Securing wireless network

Security Over Wireless NetworkSecurity Over Wireless Network
BY
SYED UBAID ALI
JAFRI
Information Security Expert
CEO
UJ Consultant & Solution Provider
http://www.ujconsultant.com

Securing a Wireless NetworkSecuring a Wireless Network
Wireless networks are rapidly becoming pervasive.Wireless networks are rapidly becoming pervasive.
 How many of you have web-enabled cell phones?How many of you have web-enabled cell phones?
 How many of you have networked PDAs andHow many of you have networked PDAs and
Pocket PCs?Pocket PCs?
 How many of you have laptops with wirelessHow many of you have laptops with wireless
network cards?network cards?
 How many of you have wireless networks at work?How many of you have wireless networks at work?
at home? at home?
 How many of you use wireless networks when youHow many of you use wireless networks when you
are out and about?are out and about?

Of those of you who have wireless devices,Of those of you who have wireless devices,
how many of you:how many of you:
 protect your wireless device with aprotect your wireless device with a
password?password?
 encrypt the data in your wireless device?encrypt the data in your wireless device?
 employ any type of security with youremploy any type of security with your
wireless device?wireless device?
 employ security with your wirelessemploy security with your wireless
network?network?

 Wireless TechnologyWireless Technology
 Security Vulnerabilities with Wireless NetworksSecurity Vulnerabilities with Wireless Networks
 Wireless Security SolutionsWireless Security Solutions
 PrecautionsPrecautions

Most wireless networks today use the 802.11 standard forMost wireless networks today use the 802.11 standard for
communication. 802.11b became the standard wirelesscommunication. 802.11b became the standard wireless
ethernet networking technology for both business andethernet networking technology for both business and
home in 2000. The IEEE 802.11 Standard is anhome in 2000. The IEEE 802.11 Standard is an
interoperability standard for wireless LAN devices, thatinteroperability standard for wireless LAN devices, that
identifies three major distribution systems for wirelessidentifies three major distribution systems for wireless
data communication:data communication:
 Direct Sequence Spread Spectrum (DSSS) RadioDirect Sequence Spread Spectrum (DSSS) Radio
TechnologyTechnology
 Frequency Hopping Spread Spectrum (FHSS) RadioFrequency Hopping Spread Spectrum (FHSS) Radio
TechnologyTechnology
 Infrared TechnologyInfrared Technology

Independent Basic Service SetIndependent Basic Service Set (IBSS) -(IBSS) -
computers talk directly to each othercomputers talk directly to each other

[Basic Service Set (BSS)] Network - all traffic passes[Basic Service Set (BSS)] Network - all traffic passes
through a wireless access pointthrough a wireless access point

Extended Service SetExtended Service Set (ESS)(ESS) Network -Network -
traffic passes through multiple wireless access pointstraffic passes through multiple wireless access points

Over view Simulation of WirelessOver view Simulation of Wireless
NetworkNetwork

IEEE 802.11b specificationIEEE 802.11b specification
• wireless transmission of approximately 11 Mbps of rawwireless transmission of approximately 11 Mbps of raw
datadata
• indoor distances from several dozen to several hundredindoor distances from several dozen to several hundred
feetfeet
• outdoor distances of several to tens of milesoutdoor distances of several to tens of miles
• use of the 2.4 GHz band.use of the 2.4 GHz band.
• 802.11b appeared in commercial form in mid-1999.802.11b appeared in commercial form in mid-1999.
• Wireless Ethernet Compatibility Alliance (WECA)Wireless Ethernet Compatibility Alliance (WECA)
certifies equipment as conforming to the 802.11bcertifies equipment as conforming to the 802.11b
standard, and allows compliant hardware to be stampedstandard, and allows compliant hardware to be stamped
Wi-Fi compatible.Wi-Fi compatible.
• wireless NICs transmit in the range of 11, 5.5, 2 and 1wireless NICs transmit in the range of 11, 5.5, 2 and 1
Mbit/s at a frequency of 2.4 GHz.Mbit/s at a frequency of 2.4 GHz.
• 802.11b is a half duplex protocol802.11b is a half duplex protocol

