5/21/2018 12_Wireless Security Presentation v6_2003
1/49
802.11 Wireless Security
John Berti
Senior Manager
Deloitte Security and Privacy Services
http://images.google.ca/imgres?imgurl=www.net4nowt.com/uploaded_images/main_images/wifi.gif&imgrefurl=http://www.net4nowt.com/isp_news/news_article.asp%3FNews_ID%3D1316&h=180&w=300&sz=7&tbnid=jbrf7mBnb3YJ:&tbnh=66&tbnw=110&start=1&prev=/images%3Fq%3Dwifi%26hl%3Den%26lr%3D%26ie%3DUTF-85/21/2018 12_Wireless Security Presentation v6_2003
2/49
Agenda
Introduction to WirelessWireless NetworksWireless SecurityTop 8 Security Issues with 802.11Security Controls for Wireless NetworksSummary Best PracticesFinal Thoughts
5/21/2018 12_Wireless Security Presentation v6_2003
3/49
Introduction to Wireless
5/21/2018 12_Wireless Security Presentation v6_2003
4/49
Cell Phones
PDAs
WLANs
The WirelessWorld
Cordless
Phones
Toys
Appliances
Introduction to Wireless
http://palmorder.modusmedia.com/P5/P5-80400U.htm5/21/2018 12_Wireless Security Presentation v6_2003
5/49
103Hz
106Hz
109Hz
1012Hz
1015Hz
1018Hz
1021Hz
Radio
Microwave
Infrared
Visible LightUltraviolet
X-Ray
Gamma Rays
Introduction to Wireless
http://www.physicsclassroom.com/Class/sound/u11l2a2.gif5/21/2018 12_Wireless Security Presentation v6_2003
6/49
The Radio Frequency Band
0 100 200 300 400 500 600 700 800 900 1GHz 3GHz 5GHz 10GHz
AM Radio (5351605 KHz)
VHF TV (174216 MHz)
FM Radio (88108 MHz)
UHF TV (512806 MHz)
Analog Cellular (824-894 MHz)
Digital Cellular (1850-1900 MHz)
Cordless Phones, Toys (900 MHz)
802.11b,g Bluetooth, Phones (2.4 GHz)
802.11a, g (5 GHz)
Unlicensed Radio Frequencies
Licensed Radio Frequencies
Introduction to Wireless
http://www.crtc.gc.ca/eng/welcome.htm5/21/2018 12_Wireless Security Presentation v6_2003
7/49
Wireless Networks
5/21/2018 12_Wireless Security Presentation v6_2003
8/49
What is a Wireless Network
Wireless Access
Point
Demilitarized Zone
(Firewall, Web Servers)
Wireless Network
Card
Wireless Laptop
Wireless Phone
Wireless PDA
Internal
NetworkInternal Network
Wireless Networks
5/21/2018 12_Wireless Security Presentation v6_2003
9/49
Wireless Network Standards
Bluetooth Intended as a replacement for cables over shorter
distances, with an effective range of up to 10 meters. 1 Mbps Date Rate 2.4 GHz Frequency Band
802.11b Extension to 802.11 Wireless LAN standard 11 Mbps Data Rate 2.4 GHz Frequency Band Digital Sequence Spread Spectrum (DSSS)
Wireless Networks
5/21/2018 12_Wireless Security Presentation v6_2003
10/49
Wireless Network Standards
802.11a Extension to 802.11 Wireless LAN standard 54 Mbps Data Rate 5 GHz Frequency Band Orthogonal Frequency Division Multiplexing (OFDM)
802.11g Replacement for 802.11b with higher rate 54 Mbs Data Rate 2.4 GHz and 5 GHz Frequency Bands
Wireless Networks
5/21/2018 12_Wireless Security Presentation v6_2003
11/49
Wireless Networks
802.11 Standards Comparison
WirelessStandard
802.11b 802.11a 802.11g
Popularity Widely Adopted Not Very Popular Widely Adopted
Speed 11 Mbps 54 Mbps 54 Mbps
Cost Inexpensive More Expensive Inexpensive
Frequency 2.4 GHz 5 GHz 2.4 GHz
Range 300 1750 ft 60 100 ft 100 150 ft
Public Access
Hotspots availableat most airports,
colleges and somerestaurants and
coffee shops
NoneHotspots readily
available
Compatibility 802.11b 802.11a802.11b802.11g
Comparison Data From http://www.linksys.com/edu/wirelessstandards.asp
5/21/2018 12_Wireless Security Presentation v6_2003
12/49
Wireless Networks
Other task groups:
802.11e Quality of Service802.11n 100mb over Wireless802.11s Mesh Networks (Self Healing)
802.11r Fast Hand-off Re-association from AP toAP
802.11p Wi-Fi in moving vehicles
5/21/2018 12_Wireless Security Presentation v6_2003
13/49
Wireless Security
5/21/2018 12_Wireless Security Presentation v6_2003
14/49
Wireless Security
There are numerous risks associated with wirelesstechnology that could potentially be detrimental toan organization and its wireless infrastructure.
