The fundamental premise of security in networked environments is that no network is truly secure. Even a network that is not connected to the Internet can be compromised if physical access can somehow be obtained. This point further drives home the point that there is no perfect way to secure a network. To approach security, you need an awareness of the components that determine how to secure your infrastructure while maintaining an attitude of elevated paranoia. You should always assume that at some point in time there will probably be an attempt to break into your network with the goal of compromising intellectual property or disrupting your business. Attacks don't necessarily come from the outside. Research from the Computer Security Institute (CSI) and the FBI has shown that most security attacks come from the inside of an enterprise: (http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml). (The document is free after registering at the CSI website.) These attacks can be intentional, such as a disgruntled employee, or unintentional, as in the case where a computer is infected by a virus. The unintentional act is more likely to happen and probably more destructive. Armed with this state of healthy paranoia, you can strike the delicate balance between how much you invest to secure your infrastructure and the degree of difficulty an attacker needs to overcome. Thinking SecurelyThe broadcast nature of a wireless network effectively raises the importance of authentication, encryption, and hashing. Starting with Authentication, you want to be sure that only permitted parties can communicate with your APs. Because you are effectively broadcasting your message over the ether, everyone can potentially hear every communication. Encryption is, therefore, needed to ensure communication privacy. Finally, the broadcast environment makes it relatively easy to capture, modify, and resend a message. Hashing your messages will address this problem. Literature on information security typically uses the example of communication between two people. This section does the same, using the example of communication between Tony and Kelly. The specific security challenges that Tony and Kelly face when communicating are
It is not impossible to ensure secure wireless communications. Securing WLANs is possible if done correctly. However, heightened awareness is required to ensure that you don't overlook a critical component and thus create a back door. Note It might not be possible for you to think like a hacker, but it is not necessary, either. What is important is to establish a security posture that identifies the parts of your network (or information that passes through it) that are most sensitive and need protection. Different Security ModelsDepending on how you decide to combine the security elements mentioned in the preceding section, different security models are appropriate. This section describes the most commonly adopted models, which include the following:
No Authentication, Encryption, or HashingBy providing no method of authentication, encryption, or hashing, your network is most open to attack. However, an attack doesn't necessarily mean that an individual wants to break into your network with malicious intent. It can also mean that an individual inadvertently attaches to your WLAN and uses your network resources. Even though this model leaves you most open to unauthorized use of your WLAN, sometimes you will choose not to authenticate users or encrypt data. One such situation is when you want to provide your guests with WLAN connectivity. Note On occasion, little or no WLAN protection is available for proprietary devices or unique operating systems. Native Encryption OnlyBecause WLANs use radio as a transmission medium, the first line of defensephysical medium control and containmentas offered by wired networks is not present. Indeed, LANs are somewhat protected by their physical structure, with some or all parts in a building or underground. To provide some kind of physical isolation similar to wired LANs, the 802.11b standard defined the Wired Equivalent Privacy (WEP) security protocol. WEP intends to provide some degree of privacy by encrypting the information between the radio endpoints. Because WEP was designed when WLANs were in their infancy, it is not surprising to see that WEP turned out to be less effective than initially expected. WEP does not provide true end-to-end security because it only operates at the two lowest layers of the OSI model: the physical and data link layers. Note Any time you expose a standard to the general community, you risk compromising the standard because hackers can reverse-engineer the standard to develop an exploit. In addition, WEP uses a static symmetric key to encrypt the data. The key's static nature is a challenge because key management becomes complicated and a vulnerability is created that propagates to other parts of the security chain. Key management challenges include
Finally, WEP employs a key length of 48 or 128 bits. Given the continued and accelerated growth in computing power, standard desktops are now capable of quickly breaking these keys through exhaustive searches. Native Authentication OnlyAuthentication and authentication protocols control access to a network. Keep in mind that authentication does not secure the data that is transmitted on the network. Authentication protocols are designed to ensure that the user or device that is attempting to communicate is indeed whom it claims. It is analogous to a secured door in a large office building. By swiping your identity card, you are "authenticating" yourself. If the card is permitted access, the door is unlocked. Note that in this analogy, the card is authenticated, not the person carrying the card. Furthermore, the ID card does not provide security after you're inside the door. As such, you can make the distinction between two forms of authentication: One is authentication of the user, and the other is authentication of the device. User-Based AuthenticationUser-based authentication is probably the most common form of authentication deployed in today's enterprises. Users are given a password that only they are supposed to know. A system challenges the user to provide a username and password. After the pair is checked against a corresponding database, the user is either granted or declined access. This method's considerations and challenges include password strength and password management. Because in-depth coverage falls outside of the scope of this book, refer to other resources, such as Security and Usability: Designing Secure Systems That People Can Use by Lorrie Faith Cranor and Simson Garfinkel (O'Reilly Press, 2005), if you are interested in learning more. Machine-Based AuthenticationMachine-based authentication goes a step further and verifies the identity of the devices that attempt to join your WLAN. Machine-based authentication is credential-based with the credential hard-coded in the device. This credential is a password of sorts for the machine. Like a person, the machine must be registered to be able to use the network. This credential is either derived or stored locally, or it can be dynamically assigned. These methods will vary in complexity, but all are tied to an authentication service that is present in the core infrastructure. Native Encryption and Authentication But No HashingThe most common mechanism used by enterprises to secure WLANs is the incorporation of both encryption and authentication. Both can be provided in numerous ways. Authentication and encryption have evolved to combat numerous attacks, vulnerabilities, and protocol shortcomings. This evolution has also increased their complexity. Data encryption can be achieved in many ways. Encryption can be performed using either symmetric or asymmetric, that is public/private, key pairs, and the keys can be either statically or dynamically assigned. Asymmetric keys are typically harder to break because it requires more computational horsepower. Similarly, dynamically assigned keys generate more computational overhead. However, the automation greatly simplifies key management. As the computing power of clients has increased, the encryption on the WLAN has evolved from the simple but hard to manage WEP to complex but easy to manage certificate-based key pairing. The later section "Encryption" will go into more detail on this subject. Authentication and Encryption Using Overlay Security SolutionsOverlay security solutions employ higher levels of the OSI model to secure communications. Even at these higher levels, the same basic security features exist: encryption, authentication, and hashing. However, given the availability of additional information and embedded intelligence, the result is a higher degree of security sophistication. As such, Virtual Private Networks (VPN) and generic routing encapsulation (GRE) tunneling provide a more secure form of end-to-end communications. Both solutions work on the premise that a secure virtual communications tunnel is constructed between the communicating endpoints through which all data is securely sent. The use of an overlay security solution can sometimes cause disruption because the "tunnel" is a virtual point-to-point connection that needs to be reestablished anytime the connection is broken. Overlay solutions can also cause an added burden to the user or administrator. The user must complete an additional layer of security (setting up a VPN), and the administrator needs to manage all the virtual tunnels. Note GRE tunnels are not the means of encryptionthey are only the logical manner in which encrypted traffic is routed in the network. For the GRE tunnel to be encrypted, it requires an underlying protocol, such as IPSec or 3DES. Both are commonly used for encryption today. No WLANAlthough it is not practical, not allowing the use of WLANs is one way to consider handling the issue of security. This book is an advocate of deploying WLANs when they make the best business sense. In this case, "no WLAN" should mean "No WLAN at this time." |