Wireless Security
Download
Report
Transcript Wireless Security
Ch. 8 – Security
This presentation was originally created by Prof. Rick
Graziani. Few Modifications were made by Prof. Yousif
Overview
• The goals of network security are to maintain integrity, protect
•
•
•
•
confidentiality, and ensure availability.
The exponential growth of networking, including wireless technologies,
has lead to increased security risks.
Many of these risks are due to hacking, as well as improper uses of
network resources.
The specific weaknesses and vulnerabilities of WLANs will be covered.
Security configuration for APs, bridges, and clients will be shown and
explained.
Security Fundamentals
What is security?
• Security usually refers to ensuring that users can perform only the
tasks that they are authorized to do and can obtain only the information
that they are authorized to have.
WLAN vulnerabilities
CommView
DriftNet
• WLANs are vulnerable to specialized attacks.
• Many of these attacks exploit technology weaknesses since 802.11
•
•
WLAN security is relatively new.
There are also many configuration weaknesses since some companies
are not using the security features of WLANs on all their equipment.
Many devices are shipped with default administrator passwords.
WLAN threats
•
There are four primary classes of threats to wireless security:
1. Unstructured threats - individuals using easily available hacking tools
2. Structured threats - Hackers who are more highly motivated and
technically competent. These people know wireless system
vulnerabilities, and they can understand and develop exploit-code,
scripts, and programs.
3. External threats - They work their way into a network mainly from
outside the building such as parking lots, adjacent buildings or common
areas.
4. Internal threats - internal access and misuse account for 60 to 80
percent of reported incidents.
Security Fundamentals
•
Wireless attack methods can be broken up into three
categories:
1. Reconnaissance
2. Access attack
3. Denial of Service (DoS)
Reconnaissance
• Reconnaissance is the unauthorized discovery and mapping of
•
•
•
systems, services, or vulnerabilities.
– Not usually illegal, but is illegal in some countries.
It is also known as information gathering and it usually precedes an
actual access or DoS attack.
Reconnaissance is similar to a thief scouting a neighborhood for
unsecure homes.
Wireless reconnaissance is often called wardriving.
Reconnaissance - Wardriving Maps
Stumbler Code of Ethics v0.2
• http://www.worldwidewardrive.org/
• By Renderman
•
•
•
•
•
[email protected]
These are by no means rules that must be followed, but they are a
collection of suggestions for safe, ethical, and legal stumbling. I
encourage you to follow them and to inform others of them to help keep
this hobby safe and legal.
1. Do Not Connect!!:
At no time should you ever connect to any AP's that are not your own.
Disable client managers and TCP/IP stacks to be sure. Simply
associating can be interpreted as computer trespass by law
enforcement.
2. Obey traffic laws:
It's your community too, the traffic laws are there for everyone's safety
including your own. Doing doughnuts at 3am gets unwanted attention
from the authorities anyways.
Stumbler Code of Ethics v0.2
• 3. Obey private property and no-trespassing signs:
• Don't trespass in order to scan an area. That's what the directional
•
•
•
•
•
•
antenna is for :) You wouldn't want people trespassing on your property
would you?
4. Don't use your data for personal gain:
Share the data with like-minded people, show it to people who can
change things for the better, use it for education but don't try and make
any money or status off your data. It's just wrong to expect these
people to reward you for pointing out their own stupidity.
5. Be like the hiker motto of 'take only pictures, leave only footprints':
Detecting SSID's and moving on is legal, anything else is irresponsible
to yourself and your community.
6. Speak intelligently to others:
When telling others about wardriving and wireless security, don't get
sensationalistic. Horror stories and FUD are not very helpful to the
acceptance of wardrivers. Speak factually and carefully, Point out
problems, but also point out solutions, especially how we are not the
problem because we don't connect.
Stumbler Code of Ethics v0.2
• 7. If/When speaking to media, remember you are representing the
•
•
community:
Your words reflect on our entire hobby and the rest of us. Do not do
anything illegal no matter how much they ask. They may get pissed off,
but at least you have demonstrated the integrity that this hobby
requires.
This document is merely a set of suggestions for the Wardriving
community, assembled over time from the Wardriving community. This
is a living document so it will be updated from time to time.
Suggestions and comments should be sent to [email protected].
Feel free to copy, just make sure to leave the credits intact and a link
back to the original if possible.
Reconnaissance
• Commercial wireless protocol analyzers like AiroPeek (by
•
•
•
WildPackets), AirMagnet, or Sniffer Wireless can be used to
eavesdrop on WLANs.
Free protocol analyzers like Ethereal or tcpdump fully support
wireless eavesdropping under Linux.
Utilities used to scan for wireless networks can be active or passive.
Passive tools, like Kismet, transmit no information while they are
detecting wireless networks.
Access
AirSnort
• System access, in this context, is the ability for an unauthorized
•
•
intruder to gain access to a device for which the intruder does not have
an account or password.
Entering or accessing systems to which one does not have authorized
access usually involves running a hack script or tool that exploits a
known vulnerability of the system or application being attacked.
Includes
– Exploitation of weak or non-existent passwords
– Exploitation of services such as HTTP, FTP, SNMP, CDP, and
Telnet.
Access - Rogue AP Attack
• Most clients will associate to the access point with the strongest signal.
•
•
If an unauthorized AP, which is generally a rogue AP, has a strong
signal, clients will associate to the rogue AP.
