• No results found

10/18/2010. Learning Objectives. Wireless Security Challenges. Wireless Communication. Typical Wireless Scenario Standards. 802.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "10/18/2010. Learning Objectives. Wireless Security Challenges. Wireless Communication. Typical Wireless Scenario Standards. 802."

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Wireless

Security

Challenges

ITM 455

Information Security

Dr. Sharon Tabor

Learning Objectives

• Review basics of wireless communication

technology

• Explore wireless vulnerabilities and

challenges

• Identify security controls to reduce wireless

insecurity

• Differentiate levels of wireless access point

protocol security

Wireless Communication

• Wireless communication capabilities have

evolved significantly since the early days

– transmission of packetized data over a wave topology, not using physical links

– radio waves, PTP over narrow band, or multi-point over WAP and IEEE 802.11

– 802.11 standards for wireless LANs (b-1999), including revisions a, g, i, n

– inexpensive and easy to implement, widely used in organizations

– no control over traffic beyond the AP

Typical Wireless Scenario

• AP broadcasts its SSID unless shut off • Enables sniffing,

packet logging, or unauthorized use of the access point • Once compromised,

all attached devices become vulnerable also

802.11 Standards

• In spite of the convenience offered by

wireless standards, the protocols were

never designed with security in mind

– 802.11 identifies multi-rate ethernet over 2.4GHz spread-spectrum wireless at 1, 2, 5.5, and 11 Mbps

– "a" allows products in the 5 GHz spectrum using orthogonal frequency division multiplexing (OFDM), up to 54 Mbps – Higher frequency use shortens range, &

devices may compete at the same frequencies, causing interference

802.11 Standards

• "g" standard increased size of WEP key

using RC4 stream cipher

• 802.1i (2004) promised more security, with

authentication and AES encryption

– WPA (Wifi Protected Access) was implemented as as a subset of 802.11i & a temporary solution to WEP insecurities

– Fully interoperable version released as WPA2, or RSN (Robust Security Network), using AES block cipher

(2)

802.11 Standards

• The 802.11i architecture includes

– 802.1X for authentication (entailing the use of EAP and an authentication server)

– RSN for keeping track of associations – AES-based CCMP (Cipher Block Chaining

Message Authentication CodeProtocol) to provide confidentiality, integrity, and origin authentication

• An important element of the authentication

process is the four-way handshake, & a new

key distribution method to overcome

weaknesses in earlier methods

802.11 Standards

• Use of TKIP - Temporal Key Integrity

Protocol (shared secret key w/MAC

address)

• Different implementations of EAP over

TLS, TTLS, MD5, and Cisco developed

LEAP

• Organizational alternative is a layered

approach, with an infrastructure

architecture & network segregation

Wireless Vulnerabilities

Accidental association

– A user turns on a computer and it latches on to a wireless access point from a neighboring company’s overlapping network

Malicious association

– Wireless devices connect to a company network through a cracking laptop instead of a company access point (AP)

Ad-hoc networks

– peer-to-peer networks between wireless computers without an access point

Wireless Vulnerabilities

Non-traditional networks

– personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk

– even barcode readers, handheld PDAs, and wireless printers and copiers should be secured

Identity theft

(or MAC spoofing)

– occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges

Wireless Vulnerabilities

Man-in-the-middle attacks

– attacker entices computers to log into a computer which is set up as a soft AP

Denial of service

– (DoS) occurs when an attacker continually bombards a targeted AP or network with bogus requests, premature successful connection messages, failure messages, and/or other commands

Network injection

– a cracker can make use of access points that are exposed to non-filtered network traffic

Wireless Vulnerabilities

Caffe Latte attack

- a way to defeat WEP

– not necessary for the attacker to be in the area of the network using this exploit

– by using a process that targets the Windows wireless stack, it is possible to obtain the WEP key from a remote client

– by sending a flood of encrypted ARP requests, the assailant takes advantage of the shared key authentication and the message modification flaws in 802.11 WEP

– the attacker uses the ARP responses to obtain the WEP key in less than 6 minutes

(3)

