Privacy and Security
Instructor: Prof. Warren R. Carithers
Due on: February 5, 2009
Page | 2
Table of Contents
1. Introduction 3
2. An Ideal Wireless Security in an Enterprise 4
3. Security of 802.11 WLANs 5
4. Security features of WLANs as per the Standard 6
5. Problems and attacks in IEEE 802.11 WLANs 7
6. The Risks of wireless security in an Enterprise 10
7. Enterprise Countermeasures 12
8. Conclusion 14
Page | 3
Wireless networks are common and are a part of every organization or an individual. With the increase in the use of internet, it becomes extremely important to keep communications like mails, e-commerce transactions and enterprise data transmissions secure. A decade ago, wired networks were the major source of accessing internet but with the advent of wireless technology it is clear that there is a tendency of consumers migrating towards it. The reasons are very clear, as wireless technology comes with strong benefits of being inexpensive, easy to setup and totally mobile. There is a tremendous growth in the use of wireless technology especially in the private sector. Thus taking into consideration the strong advantages of wireless technology it becomes obvious that business want to build such a technology.
Now when it comes to technology, every few months it seems as if the previous technology has been dumped for a slightly better version . Comparing wired technology to wireless one, would lead to significant differences between them. The main advantage is that wireless technology is mobile and hence it is easy to setup. Thus routers can be setup at different places and all wireless capable devices can access Internet from anywhere, within the range of the access point. Hence routers seem to be more scalable, easy to use and configure and are becoming more and more popular day by day . Wireless technology has its impact in various fields but in this paper, we discuss the impact of such a technology in the corporate world.
It seems that there are a wide variety of wireless network technologies out there in the market but the one which outstands is wireless LAN based on 802.11. This is the most popular technology and it prevails in most of the corporate sectors. Low cost, strong performance and ease of deployment are the basic reasons for an enterprise to have the need of such a technology. In this paper we discuss the various aspects of wireless technology and then the way it can be implemented in an enterprise. Then we
Page | 4 exploit the vulnerabilities of wireless networks and list the various types of attacks possible on them. Finally we conclude by talking about management, operational and technical countermeasures which can be practiced to avoid inappropriate intrusions in the network.
An Ideal Wireless Security in an Enterprise
Low cost equipment is the main reason for wireless technology in gaining popularity. But such low cost equipments also facilitate attackers to deploy an attack. Unauthorized and poorly secured access points are the main areas where attackers look to mount an attack. And hence there arrives the need to have a secure and well established wireless network in an enterprise. The figure below shows a properly configured and a well established wireless network in an enterprise.
Page | 5 The architecture shows two firewalls in place with an intrusion detection system and also many response sensors to supervise the wireless traffic flowing through the network. The two firewalls are in place to divide the work and ensure better security. One firewall controls and monitors the to and fro activity from the internet. The other one performs the same function with the difference that the activity is monitored from the intranet. The access point is the main source of the internet and it acts as a bridge between the mobile wireless capable devices and the local wired internal network.
Access points have dedicated IP addresses and use SNMP (Simple Network Management Protocol) in order to manage remote access. In turn the wireless capable devices also use SNMP agents so as to allow remote management. Each wireless device consists of sensors to make sure that it is configured properly and these configurations are not altered or modified by unauthorized individuals. Also the enterprise hires network administrators who monitor all the network activity, especially the access points so as to disallow any unauthorized use of such devices.
Security of 802.11 Wireless LANs
In this section we go through the architecture of 802.11 network and then talk about some of its internal security features. The main reason for discussing this is to better illustrate the limitations and provide a motivation for some of the recommendations for enhanced security .The major security services for IEEE 802.11 are provided by Wired Equivalent Privacy (WEP) protocol. Such services protect link level data only at the time of wireless transmission between access points and users. The major drawback here is that with the help of WEP we do not have end to end security. Security is only prevalent during the wireless transmission.
