Recommendation (1) Wireless LAN related Configuration Enable WEP Drop non-encrypted packets Disable SSID (network name) broadcast Change SSID to something unrelated to network No SNMP access Choose complex admin password Enable firewall functionality Use MAC (hardware) address to restrict access Use MAC filtering to protect against primitive attackers Non-default Access Point password Change default Access Point Name Use 802.1x Conclusions - Good Security Principles Recommendation (2) Deployment Consideration Separate and closed network Treat Wireless LAN as external network VPN and use strong encryption No DHCP (use fixed private IP) Conclusions - Good Security Principles Recommendation (3) Always (wired or wireless) Install virus protection software plus automatic frequent pattern file update Shared folders must impose password Conclusion contd. Match new standards to four main components of a secure network: Mutual authentication EAP-based Cryptographic integrity protection MIC CCM Block cipher payload encryption AES Management Issue Carefully select physical location of AP, not near windows or front doors Prohibit installation of AP without authorisation Discover any new APs constantly (NetStumbler is free, Antenna is cheap) Power off ADSL Modem when Internet access is not Firewalls between wireless / wired required 82 components 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information