The rogue AP will have access to the network traffic of all associated
clients.
The rogue AP can also use ARP and IP spoofing to trick clients into
sending passwords and sensitive information.
CiscoWorks WLSE detects Rogue APs
Access - Wired Equivalent Privacy (WEP)
Attacks
AirSnort
• Attacks against WEP include Bit Flipping, Replay Attacks, and Weak IV
•
•
collection.
Many WEP attacks have not been released from the laboratory, but
they are well documented.
One utility, called AirSnort, captures weak Initialization Vectors to
determine the WEP key being used.
Denial of service (DoS)
• DoS is when an attacker disables or corrupts wireless networks,
•
•
systems, or services, with the intent of denying the service to
authorized users.
DoS attacks take many forms.
In most cases, performing the attack simply involves running a hack,
script, or tool.
• One utility, called Wlan Jack, sends fake disassociation packets, which
disconnect 802.11 clients from the access point.
Basic WLAN Security
Technologies
The WLAN security wheel
• An effective wireless security policy works to ensure that the network
•
•
assets of the organization are protected from sabotage and from
inappropriate access, which includes both intentional and accidental
access.
All wireless security features should be configured in compliance with
the security policy of the organization.
If a security policy is not present, or if the policy is out of date, the
policy should be created or updated before deciding how to configure
or deploy wireless devices.
First generation wireless security
• Many WLANs used the Service Set Identifier (SSID) as a basic form of
•
•
security.
Some WLANs controlled access by entering the media access control
(MAC) address of each client into the wireless access points.
Neither option was secure, since wireless sniffing could reveal both
valid MAC addresses and the SSID.
AP: "Allow any SSID"
• Most access points have options like "SSID broadcast" and "Allow any
•
•
•
•
•
SSID".
These features are usually enabled by default and make it easy to set
up a wireless network.
The "Allow any SSID" option permits the access point to allow access
to a client with a blank SSID.
The "SSID broadcast" sends beacon packets that advertise the SSID.
Disabling these two options does not secure the network, since a
wireless sniffer can easily capture a valid SSID from normal WLAN
traffic.
SSIDs should not be considered a security feature.
AP: "Allow any SSID"
No Client SSID,
but Associated!
AP Default
Set Guest Mode SSID
• If you want the access point to allow associations from client devices that
do not specify an SSID in their configurations, you can set up a guest
SSID.
• The access point includes the guest SSID in its beacon.
• By default, the access point's default SSID, tsunami, is set to guest mode.
• However, to keep your network secure, you should disable the guest mode
SSID on most access points.
AP: “Do NOT allow any SSID"
No Client SSID,
NOT Associated!
Changed to NONE
• Setting the Guest Mode SSID to NONE, will not allow clients that do
•
•
•
not have and SSID to be able to associate.
Remember, it’s not difficult for someone to get the SSID, so this should
not be a security measure.
The next step should be configuring WEP, WPA, or some other
authentication/encryption on your AP.
You cannot have the same SSID set as Guest Mode and
authentication/encryption.
Wired equivalent privacy (WEP)
AP
128 bit WEP is sometimes
referred to, and more
accurately, as 104 bit WEP.
ACU
Also, be sure Transmit Key
numbers match, I.e. Key 1 on
the both AP and ACU.
• The IEEE 802.11 standard includes WEP to protect authorized users of
•
•
•
•
a WLAN from casual eavesdropping.
The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP
could be exported and used worldwide.
Most vendors have extended WEP to 128 bits or more.
When using WEP, both the wireless client and the access point must
have a matching WEP key.
WEP is based upon an existing and familiar encryption type, Rivest
Cipher 4 (RC4).
Authentication and association
Probe
process
Authentication
process
Successful
Authentication
State 1
Unauthenticated
Unassociated
Association
process
Successful
Association
State 2
Authenticated
Unassociated
Deauthentication
State 3
Authenticated
Associated
Disassociation
• Open Authentication and Shared Key Authentication are the two
•
•
methods that the 802.11 standard defines for clients to connect to an
access point.
The association process can be broken down into three elements
known as probe, authentication, and association.
This section will explain both authentication methods.
Open Authentication
•
Open Authentication is basically a null authentication,
which means there is no verification of the user or
machine.
Authentication Process (Review)
• On a wired network, authentication is implicitly provided by the physical
•
•
cable from the PC to the switch.
Authentication is the process to ensure that stations attempting to
associate with the network (AP) are allowed to do so.
802.11 specifies two types of authentication:
– Open-system
– Shared-key (makes use of WEP)
Authentication Process – Open-System
(Review)
• Open-system authentication is really “no authentication”.
• Open-system authentication is the only method required by 802.11
•
– You could buy an AP that doesn’t support Shared-key
The client and the station exchange authentication frames.
Authentication Process – Open-System (Review)
Frame Control omitted in this Authentication Response
• The client:
•
– Sets the Authentication Algorithm Number to 0 (open-system)
– Set Authentication Transaction Sequence Number to 1
The AP:
– Sets the Authentication Algorithm Number to 0 (open-system)
– Set Authentication Transaction Sequence Number to 2
– Status Code set to 0 (Successful)
Open Authentication
• Typical Open Authentication on
both AP and Client with No WEP
keys
Open Authentication and WEP
• Remember there are three steps to Association:
•
•
•
– Probe
– Authentication
– Association
A client can associate with an AP, but use WEP to send the encrypted
data packets.
