Wireless Security


Several years ago proponents of 802.11b wireless networks maintained that their products were secure, because the Wired Equivalent Privacy (WEP) security mechanism would keep intruders from intercepting and decoding wireless communications. In addition to eavesdropping on your wireless network, WEP was supposed to keep intruders from joining your wireless network. However, because WEP uses only a shared 40-bit encryption key, it is very easy to break. It is important to point out that the Wireless Ethernet Compatibility Alliance (WECA), now called the Wi-Fi Alliance, has stated that WEP was never meant to be a single solution for securing a wireless network. Instead, other technologies, such as VPNs (see Chapter 50, "Virtual Private Networks [VPNs] and Tunneling"), as well as other mechanisms (such as secure authentication) typically found on a wired network, were meant to fill this gap.

WEP

Because the first version of WEP uses a simple 40-bit encryption key, and the same key is used on both the Access Point (AP) and the wireless client, it is a simple matter to break this security. For example, there are several utilities on the Internet you can use to determine whether WEP is protecting your network adequately.

Caution

One of the most important reasons you need to take extra steps to secure a wireless network as compared to a wired one is that in a wired network you can physically secure the computers, the network cabling, and even a connection to a WAN (such as the Internet ”by using a firewall). Wireless networks, on the other hand, do not offer a physical barrier . Instead, the distance that your wireless network can cover will usually include a range that is accessible outside your building(s). And because the signal cannot easily be controlled using the same physical methods you use for a wired network, interception of transmissions, much less intrusions into your network, becomes a simple matter when relying solely on WEP. WEP was part of the original 802.11 specification, developed in 1997. A lot of time has passed since then ”enough time to break the encryption using simple techniques available today.

You can visit the following Web sites to gain access to software that can be used by both you and hackers, to determine whether your network is secure:

  • WEPCrack ” This open -source tool is available to everyone, so you might as well use it yourself to determine whether your network is secure. For more information, see http://wepcrack. sourceforge .net.

  • AirSnort ” This tool simply listens, and saves, 5 to 10 million packets from a wireless network (and that is really not a large number of packets if you have more than just a few clients ). When the program determines that enough packets have been intercepted, it can take a second or two to decrypt the shared encryption key. AirSnort runs on Linux platforms, so you will need a Linux system in order to use this application. For more information, see http://airsnort.shmoo.com.

At this time it is not illegal to use devices to listen to wireless network transmissions. It would be great if such laws were enacted worldwide. Yet, because these tools are available to everyone, you should probably use them to see whether your network is as secure as you think it is . This is not meant to encourage hackers to use these tools; the tools previously listed are meant for you to use them so that at least both sides can have access to the same intrusion applications.

This goes along with the benefits touted by the open-source community. While the source code and applications are available to everyone (a glass house, so to speak), they enable hackers to search for vulnerabilities, and they also enable users to create solutions to prevent these attacks. This is an argument that is often used to compare proprietary operating systems and applications and open-source ones. I guess it all depends on your perspective. If you want to use proprietary applications, you will have to depend on your vendor to fix security problems. If you use open-source applications, there are many programmers worldwide who can develop a solution.

Whom do you trust? This is a difficult decision to make. But, at the very least, you should have access to the same programs that hackers use to determine whether your network is vulnerable, whether or not you use other open-source applications. And if you search the Internet, you will find many other programs used by hackers in addition to those listed previously. A good search, on a regular basis, is recommended by this author.

Second-Generation WEP: Using a 128-Bit Key

Even a newer version of WEP that uses a 128-bit key is easily detected and broken. Because of this, it is recommended that you separate a wireless network from the wired network using a firewall (see Chapter 49, "Firewalls"). At least this will assist in keeping intruders from accessing the entire corporate network, though the wireless portion is still vulnerable. And you should incorporate techniques such as VPNs, as suggested by the Wi-Fi Alliance, to further enhance security on the wireless portions of the network.

Many consumers who purchase inexpensive devices for home networks may think that the SSID (service set identifier) that you enter when installing the network card and Access Point provide security for the wireless network, but this is not the case. Instead, the SSID is simply used to separate wireless networks. The SSID is easily discovered , especially if you do not choose to use additional security mechanisms. The SSID is not a security mechanism! It is simply a method used to associate wireless devices with an AP. Without using some form of encryption, the SSID is easily discovered by broadcast messages from the AP. When discovered by an eavesdropper, all that is necessary for the intruder is to reset his wireless adapter to use the same SSID, and then join your network.

A good Web site to visit if you are interested in the latest developments in wireless security is www.netstumbler.com. Here you'll find various articles about wireless security, as well as downloads that can help you enhance your current wireless device and check out security lapses.

