The Help Desk - PowerPoint

Document Sample
The Help Desk - PowerPoint Powered By Docstoc
					     Wireless LAN Security &
        Vulnerabilities and
Implementing Wireless LAN Security
              4DWN
             Session 7
Objectives - Wireless LAN
Security & Vulnerabilities
  • Define information security
  • Explain the basic security protections for IEEE
    802.11 WLANs
  • List the vulnerabilities of the IEEE 802.11
    standard
  • Describe the types of wireless attacks that can
    be launched against a wireless network


  CWNA Guide to Wireless LANs, Second Edition   2
Objectives - Implementing
Wireless LAN Security
 • List wireless security solutions
 • Tell the components of the transitional security
   model
 • Describe the personal security model
 • List the components that make up the enterprise
   security model



  CWNA Guide to Wireless LANs, Second Edition   3
Security Principles: What
is Information Security?
  • Information security: Task of guarding digital
    information
     – Ensures protective measures properly implemented
     – Protects confidentiality, integrity, and availability (CIA)
       on the devices that store, manipulate, and transmit
       the information through products, people, and
       procedures




  CWNA Guide to Wireless LANs, Second Edition     4
Security Principles: Challenges of
Securing Information
  • Trends influencing increasing difficultly in
    information security:
      – Speed of attacks
      – Sophistication of attacks
      – Faster detection of weaknesses
          • Day zero attacks
      – Distributed attacks
          • The “many against one” approach
          • Impossible to stop attack by trying to identify and block
            source

   CWNA Guide to Wireless LANs, Second Edition            5
Security Principles: Categories
of Attackers
  • Six categories of attackers:
     – Hackers
          • Not malicious; expose security flaws
     –   Crackers
     –   Script kiddies
     –   Spies
     –   Employees
     –   Cyberterrorists



  CWNA Guide to Wireless LANs, Second Edition      6
Security Principles: Categories
of Attackers (continued)




  Table 8-1: Attacker profiles



  CWNA Guide to Wireless LANs, Second Edition   7
Security Principles:
Security Organizations
  • Many security organizations exist to provide
    security information, assistance, and training
     – Computer Emergency Response Team Coordination
       Center (CERT/CC)
     – Forum of Incident Response and Security Teams
       (FIRST)
     – InfraGard
     – Information Systems Security Association (ISSA)
     – National Security Institute (NSI)
     – SysAdmin, Audit, Network, Security (SANS) Institute
  CWNA Guide to Wireless LANs, Second Edition   8
Basic IEEE 802.11 Security
Protections
  • Data transmitted by a WLAN could be
    intercepted and viewed by an attacker
     – Important that basic wireless security protections be
       built into WLANs
  • Three categories of WLAN protections:
     – Access control
     – Wired equivalent privacy (WEP)
     – Authentication
  • Some protections specified by IEEE, while
    others left to vendors
  CWNA Guide to Wireless LANs, Second Edition   9
Access Control
  • Intended to guard availability of information
  • Wireless access control: Limit user’s
    admission to AP
      – Filtering
  • Media Access Control (MAC) address
    filtering: Based on a node’s unique MAC
    address



  Figure 8-2: MAC address
  CWNA Guide to Wireless LANs, Second Edition   10
Access Control (continued)




  Figure 8-4: MAC address filtering
  CWNA Guide to Wireless LANs, Second Edition   11
Access Control (continued)

  • MAC address filtering considered to be a basic
    means of controlling access
     – Requires pre-approved authentication
     – Difficult to provide temporary access for “guest”
       devices




  CWNA Guide to Wireless LANs, Second Edition   12
Wired Equivalent Privacy
(WEP)
  • Guard the confidentiality of information
     – Ensure only authorized parties can view it
  • Used in IEEE 802.11 to encrypt wireless
    transmissions
     – “Scrambling”




  CWNA Guide to Wireless LANs, Second Edition   13
WEP: Cryptography
 • Cryptography: Science of transforming information so
   that it is secure while being transmitted or stored
     – scrambles” data
 • Encryption: Transforming plaintext to ciphertext
 • Decryption: Transforming ciphertext to plaintext
 • Cipher: An encryption algorithm
     – Given a key that is used to encrypt and decrypt messages
     – Weak keys: Keys that are easily discovered




