Wireless LAN Security
Wireless Webster’s New World Dictionary, 2nd College Edition, defines wireless as: “without wire or wires; specifically operating with electromagnetic waves and not with conducting wire”
LAN Newton’s Telecom Dictionary, 11th Edition, defines "LAN" as: "A short distance data communications network (typically within a building or campus) used to link computers and peripheral devices under some form of standard control."
What is Wireless LAN? A wireless LAN (WLAN) is a flexible data communication system implemented as an extension to, or as an alternative for, a wired LAN within a building or campus. Using electromagnetic waves, WLANs transmit and receive data over the air, minimizing the need for wired connections. WLANs combine data connectivity with user mobility, and, through simplified configuration, enable movable LANs.
Wireless LAN Technology IEEE 802.11 http://www.wlana.com http://www.wi-fi.com HomeRF www.homerf.org 2Mbps (10Mbps shortly) Frequency Hopping Spread Spectrum Bluetooth www.bluetooth.com Low power Personal Area Networks
Wireless Personal Area Networking (WPAN) The WPAN category is led by a short-range wireless technology called Bluetooth. Most Bluetooth implementations support low cost, modest speed (up to 700Kbps), and short range (<10 meters) applications. Bluetooth is ideal for applications such as wireless headsets, wireless synchronization of PDAs with computers, and wireless peripherals such as printers or keyboards.
TECHNOLOGY OF WIRELESS LANS Infared (IR) Never commercially implemented Radio Frequency (RF) Frequency Hopping Spread Spectrum (FHSS) Direct Sequence Spread Spectrum (DSSS)
Why Wireless LAN? (I) Mobility-Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired networks. Installation Speed and Simplicity-Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings. Installation Flexibility-Wireless technology allows the network to go where wire cannot go.
Why Wireless LAN? (II) Reduced Cost-of-Ownership-While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves, adds, and changes. Scalability-Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that allows roaming over a broad area.
IEEE 802.11 and the ISO Model The Institute of Electrical and Electronics Engineers (IEEE) publishes the 802.11 standards. 802.11 (1997) was the 1st wireless standard from an internationally recognized, independent organization IEEE 802.3 Ethernet uses CSMA/CD-Carrier Sense Multiple Access with Collision Detection IEEE 802.11b uses CSMA/CA-Carrier Sense Multiple Access with Collision Avoidance CSMA/CA utilizes the RTS/CTS (Request To Send/Clear To Send) protocol to notify other workstations that a transmission is about to take place. Difference is transparent RTS CTS Data ACK
IEEE 802.11
IEEE 802.11b Published in 1999 Higher speeds (11Mbps and 5.5Mbps) while maintaining compatibility with 802.11DSSS 1 & 2 Mbps rates (roughly equivalent to10Mbps shared Ethernet) Interoperability Wireless Fidelity (Wi-Fi) certification by the Wireless Ethernet Compatibility Alliance (WECA) Affordability PC Card NICs under $200 Starting to see built-in wireless NICs
Wireless LAN Market Projection Source: Micrologic Research
ISM Spectrum Allocation In the United State, the Federal Communications Commission (FCC) governs radio transmission, but FCC does not require the end-user to purchase license to use the ISM bands. ISM bands includes 902-928 MHz, 2.4-2.483 GHz, 5.15-5.35 GHz, 5.725-5.875 GHz. Wireless LANs are typically designed to operate in Instrumentation, Scientific, and Medical (ISM) radio bands.
Channel Assignments 11 channels are used in the U.S., 13 in Europe, 4 in France, and 1 in Japan The 11 channels used in the U.S. have center frequencies of 2.412GHz-2.462GHz in 5MHz increments
Channel Selection Each DSSS channel is 22MHz wide Channels 1, 6, & 11 provide non-overlapping coverage A minimum of 3 channels of separation (e.g. 1,4,7 & 10) can be used in certain situations. ch 1 ch 6 ch 11 An example of a frequency plan of an infrastructure network using DSSS.
Interference The unlicensed ISM band is subject to possible interference from: Cordless phones, video monitoring devices, etc. that operate at 2.4GHz Microwave Ovens Other Wireless LANs
Access Point Range Line-of-sight transmission Open office: ~500’ Semi-open: ~160’ Closed Office: ~80’ These are approximate figures and can vary greatly depending on AP and client placement, wall construction,furniture, etc.
How Many Wireless Connections within a AP? This depends upon the manufacturer. Some hardware access points have a recommended limit of 10, with other more expensive access points supporting up to 100 wireless connections. Using more computers than recommended will cause performance and reliability to suffer.