Tip

If you operate a home or SOHO network, you might be satisfied using WEP technology (but make sure you use a 128-bit version). If your SOHO network contains very sensitive information, consider other techniques as mentioned in the main text of this chapter. If you use a broadband connection to access the Internet, all you really need to worry about is having neighbors intrude on your wireless network and also use your broadband connection. This type of invasion has received a lot of attention in the press lately. Yet, because it is typical that a home user does not store sensitive information on a computer (unless using a credit card online), and because most users do not continuously use the entire bandwidth provided by broadband services, you probably won't notice much difference in performance. Indeed, you might want to enable a neighbor to use your wireless network and split the cost. Check the agreement you have with your broadband provider, however, before making a decision like this. Otherwise, there may be legal ramifications , or you may just lose your broadband connection.

Yet, as criticism of WEP continued to grow, and made some potential customers think twice about using 802.11b Wi-Fi technology, work has been done to create newer wireless security standards.

Tip

There is one situation in which you might want to ensure that your wireless network is secure in a home network. Because the distances of the current technologies can range from about 100 to 300 meters , it's quite possible for someone in the house next door to use your wireless Access Point and tap into your broadband Internet connection! If you don't want to have neighbors sharing your bandwidth, it is a must that you use whatever security measures your particular technology provides. This should also be a factor when choosing hardware devices.

Wired Protected Access (WPA) and 802.11i

In response to the vulnerability and criticism of WEP, the Wi-Fi Alliance has created the Wired Protected Access (WPA) standard, which should be considered as an interim protocol until something better comes along. WPA will most likely be a thing of the past when the IEEE finishes work on 802.11i, which is a security protocol intended to provide a better solution to security for wireless networks.

One of the main complaints about WEP, besides its limited-length keys, is the fact that the same key is used by both sides of the transmission. And the key does not change during a session. That is why it is easy to examine network traffic on a wireless network and eventually crack the encryption key.

The 802.11i standard is still under development, but it is mentioned in this chapter because vendors are beginning to adopt the features that have already been published in draft form. As the old Roman saying goes, caveat emptor ”let the buyer beware. If you purchase hardware based on draft standards, don't expect it to necessarily work when the final standard is published.

WPA solves two problems associated with the earlier WEP security mechanisms. First, it uses encrypted techniques for authentication, which should assist in preventing unauthorized clients from becoming part of the wireless network. Second, it uses a constantly changing key instead of the single shared key used for encryption by WEP. By changing in the encryption key at frequent intervals, WPA can be much more difficult to crack. Yet this all remains to be seen after the IEEE has finished work on the 802.11i standard.

The constant changing of encryption keys is known as the Temporal Key Integrity Protocol (TKIP). This key-changing method will make it very difficult for intruders to decipher keys used by your wireless network, especially when compared to the static keys known by both sides of the communications link used by the simple WEP standards.

WPA also includes an integrity check that is basically a check sum based on the network packet that can detect whether a packet is originating from a valid network user or an intruder who is attempting to crack the key used by your network. Thus, if an unauthorized user uses the standard techniques to attempt to determine a fixed key, you can detect these intrusion attempts, and then deal with them.

How Well Do You Know Your Users?

One of the main concerns of network administrators in the 1980s was that any person in the company network could easily install a modem in her computer and connect to computers outside the network. For digital telephone systems, this was not a problem. But for small businesses using an analogue telephone system, this could present a major security headache .

The equivalent today is known as rogue Access Points, and these are difficult to detect with modern network analysis tools. Because APs are so inexpensive, what can you do to stop a user, or a department in your company, from installing an AP and enabling wireless access? In large corporate environments where it can be a complicated process, what is to stop a user from simply connecting an AP to her own network connection, and thus enabling a larger number of computers to connect to the network? Because APs generally use DHCP to assign addresses to clients, and use the single valid address on your network to exchange data for these clients, just how secure is your network?

This is yet another reason to use wireless detection programs on a regular basis, even if you do not authorize wireless networking, to determine whether some user has enabled this access on your wired network.

In Chapter 46, "Basic Security Measures Every Network Administrator Needs to Know," the importance of establishing corporate security policies and procedures was discussed. If you ensure that each and every employee, contractor, and vendor signs off on these policies (which should include wireless access), then you will at least have grounds to dismiss those who violate the procedures, and possibly to pursue legal action. There's not a lot you can do about rogue users, and this problem is more common than many administrators think. If a user is stymied by corporate procedures and paperwork, it is not a difficult thing to justify implementing a solution on his own. Again, because these types of security breaches can easily occur, especially in a large network, you should use wireless sniffing programs to determine whether users are bypassing your policies and procedures that are employed in your network.

Although you may indeed use wireless networking at certain junctions in your network, you should regularly test to see whether unauthorized wireless networks are being created by users. When you consider the low cost of an AP today, it is very feasible to install a wireless network anywhere in your large network. And many of the users who have been caught using this method say that the reason they did so is that it would take too long to get permission from the network administrator, or whatever body you use to authorize such connections.

I guess the best thing to say about this topic is "trust no one."



Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2003
Pages: 434

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net