Transcript PowerPoint Presentation - Securing a Wireless 802.11b Network

You see, wire telegraph is a kind
of very, very long cat. You pull his
tail in New York and his head is
meowing in Los Angeles. Do you
understand this?
And radio operates exactly the
same way: you send signals here,
they receive them there. The only
difference is there is no cat.
- Albert Einstein
Securing
A
Wireless 802.11b
Home Network
© 2004 ABACUS
Why wireless?
 Low infrastructure costs
– no network cable to install or maintain
 Flexibility
– computers can be added to, or removed
from the network at any time
 Inexpensive
– wireless devices have dropped in price due
to Moore’s Law
© 2004 ABACUS
Wireless disadvantages
 Interference
– cordless phones and other devices use
same frequency
 Range
– about 50 - 200 feet from access point
 Security
– anyone can eavesdrop on an unsecured
wireless network
© 2004 ABACUS
Wireless history
 1902
– Guglielmo Marconi sends first radio transmission
 1990
– Institute of Electrical and Electronics Engineers
(IEEE) forms 802.11 Working Group to set
standards for wireless networking
 1997
– IEEE publishes the first set of 802.11 standards
 1999
– IEEE publishes standard 802.11b
© 2004 ABACUS
802.11 wireless standards
Standard
802.11
Max. Rate Frequency Modulation
FHSS
2 Mb/sec 2.4 GHz
DSSS
802.11b
11 Mb/sec 2.4 GHz
DSSS
802.11a
54 Mb/sec 5 GHz
OFDM
54 Mb/sec 2.4 GHz
OFDM
DSSS
802.11g
© 2004 ABACUS
802.11 (1997)
 Slow
– 2 Mb/second data rate
 Interoperability problems
– Implemented two different modulations:
• FHSS (Frequency Hopping Spread Spectrum)
• DSSS (Direct Sequence Spread Spectrum)
– Devices with FHSS couldn’t talk to devices
with DSSS and vice versa
© 2004 ABACUS
802.11b (1999)
 Currently most common
– Equipment is inexpensive
 Faster than 802.11
– 11 Mb/second vs. 2 Mb/second nominal
• Maximum data rate is 5-6 Mbps due to overhead
 No interoperability problems
– DSSS modulation only
 Security issues
– Encryption can be broken
© 2004 ABACUS
802.11a (1999 - first devices 2001)
 Faster than 802.11b
– 54 Mb/second vs. 11 Mb/second
 Uses Orthogonal Frequency Division
Multiplexing (OFDM) for modulation
 Not compatible with 802.11b
– Uses 5 GHz frequency band vs. 2.4 GHz
for 802.11b
– Shorter range than 802.11b due to higher
frequency
© 2004 ABACUS
802.11g (2003)
 Faster than 802.11b
– 54 Mb/second vs. 11 Mb/second nominal
• Max. realistic data rate about 25-30 Mbps
 Better security than 802.11b
 Compatible with 802.11b
– Most devices support OFDM and DSSS
– Networks can use 802.11b and 802.11g
equipment together
© 2004 ABACUS
More 802.11b factoids
 First widespread implementation
– Apple’s Airport in 1999
 Also called Wi-Fi
– Wi-Fi equipment has been certified for
interoperability by the Wi-Fi Alliance, a
group of wireless equipment
manufacturers.
• Every manufacturer’s Wi-Fi equipment should
work with every other manufacturer’s WI-Fi
equipment.
© 2004 ABACUS
So what is the difference
between a wired LAN
(Local Area Network) and
a wireless LAN?
Aside from the obvious, let’s look
at the details.
© 2004 ABACUS
Wired LAN
 Devices being networked
– Include desktop computers, laptop computers,
printers, servers, PDAs, video game systems,
even TV and stereo systems
 Devices for connecting the above
– Include network adapters, hubs, switches, routers,
gateways and more
 Connecting medium
– Networking cable; most common is Category 5 or
CAT-5 for short
© 2004 ABACUS
Simple home wired LAN
© 2004 ABACUS
Wireless LAN
 Devices being networked (same as for wired)
– Include desktop computers, laptop computers,
printers, servers, PDAs, video game systems,
even TV and stereo systems
 Devices for connecting the above
– Include wireless adapters, access points, bridges,
base stations and more
 Connecting medium
– Radio waves; per Einstein, there is no CAT-5
© 2004 ABACUS
Simple home wireless LAN
© 2004 ABACUS
Securing your home LAN
Preventing (or limiting)
attacks against your network
© 2004 ABACUS
Wired LAN outside attacks
 Must come in through Internet Gateway
 Attacks workstations and servers on the
network
 Can be prevented by:
– Installing a firewall (hardware and/or
software)
• This is often done on the Internet gateway
– Turning off (or limiting) file-sharing and
remote access
© 2004 ABACUS
Wired LAN attack blocked by firewall
© 2004 ABACUS
Wireless LAN outside attacks
 Even if you have a firewall installed on
your Internet gateway, a wireless LAN
attacker is, effectively, already inside
your network
– Wireless base station has to signal its
existence so clients can connect
 Attackers of wireless LANs therefore
need to be kept out by other means in
addition to firewalls
© 2004 ABACUS
Wireless attacker is inside firewall!
© 2004 ABACUS
Types of attacks
1. Attack servers and workstations on the
LAN
2. Steal information being transmitted
over your wireless LAN
3. Steal Internet access through your
Internet gateway
© 2004 ABACUS
Server and workstation attacks



