Wireless Security

Ysabel Bravo

Fall 2004Montclair State University - NJ

What is the need to go wireless?

Wireless communication has developed enormously over the last past years allowing instant and fast communication from point to point (s). It has been adopted by businesses and professional users who depend on “up to the minute information” to conduct daily business activities.

Is this communication secure? If so, how?

Wireless Security Requirements

Reported incidents in terms of security and data/investments loss call for more measures. Any secure mobile solution must follow this functionality:AuthenticationEncryptionAccess & Accountability

Security: Authentication

Low level of authentication must have one of the following categories: Something you know (i.e. user name and

password/pin) Something you are (i.e. finger prints) Something you have (i.e. smart card/employee

ID card) A combination of those will make

authentication stronger.

Security: Encryption

No encryption used for wireless has been critical to security.

WEP (Wired equivalent privacy) was not intended for security and encryption. It was only for casual eavesdropping or unauthorized data modification.

Encryption recomemded: PKI (Public key infrastructure) 128 bit minimum encryption Use of AES (Advanced encryption standard)

Security: Access & Accountability

User should only be allow to authorized information

Tracking use of services access by user. Ensuring the principal of C.I.A

(Confidentiality, Integrity & Availability)

Security: Wireless Break-ins

Many of the securities weaknesses are created by the user itself as a result of ignorance and/or disregard for security.

Vulnerabilities and how to fix them: Rogue Access Points Chatty Laptops Unconfigured Access Points Ignoring Security Standards

Rogue Access Points

Vulnerability: They are not secure. They are not yours & they can read your traffic

as well. Alternative:

Use IDS (intrusion detection System) to detect rogue Wlans and monitor Wlan.

End user: inexpensive ids

Chatty Laptops

Vulnerability: Once laptop on, it look for an access point to

talk to. Devices have no brain – therefore they do

what they are designed to do.

Alternative: Follow configuration standards from your

employer Learn configuration policies from provider.

Unconfigured Access points

Vulnerability: Access point equipment such as Lynksys or

Cisco has default passwords. Ex. Cisco is “Tsunami”

Alternative: IT departments or local administrator must

configure devices assigning proper ids and password.

Ignoring Security Standards

Vulnerability: Anyone sniffing the air can read packets from

unsecured devices. Companies indicate how to connect wirelessly,

users ignore standards and forget about security.

Alternative: If equipment granted by company, standards

should be implemented in system before assigning equipment to users. & Enforcing policies by regularly checking on equipment.

Unencryption Solutions

Unencrypted: MAC registration: restrict DHCP leases to

know MAC addresses. Verifies card have been registered, cannot verify the user.

Firewall: Use of HTTP, HTTPs. Request is sent to authentication server. Added components are: user name, time stamp, failure.

Encryption Solutions

Encrypted: WEP wired equivalent privacy works with

another security system to provide authentication. Changing the value of IV after each transmission. MAC addresses are sent in the clear

VPN virtual private network, provides higher level of security using advanced encryption algorithms.

WEP encryption

Wireless Application Protocol (WAP)

Developed to implement a standard for communication between wireless devices and the Internet.

Improve productivity, service, installation speed, cost.

WAP capabilities coexist with Bluetooth and WLANs

Currently allows authentication, privacy and secure connections; non-repudiation and integrity checks.

WAP provides PKI services via supporting services.

Potential WAP security solution

T-mobile hot spot ensures:

“Our network now supports the IEEE 802.1x security standard with WiFi Protected Access (WPA). This provides robust encryption of data transfer over the air between devices connected via WPA”. Quote from www.t-mobile.com

WPA is called Temporal Key Integrity Protocol (TKIP).TKIP takes the original master key only as a starting point and derives its encryption keys mathematically from this master key. TKIP then regularly changes and rotates the encryption keys so that the same encryption key is never used twice.

On the news: Wireless

Cnn.com: Cities find Wi-Fi future Will they be secure? Do users really know how this works?

Cnn.com: Wireless life, Avoid break-ins. Easy steps for unaware wireless users.

What NetStumbler can do for you?

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:

Verify that your network is set up the way you intended.

Find locations with poor coverage in your WLAN. Detect other networks that might be causing

interference with your network. Detect unauthorized "rogue" access points in your

workplace. Help aim directional antennas for long-haul WLAN

links. Use it recreationally for WarDriving.

Network Stumbler:

NetStumbler – Results

NetStumbler - Findings

NetStumble – Results at MSU Science Building

IEEE WLAN Standards

References:

All references noted on final report, please see documentation.

Montclair State UniversityComputer Science Department

Montclair, New Jersey - USA