Wireless Network Concepts 197802.11i Authentication The current IEEE 802.11 standard is severely limited because it is avail-able only for the current open and shared-key authentication
Trang 1FIGurE 5.10 Shared-Key Authentications.
The requestor receives the transmission,
3
encrypts the challenge with the secret key, and transmits the encrypted challenge back
to the authenticator
The authenticator decrypts the challenge text
4
and compares the values against the original
If they match, the requestor is authenticated
On the other hand, if the requestor does not have the shared key, the cipher stream cannot be reproduced, therefore the plaintext cannot be discovered, and theoretically the transmission is secured
One of the greatest weaknesses in shared-key authen-tication is that it provides an attacker with enough information to try and crack the WEP secret key The challenge, which is sent from authenticator to requestor,
is sent in the clear form The requesting client then trans-mits the same challenge, encrypted using the WEP secret key, back to the authenticator An attacker who captures both of these packets now has two pieces of a three-piece puzzle: the cleartext challenge and the encrypted cipher-text of that challenge The algorithm RC4 is also known All that is missing is the secret key To determine the key, the attacker may simply try a brute force search of the potential key space using a dictionary attack At each step, the attacker tries to decrypt the encrypted challenge with a dictionary word as the secret key The result is then compared against the authenticator’s challenge If the two match, then the secret key has been determined
In cryptography, this attack is termed a known-plaintext
attack and is the primary reason why shared-key authen-tication is actually considered slightly weaker than open authentication
Test day Tip
Although the Network exam does not cover the authentication process in great detail,
it is important to remember the two authentication mechanisms in the 802.11 standard: open and shared-key.
{
dup xcheck 1 index type /operatortype ne and {
bind
end
newpath
} def
/terminate
{
end
end
} def
/_
null def
/ddef
{
Adobe_Illustrator_AI5_vars 3 1 roll put } def
/xput
{
dup load dup length exch maxlength eq {
dup dup load dup length 2 mul dict copy def
load begin
def
end
} def
/npop
{
{ pop
} def
/hswj
{
dup stringwidth 3 2 roll {
_hvwb eq { exch _hvcx add exch _hvcy add } if exch _hvax add exch _hvay add
} cforall
Trang 2Wireless Network Concepts 197
802.11i Authentication
The current IEEE 802.11 standard is severely limited because it is
avail-able only for the current open and shared-key authentication scheme, which
is nonextensible To address the weaknesses in the authentication
mech-anisms discussed earlier, several vendors (including Cisco and Microsoft)
adopted the IEEE 802.11i authentication mechanism for wireless networks
The IEEE 802.11i standard was created for the purpose of providing a
secu-rity framework for port-based access control that resides in the upper layers
of the protocol stack The most common method for port-based access
con-trol is to enable new authentication and key management methods without
changing current network devices The benefits that are the end result of
this work include the following:
There is a significant decrease in hardware cost and complexity
1
There are more options, allowing administrators to pick and
2
choose their security solutions
The latest and greatest security technology can be installed and
3
should still work with the existing infrastructure
You can respond quickly to security issues as they arise
4
When a client device connects to a port on an 802.11i-capable AP,
the AP port determines the authenticity of the devices Before discussing
the workings of the 802.11i standard, the following terminology must be
defined:
■
■ Port A single point of connection to a network.
■
■ Port Access Entity (PAE) Controls the algorithms and protocols
that are associated with the authentication mechanisms for a port
■
■ Authenticator PAE Enforces authentication before allowing access
to resources located off of that port
■
■ Supplicant PAE Tries to access the services that are allowed by the
authenticator
■
■ Authentication Server Used to verify the supplicant PAE It
decides whether or not the supplicant is authorized to access the
authenticator
■
■ Extensible Authentication Protocol Over LAN (EAPoL) 802.11i
defines a standard for encapsulating EAP messages so that they
can be handled directly by a LAN MAC service 802.11i tries to
Trang 3make authentication more encompassing, rather than enforcing specific mechanisms on the devices Because of this, 802.111i uses Extensible Authentication Protocol (EAP) to receive authentication information
■
■ Extensible Authentication Protocol Over Wireless (EAPoW) When
EAPoL messages are encapsulated over 802.11 wireless frames, they are known as EAPoW
The 802.11i standard works in a similar fashion for both EAPoL and EAPoW As shown in Figure 5.11, the EAP supplicant (in this case, the wire-less client) communicates with the AP over an “uncontrolled port.” The AP sends an EAP Request/Identity to the supplicant and a Remote Authentication Dial-In User Service (RADIUS)-Access-Request to the RADIUS access server The supplicant then responds with an identity packet and the RADIUS server sends a challenge based on the identity packets sent from the supplicant The supplicant provides its credentials in the EAP-Response that the AP forwards
to the RADIUS server If the response is valid and the credentials validated, the RADIUS server sends a RADIUS-Access-Accept to the AP, which then allows the supplicant to communicate over a “controlled” port This is com-municated by the AP to the supplicant in the EAP-Success packet
head of the Class…
so what exactly are 802.1x and 802.11x?
