Wireless Security Wireless application protocol • Wireless application protocol (WAP) is an application environment and set of communication protocols for wireless devices designed to enable manufacturer-, vendor-, and technology-independent access to the Internet and advanced telephony services. WEP • Short for Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. WEP • LANs are inherently more secure than WLANs because LANs are somewhat protected by the physicalities of their structure, having some or all part of the network inside a building that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP • WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security. 802.11x • 802.11x refers to a group of evolving wireless local area network (WLAN) standards that are under development as elements of the IEEE 802.11 family of specifications, but that have not yet been formally approved or deployed. 802.11x • As of August 2004, these incomplete standards included the following: • 802.11e -- Adds Quality of Service (QoS) features to existing 802.11 family specifications • 802.11f -- Adds Access Point Interoperability to existing 802.11 family specifications 802.11x • 802.11h -- Resolves interference issues with existing 802.11 family specifications • 802.11j -- Japanese regulatory extensions to 802.11 family specifications • 802.11k -- Radio resource measurement for 802.11 specifications so that a wireless network can be used more efficiently 802.11x • 802.11m -- Enhanced maintenance features, improvements, and amendments to existing 802.11 family specifications • 802.11n -- Next generation of 802.11 family specifications, with throughput in excess of 100 Mbps 802.11x • These standards are being developed with the goal that they support all the 802.11 family specifications in current use. • 802.11x is also sometimes used as a generic term for any existing or proposed standard of the 802.11 family. WTLS • Wireless security is not much different from wired security. You want several things from security, wired or not: authenticate whom you are talking to, secure the data as it travels from the handheld device to the destination host, and ensure that the traffic hasn't been altered en route. WTLS • Wireless Transport Layer Security (WTLS) is the security level for Wireless Application Protocol (WAP) applications. Based on Transport Layer Security (TLS) v1.0 (a security layer used in the Internet, equivalent to Secure Socket Layer 3.1). WTLS • WTLS was developed to address the problematic issues surrounding mobile network devices - such as limited processing power and memory capacity, and low bandwidth - and to provide adequate authentication, data integrity and privacy protection mechanisms. WTLS • Wireless transactions, such as those between a user and their bank, require stringent authentication and encryption to ensure security to protect the communication from attack during data transmission. Because mobile networks do not provide end-to-end security, TLS had to be modified to address the special needs of wireless users. WTLS • Designed to support datagrams in a high latency, low bandwidth environment, WTLS provides an optimised handshake through dynamic key refreshing, which allows encryption keys to be regularly updated during a secure session. SSID • Short for service set identifier, a 32- character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect. SSID • The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific • Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. Vulnerabilities • Wired Equivalent Privacy (WEP), part of the IEEE's 802.11 standard, was supposed to neutralize wireless' vulnerabilities by adding encryption and access control. But recent developments demonstrate that WEP is about as strong as a wet paper bag. Vulnerabilities • "WEP is insecure in just about every way you could be afraid of," says Dave Wagner, cryptography expert and assistant professor of computer science at the University of California, Berkeley. He and colleagues Nikita Borisov and Ian Goldberg were one of several groups that discovered exploitable holes in both the 40-bit and 128-bit versions of WEP. " Vulnerabilities • You can eavesdrop on WEP sessions, you can tamper with transmitted packets, you can bypass the access control to gain access to the network," he says. • The most troubling attack was posited in a paper by researchers Fluhrer, Mantin, and Shamir, who suggested a way to recover the shared secret key that WEP uses to encrypt traffic between the access point and a client. The paper was merely theoretical until three AT&T Labs researchers tried the attack. Vulnerabilities • The problem lies in the way WEP handles RC4, the underlying cryptographic algorithm. "They started with a good encryption algorithm and mis-applied it," says Wagner. • As is usually the case, this high-level research has condensed itself into easily-used attack tools such as AirSnort and WEPCrack, which let even low-skilled attackers decipher WEP- encrypted data. Vulnerabilities • Using AirSnort, "an attacker can break the cryptography by listening to about 15 minutes of network transmissions," says Wagner. "Someone sitting in a van in your parking lot could use the attack to eavesdrop on your traffic. Once this attack is finished, the bad guy learns your encryption keys." Vulnerabilities • Besides deciphering data, possession of the key gives an attacker access to the wireless network, which may expose systems on the wired network, such as workstations, production servers, databases, and other rich pickings. • But before you start yanking NICs out of laptops, experts say that wireless LANs can be safe, as long as you don't rely on WEP. Vulnerabilities • According to John Pescatore, research director for Internet security at the Gartner Group, major vendors of wireless products such as Cisco Systems and Agere Orinco have added their own security measures. One measure is dynamic key management, in which the access point frequently changes the encryption key. Vulnerabilities • You can purchase security solutions from smaller companies such as Colubris, Bluesocket, Proxim, and Funk Software, to add to your present wireless infrastructure. These solutions layer strong authentication and encryption over your wireless traffic. • Alternatively, you can treat your wireless network the same way you would the Internet. Vulnerabilities • Ensure that wireless traffic entering your corporate network has to pass through a firewall first. Also, "wherever you have a wireless access point, put a VPN server behind it," says Pescatore. "When I connect to the access point, I'm behind this VPN server that I have to authenticate to, just the way I would over the Internet." An IPSec- compatible VPN provides much stronger authentication and encryption than WEP. Vulnerabilities • However, it also requires installing additional VPN gateways and clients, as well as assuming the subsequent administrative costs. • Even if you tighten wireless security or your company won't install a wireless LAN, don't think you've dodged this bullet. "Wireless base stations are becoming so cheap, employees can go buy a hundred-dollar access point and plug it in to the corporate network without telling anyone," says Wagner. Vulnerabilities • These "rogue" access points blow a huge hole in your carefully constructed defenses. Besides operating without administrative controls, the default configurations for most access points don't even have WEP turned on. Pescatore recommends that administrators regularly sweep their buildings for unauthorized base stations. Hacker tools or commercial products such as Network Associates' Sniffer Wireless can hunt down these rogue elements. Vulnerabilities DoS and Distributed DoS (DDoS) attacks are well understood. The perpetrator bombards a target with more traffic than it can handle. The bad traffic prevents legitimate users from accessing the resources under attack. Site surveys • A site survey is part of an audit done on wireless networks. • Site surveys allow system and network administrators to determine the extent (wireless range) beyond the physical boundaries of their buildings Site survey • Typically, a site survey uses the same tools an attacker uses, such as a sniffer and a WEP cracking tool (for 802.11 network site surveys) • The sniffer can be either Windows-based such as NetStumbler or UNIX/Linux-based such as Kismet. For WEP cracking AirSnort is recommended Other Tools • Directional antenna can be used to allow wireless network auditors the ability to determine how far an attacker can realistically be from the source of the wireless network transmissions in order to receive from and transmit to the network.
Pages to are hidden for
"Wireless Security 26ppt - Wireless Security"Please download to view full document