Wireless Quality &

Confidentiality Issues

• Weather - rain, snow, hail, sleet = "rain

fade“

– Lightning - momentary interference or permanent damage

– Man-made interference - radar, electromagnetic pulse (EMP)

– Eavesdropping - organization specific, or war-driving (receiver & directional antenna) & marking (war chalking)

Wireless Security Controls

• Proper AP configuration, better than no

security for home or small office wireless

where they are serve as deterrents &

increase the work factor:

– secure the AP - (cloak) make it invisible, with hidden power source (including power over ethernet)

– change the default password

– turn off SSID broadcasting (still available in frame header) (removes identifying signals) – use MAC access lists (may also be sniffed)

Controls for Larger

Organizations

• control wireless APs and devices • control AP layouts (stealthy), and plan the

geographic channel layouts to avoid extending transmission

• shut down APs after hours

• control signal strength & speed & deny logins from low power levels, implying they are off premise • require strong authentication

• use serious security, moving to WPA/WPA2, TKIP & AES encryption

• isolate wireless users on minimal risk VLANs • monitor activity

Large Organizations (cont)

• Organizations with many employees are

particularly vulnerable to security breaches

caused by rogue access points

– If an employee (trusted entity) in a location brings in an easily available wireless router, the entire network can be exposed to anyone within range of the signals

• Other technical options (still new)

– Wireless IDS (WIDS) - keeps track of APs within the organization boundaries; logs

– Wireless Intrusion Prevention System (WIPS) -the most robust way to counteract wireless security risks

WLAN Encryption

Methods

• The initial WEP (wired equivalent privacy)

protocol developed for wireless networks

provided minimal protection

• A network key is generated and shared

with each device, and unfortunately, can be

easily sniffed, cracked, and put into use by

a hacker or bandwidth bandit via war

driving or drive-by hacking

• Better alternatives are WPA (wireless

protected access) and 802.11i (WPA2)

WLAN Encryption

Methods

• WPA was an interim standard to address

security concerns before 802.11i

– uses TKIP (temporal key integrity protocol) to rekey devices frequently, but still uses RC4, a relatively weak encryption algorithm –802.11i has very strong security, using AES

encryption & TKIP (Temporal Key Integrity Protocol)

• therefore more resource intensive

• TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP

(4)

Dual Methods

• Organizations can choose between modes:

– PSK - pre-shared key for small office or home users

– 802.1X (enterprise) mode which will scale for larger organizations, definable to port level – Implementation will guide the ultimate security of

the standard; ie, a small PSK pass phrase (<20 characters) will generate a key weaker than WEP

• US government - TEMPEST - devices that

produce electromagnetic signals that can be

detected & decoded

EAP/TLS Authentication

Process

WTLS Still in Use

Wireless Transport Layer Security

(WTLS)

part of the Wireless Application

Protocol (WAP) stack

– WTLS is the only lightweight encryption for through-the-air transmission

– it sits between the WTPand WDPlayers in the WAP communications stack

– it has been superseded in the WAP 2.0 standard by the End-to-end Transport Layer Security Specification (Wikipedia, 2009)

Security Achieved

Confidentiality

– Modified version of TLS, uses DES, 3DES, RC5, IDEA (40 & 56-bit keys for the former, 40, 56, or 128 for the latter)

– Uses a shared key process, with several options for key exchange, including Diffie Hellman, Elliptic Curve DF, and RSA

Integrity -

implemented thru MACs

-message authentication codes, supporting

MD5 & SHA MAC

Authentication -

digital certificates, with

authentication optional

Mobile Device Security

Issues

• Small handhelds lack the memory &

processing power the TLS protocol was

designed to use

– Mobile devices should use the same standards as laptops, & should also support data encryption

• Other requirements include strong

passwords (not four-digit PINs such as on

the iPhone, which doesn't support

EAP-TTLS) that can be managed centrally by IT

Mobile Device Security Issues

• Handhelds are vulnerable with little data

encryption, optional authentication, and

several known attacks:

– chosen plaintext attack - predictable initialization vectors with known data and sequence numbering – PKCS #11 (Cryptographic Token Interface