Page | 6
Security features of WLANs as per the Standard
As per the IEEE standards there are three basic security features defined for Wireless Networks. We discuss them below in brief:
Authentication seems to be the most basic necessity in any wireless network. With the help of authentication we can come to know, whether or not only authorized users are connected to the access point and can also be used to monitor their activities. Also with the help of password authentication we can make sure that unauthorized users are not able to gain any kind of access to the network. The bottom line is that this service just asks one question, “Do only authorized users have access to the network?”
Confidentiality is termed as the second goal of any wireless networks. The main aim of confidentiality is to protect the data and make sure that only authorized users can access the data. The main intent is to provide information to only those who are allowed to, and prevent information compromise from casual eavesdropping (i.e. Passive attacks) . Also even if the user is authorized to access the wireless network, confidentiality should make sure that the users are able to access only that information which he has permissions for. The bottom line is that this service just asks the question, “Are only authorized users permitted to view and edit data?”
This is another goal of a wireless network and it makes sure that the data coming and going out of the network is genuine and is not tampered with. This service makes sure that no
Page | 7 unauthorized user has played a role of man in the middle and has been able to modify the information. The bottom line is that this service just asks the question that, “Whether the data flowing through the network is trust worthy or has it been tampered with?”
Problems and attacks in IEEE 802.11 WLANs
Taking into consideration the above discussion it seems that the WIFI industry currently has a considerable momentum and in the coming years several companies will deploy such a technology. Conversely everything related to 802.11 WLANs is not positive; there have been several drawbacks or loopholes in such a technology. Recently there have been many things published and written on the ways and means security can be compromised when using 802.11 technologies. In this section we discuss the risks to security, i.e. the attacks on confidentiality, integrity and network availability.
Attacks on WLANs have been common nowadays and undoubtedly it will keep on increasing day by day. The figure below describes the general taxonomy of attacks on WLANs and categorizes them into two broad types. By classifying the attacks it would be easy for organizations to identify the different attacks and plan accordingly to safeguard their wireless network. Also the two types are then further divided into various types and in this section we will discuss each of those in brief.
Passive Attacks Active Attacks
Traffic Masquerade Replay Message Denial-of- Analysis Modification Service
Page | 8
Figure 2: Taxonomy of Security Attacks 
As stated the attacks are divided into two basic types, i.e. Active attacks and Passive attacks. These two classes have been further divided into various types of other attacks which are further explained.
In such a type of attack the information which flows through is not modified but just monitored. Such
attacks occur generally when an unauthorized person would intercept the information and then use it for illegal purposes. Passive attacks are of two types, Eavesdropping or traffic analysis and they both are described below:
In such a type of attack the attacker would passively keep on monitoring the transmissions from clients to access points without changing any message content. Eaves dropping can be defined as accidently or deliberately overhearing a conversation and thus gaining vital information which is not easily available. This is commonly termed as unethical and attackers use it to obtain important information like bank accounts, passwords or even social security numbers. A common example to this may be an attacker running a packet sniffer on a poorly configured wireless router and monitoring the incoming and outgoing traffic.
2. Traffic Analysis
Traffic analysis is an important concern in computer security. In this the attacker, in a more subtle way would intercept and then monitor messages in order to infer information from the patterns in communication. The major concern here is that messages can be intercepted even if
Page | 9 they are either encrypted or decrypted. Thus more the number of messages intercepted, stored or even observed, more the information can be deduced from traffic.
Traffic analysis is supported and can be done by many commercially available software programs. Some of them are Memex, i2, Visual Analytics, Orion Scientific etc. Also different forms of social network analysis can be used to perform advance traffic analysis.
