Wireless Network SecurityWireless Network Security

Presented by:Presented by:

Prabhakaran TheertharamanPrabhakaran Theertharaman

Presentation PlanPresentation Plan

An overview of wireless technology.An overview of wireless technology.

Benefits, Security risk, Mitigation forBenefits, Security risk, Mitigation for

• 802.11 WLAN technology802.11 WLAN technology• Bluetooth ad hoc network technologyBluetooth ad hoc network technology• Handheld wireless devicesHandheld wireless devices

Wireless TechnologyWireless Technology Enables one or more devices to communicate Enables one or more devices to communicate

without physical connectionswithout physical connections

Does not require network or peripheral cablingDoes not require network or peripheral cabling

Receive and transmit information using electromagnetic (EM) waves.

Ranges from Radio Frequency [RF] to Infrared Ranges from Radio Frequency [RF] to Infrared frequency [IR] for transmitting data frequency [IR] for transmitting data

Extends from 9 kilohertz (kHz) to thousands of gigahertz (GHz)

Wireless NetworksWireless Networks Wireless Wide Area Networks (Wireless Wide Area Networks (WWANWWAN))

• Wider CoverageWider Coverage• Example:Example:

2G Cellular2G Cellular Cellular Digital Packet Data (CDPD)Cellular Digital Packet Data (CDPD) Global System for Mobile Communications (GSM)Global System for Mobile Communications (GSM) MobitexMobitex

Wireless Local Area Networks (Wireless Local Area Networks (WLANWLAN))• Smaller NetworksSmaller Networks• Example:Example:

802.11802.11 HiperLANHiperLAN

Wireless Personal Area Network (Wireless Personal Area Network (WPANWPAN))• Ad hoc Networks*Ad hoc Networks*• Example:Example:

BluetoothBluetooth Infrared (IR)Infrared (IR)

Threats and vulnerabilities of Threats and vulnerabilities of wireless systems wireless systems

Vulnerabilities that exist in a wired network apply to wireless technologies Vulnerabilities that exist in a wired network apply to wireless technologies too.too.

Malicious entities mayMalicious entities may

• gain unauthorized accessgain unauthorized access

• intercept and discloseintercept and disclose

• Denial of service (DoS)Denial of service (DoS)

• MasqueradeMasquerade

• deploy unauthorized equipmentdeploy unauthorized equipment

• use un-trusted wireless network servicesuse un-trusted wireless network services

Sensitive data may be corrupted during improper synchronization. Sensitive data may be corrupted during improper synchronization.

Handheld devices are easily stolen and can reveal sensitive information Handheld devices are easily stolen and can reveal sensitive information

Wireless attacksWireless attacks

AttacksAttacks

Passive Active

Eavesdropping Traffic Analysis Masquerade Replay Message Modification Denial of Service

General Wireless Security General Wireless Security RequirementsRequirements

Authenticity - Authenticity - A third party must be able to verify that the A third party must be able to verify that the content of a message has not been changed in transit.content of a message has not been changed in transit.

Non-Repudiation - Non-Repudiation - The origin or the receipt of a specific The origin or the receipt of a specific message must be verifiable by a third party.message must be verifiable by a third party.

Accountability - Accountability - The actions of an entity must be The actions of an entity must be traceable uniquely to that entity.traceable uniquely to that entity.

Wireless Local Area Wireless Local Area NetworkNetwork

a.k.a.,a.k.a.,

WiFi, 802.11 WLANWiFi, 802.11 WLAN

Wireless LAN - BenefitsWireless LAN - Benefits

User MobilityUser Mobility Rapid InstallationRapid Installation Flexibility Flexibility ScalabilityScalability

Security features of WiFiSecurity features of WiFi

Authentication Authentication • Only authorized persons allowed to gain access to my

network.

ConfidentialityConfidentiality• Intended to prevent information compromise from

casual eavesdropping (passive attack)

IntegrityIntegrity• Ensures that messages are not modified in transit

between the wireless clients and the access point in an active attack.