Standard) - uses forced padding error inserted into the transmission stream

– alert message truncation - disruption of the connection by over-writing encrypted packets with plaintext alert message

– WAP GAP - transmissions are translated at the gateways, leaving data in clear as it passes

(5)

PCI-DSS

Payment Card Industry Data Security

Standard

– a worldwide information security standard assembled by the Payment Card Industry Security Standards Council to attempt to control

widespread credit card fraud

– this has been a particular problem as vendors moved to wireless technology

– standards include a long list of preventative controls on organizations using various types of scanners, with or without wireless LANs

RFID

• Radio Frequency Identification is a

compact wireless technology

– involves an inexpensive chip that's readable up to several meters away

– a next-generation barcode, RFID will automate inventory control, cutting costs for retailers and manufacturers

– while many consumer groups are concerned with privacy issues of being tracked, in reality quality problems and security are larger concerns, as well as adding a whole new dimension to corporate espionage

Instant Messaging

• Another interesting idea with no security

– Spread to other software & communication options accept file attachments, including Trojans or Worms (Goner, Choke)

• no encryption or virus checking

• process requires ID of available users, sends info in cleartext

• Solutions

– Organizations who allow should use local servers to keep traffic internal & proprietary

– New programs can encrypt - Trillian

Collaborative Communication

• Insider threat has a new meaning the Next

Gens going

– Favorite Web 2.0 applications are the type that present security concerns to the organization – By age of 21, average 20yr old has been

exposed to:

• 10,000 hours of video games • 200,000 e-mails

• 20,000 hours of TV

• 10,000 hours of cell phone conversation • Less than 5,000 hours reading books

• Organizations need logical policies, &

employee education

Bottom Line

• Wireless communication offers many

positive features that increase productivity

• Wireless communication is inherently

insecure

– All users need to be aware of wireless threats & take action

– Careful plan, logical policy, hardened APs – Knowledgeble application of secure methods

References

Download now ( PDF - 5 Page - 381.77 KB )

Related documents

Convergent and Divergent Trajectories of Corporate Governance

Jansson A (2020) Global Financial Reports Convergence: A Study of the Adoption of International Financial Reporting Standards by the Swedish Accountancy Profession?. Competition

9c!* FREE ROBUX HACK GENERATOR - FREE ROBUX 2018

Free Robux generators might have worked a while ago, before Roblox moderators upped their game and decided to stop these sketchy websites from supplying working promo codes. Now if

Penerapan model guided inquiry dengan metode Prediction, Observation and Explaination (POE) dan Model Guided Inquiry terhadap hasil belajar peserta didik dan keterampilan proses sains

Hasil penelitian menunjukkan bahwa: (1) terdapat peningkatan yang signifikan hasil belajar kognitif menggunakan model guided inquiry dengan

Approximately 10% to 12% of physicians will develop

One frustration in the aftermath of such an intervention is that, due to confidentiality concerns, once the suspected addict is in evaluation or chemical dependency treatment, there

Graduate Information Programs and Accreditation: Landscape Survey and Analysis

Graduate School, College of Business, School for Management and Policy MS Technology Management Stratford University Graduate Programs MS Information Systems Strayer University

Biology, Epidemiology, and Control of Powdery Mildew: Use of the UC Davis Powdery Mildew Risk Index

The UC Davis powdery mildew risk assessment model forecasts ascospore release based on temperatures and leaf wetness periods to predict initial disease onset.. Once infection

CHAPTER 6 DESIGN OF SIX DEGREES OF FREEDOM AIRCRAFT MODEL AND LONGITUDINAL AUTOPILOT FOR AUTONOMOUS LANDING

In this chapter, a non-linear 6-DOF model is developed using the Aerosim blockset in MATLAB software and the longitudinal autopilot with glide and flare controllers are designed

Using Rural Household Income Survey Data to Inform Poverty Analysis: An Example from Mozambique

Official poverty estimates are based on the IAF (MPF, 2004). The analytical steps we apply to these data are 1) measurement of household income; 2) estimation of poverty incidence