This is in contrast to passive attacks and in such a type of attack the attacker would not just intercept the message, but even modify it. An active attack can be defined as an attack where unauthorized individuals make modifications to messages, data streams or files . One of the main reasons for such attacks to be deadly is that even if we can detect them we are not always sure about how to avoid them. The three major attacks which fall under this category are as follows:
From the name it becomes clear that in such an attack an unauthorized user would pose as a genuine user and would gain access to private information. In this the attacker would gain access to the system or will have more privileges then they are actually authorized for. Attacks can be made from someone inside the organization or either by taking advantage of a poorly configured access point. Such attacks are pretty common and now there are more advanced mechanisms like cryptography which can be used to avoid them.
Page | 10
In this the attacker monitors or gains unauthorized access of transmissions and then retransmits the message back. By monitoring the transmission the attacker would be able to gain sensitive information and then make unauthorized use of such information. The main concern here is that when organizations transmit sensitive information from one location to another an unauthorized user could intercept the message gain adequate knowledge and then retransmit it back as if nothing has happened.
3. Message modification
In such a type of attack an unauthorized user would pose as a genuine one and then send messages to other authorized users. An unauthorized user would intercept messages, modify or add contents to them and retransmit them as the originating authorized user. By this the receiver would not be able to know that the message was modified and would presume that the message came from the intended sender. Again cryptography plays a very important role here in avoiding or identifying such attacks.
As the name suggest that in this the attacker would intercept the communication delete the messages and then never retransmit them. Also the attacker could just block the transmission and thus no communication could take place. Such types of attacks are done by typically blocking all outgoing communications from the organization.
Page | 11
The Risks of wireless security in an Enterprise
Till now we have discussed in brief the nature of wireless LAN in an enterprise and also various possible external attacks in the network. But for an enterprise there is more than just protecting the network from external attacks. An enterprise has to look in all possible ways in order to protect their private network. There are various measures an enterprise can take, in order to secure their network and the most important one is to keep their wireless access points as secure as possible. Here the system administrators play a major role and have to make sure that they keep the access points secure and continuously monitor the logs to find suspected activities going on. The main reason to keep access points safe is that hackers do not require specific hacking tools as the computer itself finds the network when it comes in the range . Also the administrators should make sure that default passwords to any of the routers are changed immediately when they are put into action.
One of the major risks for an enterprise is from their own naive employees. They can access company databases form a browser and they do the same when they want to work at home . Even if the enterprise security is well maintained it is still not secure as there is a possibility of an information leak when the employee accesses information from home. Also adding to this is a hacker could get hold of usernames and passwords from the same source, then act as a legitimate user and can break into the security system without even hinting the administrators. It is also a general tendency of employees to keep same passwords for official and personal purposes . Hackers can take advantage of this and instead of breaking into the security system they would monitor the activities of employees and given a chance, would get enough knowledge that they can then masquerade themselves as legitimate users of the enterprise. Also targeting high level executives, monitoring their activities and then trying to gain as much information as possible is gaining popularity among hackers.
Page | 12 So in theory nothing can be 100% safe and secure . There is always a possibility of someone hacking into you system and gaining access to private data. The only possible way is to be alert and conscious and make sure that no unusual activities take place around you. Network administrators should make sure that they continuously monitor activities of all the incoming and outgoing traffic from the organization and also keep their routers as secure as possible by learning new technologies. Also organizations can take countermeasures and educate employees about how to keep data safe and secure. We discuss the various counter measures which an enterprise can follow in the next section.
Enterprises can reduce the amount of risk which haunts their systems by applying countermeasures and make sure that they look after threats and vulnerabilities. Management combined with operational and technical countermeasures can be the best technique used to lessen the risks with wireless LANs . Countermeasures also depend on the amount of monetary resources a company is willing to dedicate to network security. Generally it is a tendency of small companies to compromise on security but when it comes to big financial institutions, or to the matter of fact any company pertaining to customer information; it would have a big budget for network security. The paper Wireless Network Security by Tom et al.  describes various counter measures which an organization can follow in order to keep their wireless LANS secure and free from intrusions. In this paper we will go through some of the measures and discuss their impact in brief.