Authentication and data encryption are two different things.
– Authentication – Is the client allowed to associate with this AP?
– Encryption – Encrypts the data (payload) and ICV (Integrity Check
Value) fields of the 802.11 MAC, not the other fields.
So a client could Associate with the AP, using Open Authentication
(basically no authentication), but use WEP to encrypt the data frames
sent after its associated.
Open Authentication and WEP
Associated but data
cannot be sent or
received, since it
cannot be
unencrypted.
•
•
•
•
In some configurations, a client can associate to the access point with an
incorrect WEP key or even no WEP key.
– The AP must be configured to allow this (coming).
A client with the wrong WEP key will be unable to send or receive data, since
the packet payload will be encrypted.
Keep in mind that the header is not encrypted by WEP.
Only the payload or data is encrypted.
Open Authentication - Optional WEP
Encryption (AP)
•
•
•
802.11 allows client to associate with AP.
Cisco AP must have WEP Encryption set to Optional
Association successful with any of these options on the client:
– Matching WEP key
– Non-matching WEP key
– No WEP key
Authentication Process – Shared-Key
• Shared key requires the client and the access point to have the same
•
•
•
WEP key.
An access point using Shared Key Authentication sends a challenge
text packet to the client.
If the client has the wrong key or no key, it will fail this portion of the
authentication process.
The client will not be allowed to associate to the AP.
Authentication Process – Shared-Key
(Review)
• Shared-key authentication uses WEP (Wired Equivalent Privacy) and
•
can only be used on products that support WEP.
802.11 requires any stations that support WEP to also support sharedkey authentication.
Authentication Process – Shared-Key
(Review)
Shared-key =
RadiaPerlman
Shared-key =
RadiaPerlman
Authentication Request with
Challenge Text
Authentication Response with
Status Code
• WEP is an encryption algorithm, not a method of authentication.
• Shared-key authentication makes use of WEP, and therefore can only
•
•
be used on APs and clients that implement WEP.
However, 802.11 requires that any stations implementing WEP also
implement shared key authentication.
Shared-key authentication requires that a shared key be distributed to
stations before attempting authentication.
Authentication Process – Shared-Key
(Review)
•
•
•
•
The client:
– Sets the Authentication Algorithm Number to 1 (shared-key)
– Set Authentication Transaction Sequence Number to 1
The AP:
– Sets the Authentication Algorithm Number to 1 (shared-key)
– Set Authentication Transaction Sequence Number to 2
– Status Code set to 0 (Successful)
– Challenge Text (later)
The client:
– Sets the Authentication Algorithm Number to 1 (shared-key)
– Set Authentication Transaction Sequence Number to 3
– Challenge Text (later)
The AP:
– Sets the Authentication Algorithm Number to 1 (shared-key)
– Set Authentication Transaction Sequence Number to 4
– Status Code set to 0 (Successful)
Authentication Process
or
•
Authentication
– Open-System
– Shared-Key (WEP)
•
Encryption
– None
– WEP
only
Authentication Process – Shared-Key
?
next
Access Point
Authentication
•
•
•
•
Open Authentication—Allows your client adapter, regardless of its WEP
settings, to authenticate and attempt to communicate with an access point.
Open Authentication is the default setting.
Shared Key Authentication—Allows your client adapter to communicate only
with access points that have the same WEP key. This option is available only if
Use Static WEP Keys is selected.
In shared key authentication, the access point sends a known unencrypted
"challenge packet" to the client adapter, which encrypts the packet and sends it
back to the access point. The access point attempts to decrypt the encrypted
packet and sends an authentication response packet indicating the success or
failure of the decryption back to the client adapter. If the packet is successfully
encrypted/decrypted, the user is considered to be authenticated.
Note Cisco recommends that shared key authentication not be used
because it presents a security risk.
Encryption Modes
• Indicates whether clients should use data encryption when
•
•
•
•
communicating with the device. The three options are:
None - The device communicates only with client devices that are not
using WEP.
WEP Encryption - Choose Optional or Mandatory.
If optional, client devices can communicate with this access point or
bridge with or without WEP.
If mandatory, client devices must use WEP when communicating with
the access point. Devices not using WEP are not allowed to
communicate. WEP (Wired Equivalent Privacy) is an 802.11 standard
encryption algorithm originally designed to provide with a level of
privacy experienced on a wired LAN. The standard defines WEP base
keys of size 40 bits or 104 bits.
In Summary
•
•
Client
– Use Open Authentication on the client (does not use WEP, challenge
transaction, during authentication).
– Use WEP for Data Encryption.
AP
– Use Open Authentication
– Use Mandatory WEP Encryption, Devices not using WEP are not allowed
to communicate.
Wi-Fi WPA Presentation
Wi-Fi WPA
Presentation
http://www.wifialliance.org/
opensection/protected_access
.asp
•
•
Welcome to the Wi-Fi Protected Access (WPA) Security Web page. Here you will find all
the latest updates on WPA and the Wi-Fi Alliance's wireless LAN security improvements.
A 60-minute Web cast regarding WPA and the Wi-Fi Alliance's response to the need for
improved WLAN security was held on June 11, 2003. The Web cast included a 40-minute
presentation titled "Wi-Fi Protected Access: Locking Down the Link," in which
Michael Disabato (Senior Analyst, Burton Group) reviewed the features and benefits of
WPA, highlighted wired equivalent privacy (WEP) weaknesses, discussed wireless LAN
implementation issues, reviewed the second phase of WPA (WPA2) and provided WLAN
security recommendations. Mr. Disabato's presentation was followed by a 20-minute
question and answer session that included several of the industry's most knowledgable
WLAN security experts.