  CWNA Guide to Wireless LANs, Second Edition        14
WEP: Cryptography




 Figure 8-5: Cryptography   15
WEP: Implementation

 • IEEE 802.11 cryptography objectives:
     –   Efficient
     –   Exportable
     –   Optional
     –   Reasonably strong
     –   Self-synchronizing
 • WEP relies on secret key “shared” between a
   wireless device and the AP
     – Same key installed on device and AP
     – Private key cryptography or symmetric encryption

  CWNA Guide to Wireless LANs, Second Edition   16
WEP: Implementation




 Figure 8-6: Symmetric encryption   17
WEP: Implementation
 • WEP shared secret keys must be at least 40 bits
     – Most vendors use 104 bits
 • Options for creating WEP keys:
     – 40-bit WEP shared secret key (5 ASCII characters or
       10 hexadecimal characters)
     – 104-bit WEP shared secret key (13 ASCII characters
       or 16 hexadecimal characters)
     – Passphrase (16 ASCII characters)
 • APs and wireless devices can store up to four
   shared secret keys
     – Default key used for all encryption

  CWNA Guide to Wireless LANs, Second Edition   18
WEP: Implementation




 Figure 8-8: Default WEP keys   19
WEP: Implementation




 Figure 8-9: WEP encryption process

  CWNA Guide to Wireless LANs, Second Edition   20
WEP: Implementation
 • When encrypted frame arrives at destination:
     – Receiving device separates IV from ciphertext
     – Combines IV with appropriate secret key
         • Create a keystream
     – Keystream used to extract text and ICV
     – Text run through CRC
         • Ensure ICVs match and nothing lost in transmission
 • Generating keystream using the PRNG is based
   on the RC4 cipher algorithm
     – Stream Cipher

  CWNA Guide to Wireless LANs, Second Edition        21
WEP: Implementation




 Figure 8-10: Stream cipher



  CWNA Guide to Wireless LANs, Second Edition   22
Authentication

  • IEEE 802.11 authentication: Process in which
    AP accepts or rejects a wireless device
  • Open system authentication:
     – Wireless device sends association request frame to
       AP
         • Carries info about supported data rates and service set
           identifier (SSID)
     – AP compares received SSID with the network SSID
         • If they match, wireless device authenticated



  CWNA Guide to Wireless LANs, Second Edition             23
Authentication (continued)

  • Shared key authentication: Uses WEP keys
     – AP sends the wireless device the challenge text
     – Wireless device encrypts challenge text with its WEP
       key and returns it to the AP
     – AP decrypts returned result and compares to original
       challenge text
         • If they match, device accepted into network




  CWNA Guide to Wireless LANs, Second Edition            24
Vulnerabilities of IEEE
802.11 Security
  • IEEE 802.11 standard’s security mechanisms for
    wireless networks have fallen short of their goal
  • Vulnerabilities exist in:
     – Authentication
     – Address filtering
     – WEP




  CWNA Guide to Wireless LANs, Second Edition   25
Open System Authentication
Vulnerabilities
  • Inherently weak
     – Based only on match of SSIDs
     – SSID beaconed from AP during passive scanning
         • Easy to discover
  • Vulnerabilities:
     – Beaconing SSID is default mode in all APs
     – Not all APs allow beaconing to be turned off
         • Or manufacturer recommends against it
     – SSID initially transmitted in plaintext (unencrypted)

  CWNA Guide to Wireless LANs, Second Edition      26
Open System Authentication
Vulnerabilities (continued)

  • Vulnerabilities (continued):
     – If an attacker cannot capture an initial negotiation
       process, can force one to occur
     – SSID can be retrieved from an authenticated device
     – Many users do not change default SSID
  • Several wireless tools freely available that allow
    users with no advanced knowledge of wireless
    networks to capture SSIDs

