Transcript Wireless Security Issues

Wireless Security Issues
Implementing a wireless LAN
without compromising your network
Marshall Breeding
Director for Innovative Technologies and Research
Vanderbilt University
http://staffweb.library.vanderbilt.edu/breeding
http://www.librarytechnology.org
Security concerns





Eavesdropping a major concern
Unprotected wireless access points are an easy
of entry for mobile hackers
Many rogue Wireless LANS were put up in
corporate networks without IT support or
adequate security
War Driving / War Chalking
Some war driving / freeloading happens in
residential settings
Positioning your wireless
network


Libraries should already have a network
security architecture that separates public
access computing from the business
network
Adding a wireless LAN is easy when the
library already has a solid security
environment in place
Encryption necessary to ensure
security




Sensitive data must be encrypted when
transmitted across any untrusted network
Most Encryption algorithms uses a secure
key to encode the data and decode it after
transmission
The longer the key, the more difficult it is
to use brute force to decrypt the message
WEP uses 40, 64, or 128 (WEP2) bit keys
Wired Equivalency Privacy








Optional Encryption scheme part of the 802.11b
specification
RC4 encryption
Single key encrypts all traffic
No system for key management
Hackers can easily recover the key
WEP often not enabled
WEP can be defeated by sophisticated hackers
Provides a barrier to most potential intruders
Wireless Hacking tools


At least two open source tools are
available for recovering 802.11 WEP
keys:
WEPCrack
http://wepcrack.sourceforge.net/

AirSnort
http://airsnort.shmoo.com/
802.11i





Security Standard for the 802.11 arena
Includes WPA and RSN (Robust Security
Network)
Relies on 802.1x specification for portbased user and device authentication
Ratified June 2004
Marketed as WPA2
WPA





Wi-Fi Protected Access
Enhanced security over WEP
TKIP
Available now
Backwardly compatible with WEP –
requires only a firmware upgrade.
Temporal Key Integrity
Protocol (TKIP)






128 bit encryption keys
Each packet encrypted with a different key based
on a 48-bit serial number, incremented with each
use.
Avoids replay attacks
Relies on a base key with is generated when a
device associates with the base station
Ideally unique base keys transmitted during
802.1x authentication
Pre-shared keys used otherwise
WPA2






WPA + AES = WPA2
Advanced Encryption Standard instead of
TKIP
Stronger encryption algorithm
Not guaranteed to be backwardly
compatible with existing WEP equipment
Personal version uses pre-shared key
Enterprise version uses 802.1X
authentication through RADIUS server.
WPA/802.1x Diagram


See:
http://www.infoworld.com/infoworld/
img/20FEwifi_in-x.gif
Wi-Fi Security Services




SecureMyWiFi (http://www.witopia.net/)
RADIUS authentication and security key
distribution service
Operates with AP’s that support WPAEnterprise or WPA2-Enterprise
$29 annual fee
Virtual Private Networks (VPN)




A technology that offers strong security
Common approach for remote users that rely on
accessing organizational resources through the
Internet
Applicable to wireless users on premises
Enhances security / adds inconvenience.
WEP Security
VPN Security
Conclusions



Solutions are available that provide solid
security for wireless networks
Trade-off between convenience and
security.
Open wireless networks can be operated
without jeopardizing the library’s business
network