Secure 802.11 WLANs
Thanks to Pejman Roshan and Jonathan
Leary at Cisco Systems, authors of 802.11
Wireless LAN Fundamentals for allowing me
to use their graphics and examples for this
part of the presentation.
Secure 802.11 WLANs
•
•
•
•
•
WLAN industry recognized the vulnerabilities of 802.11
authentication and data privacy.
Changes are being incorporated into the 802.11i draft
standard.
To date, 802.11i draft has not been passed as a standard.
(Due May 2004)
Wi-Fi Alliance has put together a subset of the components
of 802.11i called Wi-Fi Protected Access (WPA).
This part of the presentation explains 802.11i and WPA.
Secure 802.11 WLANs
•
•
Many mistakenly believe WEP to be the only component to WLAN
security.
Wireless security consists of four facets:
1. The Authentication Framework – The mechanism that
accommodates the authentication algorithm by securely
communicating messages between the client, AP, and
authentication Server.
2. The Authentication Algorithm – Algorithm that validates the
user credentials.
3. The Date Privacy Algorithm – Algorithm that provides data
privacy across the wireless medium for data frames.
4. The Date Integrity Algorithm – Algorithm that provides data
integrity across the wireless medium to ensure to the receiver that
the data frame was not tampered with.
1. The Authentication Framework
• The authentication framework in 802.11 is the 802.11 authentication
•
management frame.
The authentication frame facilitates Open and Shared Key
authentication algorithms, yet the frame itself does not possess the
ability to authenticate the client.
1. The Authentication Framework
•
802.11 is missing some key components:
– Centralized, user-based authentication
– Dynamic encryption keys
– Encryption key management
– Mutual Authentication
1. The Authentication Framework
Centralized, user-based authentication
• Critical for network security
• Device-based authentication such as Open or Shared
Key, does not prevent unauthorized users from using
authorized devices.
• Logistical issues as network administrators must rekey all
802.11 APs and clients if:
– Lost or stolen devices
– Employee termination
• Centralized, user-based management via authentication,
authorization, and accounting (AAA) server, such as
RADIUS, lets you allow or disallow specific users,
regardless of the specific devices they use.
1. The Authentication Framework
Dynamic encryption keys
• User-based authentication has a positive side effect: userspecific encryption keys.
• Per-user, dynamic keys relieve the network administrator
from having to statically manage keys.
• Encryption keys are dynamically derived and discarded as
the user authenticates and disconnects from the network.
Encryption key management
• Should the need to remove a user from the network, you
only need to disable her account to prevent her access.
1. The Authentication Framework
Mutual Authentication
• Mutual authentication is two-way authentication.
• Not only does the network authenticate the client, but the
client also authenticates the network.
• In Open and Shared Key authentication, the AP or network
authenticates the client.
• The client does not know for sure that the AP or network is
valid because no mechanism is defined in 802.11 to allow
the client to authenticate the network.
• A rogue AP or client posing as a valid AP can subvert the
data on the client’s machine.
1. The Authentication
Framework
802.11i
802.1X (EAP)
WPA is a
subset
• User-based
authentication
• Mutual
authentication
• Dynamic Key
Generation
• IEEE has addressed the shortcomings of 802.11 authentication by
•
•
•
•
incorporating 802.1X authentication framework.
802.1X itself is an IEEE standard that provides all 802 link layer
topologies with extensible authentication, normally seen in higher layers.
802.1X is based on a Point-to-Point (PPP) authentication framework
known as Extensible Authentication Protocol (EAP).
In oversimplified terms, 802.1X encapsulates EAP messages for use at
Layer 2.
802.11i incorporates the 802.1X authentication framework requiring its
use for user-based authentication.
1. The Authentication Framework
802.1X
Differing environments
EAP-Cisco
EAP-TLS
EAP-PEAP
802.5
Any EAP-compliant
authentication type
Authen.
Framework
802.1X/EAP
802.3
Authen.
Method
802.11
Access
Mechanism
• EAP (RFC 2284) and 802.1X do not mandate the use of any specific
•
•
•
authentication algorithm.
Network administrator can use any EAP-compliant authentication type
for either 802.1X or EAP authentication.
The only requirement is that both the 802.11 client (known as the
supplicant) and the authentication server support the EAP
authentication algorithm.
This open and extensible architecture lets you use one authentication
framework in differing environments, each environment may use a
different authentication type.
1. The Authentication Framework
Differing environments
EAP-Cisco
EAP-TLS
EAP-PEAP
802.5
Any EAP-compliant
authentication type
Authen.
Framework
802.1X/EAP
802.3
Authen.
Method
802.11
Access
Mechanism
• EAP-PEAP – Operates similar to Secure Sockets (SSL) at the link
•
•
layer.
– Mutual authentication is accomplished via server-side digital
certificates used to create a SSL tunnel for the client to securely
authenticate to the network.
EAP-MD5 – Similar to Challenge Handshake Authentication Protocol
(CHAP), provides a password based, one way hash algorithm.
EAP-Cisco – Also known a s LEAP, First EAP type defined for WLANs,
is a password-based mutually authenticating algorithm.