Wireless provides convenience and mobility, but also
poses massive security challenges for network
admin-istrators, engineers, and security administrators
Secu-rity for 802.11 networks can be broken down into three
distinct components:
The authentication mechanism
■
The authentication algorithm
■
Data frame encryption
Current authentication in the IEEE 802.11 standard
is focused more on wireless LAN connectivity than on verifying user or station identity Because wireless can potentially scale very high in the sheer number of pos-sible users, it is important to consider a centralized way
to have user authentication This is where the IEEE
802.1x standard comes into play.
figure 5.11
EAP over LAN (EAPoL)
Traffic Flow.
Trang 4Wireless Network Concepts 199
user Identification and strong Authentication
With the addition of the 802.1x standard, clients are identified by username,
not by the MAC addresses of the devices This design not only enhances
security, but also streamlines the process of authentication, authorization,
and accountability (AAA) for the network 802.1x was designed to support
extended forms of authentication using password methods (such as one-time
passwords, or GSS_API mechanisms like Kerberos) and nonpassword
meth-ods (such as biometrics, Internet Key Exchange [IKE], and Smart Cards)
Dynamic Key Derivation
The IEEE 802.1x standard allows for the creation of per-user session keys
WEP keys do not have to be kept at the client device or at the AP when using
802.1x These WEP keys are dynamically created at the client for every
ses-sion, thus making it more secure The Global key, like a broadcast WEP key,
can be encrypted using a Unicast session key, and then sent from the AP to
the client in a much more secure manner
Mutual Authentication
802.1x and EAP provide for a mutual authentication capability This makes
the clients and the authentication servers mutually authenticating end
points, and assists in the mitigation of attacks from man-in-the-middle
(MITM) types of devices Any of the following EAP methods provide for
mutual authentication:
■
■ TLS Requires that the server supply a certificate and establish that
it has possession of the private key
■
■ IKE Requires that the server show possession of a preshared key or
private key (this can be considered certificate authentication)
■
■ GSS_API (Kerberos) Requires that the server can demonstrate
knowledge of the session key
Per-Packet Authentication
EAP can support per-packet authentication and integrity protection, but it is
not extended to all types of EAP messages For example, negative
acknowl-edgment (NACK) and notification messages cannot use per-packet
authen-tication and integrity Per-packet authenauthen-tication and integrity protection
works for the following (packet is encrypted unless otherwise noted):
TLS and IKE derive session key
■
■
TLS cipher suite negotiations (not encrypted)
■
■
Trang 5IKE cipher suite negotiations
■
■ Kerberos tickets
■
■ Success and failure messages that use a derived session key
■
■ (through WEP)
CoMMoN ExploITS oF wIrElESS NETworKS
In general, attacks on wireless networks fall into four basic categories: pas-sive, active, MITM, and jamming
passive Attacks on wireless Networks
A passive attack occurs when someone listens to or eavesdrops on network traffic Armed with a wireless network adaptor that supports promiscu-ous mode, the eavesdropper can capture network traffic for analysis using readily available tools, such as Network Monitor in Microsoft products, or TCPDump in Linux-based products, or AirSnort (developed for Linux, but Windows drivers can be written) A passive attack on a wireless network may not be malicious in nature In fact, many in the wardriving community claim their wardriving activities are benign or educational in nature Wireless com-munication takes place on unlicensed public frequencies – anyone can use these frequencies This makes protecting a wireless network from passive attacks more difficult
Note
Although it may seem that we are deviating from the topic of networking here, the opposite is indeed the case Security, especially in the case of wireless networking, is of paramount importance to you in your duties, planning, implementing, and maintaining any network That said, we are likely diving a bit deeper in this section than you will likely
be tested on during your Network exam.
dAMAGE ANd dEFENSE…
preventing dictionary Attacks using EAp
EAP was designed to support extended
authentica-tion When implementing EAP, dictionary attacks can
be avoided by using nonpassword-based schemes
such as biometrics, certificates, OTP, Smart Cards, and
token cards Using a password-based scheme should require the use of some form of mutual authentication
so that the authentication process is protected against dictionary attacks.