Page | 13
1. Management Countermeasures
The paper Tom et al.  specifies that the main management countermeasure is to have a comprehensive security policy specifying all the precautions which should be taken in order to prevent any unauthorized access. Some of the questions are given below:
1. Is there a requirement of Internet in the organization?
2. Prepare a list of people who have access to the companies WLANs service
3. Identify all those people who can access and modify access points and their configurations
4. Limit the number of websites and data exchange every employee can make as per the roles they play in the company
5. Clearly specify all the kind of information which can flow through the access points 6. Develop guidelines for employees on the way to protect organization’s resources
7. Limit the number of users who can access data sources from outside the company’s network and provide guidelines for employees who do so
Each company should prepare a policy as per their requirements and make sure that it is updated when necessary. By keeping such a security policy, organizations would be able to educate their employees the importance of privacy of corporate data and also help them in achieving them.
2. Operational Countermeasures
One of the most important security measures is the physical security of access points and wireless networks. It is of utmost importance that only authorized users have physical
Page | 14 access to routers and servers of the corporate network. Routers and company servers should be kept in a safe place in the company premises and made sure that people with special privileges only access them. Ideally every company has a server room in which all the servers are kept and the door is locked. Access to such rooms can be made available through specialized technologies like palm scans, photo identification, card badge readers or biometric devices and this in turn minimizes the risk of improper access of unauthorized users . Also spy cameras can be placed at various points so as to monitor illegal activity around the server rooms or access points.
The major concern of any system administrator is the place where he/she would keep the access point, so that it covers the entire area and does not create any blind spots. But in the process of achieving that the administrator should keep in mind that keeping access points near doors to avoid blind spots would help intruders in gaining unauthorized access just by staying close to the corporate premises. Also system administrators should use tools to monitor and keep the access points coverage secure.
3. Technical Countermeasures
Technical Countermeasures involve the use of both software and hardware solutions to help securing the wireless networks . The aim of technical countermeasures is to make sure that all the components of the wireless system are secure and to make all the possible effort to avoid intrusion. Software countermeasures comprise of keeping access points strongly configured, updating security software on periodic basis and making sure that authentication takes place in every connection to the access point. On the other hand
Page | 15 hardware measures include the use of smart cards, virtual private networks, key infrastructure and biometrics to protect the wireless network 
Wireless Security faces a number of hurdles and efforts are being put on but are relatively new and thus not fully developed . Organizations who deal with sensitive customer related data should take extra precautions when transferring data from one location to another and make sure that such transmissions are secure. Since wireless technology is new in the market but has become almost inexpensive it is gaining popularity in all sorts of businesses. The inexpensive tools bring the threat of security into the system and it becomes of utmost importance that no information leak happens in any form. The strength of a computer system’s security is always measured by its weakest component . Thus end users should be given appropriate training on how to use secure data when they are at home or at the corporate premises. A combined effort of users, employers and system administrators is required in order to fight against such malicious activities. Appropriate countermeasures in every form can help the organization minimize the risk of illegal penetration. Up to date tools, constant monitoring, proper management and appropriate countermeasures are the ultimate weapons to fight against wireless security attacks.
Page | 16
Hytnen, R. and Garcia, M. 2006. An analysis of wireless security. J. Comput. Small Coll. 21, 4
(Apr. 2006), 210-216.
 Internet Security Systems. "Wireless LAN Security ." 802.11b and Corporate Networks (2001): 1-10.  Recommendations Of The National and Tom Karygiannis and Tom Karygiannis and Les Owens and Les Owens and Donald L. Evans and Phillip J. Bond and Under Secretary For Technology. "Wireless network security." NIST Special Publication (2002): 1-119.
 Loo, A. 2008. The myths and truths of wireless security. Commun. ACM 51, 2 (Feb. 2008), 66-71. DOI= http://doi.acm.org/10.1145/1314215.1314227