1. The Authentication Framework
•
802.1X requires three entities
– Supplicant – Resides on WLAN client
– Authenticator – Resides on AP
– Authentication Server – Resides on RADIUS server
2. The Authentication Algorithm
• 802.11i and WPA provide a mechanism for authentication algorithms to
•
communicate between client, AP, and the authentication server, via the
802.1X authentication framework.
Neither 802.11i nor WPA mandate the use of a specific authentication
algorithm, but both recommend the use of an algorithm that supports:
– mutual authentication
– dynamic encryption key generation
– user-based authentication.
EAP Authentication Process
3. Data Privacy
• The encryption vulnerabilities in WEP present 802.11 vendors and the
•
•
IEEE with a predicament:
– How can you fix 802.11 encryption without requiring a complete
replacement of AP hardware or client NICs?
The IEEE answered this question with Temporal Key Integrity
Protocol (TKIP) as part of 802.11i (and WPA).
TKIP uses many key functions of WEP to maintain client investment of
existing 802.11 equipment and infrastructure, but fixes several of the
vlnerabilities to provide effect data-frame encryption.
3. Data Privacy
• The key enhancements with TKIP are:
•
•
– Per-frame keying – The WEP key is quickly changed on a perframe basis.
– Message integrity check (MIC) – A check provides effective dataframe integrity to prevent frame tampering and frame replay.
Solves statistical attacks such as Airsnort and the IV vulnerability. (FYI
– To be included at a later date.)
Changes WEP key used between client and AP before an attacker can
collect enough frames to derive key bytes.
3. Data
Privacy
• The IEEE has adopted a scheme known as per-frame keying (also
•
•
•
known as per-packet keying or fast packet keying).
The premise behind per-frame keying is that the IV, the transmitter
MAC address, and the WEP key are processed together via a twophase mixing function.
The output of the function matches the standard 104-bit WEP key and
24-bit IV.
IEEE is also proposing that the 24-bit IV be increased to a 48-bit IV.
4. Data Integrity
Data Integrity
• The MIC is a feature used to augment the ineffective Integrity Check
Value (ICV) of 802.11 standard. (More to be added on this at a later
date.)
• The MIC solves vulnerabilities such as the frame tampering/bit flipping
attacks (to be added later).
• The IEEE has proposed a specific algorithm, Michael, to augment the
ICV function in the encryption of 802.11 data frames.
• The MIC is a unique key that differs from the key used to encrypt data
frames.
• This unique key is mixed with the destination MAC address and the
source MAC address from the frame as well as the entire unencrypted
data payload of the frame.
AES
• WEP encryption and 802.11 authentication are known to be weak.
• IEEE and WPA are enhancing WEP with TKIP and providing robust
•
•
•
•
•
authentication options with 802.1Z to make 802.11 based WLANs more
secure.
At the same time, IEEE is also looking to stronger encryption
mechanisms.
IEEE has adopted AES to the data-privacy section of the proposed
802.11i standard.
WPA does not include support for AES encryption.
Later versions of WPA are likely to be released to align with 802.11i for
interoperable AES encryption support.
AES is the next generation encryption function approved by the
National Institute of Standards and Technology (NIST).
Configuring Basic WLAN
Security
Basic WLAN security - Physical Access
•
•
•
•
•
•
Most wireless access points are easily accessible.
They are usually located near users and outside of locked rooms.
This puts wireless access points at special risk for theft and for compromise by
malicious users.
Network monitoring can be used to determine when an access point goes off.
Proper procedures will need to be followed to determine what happened to the
equipment.
Almost all wireless vendors publish the methods of resetting an access point
using reset buttons or the console port.
Basic WLAN security - Console
• Administrator accounts and privileges should be setup properly.
• The console port should be password protected. Choose a secure
password
Basic WLAN security - SSH
• Telnet is an insecure, unencrypted protocol.
• If at all possible, secure shell (SSH) should be used for all Command
•
•
•
•
Line Interface (CLI) functions.
Telnet and SSH should be password protected.
For maximum security, disable Telnet and use only SSH.
A SSH client is required on the management PC or workstation in order
to connect to an AP running SSH.
Several freeware programs are available such as PuTTY, Teraterm
SSH, and SecureNetTerm.
Enabling protocol and MAC filters on APs
•
•
•
•
Filtering can provide an additional layer of wireless security.
Filters can be created to filter a protocol or IP port.
Protocol filters prevent or allow the use of specific protocols through the access
point.
Individual protocol filters can be setup and enabled for one or more VLANs. MAC,
Ethertype and IP filters can be used to filter wireless client devices, users on the
wired LAN, or both
Securing clients and APs
• WEP should be enabled when possible (unless stronger
•
authentication/encryption is available).
No matter which type of authentication is used, the WEP keys entered
on the client and the access point must match.
Open and Authentication
Associated
Open Auth.
No WEP Key
Open Auth.
No WEP Key
Associated
Open Auth.
No WEP Key
Open Auth.
WEP = 1234
Associated
Open Auth.
WEP = 4321
Open Auth.
WEP = 1234
Associated
Open Auth.
WEP = 1234
•
See previous slides for examples.
Open Auth.
WEP = 1234
Event Log
Event Log
Event Log
Disable unneeded services
• It is important to disable or secure all unneeded services.