Safety Most wireless NICs only output ~30mW to conserve battery power Radio transmits only when there is data to be sent; a cell phone which transmits throughout the entire call Read the manufacturer’s safety information
Wireless LAN Hardware (I) Wireless Network Interface Card (NIC) Contains the radio transceiver, antenna, and circuitry to convert Radio Frequency (RF) to digital Form factors PC Card ISA or PCI NIC or PC Card adapter USB
Wireless LAN Hardware (II) Wireless Access Point (AP) A network device that interconnects a wireless radio network to a wired LAN. Also known as a Base Station Bridges between wireless and wired segments to minimize traffic Frequency selection Authentication & Encryption Built-in radio & antenna(s) or slots for PC Cards Hardware vs. software APs
Software AP & Hardware AP Hardware Access Point Software Access Point
Wireless LAN Configurations Peer-to-peer Workgroup Also known as Ad Hoc Network Infrastructure or Client/Server Network
Infrastructure Mode Standalone LAN or integrated into an existing enterprise network
Ad Hoc Mode Simplest and cheapest to build Client computers communicate directly with each other All client computers must be within range of each other File & printer sharing using a peer-to-peer operating system
More Than One AP Configuration Extension Point Multiple Access Points
FHSS v.s. DSSS Frequency hopping spread spectrum technology (FHSS) Carrier frequency hops among multiple narrow channels according to a unique sequence Direct sequence spread spectrum technology (DSSS) Data is encoded and decoded using a Psuedo Random Noise Code
When Should I Use Wireless? Wireless makes the most sense in situations requiring: Quick setup and take down (conferences, trade shows) Temporary facilities (leased or rented space) Historical buildings
When Shouldn’t I Use Wireless? Wireless is not a substitute for a good wired infrastructure. Speed Reliability Security Cost (?)
Security There are two main components involved in securing Wireless LANs: Authorization Service Set ID (SSID): also known as Network Name MAC Address Access List Encryption WEP (Wired Equivalent Privacy)
Service Set ID (SSID) Default client setting is "ANY"; all open networks within range will respond and the radio will usually associate with the strongest signal Closed networks require the exact SSID to be entered in the client configuration settings and only APs with the same SSID will be visible Allows assigning clients into specific groups by forcing them to associate with a specific AP or group of APs Updates would need to be performed on APs and clients simultaneously
MAC Address Access List Wireless NIC MAC address must be included in the list for the AP to allow data to pass. Difficult to implement on a large scale or with transient users Lists need to be maintained in each access point, although querying a centralized list may be possible
WEP (Wired Equivalent Privacy) Intended to provide privacy equivalent to that of a non-encrypted wired network 40-bit encryption based on the RC4 algorithm. 128-bit version may be vendor-specific Encryption key updates would need to be performed on APs and clients simultaneously Keys can be entered in ASCII or Hex, depending on the manufacturer May impact AP throughput
Security, Security, Security Large-scale networks cannot rely on 802.11b alone to provide authorization and encryption. Authorization and encryption could be accomplished by using a Virtual Private Network (VPN) Encryption needs to be implemented at the two endpoints so that data does not traverse the wireless network in clear text. Uses SSL or Pretty Good Privacy (PGP)
Wireless Security Scope & Risks AirSnort WEPCrack Network Stumbler Internet Scanner Wireless Scanner RealSecure BlackICE PC Protection 3.5 11.a 11.b 11.g Insertion Attacks Plug-in unauthorized APs & Clients SSID configuration Interception and monitoring wireless traffic WEP vulnerability Mis-configuration (including use default value) Jamming (Interfering) Client to Client Attacks (DoS) War Driving Parasitic Grids
Taxonomy of Security Attacks
WLAN Security Mitigation Wireless Security Policy and Architecture Design Treat BaseStations as Untrusted Base Station Configuration Policy 802.1X Security MAC Address Filtering Base Station Discovery Honeypots - FakeAP Base Station Security Assessments Wireless Client Protection Emerging Security Standards and Technologies IEEE 802.11 Task Group I ( TGi ) Advanced Encryption Standard ( AES ) WiFi Protected Access ( WPA ) Temporal Key Integrity Protocol ( TKIP ) IEEE IEEE 802.1X-2001 Extensible Authentication Protocol ( EAP ) IEEE 802.11i Management Countermeasures Operational Countermeasures Technical Countermeasures