WEPWEP

WLANs security services are provided by WLANs security services are provided by Wired Equivalent PrivacyWired Equivalent Privacy (WEP) (WEP) protocol.protocol.

WEP protects link-level data during WEP protects link-level data during wireless transmission between clients and wireless transmission between clients and access points.access points.

WEP does not provide end-to-end security WEP does not provide end-to-end security (just the wireless portion of the network)(just the wireless portion of the network)

Risk MitigationRisk Mitigation

Management CountermeasuresManagement Countermeasures Operational CountermeasuresOperational Countermeasures

• Physical securityPhysical security Technical CountermeasuresTechnical Countermeasures

• Software Solutions• Hardware Solutions

Technical CountermeasuresTechnical Countermeasures Software SolutionsSoftware Solutions

1.1. Access Point ConfigurationAccess Point Configuration

• Updating default passwords• Establishing proper encryption settings• Controlling the reset function• Using MAC ACL functionality• Changing the SSID• Maximize the Beacon Interval• Disable broadcast SSID feature• Changing default cryptographic keys• Using SNMP• Changing default channel• Using DHCP – Dynamic Host Control Protocol

Software SolutionsSoftware Solutions

1. Access Point Configuration

2.2. Software Patches and UpgradesSoftware Patches and Upgrades

3.3. AuthenticationAuthentication

4.4. Personal FirewallsPersonal Firewalls

5.5. Intrusion Detection System (IDS)Intrusion Detection System (IDS)

6.6. EncryptionEncryption

7.7. Security AssessmentsSecurity Assessments

Hardware SolutionsHardware Solutions

• Smart CardsSmart Cards• Virtual Private NetworksVirtual Private Networks• Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)• BiometricsBiometrics

Wireless PAN – BluetoothWireless PAN – BluetoothTechnologyTechnology

Bluetooth TechnologyBluetooth Technology

Bluetooth is a standard that willBluetooth is a standard that will

• Eliminate wires and cables between both Eliminate wires and cables between both stationary and mobile devicesstationary and mobile devices

• Facilitate both data and voice communicationsFacilitate both data and voice communications

• Offer the possibility of ad hoc networks and Offer the possibility of ad hoc networks and deliver synchronicity between personal devicesdeliver synchronicity between personal devices

BenefitsBenefits

Cable replacementCable replacement Ease of file sharingEase of file sharing Wireless synchronizationWireless synchronization Automated wireless applicationsAutomated wireless applications Internet connectivityInternet connectivity

Bluetooth Security modesBluetooth Security modes

Security Modes

Security Mode 1

No security

Security Mode 2

Service Level Security

Flexible / Policy based

Security Mode 3

Link Level Security

Fixed

Authentication Confidentiality Authorization Authentication Confidentiality

Security Requirements for RisksSecurity Requirements for Risks

Loss of ConfidentialityLoss of Confidentiality

Loss of IntegrityLoss of Integrity

Loss of AvailabilityLoss of Availability

Risk MitigationRisk Mitigation

Software SolutionsSoftware Solutions - Bluetooth PIN- Bluetooth PIN

Hardware SolutionsHardware Solutions - Device Address- Device Address

- Frequency-Hopping Schemes- Frequency-Hopping Schemes

- Trusted Third Party (TTP) Authentication- Trusted Third Party (TTP) Authentication

Wireless Hand Held Wireless Hand Held DevicesDevices

Personal Digital Assistants Personal Digital Assistants (PDA) & Smart Phones(PDA) & Smart Phones

Security RequirementsSecurity Requirements

Loss of ConfidentialityLoss of Confidentiality

Loss of IntegrityLoss of Integrity

Loss of AvailabilityLoss of Availability

Risk MitigationRisk Mitigation

AuthenticationAuthentication EncryptionEncryption Antivirus SoftwareAntivirus Software PKIPKI VPN and FirewallsVPN and Firewalls Enterprise SolutionsEnterprise Solutions

QuestionsQuestions

??

Thank YouThank You