• If Cisco discovery protocol (CDP), domain name service (DNS),
network time protocol (NTP), hypertext transfer protocol (HTTP), TFTP,
SNMP, or Telnet are not used in the network, they should be disabled.
Enterprise WLAN
Authentication
We will not discuss all of the details in this module, but I
do suggest several resources if you are interested.
Second generation authentication
• Network designers and security experts realize that just fixing the
•
•
•
•
•
•
•
weaknesses of WEP is not enough.
Organizations must decide how much security is required and include
this in the wireless security policy.
Some networks will rely on existing VPN solutions to provide additional
security.
Other networks will implement the access control and fixes to WEP,
which are included in Wi-Fi Protected Access (WPA).
WPA uses elements of 802.11i, a longer-term standardized security
solution, to secure WLANs.
WPA is also called Simple Secure Networking (SSN).
Some network administrators may decide to wait for 802.11i before
deploying WLANs.
The next few sections will discuss what is wrong with WEP security
and what is missing.
IEEE 802.11i
• To provide users with a secure WLAN solution that is scalable and
•
•
manageable, IEEE are creating a new 802.11i standard.
To date the 802.11i draft has not been passed as a standard.
The Wi-Fi Alliance has put together a subset of the components of
802.11i called Wi-Fi Protected Access (WPA).
WPA and
802.11x
•
•
•
•
•
•
•
WPA allows user authentication through the IEEE 802.1x protocol.
802.1X is a recently completed standard for controlling entry to both wired and
wireless LANs.
802.1X is an authentication framework.
802.1X provides all 802 link layer technologies extensible authentication.
802.1X is based on a PPP authentication framework known as Extensible
Authentication Protocol (EAP), RFC 2284.
802.1X encapsulates EAP messages for use at Layer 2 (overly simplified).
802.11i incorporates 802.1X authentication framework.
802.1X
EAP-Cisco
EAP-TLS
EAP-PEAP
Authen.
Framework
802.1X/EAP
802.3
802.5
Authen.
Method
802.11
Access
Mechanism
• 802.1X provides mutual authentication.
• Mutual authentication means that the network and the user prove their
•
•
•
identity to each other.
802.1X and EAP do not mandate any specific type of authentication.
The network administrator can use any EAP-compliant authentication
type as long as both the client and authentication server use the same
one.
The 802.11i standard also uses 802.1X and the TKIP enhancements to
WEP
802.1X
• An access point that supports 802.1x and its protocol, Extensible
•
Authentication Protocol (EAP), acts as the interface between a wireless
client and an authentication server such as a Remote Access Dial-In
User Service (RADIUS) server.
The access point communicates with the RADIUS server over the
wired network.
802.1x basics
•
•
•
•
•
•
•
•
•
802.1x requires support on the client, access point, and authentication server.
802.1x uses a RADIUS proxy to authenticate clients on the network.
This proxy device could be a device such as a switch or an access point.
This device operates at the access layer.
The EAP client or supplicant sends authentication credentials to the
authenticator which in turn sends the information to the authentication server.
The authentication server is where the logon request is compared against a
user database to determine if, and at what level, the user may be granted access
to the network resources.
The access point is called the authenticator.
The authentication server is usually a RADIUS or an authentication,
authorization, and accounting (AAA) server.
The authentication server needs to run extra software to understand the
authentication type that is used by the client.
802.1x basics
• Any client that does not have built in 802.1x must use software called a
•
•
supplicant.
The client must have some proof of identity.
Forms of identity include a username and password, digital certificate,
or one-time password (OTP).
EAP Authentication Process
Microsoft’s diagram of EAP
How 802.1x
works
•
•
•
•
•
•
After the client has associated to the access point, the supplicant starts the
process for using EAPOL (EAP over LAN) by asking the user for their logon
and password.
The client responds with their username and password.
Using 802.1x and EAP the supplicant then sends the username and a one-way
hash of the password to the access point.
The access point then encapsulates the request and sends the request to the
RADIUS server.
The RADIUS server then checks the username and password against the
database to determine if the client should be authenticated on the network.
If the client is to be authenticated, the RADIUS server then issues an access
challenge, which is passed to the access point and then sent to the client.
How 802.1x
works
•
•
•
•
•
•
The client sends the EAP response to the access challenge to the RADIUS
server via the access point.
If the client sends the proper response then the RADIUS server sends an
access success message and session WEP key (EAP over Wireless) to the
client via the access point.
The same session WEP key is also sent to the access point in a success
packet.
The client and the access point then begin using session WEP keys.
The WEP key used for multicasts is then sent from the access point to the
client. It is encrypted using the session WEP key.
Upon client log off, the access point returns to the initial state, allowing only
802.1x traffic to pass.
RADIUS Server Manager
•
Can also set up a local Radius server on the AP (lab).
802.1x authentication types
•
Different authentication types are supported when using
802.1x on a WLAN
Choosing an 802.1x type
• Choose a method that fits in with the existing network.
• Choose a method that supports mutual authentication.
• Review the security policy and find out what 802.1x types
•
are compatible.
Finally, look at the clients to be protected and choose the
best way to secure the existing equipment.
