Wireless and Broadband Net Access and Security

Download Report

Transcript Wireless and Broadband Net Access and Security

Wireless and Broadband Net
Access and Security
Lesson 11
Wireless

IEEE 802.11 working group to define the interface between
wireless clients and their network access points.
802.11a: uses OFDM (Orthogonal Frequency Division
Multiplexing) to deliver up to 54Mbps in the 5GHz ISM band.
(Industrial, scientific, medical – unlicensed part of spectrum)
802.11b: HR-DSSS (High Rate Direct Sequence Spread
Spectrum) to deliver up to 11Mbps in the 2.4GHz band. Actually
appeared before 802.11a.
802.11g: An enhanced version of 802.11b. Uses ODFM but
operates in the 2.4GHz band. In theory can operate up to
54Mbps.
802.11i: Aimed at better security. Wants longer keys than current
WEP.
802.11 Frame Structure
Frame
Address Address Address
Address
Duration
Seq
Data Checksum
Control
1
2
3
4
To From
Version Type Subtype DS DS MF Retry Pwr More W O
Why 4 addresses?
Source and destination system, source and destination base stations
802.11 Frame Structure

Frame Control Field
Protocol Version: allows different versions of protocol to be used in
same cell at the same time
Type: Data, control, or management frame
Subtype: RTS (request to send) or CTS (clear to send)
To/From DS: frame sent to/from intercell distribution system
MF: More fragments to follow
Retry: retransmission of a frame sent earlier
Pwr: power management, put device in/out of sleep state
More: additional frames follow
W: body had been encrypted using WEP
O: sequence of bits with this set must be processed in order.
Wireless Application Protocol
(WAP)
 Designed for systems with
Slow processors
Limited memory
Lower bandwidth
 Much leaner than wired protocols
Make data transactions as compressed as possible
Allow for more dropped packets
WAP vs. wired network
(Security+ Guide to Network Security Fundamentals)
WAP client access to network
Step 1: Client makes a connection with the WAP
gateway and sends a request for the content it wants
using WSP (Wireless Session Protocol)
 Step 2: Gateway converts the request into the HTTP
format and forwards it to the application server.
 Step 3: Application server sends requested content
back to the WAP gateway.
 Step 4: Gateway converts the data using WSP,
compresses it and sends it to the WAP client.
 If the WAP client has enabled the Wireless Transport
Layer Security (WTLS) protocol, data is encrypted.

The “Gap” in WAP
WAP 1.X does not require the use of WTLS. If it is not
enabled, all data is transmitted in the clear.
 Must convert at the gateway from WTLS to TLS. This
means that for a brief moment the data is in the clear
and can be read at the gateway. This is the “Gap in
WAP”.

What is the real security risk of this being exploited?

WAP 2.0 employs TLS (Transport Layer Security) so no
conversion is necessary at the gateway.
Wireless Transport Layer
Security (WTLS)

3 different classes of authentication
Class 1: Does not allow either the client or gateway to
authenticate the other
Class 2: Allows the client to authenticate the gateway
Class 3: Allows both client and gateway to authenticate each
other.

Class 3 ideal but few WAP-enabled devices use it since
it requires a Wireless Identity Module (WIM) – a tamperresistant device that holds digital signatures and has
power to perform encryption for authentication purposes
WTLS Class 2 authentication
Prior to sending a request for a session, the WAP
device sends a request for authentication to the
gateway. The client always initiates this process. The
client can also challenge the gateway again at any time
during the session.
 The gateway sends a copy of its certificate, which
contains the gateway’s public key.
 The device receives the certificate and key and
generates a unique random value for encryption.
 The gateway receives the encrypted value and uses its
own private key to decrypt it. Now both have new
shared key.

Wired Equivalent Privacy (WEP)

The optional security mechanism specified by the
802.11 protocol to provide authentication and
confidentiality in a wireless environment.
Uses RC4 algorithm

Although the IEEE committee recommended that WEP
should be used, it also stated WEP should NOT be
considered adequate security and strongly suggested
other security mechanisms be used (e.g. other
authentication processes)
Weaknesses with WEP

Uses Initialization Vector (IV) and shared key between
users.
Many sites use same shared key for all users, thus any
individual can listen to anybody’s communication – sort of like
ethernet.
IV is only 24 bits and will thus repeat after only a short
period of time. This allows for several types of
cryptographic attacks that utilize different messages
encrypted with the same key.
 RC4 algorithm itself is flawed and can be broken easily.

