Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures (IEEE 802.11 Wireless Networks) James Burrell Research project submission for the partial fulfillment of the requirements for the degree of Master of Science in Telecommunications Advisor Dr. Jeremy Allnutt Director, M.S. Telecom Program George Mason University School of Information Technology & Engineering December 2002
Introduction To WLAN Technology
Introduction Wireless networking technologies offers many advantages over traditional wired (or physical) network connectivity, to include:!mobility support!rapid deployment of network resources!flexible implementation!scalability
Basic WLAN Components Wireless Network Interface Card (PCMCIA) Wireless Access Point
WLAN Spectrum Allocation
WLAN Spectrum Allocation ISM FREQUNCY BANDS Frequency (Lower Limit) Frequency (Upper Limit) Total Bandwidth 902 MHz 928 MHz 26 MHz 2.4 GHz 2.4835 GHz 83.5 MHz 5.725 GHz 5.850 GHz 125 MHz Industrial, Scientific, and Medical (ISM) Frequency Allocations (Source: Bruce)
WLAN Standards
WLAN Standards 802.11b HomeRF IrDA 802.11a 802.11g Bluetooth Max Speed 11Mbps 10Mbps 4Mbps 54Mbps 54Mbps 1 Mbps Frequency 2.4GHz 2.4 GHz Light waves 5GHz 2.4GHz 2.4 GHz Indoor Range 150-300 feet 150 feet 1 meter 150-300 feet 150-300 feet 30 feet Applicatio n WLAN WLAN Device Beaming WLAN WLAN Personal Area Network Wireless Networking Standards and Specifications (Source: Anderson)
WLAN Transmission Technologies
WLAN Transmission Technologies Spread Spectrum Narrowbeam Microwave Infrared
Comparison of WLAN Transmission Technologies Transmission Technology Range Limitation Signal Interception Susceptibility Susceptibility To Interference / Jamming Low High Low High Low High Spread Spectrum **** **** **** Narrowband Microwave **** ******************** ******************** Infrared ****************** * **** ********************
WLAN Network Topologies
WLAN Topologies Laptop PDA Wireless Segment Ethernet Segment Peer-to-Peer (Ad hoc) Topology Hybrid Topology Laptop PDA Wireless Bridge Wireless Bridge Infrastructure Topology Point-to-Point Topology
IEEE 802.11 Hybrid WLAN Topology Physical Network Segment LAN Switch Internet Router Network Firewall Laptop PDA Wireless Access Point Wireless Network Segment
WLAN Applications
WLAN Applications WLAN Topology Application Peer-to-Peer Ad hoc networking between mobile devices Hybrid (Wireless/Wired) Network extension for wired LAN infrastructure WLAN Client location flexibility and mobility Point-to-Point Wireless connectivity between buildings or facilities
WLAN Applications Organization Application Advantage Educational Institutions Classroom and student connectivity!relocation of devices to different locations in classrooms Health Care / Hospitals Patient monitoring and access to patient medical information!mobility Inventory Control Manufacturing Conference Centers Connectivity for portable inventory devices with central storage facility Network connectivity for machinery in open locations and hazardous environments Provide connectivity to attendees with enabled devices!real-time reporting!relocation of devices to different locations!hazardous environments!rapid deployment Education Shared computer resources among student classrooms and laboratories!mobility
WLAN Applications Tactical/Military Multimedia Resources Rapid establishment of network with mobility support in hazardous environments Provide wireless access to multimedia resources!mobility Rapid network deployment!shared Resources Small Office/Home Office (SOHO) Residential Rapid establishment of low cost network infrastructure Rapid establishment of low cost network infrastructure Low cost networking solution!low cost networking solution
WLAN Security Risks
WLAN Security Risks Network Detection RF Signal Limiting Interference and RF Disruption Unauthorized Network Access Denial of Service Insider Threat Compromised Devices Illicit Access Point Deployment Data Interception