Attacker attempts to steal data from hard
drives
Attacker attempts to damage the data on
the hard drives
Attacker plants malicious software to attack
other computers
–
–
–
–

Spam servers
Denial of service attack software
Worms
Attacks can be traced to your computer, not his!
Handled like attacks on wired LANs
–
–
Firewalls on individual computers
Turn off or limit file-sharing
© 2004 ABACUS
Attacks to steal data being
transmitted over wireless network
 Examples:
– Personal information contained in e-mails
– Copyrighted audio and video files being
streamed over your wireless LAN
– Financial information being shared
between different computers on the
network
 Prevented by encryption
© 2004 ABACUS
Attacks to steal Internet access


Attacker’s computer joins your network,
uses your Internet gateway
Attacker could be (for example):
–
–
–
–
–

Downloading copyrighted music files
Downloading child pornography
Performing DOS attacks on other computers
Broadcasting spam
These can be traced back to your Internet
connection
Prevented by encryption, closing the
network and other tricks
© 2004 ABACUS
How easy is it to attack a
wireless LAN?
 Very easy
– All an attacker needs is a laptop computer, a
wireless card and some software
– A directional antenna will increase the range over
which the attacker can access your network
• Directional antenna can be made from a Pringles potato
chip can!
– Attackers drive around with their computers
looking for open wireless networks
– Practice is called ‘wardriving’
© 2004 ABACUS
“Wardriving?”
 From 1983 movie
War Games
– ‘Wardialing’ was the
practice of using an
automatic dialer program
to get your modem to
locate access numbers
for unsecured computers
and networks
© 2004 ABACUS
There is even ‘warflying’
Open networks found by aircraft flying into San Carlos
-- from Ars Technica
© 2004 ABACUS
Why is it so easy to invade a
wireless LAN?
 Ease of setup
– Default settings allow even people with
limited technical skills to set up and run a
basic wireless network
 Allows wireless users to use open,
public networks (usually for Internet
access)
– Such as the one at your local Starbucks
© 2004 ABACUS
How do you keep attackers out of
your home wireless LAN?
 Secure the network
– Change the service set identifier (SSID) of your
base station
– Change your base station’s password
– Close your network
• Shut off your base station’s SSID broadcast
– Change your base station’s IP address
– Enable encryption (WEP)
• Done on your base station and all the other wireless
devices in your LAN
– Other tricks
 Wireless security measures won’t completely
protect your LAN, but all will help
© 2004 ABACUS
Changing your SSID
 To access the LAN you
need the service set
identifier (SSID) of your
base station
 Changing the default
SSID reduces the
chance the attacker will
be able to guess it
 Like taking your keys
when you park your car
 Works best with other
security measures
Each of these is an SSID
(except Alviso)
© 2004 ABACUS
Change your password
 To access the LAN you need the base
station’s password
 Changing the default password (often
‘admin’ or ‘password’) drastically
reduces the chance the attacker will be
able get into your network
 Like locking your car when you park it
© 2004 ABACUS
Close your network
 Shut off SSID broadcast
 Reduces chances that
the attacker can see
your network at all
– Network beacon signals
can still be detected
 Like parking your car in
a closed garage
– If the thief can’t see it, he
won’t know that it’s
available to steal
If your SSID broadcast is off,
you won’t even show up on
this map
© 2004 ABACUS
Change the IP address of your
base station and other devices
 Changes the address ranges other devices
on your network can use
– Defaults are typically 192.168.0.x or 192.168.1.x
– Available private address ranges:
• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
 Also reduces the odds your neighbor’s
wireless LAN will overlap yours
 Like using “The Club” in your car
– Requires the thief have additional tools to steal
your car
© 2004 ABACUS
Enable wireless encryption
 Encrypt your network traffic (packets)
– This has to be done on the base station and all
access points, bridges, wireless adapters, etc.
• All devices use the same WEP key
 WEP (Wireless Encryption Protocol) uses a
key to encrypt each packet sent
– Key can be generated using a pass phrase or
entered directly in hexadecimal
• Don’t forget yours; write it down
– WEP slows network traffic slightly
• Each packet has to be encrypted by sender; decrypted
by receiver
© 2004 ABACUS
How safe is WEP?
 WEP can be broken, but it takes time
– How long?
• Depends on network traffic volume
– High traffic networks transmit lots of packets to analyze
• WEP Keys can be broken quickly
– Lower traffic networks generate fewer packets
• Breaking WEP takes longer
• Skilled professionals with custom tools have broken
WEP keys in less than a week
• Readily available tools, such as Airsnort or WEPCrack, in