“War Chalking”
SSID – Service Set
Identifier. Wireless
network names sent
with wireless data
packets to help
devices identify each
other.
SSID – should be
cryptic so as to not
provide valuable data
to potential attackers.
e.g. don’t use “ABC
Consulting Firm” as
a SSID.
Broadband
 Not a clear definition of what it is
Baseband uses a signal pulsed directly on the
transmission medium in the form of high-speed,
square-wave pulses of direct current voltage.
Broadband systems use cable television technology
to divide the transmission medium into frequency
bands or channels. Each broadband channel can be
multiplexed to carry data, voice, or video.
Broadband (cont.)
 The term is used to cover a gamut of alternatives for
handling high-bandwidth traffic.
In the ITU’s definition it is any bandwidth in excess of the
B-ISDN primary rate (25-1200Mbps)
It has become a term used to cover any high-speed
access mechanism.
– ISDN
– Cable
– DSL
– Wireless
ISDN

Integrated Services Digital Network
Probably really should be considered narrowband/baseband
but…it is faster than dial-up.

What’s the reason behind ISDN?
Normal voice lines limited to 4KHz which limits speed of data
transmission
Most signaling is still in-band which is very consuming of
bandwidth
– The little out-of-band signaling that exists runs on lines separate to the
network
Most users have separate voice and data networks/lines
Telephone and data equipment must be separately administered
from the network it runs on
There are several voice, data and digital interface standards.
ISDN (cont.)

ISDN’s goal or vision:
Provide an international standard for voice, data and signaling
Make all transmission circuits end-to-end digital
Adopt a standard out-of-band signaling system
Bring more bandwidth to the desktop

Delivers this with existing copper cables, but requires ISDN
digital-switching equipment
On the plus side, telephone calls can be made a lot faster than
with the current analog equipment.

You will pay extra for the ISDN service (no surprise)
ISDN (cont.)

Requires an ISDN “modem”
Not really a modem. Modems translate digital signals to
analog (and back) so existing POTS can be used.
ISDN “modem” really a terminal adapter
ISDN allows you to use your line for voice calls as well
as data
 Though ISDN is faster than traditional POTS with
modem, it is slower than DSL

Because of this, it isn’t as popular as DSL
ISDN (cont.)
 Most common configurations:
Basic Rate Interface (BRI): 2B+D.
– 2 64Kbps B(bearer) channels for data or voice
– 1 16Kbps D(data) which can also be used for signaling
Primary Rate Interface (PRI): 23B+D or 30B+D
– 23B+D equivalent to 1.544Mbps
– 23 or 30 B channels and 1 D channel
Cable
Cable modems connect you to the Internet via the
coaxial cable (sometimes referred to as the broadband
wire) that is used in your house to deliver Cable TV.
 The coax cable enters a splitter inside your home which
divides the transmission into that which will be sent to
your TV and that which is destined for your computer
through a cable modem.
 The cable modem attaches to an ethernet card inside
the computer. This card is configured the same as any
other network card.

Cable (cont.)
 Computer data is sent along frequencies that lie
between the 100 6MHz frequency bands
carrying TV programming.
 Data Sent as standard IP packets.
 High bandwidth lets you:
Receive at speeds of 3-10 Mbps
Transmit at speeds up to a maximum of 2 Mbps
Cable (cont.)
Cable is a broadcast medium. Everyone connected to
the same distribution hub receives everyone else’s
downloads too.
 Cable companies generally divide each city into
neighborhoods of about 500 homes which will all be on
the same local area network.

If many folks access the system at the same time then
speeds will be slower.

