2
Outline
Threats to LANs & Wireless LANs Wireless LAN Security Techniques Summary
3
Fundamental Premise
Security cannot be considered in isolation and to be effective must consider the entire system
That is, network and LAN security must be: Consistent with other security mechanisms
E.g. application, data, hardware, and physical Supportive of other security mechanisms
4
Threats
5
LAN Threats
Network Traffic
Protecting Integrity
Protecting Secrecy
Protecting Availability
6
Specific LAN Threats
Availability Worms/Virus DoS Errant applications creating lots of
traffic/malformed traffic Authentication
Spying devices on LAN For example, a contractor connecting to LAN
Secrecy Sniffers being connected to the LAN to collect
passwords, etc.
7
Authentication
8
Current State of LAN Authentication
Usually none! If in the building can plug in to the LAN Can cause severe problems:
Using LAN for illegal purposes (company/person may be liable)
Can more easily compromise servers For example, send spam from your mail servers
Wireless LANs are bringing issue out
9
Authentication services
802.1X – IEEE standard for LAN authentication Can use PKI certificate-based authentication
Kerberos (closed environment) Single login (once per session) To multiple servers/domains ‘Ticket’ for each server
X.509 (open environment) Based on public key infrastructure Used in SSL, IPSEC, S/MIME, SET… One-way, two-way or three-way authentication
10
Kerberos
11
X.509 Authentication
[Ta, Ra, B, EkpubB(Kab) ] sgnA
[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB
[Rb] sgnA
One-way
authentication
Two-way
authentication
Three-way
authentication
[Ta, Ra, B, EkpubB(Kab) ] sgnA
[Ta, Ra, B, EkpubB(Kab) ] sgnA
[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB
A B
12
IEEE 802.1X Terminology
Controlled port
Uncontrolled port
SupplicantAuthentication
ServerAuthenticator
802.1X
• created to control access to any 802 LAN
• used as a transport for Extensible Authentication Protocol (EAP, RFC 2284)
13
802.1X Model
Associate
EAP Identity Request
EAP-Success
STAAPAP
Authentication Server
EAP Auth Response EAP Auth Response
EAP Auth Request EAP Auth Request
EAP Identity ResponseEAP Identity Response
Authentication traffic
Normal Data
Port Status:
EAP-Success
14
Wireless LAN Security
15
Introduction
802.11 standard specifies the operating parameters of wireless local area networks (WLAN)
History: 802.11, b, a, g, i Minimal security in early versions Original architecture not well suited for
modern security needs 802.11i attempts to address security issues
with WLANs
16
802.11b
Wired Equivalent Privacy (WEP) Confidentiality
Encryption 40-bit keys (increased to 104-bit by WEP2) Based on RC4 algorithm
Access Control Shared key authentication + Encryption
Data Integrity Integrity checksum computed for all messages
17
802.11b
Vulnerabilities in WEP Poorly implemented encryption
Key reuse, small keys, no keyed MIC Weak authentication No key management No interception detection
18
802.11b
Successful attacks on 802.11b Key recovery - AirSnort Man-in-the-middle Denial of service Authentication forging Known plaintext Known ciphertext
19
802.11i
Security Specifications Improved Encryption
CCMP (AES), TKIP, WRAP 2-way authentication Key management Ad-hoc network support Improved security architecture
20
802.11i Authentication
Source: Cam-Winget, Moore, Stanley and Walker
21
802.11 Encryption
Source: Cam-Winget, Moore, Stanley and Walker
22
802.11i – Potential Weaknesses
Hardware requirements Hardware upgrade needed for AES support
Strength of TKIP and Wrap questionable in the long term Authentication server needed for 2-way
authentication Complexity
The more complex a system is, the more likely it may contain an undetected backdoor
Patchwork nature of “fixing” 802.11b
23
No Control over WLAN?
Often you want to connect to a wireless LAN over which you have no control
Options: If you can, connect securely (WPA2, 802.11i, etc.) If unsecured, connect to your secure systems
securely: VPN – Virtual Private Network SSL connections to secure systems
Be careful not to expose passwords Watch for direct attacks on untrusted networks
24
WLAN Security - Going Forward
802.11i appears to be a significant improvement over 802.11b from a security standpoint
Vendors are nervous about implementing 802.11i protocols due to how quickly WEP was compromised after its release
Only time will tell how effective 802.11i actually will be
Wireless networks will not be completely secure until the standards that specify them are designed from the beginning with security in mind
25
Summary
Wireless LAN Security is not independent of the greater network security and system security
Threats to the Wireless LAN are largely in terms of being available and in providing a means to attack systems on the network That is, not many folks attack routers (yet)
26
References
ftp://ftp.prenhall.com/pub/esm/web_marketing/ptr/pfleeger/ch07.pdf - Charles & Shari Pfleeger’s chapter on network security
http://www.gocsi.com/forms/fbi/pdf.jhtml - To request the Computer Security Institute/FBI yearly survey results (widely referenced)