WLAN Security:
802.1X Authentication
•
•
Mutual Authentication
•
LEAP
–“Lightweight” EAP
–Nearly all major OS’s supported:
•WinXP/2K/NT/ME/98/95/CE, Linux, Mac, DOS
•
EAP-TLS
–EAP-Transport Layer Security
–Mutual Authentication implementation
–Used in WPA interoperability testing
Radius
Server
PEAP
–“Protected” EAP
–Uses certificates or One Time Passwords (OTP)
–Supported by Cisco, Microsoft, & RSA
–GTC (Cisco) & MSCHAPv2 (Microsoft) versions
AP
Client
EAP
•
•
•
•
Extensible Authentication Protocol (802.1x
authentication)
Provides dynamic WEP keys to user devices.
Dynamic is more secure, since it changes.
Harder for intruders to hack…by the time they have
performed the calculation to learn the key, they key has
changed!
Basic RADIUS Topology
RADIUS can be implemented:
• Locally on an IOS AP
• Up to 50 users
• On a ACS Server
Enterprise Wireless Encryption
We will not discuss all of the details in this module, but I
do suggest several resources if you are interested.
Strengthening WEP
• WPA includes mechanisms from the emerging 802.11i standard for
•
•
improving wireless data encryption.
WPA has TKIP, which uses the same algorithm as WEP, but it
constructs keys in a different way.
See curriculum and other resources for details.
Strengthening
WEP
• TKIP is also called WEP Key hashing and was initially referred to as
•
•
•
•
•
WEP2.
TKIP is a temporary solution that fixes the key reuse problem of WEP.
WEP periodically uses the same key to encrypt data.
The TKIP process begins with a 128-bit temporal key that is shared
among clients and access points.
TKIP combines the temporal key with the client MAC address.
It then adds a relatively large, 16-octet initialization vector to produce
the key that will encrypt the data.
Strengthening WEP
• This procedure ensures that each station uses different key streams to
encrypt the data. WEP Key hashing protects weak Initialization Vectors
(IVs) from being exposed by hashing the IV on a per-packet basis.
Strengthening WEP
•
•
•
•
•
•
TKIP uses RC4 to perform the encryption, which is the
same as WEP.
A major difference from WEP, however, is that TKIP
changes temporal keys every 10,000 packets.
This provides a dynamic distribution method, which
significantly enhances the security of the network.
An advantage of using TKIP is that companies having
existing WEP-based access points and radio NICs can
upgrade to TKIP through relatively simple firmware
patches.
In addition, WEP-only equipment will still interoperate with
TKIP-enabled devices using WEP. TKIP is only a
temporary solution.
Most experts believe that stronger encryption is still
needed.
Message integrity check
• Stronger WEP keys are provided by TKIP enhancements such as MIC.
•
•
•
•
MIC prevents bit-flip attacks on encrypted packets.
During a bit-flip attack, an intruder intercepts an encrypted message,
alters it slightly, and retransmits it.
The receiver accepts the retransmitted message as legitimate.
The client adapter driver and firmware must support MIC functionality,
and MIC must be enabled on the access point.
TKIP enhancements, such as MIC and WEP Key hashing, can be
enabled by using static WEP keys. They do not need a RADIUS server
to function.
Broadcast key
rotation (BKR)
•
•
•
•
•
•
•
•
•
•
•
•
The Broadcast Key Rotation (BKR) feature, is also a TKIP enhancement.
BKR protects the multicast traffic of the access point from being exploited by dynamically
changing the multicast encryption key.
The access point generates broadcast WEP keys by using a seeded pseudorandom
number generator (PRNG).
The access point rotates the broadcast key after a configured broadcast WEP key timer
expires.
This process should generally be in sync with the timeouts configured on the RADIUS
servers for user re-authentication.
Broadcast key rotation is an excellent alternative to WEP key hashing.
This is true if the WLAN supports wireless client devices that are not Cisco devices or
that cannot be upgraded to the latest firmware for Cisco client devices.
It is recommended that broadcast key rotation be enabled when the access point
services an 802.1x exclusive wireless LAN.
It is not necessary to enable broadcast key rotation if WEP key hashing is enabled.
Use of both key rotation and key hashing provides unnecessary protection.
When broadcast key rotation is enabled, only wireless client devices using LEAP or EAPTLS authentication can use the access point.
Client devices using static WEP with open, shared key, or EAP-MD5 authentication
cannot use the access point when broadcast key rotation is enabled.
Second generation encryption
• In addition to the TKIP solution, the 802.11i standard will most likely
•
•
•
•
•
include the Advanced Encryption Standard (AES) protocol.
AES offers much stronger encryption.
In fact, the U.S. Commerce Department National Institute of Standards
and Technology (NIST) organization chose AES to replace the aging
DES.
AES is now a U.S. Federal Information Processing Standard (FIPS),
Publication 197.
It defines a cryptographic algorithm for use by United States
government organizations to protect sensitive, unclassified information.
The Secretary of Commerce approved the adoption of AES as an
official Government standard in May 2002.
Second generation encryption
• One issue is that AES requires a coprocessor or additional hardware to
•
•
•
•
operate.
This means that companies need to replace existing access points and
client NICs to implement AES.
Based on marketing reports, the currently installed base is relatively
small compared to predicted future deployments.
As a result, there will be a very large percentage of new WLAN
implementations that will take advantage of AES when it becomes part
of 802.11.
On the other hand, companies that have already installed WLANs will
need to determine whether it is worth the costs of upgrading for better
security.
Second generation encryption
• AES specifies three key sizes, which are 128, 192, and 256 bits. It
•
•
uses the Rijndael Algorithm.