Obvious security implications to it being a broadcast
medium.
Digital Subscriber Line (DSL)
Traditional analog transmissions and voice calls sent
over the POTS use only a small portion of the potential
bandwidth.
 DSL allows users to talk on the telephone and use the
Internet at high speeds simultaneously – over a single
line.
 Several different variations

Asymmetric Digital Subscriber Line (ADSL)
Very high-speed DSL (VDSL)
G-Lite or Universal DSL
Rate adaptive DSL (RADSL)
ADSL
 Asymmetric – more bandwidth is devoted to data
traveling downstream (to your machine) than
upstream (from your machine)
Upstream traffic generally small portion of network
traffic – especially web-based traffic.
– 8Mbps downstream, 1Mbps upstream possible
Upstream data
Downstream Data
Voice
0 4 6
100
180
1000
Kilohertz
xDSL Transmission Rates
VDSL -- speeds as high as 10-26 Mbps downstream
but need to be within 4500 feet of a phone switch.
 ADSL – speeds up to 8 Mbps downstream need to be
18,000 feet from phone switch.
 G-Lite – allows only 1.5Mbps downstream at distances
to 18,000 feet from the phone switch.
 RADSL – reaches as far as 21,000 feet but is limited to
600Kbps-7Mbps downstream.

Wireless


“Broadband Wireless” initially an attempt to deliver cable TV
services – without the cable.
Local Multipoint Distribution System (LMDS)
Receiver dishes located on top of apartment buildings can receive signal
to broadcast to apartments via coax.
Can also utilize 18” antenna in subscriber’s home
Variations used to transmit data and some attempts with voice.
Local Multipoint Communication System (LMCS) used in Canada for
wireless broadband data signals
Rates up to 155 Mbps

Multipoint Multichannel Distribution Service (MMDS)
Also known as Microwave Multi-point Dist Srvc
Used for longer distance (40 km) up to 10 Mbps
Broadband Security Issues
 Broadband Internet access provides increased
convenience and speed – but has its own
security issues
Inexperienced users
Continuous connection (‘Always-on’)
Bottom line, however, is it is basically “general
security”
Dial-up –vs- Broadband
Broadband attractive for emerging SOHO
environments and for telecommuting.
SOHO security
Some Telecommuter Security
This is from the point of view of a business that
is allowing employees to telecommute.
Broadband Security
 Issues with “always-on” connections
Virus Attacks
Intruder Attacks
Personal and Network Firewalls
“Always-On” Connections
 ISPs generally use one of two methods to assign
an IP address to a subscriber
Static
– IP address for a machine remains the same even if
rebooted. Commonly used for servers.
Dynamic host configuration protocol (DHCP)
– Used to temporarily assign an IP address to subscriber
systems. Commonly used by dial-up users to share a
pool of addresses.
“Always-on” (cont.)
The strategy best protects dial-up users who go online
only for brief sessions. Each time they log off and dial
in again, they will be assigned a new address.
 With “always-on” connections such as DSL and cable
modems, a user may have the same IP address for
extended periods. This gives attackers a chance to
connect to their computers.

Periodically, the address will “expire” but not quickly enough
to avoid attackers potentially targeting the system.
Virus Attacks




As we mentioned before, probably the most widely understood threat.
Standard anti-virus package that will scan received files is useful.
May also want to periodically check your system’s files in case
“stealth” method used to access your wireless system.
Basically concerned with viruses affecting computers/pc’s but
“Timofonica” virus actually sent messages (using a Short Message
Service (SMS) gateway) to subscribers of the Timofonica service
(Spanish Cell phone service).
Though no real damage, outside of wasted bandwidth, to the
phones, many fear cell phone virus will be next generation of
viruses.
Intruder Attacks
Outside of wireless, medium is not to blame for a
technological change that has made it easier for
individuals to attack systems.
 What has changed is the range of possible targets.
Now an individual’s own home pc is potentially
accessible and may therefore become a target.
 Need to eliminate file sharing on Windows 95/98 and
Macintosh systems.

These features originally intended for use on private, secure
local area networks, not the open environment found in cable
modem world.
Personal and Network Firewalls
 A good idea is to install personal firewalls on
your pc to monitor suspicious activity and to filter
traffic.
Software based firewalls – generally fairly
inexpensive. Install directly onto your pc.
Hardware based firewalls – many broadband
Internet access devices include bundled firewall and
NAT support. While more expensive than software
firewalls, still affordable.
Other security considerations
 Distributed Denial of Service (DDoS).
Small office and home pc’s increasingly becoming
the target of individuals setting up DDoS networks.
Target of DoS attack will not be the pc, it instead will
be used to launch an attack on another system.
 Sniffing
With LAN nature of many broadband mechanisms,
need to be cognizant of what you are sending since
others are also sharing the same medium with you.
Summary
 What is the Importance and Significance of this
material?
 How does this topic fit into the subject of “Voice
and Data Security”?