• Multiple 802.11b access points can operate in the sameMultiple 802.11b access points can operate in the same
overlapping area over different channels, which areoverlapping area over different channels, which are
subdivisions for the 2.4 GHz band. There are 14 channels,subdivisions for the 2.4 GHz band. There are 14 channels,
which are staggered at a few megahertz intervals, fromwhich are staggered at a few megahertz intervals, from
2.4000 to 2.4835 GHz. Only channels 1, 6, and 11 have no2.4000 to 2.4835 GHz. Only channels 1, 6, and 11 have no
overlap among them.overlap among them.
• cards equipped with the Wired Equivalent Privacy (WEP)cards equipped with the Wired Equivalent Privacy (WEP)
data encryption, based on the 64 bit RC4 encryptiondata encryption, based on the 64 bit RC4 encryption
algorithm as defined in the IEEE 802.11b standard onalgorithm as defined in the IEEE 802.11b standard on
wireless LANs. In addition, there are more expensivewireless LANs. In addition, there are more expensive
cards that are able to use 128 bit encryption. All yourcards that are able to use 128 bit encryption. All your
nodes must be at the same encryption level with the samenodes must be at the same encryption level with the same
key to operate.key to operate.

 Any network adapter coming within range of anotherAny network adapter coming within range of another
802.11b network adapter or access point can instantly802.11b network adapter or access point can instantly
connect and join the network unless WEP – wirelessconnect and join the network unless WEP – wireless
encryption protocol – is enabled. WEP is secure enoughencryption protocol – is enabled. WEP is secure enough
for most homes and business’ but don’t think it can’t befor most homes and business’ but don’t think it can’t be
hacked. There are several flaws in WEP making ithacked. There are several flaws in WEP making it
unusable for high security applications. At this point, itunusable for high security applications. At this point, it
takes some serious hacking abilities to bust into a WEPtakes some serious hacking abilities to bust into a WEP
enabled network so home users should not worry.enabled network so home users should not worry.
 Full strength 802.11b signal will get you about 3.5-4.5Full strength 802.11b signal will get you about 3.5-4.5
Mbps without WEP enabled. With WEP enabled, expectMbps without WEP enabled. With WEP enabled, expect
2.5-3.5 Mbps. As you put walls and distance between your2.5-3.5 Mbps. As you put walls and distance between your
wireless adapter and your access point, your speed willwireless adapter and your access point, your speed will
drop. Don’t expect to put more than a few walls betweendrop. Don’t expect to put more than a few walls between
you and your access point.you and your access point.

IEEE 802.11a specificationIEEE 802.11a specification
 Within the last year, devices that comply with theWithin the last year, devices that comply with the
802.1a standard (54 Mbps over the 5 GHz band)802.1a standard (54 Mbps over the 5 GHz band)
have been released. 802.11a also has 12 channelshave been released. 802.11a also has 12 channels
(eight in the low part of the band and four in the(eight in the low part of the band and four in the
upper) which do not overlap, allowing denserupper) which do not overlap, allowing denser
installations. 802.11a's range is apparently less,installations. 802.11a's range is apparently less,
but it can often transmit at higher speeds atbut it can often transmit at higher speeds at
similar distances compared to 802.11b.similar distances compared to 802.11b.
 802.11a devices use the same Wired Equivalent802.11a devices use the same Wired Equivalent
Privacy (WEP) security. Some vendors, such asPrivacy (WEP) security. Some vendors, such as
Orinoco and Proxim, have included configurableOrinoco and Proxim, have included configurable
(albeit non-standard) high-encryption capabilities(albeit non-standard) high-encryption capabilities
into their access points to prevent simple WEPinto their access points to prevent simple WEP
cracking.cracking.

