Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor ...
18
Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_la mb [email protected]
-
Upload
riley-ogrady -
Category
Documents
-
view
229 -
download
7
Transcript of Implementing Network Security – Wireless Security Segway! Steve Lamb Technical Security Advisor ...
Implementing Network Security – Wireless Security Segway!
Steve Lamb
Technical Security Advisor
http://blogs.msdn.com/steve_lamb
So what’s the problem?• WEP is a euphemism
– Wired– Equivalent– Privacy
• Actually, it’s a lie– It isn’t equivalent to “wired privacy” at all!– How can you secure the air?
• Thus: WEP’s v.poorhttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
WLAN Security ChallengesUnsecured WLAN
• Most wireless LANs are unsecured
maimailto:
lto:bosboss@s@
cocompmpany
any.tld.tld
mailto:[email protected]:[email protected]
WLAN WLAN AccessAccessPointPoint
Company ServersCompany Servers
Mobile EmployeeMobile Employee
Evil HackerEvil Hacker
WLAN Security Challenges Weak Security in 802.11 Static WEP
X7!g%k0j37**54bf(jv&8gFX7!g%k0j37**54bf(jv&8gF……
X7!gX7!g%k0j
%k0j37**37**54bf
54bf(jv(jv&8g&8gB)B)
£F..£F..
Thank goodness we use encryption!
Other 802.11 Challenges
• Access Points are dim!• Key Management (!!!!)
– Manual update = never changed!
• Access Control with MAC address filtering– = NO SECURITY!
• Neither is scalable
Authentication
Authorization
Data Protection
Audit
WirelessClient
WirelessAccess Point
WLAN Security Challenges Weak Security in 802.11 Static WEP
• Static WEP key easily obtained for encryption / authentication
X7!g%k0jX7!g%k0j37**54bf(jv37**54bf(jv&8gB)£F..&8gB)£F..
X7!g%k0j37**54bf(jv&8gF…X7!g%k0j37**54bf(jv&8gF…
X7!gX7!g%k0j%k0j37**37**
54bf54bf(jv(jv
&8g&8gB)B)
£F..£F..
HAHAHAHA!I have the keys to your kingdom!
Thank goodness we use encryption!
WLAN Security ChallengesWeak Security in 802.11 Static WEP
• Man in the middle attacks are difficult to detect & prevent
X7!g%k0j37**
X7!g%k0j37**
Rogue NetworkRogue Network
X7!g%k0j37**
X7!g%k0j37**
*All your data are belong to us...
Now where was that sensitive financial data...
Alternatives to WEP
VPNs
• Pros– Familiarity– Hardware Independent– Proven Security
• Cons– Lacks user transparency– Only user logon (not
computer)– Roaming profiles, logon
scripts, GPOs broken, shares, management agents, Remote desktop
– No reconnect on resume from standby
– Complex network structure
VPNs
• More Cons– No protection for
WLAN– Bottleneck at VPN
devices – Higher management &
hardware cost– Prone to disconnection
• Yet more cons! (non-MS VPNs)– 3rd party licensing
costs– Client compatibility– Many VPN auth
schemes (IPsec Xauth) are as bad as WEP!
PEAP encapsulation1. 1. Server authenticates to client
2. 2. Establishes protected tunnel (TLS)
3. 3. Client authenticates inside tunnel to server
• No cryptographic binding between PEAP tunnel and tunneled authN method
• Fix: constrain client (in GPO) to trust only a specific corporate root CA– Foils potential MitM attacks
EAP architecture
TLSTLSTLSTLS GSS_APIKerberos
GSS_APIKerberos
PEAPPEAP IKEIKE MD5MD5
EAPEAP
PPPPPP 802.3802.3 802.5802.5 802.11802.11 Anything……Anything……
methodlayer
methodlayer
EAPEAPlayerlayerEAPEAPlayerlayer
mediamedialayerlayer
mediamedialayerlayer
MS-C
HA
Pv2
MS-C
HA
Pv2
TLS
TLS
Secu
rIDSecu
rID
802.1X over 802.11SupplicantSupplicant AuthenticatorAuthenticator
AuthenticationServer
AuthenticationServer
802.11 association
EAPOL-start
EAP-request/identity
EAP-response/identityEAP-response/identity RADIUS-access-request
EAP-requestEAP-request RADIUS-access-challenge
EAP-response EAP-response (credentials)(credentials)
RADIUS-access-request
EAP-successEAP-success RADIUS-access-accept
Access allowedAccess allowed
EAPOW-key (WEP)
GottGottaa
get get on!on!
Calculating Calculating this guy’s this guy’s
key…key…
AccessAccessblockedblocked
CalculatingCalculatingmy key…my key…
(Wow I just (Wow I just don’t don’t
understand understand this new this new maths!)maths!)
Session Summary
• Windows XP has great wireless security features• There’s extensive prescriptive guidance available from our
website• Don’t be scared of wireless!
Next Steps• Find additional security training events:
http://www.microsoft.com/seminar/events/security.mspx
• Sign up for security communications:http://www.microsoft.com/technet/security/signup/default.mspx
• Check out Security360http://www.microsoft.com/seminar/events/series/mikenash.mspx
• Get additional security tools and content:http://www.microsoft.com/security/guidance
Resources• Microsoft Wi-Fi Page: http://www.microsoft.com/wifi
• The Unofficial 802.11 Security Web Page http://www.drizzle.com/~aboba/IEEE/
• Intercepting Mobile Communications: The Insecurity of 802.11 http://www.drizzle.com/~aboba/IEEE/wep-draft.zip
• Fluhrer, Mantin, Shamir WEP Paper: http://www.crypto.com/papers/others/rc4_ksaproc.pdf
• WiFi Planet: http://www.wi-fiplanet.com/
• Microsoft Solution for Securing Wireless LANs with PEAP and Passwords (< 1 week) http://www.microsoft.com/technet/security/guidance/peap_0.mspx
• Microsoft Solution for Securing Wireless LANs with Certificates
• http://www.microsoft.com/technet/security/prodtech/win2003/pkiwire/swlan.mspx
• Wifi for SOHO Environments http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx
Credits
• Thanks to Ian Hellen(MCS) & Steve Riley(Corp) as I “borrowed” several of their slides!
Questions and Answers
