wireless security ysabel bravo fall 2004 montclair state university - nj
Post on 21-Dec-2015
219 views
TRANSCRIPT
Wireless Security
Ysabel Bravo
Fall 2004Montclair State University - NJ
What is the need to go wireless?
Wireless communication has developed enormously over the last past years allowing instant and fast communication from point to point (s). It has been adopted by businesses and professional users who depend on “up to the minute information” to conduct daily business activities.
Is this communication secure? If so, how?
Wireless Security Requirements
Reported incidents in terms of security and data/investments loss call for more measures. Any secure mobile solution must follow this functionality:AuthenticationEncryptionAccess & Accountability
Security: Authentication
Low level of authentication must have one of the following categories: Something you know (i.e. user name and
password/pin) Something you are (i.e. finger prints) Something you have (i.e. smart card/employee
ID card) A combination of those will make
authentication stronger.
Security: Encryption
No encryption used for wireless has been critical to security.
WEP (Wired equivalent privacy) was not intended for security and encryption. It was only for casual eavesdropping or unauthorized data modification.
Encryption recomemded: PKI (Public key infrastructure) 128 bit minimum encryption Use of AES (Advanced encryption standard)
Security: Access & Accountability
User should only be allow to authorized information
Tracking use of services access by user. Ensuring the principal of C.I.A
(Confidentiality, Integrity & Availability)
Security: Wireless Break-ins
Many of the securities weaknesses are created by the user itself as a result of ignorance and/or disregard for security.
Vulnerabilities and how to fix them: Rogue Access Points Chatty Laptops Unconfigured Access Points Ignoring Security Standards
Rogue Access Points
Vulnerability: They are not secure. They are not yours & they can read your traffic
as well. Alternative:
Use IDS (intrusion detection System) to detect rogue Wlans and monitor Wlan.
End user: inexpensive ids
Chatty Laptops
Vulnerability: Once laptop on, it look for an access point to
talk to. Devices have no brain – therefore they do
what they are designed to do.
Alternative: Follow configuration standards from your
employer Learn configuration policies from provider.
Unconfigured Access points
Vulnerability: Access point equipment such as Lynksys or
Cisco has default passwords. Ex. Cisco is “Tsunami”
Alternative: IT departments or local administrator must
configure devices assigning proper ids and password.
Ignoring Security Standards
Vulnerability: Anyone sniffing the air can read packets from
unsecured devices. Companies indicate how to connect wirelessly,
users ignore standards and forget about security.
Alternative: If equipment granted by company, standards
should be implemented in system before assigning equipment to users. & Enforcing policies by regularly checking on equipment.
Unencryption Solutions
Unencrypted: MAC registration: restrict DHCP leases to
know MAC addresses. Verifies card have been registered, cannot verify the user.
Firewall: Use of HTTP, HTTPs. Request is sent to authentication server. Added components are: user name, time stamp, failure.
Encryption Solutions
Encrypted: WEP wired equivalent privacy works with
another security system to provide authentication. Changing the value of IV after each transmission. MAC addresses are sent in the clear
VPN virtual private network, provides higher level of security using advanced encryption algorithms.
WEP encryption
Wireless Application Protocol (WAP)
Developed to implement a standard for communication between wireless devices and the Internet.
Improve productivity, service, installation speed, cost.
WAP capabilities coexist with Bluetooth and WLANs
Currently allows authentication, privacy and secure connections; non-repudiation and integrity checks.
WAP provides PKI services via supporting services.
Potential WAP security solution
T-mobile hot spot ensures:
“Our network now supports the IEEE 802.1x security standard with WiFi Protected Access (WPA). This provides robust encryption of data transfer over the air between devices connected via WPA”. Quote from www.t-mobile.com
WPA is called Temporal Key Integrity Protocol (TKIP).TKIP takes the original master key only as a starting point and derives its encryption keys mathematically from this master key. TKIP then regularly changes and rotates the encryption keys so that the same encryption key is never used twice.
On the news: Wireless
Cnn.com: Cities find Wi-Fi future Will they be secure? Do users really know how this works?
Cnn.com: Wireless life, Avoid break-ins. Easy steps for unaware wireless users.
What NetStumbler can do for you?
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Verify that your network is set up the way you intended.
Find locations with poor coverage in your WLAN. Detect other networks that might be causing
interference with your network. Detect unauthorized "rogue" access points in your
workplace. Help aim directional antennas for long-haul WLAN
links. Use it recreationally for WarDriving.
Network Stumbler:
NetStumbler – Results
NetStumbler - Findings
NetStumble – Results at MSU Science Building
IEEE WLAN Standards
References:
All references noted on final report, please see documentation.
Montclair State UniversityComputer Science Department
Montclair, New Jersey - USA