IEEE 802.11g… specificationIEEE 802.11g… specification
 802.11g devices (54 Mbps over 2.4 GHz) will be802.11g devices (54 Mbps over 2.4 GHz) will be
released in mid-2003. 802.11g features backwardsreleased in mid-2003. 802.11g features backwards
compatibility with 802.11b, and offers threecompatibility with 802.11b, and offers three
additional encodings (one mandatory, twoadditional encodings (one mandatory, two
optional) that boost its speed.optional) that boost its speed.
 Several related IEEE protocols address security,Several related IEEE protocols address security,
quality of service, and adaptive signal usequality of service, and adaptive signal use
(802.11e, h, and i, among others). : 802.11i will(802.11e, h, and i, among others). : 802.11i will
offer additional security for 802.11. This standardoffer additional security for 802.11. This standard
will replace WEP and build on IEEE 802.1X.will replace WEP and build on IEEE 802.1X.
 IEEE 802.1x is a standard for passing EAP over aIEEE 802.1x is a standard for passing EAP over a
wired or wireless LANwired or wireless LAN

Security VulnerabilitiesSecurity Vulnerabilities
 packet sniffing - war drivers; higain antennapacket sniffing - war drivers; higain antenna
 War Driver Map of LAWar Driver Map of LA
 Antenna on the Cheap (er, Chip) - Pringle's can antennaAntenna on the Cheap (er, Chip) - Pringle's can antenna
 Coffee Can AntennaCoffee Can Antenna
 resource stealing - using a valid station's MAC addressresource stealing - using a valid station's MAC address
 traffic redirection - modifying ARP tablestraffic redirection - modifying ARP tables
 rogue networks and station redirection [networkrogue networks and station redirection [network
administrators also rely on manufacturers' default Serviceadministrators also rely on manufacturers' default Service
Set IDentifiers (SSIDs)]Set IDentifiers (SSIDs)]
The Gartner Group estimates that at least 20 percent ofThe Gartner Group estimates that at least 20 percent of
enterprises have rogue wireless LANs attached to theirenterprises have rogue wireless LANs attached to their
networks.networks.
 DoS (any radio source including 2.4 Ghz cordless phones)DoS (any radio source including 2.4 Ghz cordless phones)

 Wired Equivalent Privacy (WEP) algorithm used toWired Equivalent Privacy (WEP) algorithm used to
protect wireless communication from eavesdropping.protect wireless communication from eavesdropping.
secondary function of WEP is to prevent unauthorizedsecondary function of WEP is to prevent unauthorized
access to a wireless network.access to a wireless network.
 WEP relies on a secret key that is shared between aWEP relies on a secret key that is shared between a
mobile station and an access point. The secret key is usedmobile station and an access point. The secret key is used
to encrypt packets before they are transmitted, and anto encrypt packets before they are transmitted, and an
integrity check is used to ensure that packets are notintegrity check is used to ensure that packets are not
modified in transit. Most installations use a single keymodified in transit. Most installations use a single key
that is shared between all mobile stations and accessthat is shared between all mobile stations and access
points. More sophisticated key management techniquespoints. More sophisticated key management techniques
can be used to help defend from attacks.can be used to help defend from attacks.

 WEP uses the RC4 encryption algorithm, known as aWEP uses the RC4 encryption algorithm, known as a
stream cipher. A stream cipher expands a short key intostream cipher. A stream cipher expands a short key into
infinite pseudo-random key stream. The sender XORs theinfinite pseudo-random key stream. The sender XORs the
key stream with the plaintext to produce ciphertext. Thekey stream with the plaintext to produce ciphertext. The
receiver has a copy of the same key, and uses it toreceiver has a copy of the same key, and uses it to
generate identical key stream. XORing the key streamgenerate identical key stream. XORing the key stream
with the ciphertext yields the original plaintext.with the ciphertext yields the original plaintext.
 If an attacker flips a bit in the ciphertext, then uponIf an attacker flips a bit in the ciphertext, then upon
decryption, the corresponding bit in the plaintext will bedecryption, the corresponding bit in the plaintext will be
flipped. Also, if an eavesdropper intercepts twoflipped. Also, if an eavesdropper intercepts two
ciphertexts encrypted with the same key stream, it isciphertexts encrypted with the same key stream, it is
possible to obtain the XOR of the two plaintexts. Oncepossible to obtain the XOR of the two plaintexts. Once
one of the plaintexts becomes known, it is trivial toone of the plaintexts becomes known, it is trivial to
recover all of the others.recover all of the others.

