How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.
22
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego
-
Upload
barrie-francis -
Category
Documents
-
view
215 -
download
0
Transcript of How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.
How secure are 802.11b Wireless Networks?
By Ilian Emmons
University of San Diego
Agenda
• Introduction
• What is a Hacker?
• Root Causes of Poor Security
• Conclusion & Solutions
• Questions & Answers
Introduction
• A wireless LAN is one in which a mobile user can connect to a local area network through a wireless (radio) connection.
• A standard, IEEE 802.11, specifies the technologies for wireless LANs.
• The standard includes an encryption method, the Wired Equivalent Privacy algorithm.
802.11 Wireless Networks
• 802.11 is a family of specifications for WLANs developed by IEEE.
• There are currently four specifications in the family: 802.11, 802.11a, 802.11b, and 802.11g.
• The most recently approved standard, 802.11g, offers wireless transmission over relatively short distances at up to 54 Mbps.
802.11b Wireless Networks
• The 802.11b standard - often called Wi-Fi - is backward compatible with 802.11.
• It offers wireless transmission over relatively short distances at up to 11 megabits per second.
• The modulation method selected for 802.11b is known as complementary code keying (CCK), which allows higher data speeds and is less susceptible to multipath-propagation interference.
Wired Equivalent Privacy Protocol
• Wired Equivalent Privacy (WEP) is a security protocol that encrypts data transmitted over a WLAN.
• Depending on the manufacturer and the model of the NIC card and access point, there are two levels of WEP commonly available:(1) 40-bit encryption key and 24-bit initialization vector (also called 64-bit encryption).(2) 104-bit key plus the 24-bit IV (also called 128-bit encryption).
Agenda
• Introduction
• What is a Hacker?
• Root Causes of Poor Security
• Conclusion & Solutions
• Questions & Answers
Portrait of a Hacker
• Male or female• Between the ages of 1 and 99• Has more time than you• Trying to prove how good they are• Typically dumb and typically smart
CISA-Jason Hacker-Jason
Users Reporting WLAN Security Incidents or Attacks
17% 17% 17%16%
7% 7%
4% 4%3%
2%1%
0%
4%
8%
12%
16%
20%
Unauthorizedrogue access
points onpremises
WLAN Clientsassociating
with incorrectaccess points
Evidence ofactive intrusion
attempts onthe WLAN
War drivers orother potential
intruderssnooping the
network
Securitycompromised
by lost ofstolen
equipment
Bandwidth theftby unauthorizedWLAN stations
Wired networkintrusion
launched froma WLAN
WirelessAccess point
break-in
Wirelessstation break-inby WLAN peers
Loss ofconfidentialdata due towireless use
Forgery orreplay of data
due to wirelessuse
Type of Incident
Per
cent
age
Source: “802.11 Wireless LAN Security: Usage, Expectations and Strategies for the Future.” June 2002.
Agenda
• Introduction
• What is a Hacker?
• Root Causes of Poor Security
• Conclusion and Solutions
• Questions & Answers
Controlling WLAN access
• Unauthorized use of WLAN bandwidth. For example: Unauthorized access to the Internet.
• Unauthorized access to intranet services. Wireless gateways and APs should always be placed in untrusted subnets.
• Wireless station (end-user desktops/laptops) Compromise.
Controlling WLAN access cont…
• AP Compromise. Numerous APs are installed with default parameters.
• Mac Spoofing (WEP Deficiencies).
• War Driving.
Authentication Risks
• Two-step form authentication (1) authentication; (2) association.
• The weaknesses of the two-step form authentication are: (1) the previously discussed weaknesses of WEP; and (b) that all vendors broadcast the SSID values in the clear, so a protocol analyzer with a wireless card can find these values in seconds.
Authentication Risks cont…
• Rogue Access Points
• Lost or Stolen Cards
Data integrity and reliability
• Replay: Unencrypted frames are easily captured and replayed. IPSec VPNs provide strong replay protection, but nothing prevents re-sending a captured frame that was encrypted with WEP.
• Forgery: WEP includes a CRC that detects corruption, but cannot prevent a frame from being modified such that the CRC still passes. A VPN or higher-layer solution should be use to ensure wireless data integrity.
Data integrity and reliability
• Session Hijacking: A hacker can use a high-powered AP to intercept associate requests, masquerade as the legitimate AP, relay WLAN traffic to intended destination, and return responses to requesting stations. Stations and intranet servers may be unaware that sessions have been hijacked. To reduce this risk, network administrators should monitor for rogue APs and use 802.11b with strong authentication.
Agenda
• Introduction
• What is a Hacker?
• Root Causes of Poor Security
• Conclusion and Solutions
• Questions & Answers
Conclusion
• Every network technology has vulnerabilities.
• War driving and WEP shortcomings have simply heightened industry awareness of the risks inherent in WLANs.
Potential Solutions
• Always enable WEP. WEP is not secure, but at least it is a fist barrier.
• Change the default SSID of the product. Do not change the SSID to reflect your company’s main names, divisions, products or street address.
• Disable “broadcast SSID” in clear text.• Change default passwords on access points or
wireless routers.
Potential Solutions cont…
• Conduct attack and penetration testing on a regular basis to validate the security measures that they have implemented.
• Use of log monitoring and intrusion detection systems to identify unusual behavior.
• Use VPN to protect the Network.• Traffic Analysis
Agenda
• Introduction
• What is a Hacker?
• Three of the major root causes of poor security in Wireless Networks
• Conclusion & Solutions
• Questions & Answers
Questions???Answers!!!