These risks can be categorized into 6 classes:
Eavesdropping;Transitive Trust;Impersonation or masquerading;Denial of Service;
Infrastructure;Device vulnerability;
5/21/2018 12_Wireless Security Presentation v6_2003
15/49
802.1xAccess Control Complete and published standard for controlled port access Dynamically generated, session based WEP keys Both session & packet authentication User oriented authentication support Extensible Authentication Protocol (EAP) an extension to
RADIUS servers enabling wireless client authentication to the
wired LAN. Several vendors, like Cisco and 3Com, have already begunmeasures to ensure their implementations comply with thelatest draft of 802.1x standards
802.11iSecurity
100% focus on security Standard completed Provides extensions to current WEP requirements
Authentication algorithm yet to be determined
Advanced Encryption Standard (AES) - block cipher encryption algorithm
Wireless Security
5/21/2018 12_Wireless Security Presentation v6_2003
16/49
Wireless Security
Wired Equivalent Privacy (WEP) is the standard for WLAN encryption It is not widely used (50% of networks dont use it) Easily broken It uses shared keys
For more details on WEP Cracking see the paper by Scott Fluhrer, ItsikMantin, and Adi Shamir.http://www.drizzle.com/%7Eaboba/IEEE/rc4_ksaproc.pdf
Newer WLAN equipment will support Wi-Fi Protected Access (WPA)standards Subset of WLAN security standards based on 802.11i working group
WPA TKIP Changing of keys WPA2 - Advanced Encryption Standard (AES)
5/21/2018 12_Wireless Security Presentation v6_2003
17/49
Problems with WEP
1. WEP is hardly used!
In this scan donerecently on my wayto work only 15 ofthe 45 access pointsdetected used WEP.
Thats only 33%.
Note: Some of thesenetworks mayactually use othermethods ofencrypting data such
as VPN
5/21/2018 12_Wireless Security Presentation v6_2003
18/49
Problems with WEP
2. WEP Can Be Cracked
The IV is sent as plaintext with the encrypted packet. It can besniffed.
XOR is a simple process that can be easily used to deduce anyunknown value if the other two values are known
The first byte of transmitted data is always the same, giving an
attacker knowledge of both the plaintext and ciphertext.(The SNAP header, which equals AA in hex or 170decimal.)
A certain format of IVs are known to be weak. By targetingattacks on packets with weak IVs the amount of data and analysis
needed to derive the shared key is greatly reduced.By combining the above observations about the implementationof WEP, hackers have developed tools that can obtain the sharedkey after collecting approximately 500,000 to 2,000,000 packetswith < 1 minute cracking time.
5/21/2018 12_Wireless Security Presentation v6_2003
19/49
Problems with WEP
3. WEP uses a Shared Key
Using shared keys is impractical on large networks
Key management is very difficult (Difficult to ensure keys can beperiodically changed)
Knowledge of the shared key is disseminated
Inevitably someone will incorrectly configure a wireless device
IndexNetwork
Type ESSIDBSSID (MAC
address) Channel Cloaked WEPDataRate
Max SignalStrength
1 Access Point 00:01:xx:xx:xx:xx 11 No Yes 11 62
2 Access Point 00:01:xx:xx:xx:xx 0 No No 0 69
3 probe wlan 00:01:xx:xx:xx:xx 0 No No 11 71
4 probe wlan 00:01:xx:xx:xx:xx 0 No No 11 73
5 unknown wlan 00:01:xx:xx:xx:xx 0 No No 11 60
6 unknown !OUxxxxxx 00:40:xx:xx:xx:xx 6 No No 11 71
5/21/2018 12_Wireless Security Presentation v6_2003
20/49
WPA Security
WiFi Protected Access (WPA) originally a temporary answer to flaws inWEP. At the heart of WPA is TKIP (Temporary Key Integrity Protocol) whichuses re-keying to get away from the problems inherent in static WEP.