  CWNA Guide to Wireless LANs, Second Edition   27
Open System Authentication
Vulnerabilities (continued)




 Figure 8-12: Forcing the renegotiation process
                                                  28
Shared Secret Key
Authentication Vulnerabilities
  • Attackers can view key on an approved wireless
    device (i.e., steal it), and then use on own
    wireless devices
  • Brute force attack: Attacker attempts to create
    every possible key combination until correct key
    found
  • Dictionary attack: Takes each word from a
    dictionary and encodes it in same way as
    passphrase
     – Compare encoded dictionary words against encrypted
       frame
                                           29
Shared Secret Key Authentication
Vulnerabilities (continued)

  • AP sends challenge text in plaintext
     – Attacker can capture challenge text and device’s
       response (encrypted text and IV)
         • Mathematically derive keystream




  CWNA Guide to Wireless LANs, Second Edition   30
Shared Secret Key
Authentication Vulnerabilities




  Table 8-2: Authentication attacks   31
Address Filtering
Vulnerabilities




  Table 8-3: MAC address attacks




  CWNA Guide to Wireless LANs, Second Edition   32
WEP Vulnerabilities

  • Uses 40 or 104 bit keys
     – Shorter keys easier to crack
  • WEP implementation violates cardinal rule of
    cryptography
     – Creates detectable pattern for attackers
     – APs end up repeating IVs
  • Collision: Two packets derived from same IV
     – Attacker can use info from collisions to initiate a
       keystream attack

  CWNA Guide to Wireless LANs, Second Edition     33
WEP Vulnerabilities




  Figure 8-13: XOR operations   34
WEP Vulnerabilities
(continued)




  Figure 8-14: Capturing packets



  CWNA Guide to Wireless LANs, Second Edition   35
WEP Vulnerabilities (continued)

  • PRNG does not create true random number
      – Pseudorandom
      – First 256 bytes of the RC4 cipher can be determined
        by bytes in the key itself




  Table 8-4: WEP attacks

  CWNA Guide to Wireless LANs, Second Edition   36
Other Wireless Attacks:
Man-in-the-Middle Attack
   • Makes it seem that two computers are
     communicating with each other
       – Actually sending and receiving data with computer
         between them
       – Active or passive




  Figure 8-15: Intercepting transmissions

   CWNA Guide to Wireless LANs, Second Edition   37
Other Wireless Attacks: Man-
in-the-Middle Attack




                                                  38
 Figure 8-16: Wireless man-in-the-middle attack
Other Wireless Attacks: Denial
of Service (DoS) Attack
  • Standard DoS attack attempts to make a server
    or other network device unavailable by flooding
    it with requests
    – Attacking computers programmed to request, but not
      respond
  • Wireless DoS attacks are different:
    – Jamming: Prevents wireless devices from
      transmitting
    – Forcing a device to continually dissociate and re-
      associate with AP
                                              39
Wireless Security
Solutions
  • IEEE 802.11a and 802.11b standards included
    WEP specification
     – Vulnerabilities quickly realized
     – Organizations implemented “quick fixes”
         • Did not adequately address encryption and authentication
  • IEEE and Wi-Fi Alliance started working on
    comprehensive solutions
     – IEEE 802.11i and Wi-Fi Protected Access (WPA)
         • Foundations of today’s wireless security


  CWNA Guide to Wireless LANs, Second Edition         40
WEP2

 • Attempted to overcome WEP limitations by
   adding two new security enhancements
    – WEP key increased to 128 bits
    – Kerberos authentication
        • User issued “ticket” by Kerberos server
        • Presents ticket to network for a service
            – Used to authenticate user
 • No more secure than WEP
    – Collisions still occur
    – New dictionary-based attacks available
 CWNA Guide to Wireless LANs, Second Edition         41
Dynamic WEP

 • Solves weak IV problem by rotating keys
   frequently
    – More difficult to crack encrypted packet
 • Uses different keys for unicast and broadcast
   traffic
    – Unicast WEP key unique to each user’s session
        • Dynamically generated and changed frequently
    – Broadcast WEP key must be same for all users on a
      particular subnet and AP


