After studying chapter 4 you should be able to: Describe the basic IEEE 802.11 wireless security protections; define the vulnerabilities of open system authentication, WEP, and device authentication; describe the WPA and WPA2 personal security models; explain how enterprises can implement wireless security.
Trang 1
Wireless Network Security
Trang 2TJX Data Breach (Marshalls, T.J Maxx, HomeGoods, A.J Wright…)
Trang 3v Describe the WPA and WPA2 personal security models
v Explain how enterprises can implement wireless security
Trang 4
IEEE 802.11 Wireless Security
Protections
Trang 5v This work was called Project 802
v In 1990, the IEEE formed a committee to develop a standard for WLANs (Wireless Local Area Networks)
v At that time WLANs operated at a speed of 1 to 2 million bits per second (Mbps)
Trang 6IEEE 802.11 WLAN Standard
v In 1997, the IEEE approved the IEEE 802.11 WLAN standard
Trang 7Controlling Access to a WLAN
v Access is controlled by limiting a device’s access to the access point (AP)
v Only devices that are authorized can connect to the AP
v One way: Media Access Control (MAC) address filtering
v CSE uses this technique (unfortunately)
Trang 8Controlling Access
Trang 9MAC Address Filtering
Trang 10Wired Equivalent Privacy (WEP)
v Designed to ensure that only authorized parties can view transmitted wireless information
v Uses encryption to protect traffic
v WEP was designed to be:
v Efficient and reasonably strong
Trang 11WEP Keys
v WEP secret keys can be 64 or 128 bits long
v The AP and devices can hold up to four shared secret keys
v One of which must be designated as the default key
Trang 13WEP Encryption Process
Trang 14Transmitting with WEP
Trang 15v Shared key authentication
v Only lets computers in if they know the shared key
Trang 18
Vulnerabilities of
IEEE 802.11 Security
Trang 19Open System Authentication
v To connect, a computer needs
the SSID (network name)
v Routers normally send out
beacon frames announcing
the SSID
v Passive scanning
v A wireless device listens for a
beacon frame
Trang 20Turning Off Beaconing
v For "security" some people turn off beacons
v This annoys your legitimate users, who must now type in the SSID to connect
v It doesn't stop intruders, because the SSID is sent out in management frames anyway
v It can also affect roaming
v Windows XP prefers networks that broadcast
Trang 22MAC Address Filtering Weaknesses
v MAC addresses are transmitted in the clear
v An attacker can just sniff for MACs
v Managing a large number of MAC addresses is difficult
v MAC address filtering does not provide a means to temporarily allow a guest user to access the network
v Other than manually entering the user’s MAC address into the access point
Trang 23v The 24-bit IV is too short, and repeats before long
v In addition, packets can be replayed to force the access point to pump out IVs
Trang 25
Personal Wireless Security
Trang 26WPA Personal Security
v Wireless Ethernet Compatibility Alliance (WECA)
v A consortium of wireless equipment manufacturers and software providers
v WECA goals:
v To encourage wireless manufacturers to use the IEEE 802.11 technologies
v To promote and market these technologies
v To test and certify that wireless products adhere to the IEEE 802.11 standards to ensure product interoperability
Trang 27WPA Personal Security
v In 2002, the WECA organization changed its name to
Wi-Fi (Wireless Wi-Fidelity) Alliance
v In October 2003 the Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA)
v WPA had the design goal to protect both present and future wireless devices, addresses both wireless authentication and encryption
v PSK addresses authentication and TKIP addresses encryption
Trang 28WPA Personal Security
v Preshared key (PSK) authentication
v Uses a passphrase to generate the encryption key
v Key must be entered into both the access point and all wireless devices
v Prior to the devices communicating with the AP
v The PSK is not used for encryption
v Instead, it serves as the starting point (seed) for mathematically generating the encryption keys
Trang 29Temporal Key Integrity Protocol (TKIP)
v WPA replaces WEP with TKIP
v TKIP advantages:
v TKIP uses a longer 128-bit key
v TKIP uses a new key for each packet
Trang 30Message Integrity Check (MIC)
v WPA also replaces the (CRC) function in WEP with the Message Integrity Check (MIC)
v Designed to prevent an attacker from capturing, altering, and resending data packets
Trang 31WPA2 Personal Security
v Wi-Fi Protected Access 2 (WPA2)
v Introduced by the Wi-Fi Alliance in September 2004
v The second generation of WPA security
v Still uses PSK (Pre-Shared Key) authentication
v But instead of TKIP encryption it uses a stronger data encryption method called AES-CCMP
Trang 32WPA2 Personal Security
v PSK Authentication
v Intended for personal and small office home office users who
do not have advanced server capabilities
v PSK keys are automatically changed and authenticated between devices after a specified period of time known as the rekey interval
Trang 33PSK Key Management Weaknesses
v People may send the key by e-mail or another insecure method
v Changing the PSK key is difficult
v Must type new key on every wireless device and on all access points
v In order to allow a guest user to have access to a PSK WLAN, the key must be given to that guest
Trang 34Pre-Shared Key Weakness
v A PSK is a 64-bit hexadecimal number
v Usually generated from a passphrase
v Consisting of letters, digits, punctuation, etc that is between 8 and 63 characters in length
v If the passphrase is a common word, it can be found with
a dictionary attack
Trang 35Cracking WPA
Trang 37WPA2 Personal Security
Trang 38WPA and WPA2 Compared
Trang 39
Enterprise Wireless Security
Trang 40IEEE 802.11i
v Improves encryption and authentication
v Encryption
v Replaces WEP’s original PRNG RC4 algorithm
v With a stronger cipher that performs three steps on every block (128 bits) of plaintext
Trang 41802.1x Authentication
Trang 42IEEE 802.11i
v Key-caching
v Remembers a client, so if a user roams away from a wireless access point and later returns, she does not need to re-enter her credentials
Trang 43WPA Enterprise Security
v Designed for medium to large-size organizations
v Improved authentication and encryption
v The authentication used is IEEE 802.1x and the encryption
is TKIP
Trang 44WPA Enterprise Security
v An improvement on WEP encryption
v Designed to fit into the existing WEP procedure
Trang 45WPA2 Enterprise Security
v The most secure method
v Authentication uses IEEE 802.1x
v Encryption is AES-CCMP
Trang 46Enterprise & Personal Wireless Security Models
Trang 47Enterprise Wireless Security Devices
v Thin Access Point
v An access point without the authentication and encryption functions
v These features reside on the wireless switch
v Advantages
v The APs can be managed from one central location
v All authentication is performed in the wireless switch
Trang 48Enterprise Wireless Security Devices
Trang 49v Wireless VLANs
v Can segment traffic and increase security
v The flexibility of a wireless VLAN depends on which device separates the packets and directs them to different networks
Trang 52Enterprise Wireless Security Devices
v For enhanced security, set up two wireless VLANs
v One for employee access
v One for guest access
Trang 53Rogue Access Point Discovery Tools
v Wireless protocol analyzer
v Auditors carry it around sniffing for rogue access points
v For more security, set up wireless probes to monitor the
RF frequency
Trang 54Types of Wireless Probes
v Wireless device probe
v Desktop probe
v Access point probe
v Dedicated probe