amateur hands, may take a lot longer
© 2004 ABACUS
Increasing WEP security
 Use longer encryption keys
– 128-bit/104-bit instead of 64-bit/40-bit
• WEP key consists of two parts
– A 24-bit initialization vector (IV)
– The user-generated portion (40 bits or 104 bits)
– Together these are used to encrypt the packets
• Unfortunately WEP sends the IV in clear
(unencrypted), so most cracking software can
use this as a starting point to break the whole
key and read your packets
 Change your WEP keys often
– This forces attackers to start decryption
from scratch
© 2004 ABACUS
Problem with longer WEP keys
 128/104-bit encryption was not part of
the original 802.11b standard
 Different 802.11b equipment makers
implemented 128-bit encryption
differently
 Hence, one maker’s 128-bit keys may
not work on another’s devices
– To avoid this buy all your 802.11b devices
from one manufacturer, if possible
© 2004 ABACUS
Why is WEP security so bad?
 WEP was designed during a period
when strong (i.e.,long-key) encryption
systems were subject to export
restrictions as weapons!
 WEP was intentionally made weak to
allow WEP devices to be exported
and/or made overseas
 Unfortunately, WEP was made too weak
© 2004 ABACUS
WEP encryption is like a hidden
‘kill’ switch on your car’s ignition
 A car thief may be able to find the switch by
tracing the wires, but it will take him time
 Similarly, WEP can be cracked, but it will take
an attacker time to do so
 If it takes too much effort, he may look for an
easier target
– Easier targets may include retail stores!
• Retailers often use wireless networking cash registers to
connect to the store computer or the company network
• If unencrypted, attackers can steal credit card and
authorization numbers from the store’s network traffic
© 2004 ABACUS
Other wireless security tricks
 Limit number of network users
– Set a low limit to the number of users the
base station will accept, or
– Turn off DHCP (Dynamic Host
Configuration Protocol) and assign each
device in your network a static IP address
 Apply address filtering
– Locks out devices from Internet access by
either IP or MAC (hardware) address
© 2004 ABACUS
Non-802.11 security for wireless LANs
 Use 802.1x (Robust Security Network)
– Provides additional layer of encryption over 802.11
– Not all 802.11b devices support it
– RSN encryption may be breakable
 Use a proprietary encryption scheme
– Example: Buffalo Technologies’ AOSS
– All wireless devices on LAN must be from same
manufacturer
 Use a virtual private network (VPN)
– VPNs use strong encryption
– Not supported by all devices
© 2004 ABACUS
Virtual Private Networks
 May be overkill for a home LAN
 VPNs can secure all network traffic,
both wired and wireless
– VPNs can securely connect computers up
to thousands of miles apart over another
network (such as the Internet) via a
process called ‘tunneling’
– Tunneled VPN traffic can be seen by
wireless attackers, but can’t be cracked
© 2004 ABACUS
Tunneling and VPNs
 Three common VPN tunneling modes
– Point-to-Point Tunneling Protocol (PPTP)
– Layer Two Tunneling Protocol (L2TP)
– IP Security (IPSec)
 All nodes on the network must use the same
tunneling mode
– Wireless base station must be:
• Special router which supports VPN, or
• Server computer w/ wireless adapter running VPN software
– Wireless client computers must also have VPN
software installed
© 2004 ABACUS
Setting up wireless security
 Make security changes in all devices (routers,
access points, bridges, adapters, etc.)
through a wired link
– If you change a device setting through a wireless
link, you could lose the connection when you
apply the changes
– Set up devices in this order:
• Base station
• Access points
• Bridges and adapters
– Test each device for connectivity before you install
it in its final location
© 2004 ABACUS
Wireless security is not perfect
 A determined car thief can steal almost
any car if he wants it bad enough
 However, many simple measures can
be taken to make his job harder
 If you make it difficult enough, most
thieves will pick another target
 Wireless LAN security is similar; if you
make it difficult enough, attackers will
pick other targets
© 2004 ABACUS
802.11g features
 Better security than 802.11b
– Automatically changes keys
 Up to more than 4 times faster than
802.11b
– Much faster than either DSL or cable
broadband; the broadband connection is
the bottleneck
– Extra speed is only useful for such
applications as streaming digital video over
your network
© 2004 ABACUS
The future of wireless LAN security
 802.11i
– Supposedly more secure than WEP
– Supposedly compatible with older
equipment (802.11b and 802.11g)
• This doesn’t mean that 802.11b equipment will
be able to use 802.11i security; it just means
that 802.11b and 802.11i equipment can be
used in the same network
– Not available yet
© 2004 ABACUS
To return to ABACUS
September 2004 Links
Page
>>>Click here<<<