 CWNA Guide to Wireless LANs, Second Edition       42
Dynamic WEP (continued)




 Figure 9-1: Dynamic WEP
  CWNA Guide to Wireless LANs, Second Edition   43
Dynamic WEP (continued)

 • Can be implemented without upgrading device
   drivers or AP firmware
     – No-cost and minimal effort to deploy
 • Does not protect against man-in-the-middle
   attacks
 • Susceptible to DoS attacks




  CWNA Guide to Wireless LANs, Second Edition   44
IEEE 802.11i

 • Provides solid wireless security model
     – Robust security network (RSN)
     – Addresses both encryption and authentication
 • Encryption accomplished by replacing RC4 with
   a block cipher
     – Manipulates entire block of plaintext at one time
 • Block cipher used is Advanced Encryption
   Standard (AES)
     – Three step process
     – Second step consists of multiple rounds of encryption

  CWNA Guide to Wireless LANs, Second Edition   45
IEEE 802.11i (continued)




  Table 9-1: Time needed to break AES


  CWNA Guide to Wireless LANs, Second Edition   46
IEEE 802.11i (continued)
  • IEEE 802.11i authentication and key
    management is accomplished by IEEE 802.1x
    standard
     – Implements port security
         • Blocks all traffic on port-by-port basis until client
           authenticated using credentials stored on authentication
           server
  • Key-caching: Stores information from a device
    on the network, for faster re-authentication
  • Pre-authentication: Allows a device to become
    authenticated to an AP before moving to it
  CWNA Guide to Wireless LANs, Second Edition          47
IEEE 802.11i (continued)




  Figure 9-2: IEEE 802.1x
  CWNA Guide to Wireless LANs, Second Edition   48
Wi-Fi Protected Access (WPA)

    Temporal Key Integrity Protocol (TKIP)
    • TKIP was the first attempt to fix WEP security holes.
    • Not perfect solution to 802.11’s security, but better
      than WEP
    • TKIP uses RC4 encryption, same as WEP
    • WEP uses 64-bit & 128-bit keys, TKIP uses only
      128-bit keys
    • TKIP’s implementation of RC4 encryption is stronger
      than WEP’s
    • TKIP uses per-packet key mixing and automatic
      rekeying
Wi-Fi Protected Access (WPA)

  TKIP - Per Packet Key Mixing
  • Each station is assigned a static WEP key
    which is the same for all stations (same as
    in WEP)
  • This key is called the temporal key
  • Each stations combines this key with its six-
    byte MAC address to create an encryption
    key that is unique for each station
Wi-Fi Protected Access (WPA)

  TKIP - Per Packet Key Mixing
  • TKIP also uses a six-byte IV instead of
    WEP’s three-byte IV.
  • This is known as Phase 1 intermediate key
  • The second phase, the Phase 1
    intermediate key is run through a simple
    algorithm known as mixing algorithm to
    produce the encryption key for the frame.
    (makes it hard to determine if using WEP
    or not)
Wi-Fi Protected Access (WPA)

  TKIP - Automatic rekeying
  • TKIP provides a mechanism whereby a station’s
    temporal key can be periodically changed.
  • This is performed every 10,000 frames
  • Rekeying ensures that
     –No station has a temporal key long enough to exhaust
      the keystream associated with that key
     –No station has a temporal key long enough for an
      attacker to crack the key
     –If an attacker does crack the key it is only good for the
      balance of the current set of 10,000 frames
Wi-Fi Protected Access (WPA)

  TKIP
  • TKIP addresses replay attacks by
    enforcing sequence number ordering on
    frames
  • TKIP addresses frame forgery through use
    of a message integrity checksum (MIC)
  • This is a small eight-byte additional
    encryption method that detects if the frame
    has been modified
Wi-Fi Protected Access
(continued)




  Figure 9-3: Message Integrity Check (MIC)
  CWNA Guide to Wireless LANs, Second Edition   54
Wi-Fi Protected Access 2
(WPA2)
  • Second generation of WPA security
     – Based on final IEEE 802.11i standard
     – Uses AES for data encryption
     – Supports IEEE 802.1x authentication or PSK
       technology
     – Allows both AES and TKIP clients to operate in same
       WLAN