Trang 6Common Exploits of Wireless Networks 201
Passive attacks are by their very nature difficult to detect If an
adminis-trator is using Dynamic Host Control Protocol (DHCP) on the wireless
net-work (this is not recommended), he or she might notice that an authorized
MAC address has acquired an IP address in the DHCP server logs Then
again, he or she might not Perhaps the administrator notices a
suspicious-looking car sporting an antenna out of one of its windows If the car is parked
on private property, the driver could be asked to move or possibly charged
with trespassing, but the legal response is severely limited Only if it could
be determined the wardriver was actively attempting to crack any encryption
used on the network or otherwise interfering or analyzing wireless traffic
with malicious intent would he or she be susceptible to being charged with
a data-related crime, but this would depend on the country or state in which
the activity took place
Passive attacks on wireless networks are extremely common, almost to
the point of being ubiquitous Detecting and reporting on wireless networks
has become a popular hobby for many wireless wardriving enthusiasts In
fact, this activity is so popular that a new term, “war plugging,” has emerged
to describe the behavior of people who actually wish to advertise both the
availability of an AP and the services they offer by configuring their SSIDs
with text such as “Get_food_here”!
Detecting Wireless Networks
Utilizing new tools created for wireless networks and the existing
identi-fication and attack techniques and utilities originally designed for wired
networks, attackers have many avenues into a wireless network The first
step in attacking a wireless network involves finding a network to attack
The most popular software developed to identify wireless networks was
NetStumbler (www.netstumbler.com) NetStumbler is a Windows
applica-tion that listens for informaapplica-tion, such as the SSID, being broadcast from
APs that have not disabled the broadcast feature When it finds a network,
it notifies the person running the scan and adds it to the list of found
networks
As people began to drive around their towns and cities looking for
wire-less networks, NetStumbler added features such as pulling coordinates from
Global Positioning System (GPS) satellites and plotting the information on
mapping software This method of finding networks is reminiscent of the
method hackers used to find computers when they had only modems to
communicate They ran programs designed to search through all possible
phone numbers and call each one, looking for a modem to answer This type
of scan was typically referred to as wardialing; driving around looking for
wireless networks is known as wardriving.
Trang 7Similar tools are available for Linux and other UNIX-based OSs These tools contain additional utilities that hackers use to attack hosts and networks once access is found A quick search on www.freshmeat net or www.packetstormsecurity.com for “802.11” reveals several network identification tools, as well as tools used to configure and monitor wireless network connections
using Netstumbler
The NetStumbler program works primarily with wireless network adaptors that use the Hermes chipset, because of its ability to detect multiple APs that are within range and WEP, among other features (a list of supported adaptors
is available at the NetStumber Web site) The most common card that uses the Hermes chipset for use with NetStumbler is the ORiNOCO gold card Another advantage of the ORiNOCO card is that it supports the addition
of an external antenna, which can greatly extend the range of a wireless network by many orders of magnitude, depending on the antenna
A disadvantage of the Hermes chipset is that it doesn’t support promis-cuous mode, so it cannot be used to sniff network traffic For that purpose, you need a wireless network adaptor that supports the PRISM2 chipset The majority of wireless network adaptors targeted for the consumer market use this chipset (for example, the Linksys WPC network adaptors) Sophisticated wardrivers will arm themselves with both types of cards, one for discovering wireless networks and another for capturing the traffic
Despite the fact that NetStumbler is free, it is a sophisticated and feature-rich product that is excellent for performing wireless site surveys, whether for legitimate purposes or not Not only can it provide detailed information
on the wireless networks it detects, but it can also be used in combina-tion with a GPS to provide exact details on the latitude and longitude of the detected wireless networks Figure 5.12 shows the interface of a typical NetStumbler session
Note
Wardrivers often make their own Yagi-type (tubular or cylindrical) antenna Instructions for doing so are easy to find on the Internet, and effective antennas have been made out
of such items as Pringles potato chip cans Another type of antenna that can be easily homemade is the dipole, which is basically a piece of wire of a length that’s a multiple of the wavelength, cut in the center and attached to a piece of cable that is connected to the wireless network interface card (NIC).