WLAN Security Risks Security Vulnerability Relative Security Risk Level Low High Security Countermeasures Detecting WLANs RF Signal Propagation ******************** ******************** Deactivate access point beacon and advertisement transmission Minimize access point transmission level Interference and RF Disruption ******* Unauthorized Access ************************** Conduct RF environment analysis Strategic location of access point deployments Use strong authentication
WLAN Security Risks Data Interception **************************!Use encryption Denial of Service *************!Implement measures to secure against unauthorized access Insider Threat *********************!Background investigations!require change of encryption key upon employee termination/dismissal Compromised Devices *********************!Security awareness!reporting requirement for lost or stolen devices!require change of encryption key if compromise is suspected Illicit Access Point Deployment *********************!Limit physical access to wired network infrastructure!conduct routine monitoring for illicit/improperly configured access point
WEP Authentication / Encryption
WEP Encryption Process PLAINTEXT MESSAGE CRC Logical Exclusive-Or (XOR) Operation GENERATED ENCRYPTION SEQUENCE IV ENCRYPTED MESSAGE CRC IV LEGEND Cyclic Redundency Check Initialization Vector
Weaknesses of WEP Algorithm The primary issues that have led to the defeating the security provided by WEP, is related to the:!implementation of the encryption algorithm!relatively short length of the shared encryption key!iv being transmitted with its associated encrypted message!static nature associated with WEP encryption key management
WEP Encryption Process Initialization Vector (IV) Initialization Vector (IV) used to generate the used to generate the psuedo-random encryption psuedo-random encryption sequence is transmitted sequence is transmitted along with the encrypted along with the encrypted message message IV IV ENCRYPTED MESSAGE ENCRYPTED MESSAGE
RF Signal Limiting
SNR Measurements At Selected Distances (100mW Output Power) 60 50 40 30 10' 20' 100' 20 10 0
SNR Measurements For Selected Output Power Levels 120 100 80 SNR (db) 60 100mW 50mW 5mW 1mW 40 20 0 0 20 40 80 100 Distance (Feet)
RF Interference Source 60 50 40 30 Norma l Interference Source 20 10 0 Figure X.X Microwave Interference Source Effect On WLAN Transmissions (Distance From Wireless Device 10 Feet)
Maximum Distances For Output Power Levels IEEE 802.11b 2.4 GHz Wireless Access Point 1200 1000 800 Distance (Feet) 600 400 200 0 100 50 5 1 Output Pow er (mw)
Firewall / Intrusion Detection System / VPN Integration
Firewall Integration Into A Wireless Network Segment Laptop PDA LAN Switch Firewall Wireless Access Point Wireless Network Segment
IDS Integration Into A Wireless Network Segment Intrusion Detection System Laptop PDA LAN Switch Firewall Wireless Access Point Wireless Network Segment
VPN Integration Into A Wireless Network Segment Laptop PDA LAN Switch VPN Gateway VPN / IPSec Tunnel Wireless Access Point Wireless Network Segment
Emerging Security Technology and Standards
Emerging Security Technology and Standards IEEE 802.11e - Quality of Service (QoS) IEEE 802.11g - 54 Mbps over 2.4 GHz band IEEE 802.11h Spectrum Manager 802.11a IEEE 802.11i - Enhanced security
Summary / Conclusion
Summary! The optimal security solution for WLANs involves a combination of security technologies! A detailed threat risk assessment and analysis is essential to determine which security measures, or combination of measures are the most effective! The implementation of preventive and protective end-toend security measures, such as firewalls, intrusion detection, and VPN technologies, provides the most secure and effective defense against the threats associated with the transmission of data over an insecure wireless medium
Summary! Requires implementation of policy requirements to ensure the effectiveness of security solutions! Training information will emphasize the importance of security to network users
Conclusion A combination of security measures will further increase the security offered by WLAN technologies Increased security will support new WLAN applications Emerging security technology will reduce the increasing security threats associated with providing wireless network connectivity