Security SolutionsSecurity Solutions
 Wired Equivalent Privacy (WEP) and WEP2Wired Equivalent Privacy (WEP) and WEP2
 Media access control (MAC) addresses: configuringMedia access control (MAC) addresses: configuring
access points to permit only particular MAC addressesaccess points to permit only particular MAC addresses
onto the network. Easy to implement, but fairly easy toonto the network. Easy to implement, but fairly easy to
defeat.defeat.
 IEEE 802.1X: This standard, supported by Windows XP,IEEE 802.1X: This standard, supported by Windows XP,
defines a framework for MAC-level authentication.defines a framework for MAC-level authentication.
Susceptible to session-hijacking and man-in-the-middleSusceptible to session-hijacking and man-in-the-middle
attacks.attacks.
 VPNs: using a VPN to encrypt data on wireless networks.VPNs: using a VPN to encrypt data on wireless networks.
VPNs require a lot of management and clientVPNs require a lot of management and client
configuration.configuration.
 User authenticationUser authentication
 The Temporal Key Integrity Protocol (TKIP) [IEEEThe Temporal Key Integrity Protocol (TKIP) [IEEE
802.11i]802.11i]

 Advanced Encryption Standard (AES) encryption [IEEEAdvanced Encryption Standard (AES) encryption [IEEE
802.11i]802.11i]
 "Key-hopping" technology that can change the"Key-hopping" technology that can change the
encryption key as often as every few seconds.encryption key as often as every few seconds.
 EAP-TTLS (Extensible Authentication Protocol (EAP) -EAP-TTLS (Extensible Authentication Protocol (EAP) -
Tunneled Transport Layer Security)Tunneled Transport Layer Security)
 Enhanced Security Network (ESN) - Extended ServiceEnhanced Security Network (ESN) - Extended Service
Set withSet with
 enhanced authentication mechanism for both STAs and APsenhanced authentication mechanism for both STAs and APs
based on 802.11xbased on 802.11x
 key managementkey management
 dynamic, association-specific cryptographic keysdynamic, association-specific cryptographic keys
 enhanced data encapsulation using AESenhanced data encapsulation using AES

 Wireless Protocol Analyzers. They can:Wireless Protocol Analyzers. They can:
 check for unknown MAC (Media Accesscheck for unknown MAC (Media Access
Control) addresses and alert the networkControl) addresses and alert the network
managermanager
 log attempts to gain unauthorized access to thelog attempts to gain unauthorized access to the
networknetwork
 filter access attempts based on the type offilter access attempts based on the type of
network cardnetwork card
 conduct site survey of traffic usageconduct site survey of traffic usage
 find dead zones in the wireless networkfind dead zones in the wireless network

Wireless Security PrecautionsWireless Security Precautions
 Change default namesChange default names
 Add passwords to all devicesAdd passwords to all devices
 Disable broadcasting on network hubsDisable broadcasting on network hubs
 Don't give the network a name that identifies yourDon't give the network a name that identifies your
companycompany
 Move wireless hubs away from windowsMove wireless hubs away from windows
 Use the built-in encryptionUse the built-in encryption
 Disable the features you don't useDisable the features you don't use
 Put a firewall between the wireless network and otherPut a firewall between the wireless network and other
company computerscompany computers
 Encrypt dataEncrypt data
 Regularly test wireless network securityRegularly test wireless network security

Securing wireless network

More Related Content

What's hot (20)

Viewers also liked (11)

Similar to Securing wireless network (20)

More from Syed Ubaid Ali Jafri (18)

Recently uploaded (20)

Securing wireless network