Trang 8Common Exploits of Wireless Networks 203
As you can see in Figure 5.12, NetStumbler displays information on the
SSID, the channel, and the manufacturer of the wireless AP There are a few
things that are particularly noteworthy about this session The first is that
a couple of APs are still configured with the default SSID supplied by the
manufacturer, which should always be changed to a non-default value upon
setup and configuration Another is that at least one network uses an SSID
that may provide a clue about the entity that has implemented it; again, this
is not a good practice when configuring SSIDs Finally, we can see which of
these networks have implemented WEP
If the network administrator has been kind enough to provide a clue about
the company in the SSID or is not encrypting traffic with WEP, the potential
eavesdropper’s job is made a lot easier Using a tool such as NetStumbler
is only a preliminary step for the attacker After discovering the SSID and
other information, the attacker can connect to the wireless network to sniff
and capture network traffic This network traffic can reveal a lot of
informa-tion about the network and the company that uses it For example, looking
at the network traffic, the attacker can determine which DNS servers are
being used, the default home pages configured on browsers, network names,
logon traffic, and so on The attacker can use this information to determine
FIGurE 5.12
Discovering Wireless LANs Using NetStumbler.
Trang 9if the network is of sufficient interest to proceed further with other attacks Furthermore, if the network is using WEP, the attacker can, given enough time, capture a sufficient amount of traffic to crack the encryption
NetStumbler works on networks that are configured as open systems
This means that the wireless network indicates that it exists and will respond with the value of its SSID to other wireless devices when they send out a
radio beacon with an empty set SSID This does not mean, however, that the wireless network can be easily compromised, if other security measures
have been implemented
Protecting Against Wireless Network Detection
To defend against the use of NetStumbler and other programs to detect a wireless network easily, administrators should configure the wireless network
as a closed system This means that the AP will not respond to empty set
SSID beacons and will consequently be “invisible” to programs such as NetStumbler, which rely on this technique to discover wireless networks However, it is still possible to capture the raw 802.11 frames and decode them through the use of programs such as ethereal and Wild Packet’s AiroPeek to determine this information As well, RF spectrum analyzers can be used to discover the presence of wireless networks Notwithstanding this weakness
of closed systems, you should choose wireless APs that support this feature
Sniffing
Originally conceived as a legitimate network and traffic analysis tool, sniffing remains one of the most effective techniques in attacking a wireless network, whether it’s to map the network as part of a target reconnaissance, to grab passwords, or to capture unencrypted data
Sniffing is the electronic form of eavesdropping on the communications
that computers transmit across networks In early networks, the equipment that connected machines together allowed every machine on the network
to see the traffic of all others These devices, repeaters and hubs, were very successful for getting machines connected, but allowed an attacker easy access to all traffic on the network because the attacker only needed to connect to one point to see the entire network’s traffic
Wireless networks function very similarly to the original repeaters and hubs Every communication across the wireless network is viewable to anyone who happens to be listening to the network In fact, the person who is listening does not even need to be associated with the network in order to sniff!
The hacker has many tools available to attack and monitor a wireless network A few of these tools are AiroPeek (www.wildpackets.com/products/ airopeek) in Windows, Ethereal in Windows, UNIX, or Linux, and TCPDump
Trang 10Common Exploits of Wireless Networks 205
or ngrep (http://ngrep.sourceforg.net) in a UNIX or Linux environment
These tools work well for sniffing both wired and wireless networks
All of these software packages function by putting your network card in what
is called promiscuous mode When the NIC is in this mode, every packet that
goes past the interface is captured and displayed within the application window
If the attacker is able to acquire a WEP key, he or she can then utilize features
within AiroPeek and Ethereal to decrypt either live or post-capture data
By running NetStumbler, or other software that can perform the same
function, hackers are able to find possible targets Once a hacker has found
possible networks to attack, one of the first tasks is to identify the target
Many organizations are “nice” enough to include their names or addresses
in the network name
Even if the network administrator has configured his or her equipment
in such a way as to hide this information, there are tools available that can
determine this information Utilizing any of the aforementioned network
sniffing tools, an attacker can easily monitor the unencrypted network
Figure 5.13 shows a network sniff of the traffic on a wireless network From
this session, it is simple to determine the DNS server and the default search
domain and default Web home page With this information, an attacker can
easily identify a target and determine if it is worth attacking
FIGurE 5.13
Sniffing with Ethereal.