  CWNA Guide to Wireless LANs, Second Edition   55
Summary of Wireless
Security Solutions
  • Wi-Fi Alliance categorizes WPA and WPA2 by
    modes that apply to personal use and to larger
    enterprises




  Figure 9-4: Security timeline


  CWNA Guide to Wireless LANs, Second Edition   56
Summary of Wireless
Security Solutions (continued)




  Table 9-2: Wi-Fi modes




  Table 9-3: Wireless security solutions
  CWNA Guide to Wireless LANs, Second Edition   57
Transitional Security Model

  • Transitional wireless implementation
     – Should be temporary
         • Until migration to stronger wireless security possible
     – Should implement basic level of security for a WLAN
         • Including authentication and encryption




  CWNA Guide to Wireless LANs, Second Edition            58
Authentication: Shared
Key Authentication
  • First and perhaps most important step
     – Uses WEP keys
  • Networks that support multiple devices should
    use all four keys
     – Same key should not be designated as default on
       each device




  CWNA Guide to Wireless LANs, Second Edition   59
Authentication: SSID
Beaconing
  • Turn off SSID beaconing by configuring APs to
    not include it
     – Beaconing the SSID is default mode for all APs
  • Good practice to use cryptic SSID
     – Should not provide any information to attackers




  CWNA Guide to Wireless LANs, Second Edition   60
WEP Encryption

  • Although vulnerabilities exist, should be turned
    on if no other options for encryption are
    available
      – Use longest WEP key available
      – May prevent script kiddies or “casual” eavesdroppers
        from attacking




  Table 9-4: Transitional security model      61
Personal Security Model

 • Designed for single users or small office home
   office (SOHO) settings
     – Generally 10 or fewer wireless devices
 • Two sections:
     – WPA: Older equipment
     – WPA2: Newer equipment




  CWNA Guide to Wireless LANs, Second Edition   62
WPA Personal Security:
PSK Authentication
 • Uses passphrase (PSK) that is manually entered
   to generate the encryption key
     – PSK used as seed for creating encryption keys
 • Key must be created and entered in AP and also
   on any wireless device (“shared”) prior to (“pre”)
   the devices communicating with AP




  CWNA Guide to Wireless LANs, Second Edition   63
WPA Personal Security:
TKIP Encryption
 • TKIP is a substitute for WEP encryption
    – Fits into WEP procedure with minimal change
 • Device starts with two keys:
    – 128-bit temporal key
    – 64-bit MIC
 • Three major components to address vulnerabilities:
    – MIC
    – IV sequence
    – TKIP key mixing
 • TKIP required in WPA

                                                    64
WPA Personal Security: TKIP
Encryption




                                 65
  Figure 9-7: TKIP/MIC process
WPA2 Personal Security:
PSK Authentication
 • PSK intended for personal and SOHO users
   without enterprise authentication server
     – Provides strong degree of authentication protection
 • PSK keys automatically changed (rekeyed) and
   authenticated between devices after specified
   period of time or after set number of packets
   (10K) transmitted (rekey interval)
 • Employs consistent method for creating keys
     – Uses shared secret entered at AP and devices
         • Random sequence of at least 20 characters or 24
           hexadecimal digits
  CWNA Guide to Wireless LANs, Second Edition        66
WPA2 Personal Security:
AES-CCMP Encryption
 • WPA2 personal security model encryption
   accomplished via AES
 • AES-CCMP: Encryption protocol in 802.11i
     – CCMP based on Counter Mode with CBC-MAC
       (CCM) of AES encryption algorithm
     – CCM provides data privacy
     – CBC-MAC provides data integrity and authentication
 • AES processes blocks of 128 bits
     – Cipher key length can be 128, 192 and 256 bits
     – Number of rounds can be 10, 12, and 14
  CWNA Guide to Wireless LANs, Second Edition   67
WPA2 Personal Security:
AES-CCMP Encryption (continued)
  • AES encryption/decryption computationally
    intensive
      – Better to perform in hardware