5/21/2018 12_Wireless Security Presentation v6_2003
21/49
WPA Security
Adds authentication through one of two methods1) Pre-shared Key (PSK), which is similar to WEP, fine for small networks2) 802.1x authentication, uses a backend authentication server such asRADIUS
5/21/2018 12_Wireless Security Presentation v6_2003
22/49
Top 8 Security Issues with 802.11
5/21/2018 12_Wireless Security Presentation v6_2003
23/49
Wireless Lan VulnerabilitiesSubtopics
Detection Eavesdropping Modification Injection
Hijacking WLAN Architecture Radio Frequency
ManagementCorporate
Intranet
Internet
5/21/2018 12_Wireless Security Presentation v6_2003
24/49
Detection & Eavesdropping
Detection WLAN will generateand broadcastdetectable radio
waves for a greatdistance
Eavesdropping WLAN signals
extend beyondphysical securityboundaries
5/21/2018 12_Wireless Security Presentation v6_2003
25/49
Eavesdropping
Service Set Identifier (SSID) may be broadcasted. SSID string may identify your organization.
5/21/2018 12_Wireless Security Presentation v6_2003
26/49
Eavesdropping
Standard Wired Equivalent Privacy (WEP)encryption is often not used. When used, WEP is flawedand vulnerable. Nouser authentication in WEP.
Clear Text Passwords
IP Addresses
Company Data
5/21/2018 12_Wireless Security Presentation v6_2003
27/49
Modification, Injection & Hijacking
Modification Standard Wired Equivalent Privacy (WEP)
encryption has no effective integrity protection. Injection
Static WEP keys can be determined by analysis.
Adversaries can attach to the network withoutauthorization. Hijacking
Adversaries can hijack authenticated sessionsprotected only by WEP.
5/21/2018 12_Wireless Security Presentation v6_2003
28/49
Security Architecture
Firewall
Internal Network
Internet
DMZ
WLAN Architecture
Rogue AP
5/21/2018 12_Wireless Security Presentation v6_2003
29/49
Radio Frequency Management
Poor RF managementwill lead tounnecessary
transmission of yourRF signal intounwanted areas.
Also consider otherdevices which may
cause interference.
Building A
Parking Lot
Wireless LAN Security Controls
5/21/2018 12_Wireless Security Presentation v6_2003
30/49
Wireless LAN Security ControlsSubtopics
1. SSID Broadcasting2. MAC Address Filtering3. Security Architecture4. Radio Frequency Management
5. Encryption6. Authentication7. New Wireless LAN Security Protocols
5/21/2018 12_Wireless Security Presentation v6_2003
31/49
SSID Broadcasting
Disablethe broadcasting of the SSID.Not possible on all Access PointsEasily bypassed
Only useful on low-value networksSSID should also not be easily correlated toyour organization name
5/21/2018 12_Wireless Security Presentation v6_2003
32/49
MAC Address Filtering
Some Access Points allow the administratorto specify which link layer (MAC) addressescan attach.
EasilybypassedDoes not scaleOnly useful for low-value networks
5/21/2018 12_Wireless Security Presentation v6_2003
33/49
Security Architecture
Firewall
Internal Network
Internet DMZ (VPN Server)
DMZ (VPN Server)
Firewall
5/21/2018 12_Wireless Security Presentation v6_2003
34/49
Radio Frequency Management
Building A
Parking Lot
Use a scanner to determine yourRF footprintMonitor interference sources
5/21/2018 12_Wireless Security Presentation v6_2003
35/49
Wireless Encryption
Static WEP keys are insufficientfor manynetworksNew secure protocols exist for WLANprotection
Layered VPNis a common solution for WLANnetworks
5/21/2018 12_Wireless Security Presentation v6_2003
36/49
Subtopics
Wireless LAN Security Mechanisms:
Access Control Authentication Encryption Integrity
802.11 Wireless LAN Security Protocols: 802.1X / Dynamic WEP Wi-Fi Protected Access (WPA) Wi-Fi Protected Access 2 (WPA2)
5/21/2018 12_Wireless Security Presentation v6_2003
37/49
Authentication
Wireless LAN needs an authenticated key exchangemechanism
Most secure WLAN implementations use ExtensibleAuthentication Protocol (EAP)
Many EAP methodsare availableOne factorinclude EAP-MD5, LEAP, PEAP-MSCHAP,
TTLS-MSCHAP, EAP-SIMTwo factormethods include EAP-TLS, TTLS withOTP, and PEAP-GTC
Need mutual authentication
5/21/2018 12_Wireless Security Presentation v6_2003
38/49
Encryption
