Transcript very

Making Wireless Networks
Secure
Computerworld
30 Nov 2004
Mark Vos
PwC
Agenda
Intro
• The Future Of Wireless
• Security Concerns
• Risk Management Approach
Session 1
• Key Design and development initiatives
Session 2
• Live Demonstration
PwC
2
Future of Wireless
Technology
Most hardware based on 802.11b protocol (802.11g fast replacing “b”), but there are
others (eg 802.11a)
Uses Direct Sequence Spread Spectrum (DSSS) modulation at unlicensed 2.4 GHz band
(i.e., same band as cordless phones, microwaves, other unlicensed use)
Ethernet-to-wireless bridge (i.e., transmits all protocols, not just IP)
Speed between 1 and 11 Mbps based on distance (“g” up to 54 Mbps)
Features
Plug-and-play
• DHCP client (LAN port)
• DHCP server (wireless port)
Support for most operating systems and form factors
Inexpensive and visually appealing (it is OK to have one at home)
Pervasive (Dick Smith / Harvey Norman sell them)
Convergence of VoIP and Wireless
PwC
3
Some thoughts on wireless Tagging (RFID)
Value proposition
E-tags require no line of sight to be interrogated. They can be read through nonmetallic
substances, paint, grease or other obscuring materials. They do not require surfaces
with smooth flat contours.
Can support a longer read range than bar codes
Can store more data than bar codes and data can be updated
Commercial viability
Already significant RFID usage in healthcare in US and Europe. Used to tag anything
from patients to equipment to medicines.
Passive RFID tags are forecast to exceed 800 million in 2004 (Gartner T-15-0102)
Privacy considerations
Small size makes RFID tags difficult to see
May be used to monitor, track, and control individuals without their consent
PwC
4
Security Concerns
Corporate
Unauthorised APs with default settings on trusted part of the network
Anybody can join Open networks
Wireless sniffing (very easy) and weak WEP encryption
All traditional hacker attacks work
Business travelers and home users
Joining Open networks (possibly involuntary) while connected over VPN
Lack of personal firewalls or IDS (no longer behind corporate firewall)
Weak default settings for home network (no WEP)
Insecure computers due to OS (e.g., Windows 98) or physical access (kids can use
computer and add hardware and software)
Possible regulatory violations related to Privacy and Security
Availability and Quality-of-Service (2.4 GHz band open to public)
Network management headaches due to DHCP and NAT
PwC
5
War Driving
War Driving is the term attached to finding rogue AP’s. All that is needed is a network card,
laptop, and an antenna.
Default and unprotected networks are often discovered.
One War Driving excursion through Sydney found 500+ networks, with less then half secured.
Do you know how many access points are on your network ?
PwC
6
Risk Management Approach
Threats
X
Vulnerabilities
=
Likelihood
X
=
Risk
Impact
PwC
7
Key Design / Deployment Initiatives
Education
Home users
Business travelers
Design and deployment
Policies and procedures must address technology
Determine application requirements
Review the size, location, and staffing level of the area to be covered
Physical access – locate APs away from windows, outside walls, etc.
Enforce higher network speed – higher speed means shorter distance
Treat wireless LANs as untrusted and use traditional Internet technologies to secure
•
Network segmentation
•
Firewalls and Intrusion Detection, including for laptops
•
VPN for sensitive applications
Verify use of secure encryption (WEP, WPA, WPA-PSK, WPA2, 802.11i)
Use of 802.11a
PwC
8
Key Design / Deployment Initiatives
Enforcement and audit
Identify all networks on all channels; investigate all unauthorized Access Points
Verify Open vs. Closed network
Verify use of secure encryption
PwC
9
802.11 Tools
Net Stumbler
Software that can find and identify wireless access points and level of encryption in use.
Commonly used in War Driving to discover unauthorized access points
Airsnort
Software that can break WEP traffic while sniffing the network.
The WEP algorithm was cracked by Rice intern at AT&T
PwC
10
Network Stumbler – Live Demo
PwC
11
Summary - Top 5 Mitigation Steps
1. Balance risk against cost of mitigation
2. Policies & Procedures must address technology
3. Determine business / application requirements
4. Treat wireless LAN’s as untrusted
5. Adopt the defense-in-depth principle
PwC
12