  Table 9-5: Personal security model

                                        68
Enterprise Security Model

  • Most secure level of security that can be
    achieved today for wireless LANs
     – Designed for medium to large-size organizations
     – Intended for setting with authentication server
  • Like personal security model, divided into
    sections for WPA and WPA2
  • Additional security tools available to increase
    network protection


  CWNA Guide to Wireless LANs, Second Edition   69
WPA Enterprise Security:
IEEE 802.1x Authentication
  • Uses port-based authentication mechanisms
  • Network supporting 802.1x standard should
    consist of three elements:
     – Supplicant: Wireless device which requires secure
       network access
     – Authenticator: Intermediary device accepting
       requests from supplicant
         • Can be an AP or a switch
     – Authentication Server: Accepts requests from
       authenticator, grants or denies access

  CWNA Guide to Wireless LANs, Second Edition   70
WPA Enterprise Security:
IEEE 802.1x
Authentication (continued)




  Figure 9-8: 802.1x protocol



  CWNA Guide to Wireless LANs, Second Edition   71
WPA Enterprise Security:
IEEE 802.1x Authentication
(continued)
 • Supplicant is software on a client implementing
   802.1x framework
 • Authentication server stores list of names and
   credentials of authorized users
   – Remote Authentication Dial-In User Service
     (RADIUS) typically used
       • Allows user profiles to be maintained in central database that
         all remote servers can share


  CWNA Guide to Wireless LANs, Second Edition          72
WPA Enterprise Security:
IEEE 802.1x Authentication
  • 802.1x based on Extensible Authentication
    Protocol (EAP)
     – Several variations:
         •   EAP-Transport Layer Security (EAP-TLS)
         •   Lightweight EAP (LEAP)
         •   EAP-Tunneled TLS (EAP-TTLS)
         •   Protected EAP (PEAP)
         •   Flexible Authentication via Secure Tunneling (FAST)
     – Each maps to different types of user logons,
       credentials, and databases used in authentication

  CWNA Guide to Wireless LANs, Second Edition           73
WPA Enterprise Security:
TKIP Encryption
 • TKIP is a “wrapper” around WEP
     – Provides adequate encryption mechanism for WPA
       enterprise security
     – Dovetails into existing WEP mechanism
 • Vulnerabilities may be exposed in the future




  CWNA Guide to Wireless LANs, Second Edition   74
WPA2 Enterprise Security:
IEEE 802.1x Authentication
 • Enterprise security model using WPA2 provides
   most secure level of authentication and
   encryption available on a WLAN
 • IEEE 802.1x is strongest type of wireless
   authentication currently available
 • Wi-Fi Alliance certifies WPA and WPA2
   enterprise products using EAP-TLS
    – Other EAP types not tested, but should run a WPA or
      WPA2 environment

  CWNA Guide to Wireless LANs, Second Edition   75
WPA2 Enterprise Security:
AES-CCMP Encryption
 • AES: Block cipher that uses same key for
   encryption and decryption
     – Bits encrypted in blocks of plaintext
          • Calculated independently
     –   block size of 128 bits
     –   Three possible key lengths: 128, 192, and 256 bits
     –   WPA2/802.11i uses128-bit key length
     –   Includes four stages that make up one round
          • Each round is iterated 10 times


  CWNA Guide to Wireless LANs, Second Edition   76
WPA2 Enterprise Security:
AES-CCMP Encryption
(continued)




  Table 9-6: Enterprise security model




  CWNA Guide to Wireless LANs, Second Edition   77
Other Enterprise Security Tools:
Virtual Private Network (VPN)

  • Virtual private network (VPN): Uses a public,
    unsecured network as if it were private, secured
    network
  • Two common types:
     – Remote-access VPN: User-to-LAN connection used
       by remote users
     – Site-to-site VPN: Multiple sites can connect to other
       sites over Internet
  • VPN transmissions are achieved through
    communicating with endpoints
                                               78

				
DOCUMENT INFO