Static WEPDynamic WEPTemporal Key Integrity Protocol (TKIP)Uses RC4Stream Cipher with 128 bit per-packetkeys
Counter-Mode-CBC-MAC Protocol (CCMP)Uses Advanced Encryption Standard (AES) with128 bit keys
5/21/2018 12_Wireless Security Presentation v6_2003
39/49
Integrity Protection
WEP has no cryptographically strongintegrityprotectionTKIP uses a new Message Integrity Codecalled Michael
CCMP uses AESin CBC-MAC mode
5/21/2018 12_Wireless Security Presentation v6_2003
40/49
802.11 Security Solutions
802.1xDynamic WEP
Wi-FiProtectedAccess
Wi-FiProtectedAccess 2
Access Control 802.1X 802.1X or Pre-
Shared Key
802.1X or Pre-
Shared Key
Authentication EAP methods EAP methodsor Pre-SharedKey
EAP methodsor Pre-SharedKey
Encryption WEP TKIP (RC4) CCMP (AESCounter Mode)
Integrity None Michael MIC CCMP (AESCBC-MAC)
5/21/2018 12_Wireless Security Presentation v6_2003
41/49
Tools and Techniques
5/21/2018 12_Wireless Security Presentation v6_2003
42/49
Hacker Tools and Techniques
Discovery
Association Polling Set SSID to Any on Client Card automatically associates with the strongest AP Default setting for most wireless clients
* Reason that Fake APs are a threat to unsuspecting clients
Scan Mode Polling Send a Scan Request to the card, receive a Scan response back with AP info Card keeps track of received beacon packets and probe requests Will detect both APs as well as adhoc networks Will only detects Access Points that are configured to Beacon the SSID Technique used by Netstumbler
5/21/2018 12_Wireless Security Presentation v6_2003
43/49
Hacker Tools and Techniques
Discovery
Monitor Mode Protocol Analysis Sets card into monitor mode and analyzes beacons and probes Will detect closed APs & wireless nodes Allows access to information such as SSID, Authentication Mechanisms,
Encryption Types, Speeds, etc. Used by tools like Kismet
5/21/2018 12_Wireless Security Presentation v6_2003
44/49
Hacker Tools and Techniques
Discovery Tools
Netstumbler Latest version of NetStumbler requires Windows 2000, Windows XP, orbetter.
The Proxim models 8410-WD and 8420-WD are known to work. The8410-WD has also been sold as the Dell TrueMobile 1150, CompaqWL110, Avaya Wireless 802.11b PC Card, and others.
Most cards based on the Intersil Prism/Prism2 chip set also work. Most 802.11b, 802.11a and 802.11g wireless LAN adapters should
work on Windows XP. Some may work on Windows 2000 too. Many ofthem report inaccurate Signal strength, and if using the "NDIS 5.1"card access method then Noise level will not be reported.
5/21/2018 12_Wireless Security Presentation v6_2003
45/49
Hacker Tools and Techniques
Discovery Tools
Kismet Runs on Linux Cards must be capable of running in RF-Monitor Mode Can also be setup with drones to use it as a wireless intrusion
detection solution.
http://www.kismetwireless.net/index.shtml5/21/2018 12_Wireless Security Presentation v6_2003
46/49
Summary Best Practices
5/21/2018 12_Wireless Security Presentation v6_2003
47/49
Summary Best Practices
Understand and respect the fact that WLANs are difficult to manage
Implement WLAN policies and management processes Treat your WLAN like the Internet and run a VPN connection over it Change the default vendor-set SSID for access points and for WLAN
terminals Use Port access-control to protect WLANs from unauthorized access Use at least WEP encryption (128-bit ), and some other access control
mechanism (RADIUS) Ensure that access points are not broadcasting their SSIDs Scan for, and make it known to employees that they are not permitted
to install rogue access points Utilize WLAN network cards that support password-protection of
attribute changes Deploy real-time, content-level security measures (such as antivirus
firewalls) in conjunction with each WLAN access point
5/21/2018 12_Wireless Security Presentation v6_2003
48/49
Deployment Considerations
Site Survey Think vertical and horizontal!
Layer Security Secure Access Point Use Secure Protocols (802.1x, IPSEC, SSL, etc) Access Controls
Logging, Monitoring, and Alerting Mechanisms How do you know you are being attacked?
Education and Awareness
5/21/2018 12_Wireless Security Presentation v6_2003
49/49