If someone where to build a machine that could recover a DES key in a
second, then it would take that machine approximately 149 thousandbillion (149 trillion) years to crack a 128-bit AES key.
To put that into perspective, the universe is believed to be less than 20
billion years old.
Using VPNs
• IP Security (IPSec) is a framework of open standards for ensuring
•
•
•
•
•
secure private communication over IP networks.
IPSec Virtual Private Networks (VPNs) use the services defined within
IPSec to ensure confidentiality, integrity, and authenticity of data
communications across networks such as the Internet.
IPSec also has a practical application to secure WLANs.
It does this by overlaying IPSec on top of 802.11 wireless traffic.
When deploying IPSec in a WLAN environment, an IPSec client is
placed on every PC connected to the wireless network.
The user is required to establish an IPSec tunnel and to route any
traffic to the wired network.
VLANs
VLANs
VLANs
VLANs
Spanning tree
• Spanning tree is only needed when using wireless bridges.
• It should remain disabled for access points and repeaters, unless
•
•
•
•
•
special circumstances exist in the network.
The spanning-tree algorithm is used to prevent bridging loops.
The algorithm computes available network paths and closes redundant
paths, so that there is only one path between any pair of LANs on the
network.
Improper spanning tree settings can disable needed connections.
From a security perspective, an attacker may be able to disable ports
in a poorly configured network.
Please review and understand spanning tree information when making
configuration decisions.
WPA
Interoperable, Enterprise-Class Security
Cipher “Suite”
•
•
•
•
Cipher suites are sets of encryption and integrity
algorithms.
Suites provide protection of WEP and allow use of
authenticated key management.
Suites with TKIP provide best security.
Must use a cipher suite to enable:
–WPA – Wi-Fi Protected Access
–CCKM – Cisco Centralized Key Management
Configuring the Suite
•
•
•
•
Create WEP keys
Enable Cipher “Suite” and WEP
Configure Broadcast Key Rotation
Follow the Rules
WEP Key Restrictions
Security Configuration
WEP Restriction
CCKM or WPA key mgt.
No WEP in slot 1
LEAP or EAP
No WEP in slot 4
40-bit WEP
No 128-bit key
128-bit WEP
No 40-bit key
TKIP
No WEP keys
TKIP and 40 or 128 WEP
No WEP in slot 1 and 4
Static WEP w/MIC or CMIC
WEP and slots must match on AP
& client
Keys in slots 2 & 3 overwritten
Broadcast key rotation
Security Levels
Enterprise WLAN Security Evolution
•
TKIP/WPA
–Successor to WEP
–Cisco’s pre-standard TKIP has been shipping since Dec.’01
–Cisco introduced TKIP into 802.11i committee
–802.11i-standardized TKIP part of Wi-Fi Protected Access (WPA)
–WPA software upgrade now available for AP1100 & AP1200
•
AES
–The “Gold Standard” of encryption
–AES is part of 802.11i standard
•- AES will be part of WPA2 standard (expected in 2004)
Matching Client to AP
Matching Client to AP
Matching Client to AP
Matching Client to AP
Matching Client to AP
Matching Client to AP
Additional screen-shots to be
used when this presentation is
completed.
• Wi-Fi Protected Access (WPA)
• Enables Wi-Fi Protected Access (WPA), which adds an extra level of
•
•
•
•
data security to other security protocols.
Because WPA enhances other security protocols, you must also select
and configure a specific network authentication type.
To use WPA, you must also enable WPA on the associated access
point.
Host Based EAP—Authenticates users using host-based EAP
implementations, such as EAP-TLS or EAP-MD5.
For example, you can use host-based EAP with Microsoft Windows XP
• Cisco Compliant TKIP Features - Temporal Key Integrity Protocol
•
(TKIP) is a suite of algorithms surrounding WEP, designed to achieve
the best possible security on legacy hardware build to run WEP.
TKIP adds four new enhancements to WEP:
1. A per-packet key mixing function, to defeat weak key attacks.
2. A new IV sequencing discipline to detect replay attacks.
3. A cryptographic message integrity check (MIC) to detect forgeries
such as bit flipping and altering of packet source and destination.
4. An extension of IV space, to virtually eliminate the need for a rekey.
Message integrity check
•
•
•
•
Enable MIC - MIC prevents attacks on encrypted packets called bit-flip attacks.
During a bit-flip attack, an intruder intercepts an encrypted message, alters it
slightly, and retransmits it, and the receiver accepts the retransmitted message
as legitimate.
The MIC, implemented on both the access point and all associated client
devices, adds a few bytes to each packet to make the packets tamper-proof.
WEP Encryption must be set to Mandatory for MIC to be enabled.
• Enable Per Packet Keying - EAP authentication provides dynamic
•
•
unicast WEP keys for client devices but uses static keys.
With broadcast, or multicast, WEP key rotation enabled, the access
point provides a dynamic broadcast WEP key and changes it at the
interval you select in the Broadcast Key Change Frequency field.
Broadcast key rotation is an excellent alternative to TKIP if your
wireless LAN supports wireless client devices that are not Cisco
devices or that cannot be upgraded to the latest firmware for Cisco
client devices.
•
•
•
AP has WEP (Optional) and host not using WEP.
Associated.
Would not be Associated if WEP was Mandatory.
Authentication Process
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_and_configuration_guide_c
hapter09186a008014868e.html
•
But will it associate?