|< Day Day Up >|| |
For those of us responsible for managing the security of a network, wireless technologies expose severe security weaknesses that we have overlooked for years. Wired networks have relied on physical security to protect the privacy of communications. In other words, the only barrier preventing an attacker from capturing another user’s traffic is being unable to physically connect to the user’s network. Wired networks almost always rely only on physical security to authorize users to access the network. If you can reach an Ethernet port, you gain complete network access to most companies’ intranets.
Wireless networks have these weaknesses too, but they lack the inherent physical security of wired networks. In fact, most corporate wireless networks can be accessed by people with mobile computers in the business’ parking lot. To make matters worse, attackers have significant motivation to abuse wireless networks. Accessing a wireless network might grant an attacker access to resources on an organization’s internal network. Or it might allow the attacker to access the public Internet while hiding his or her identity, which would allow the intruder to attack hosts on remote networks while disguised with the organization’s IP addresses.
The concerns over the abuse of wireless networks are far from theoretical. Intruders have a wide variety of tools available for detecting, connecting to, and abusing wireless networks. As with most aspects of security, there are technologies available that can help you to limit the vulnerabilities presented by wireless networks. Specifically, you can require wireless communications to be authenticated and encrypted. This provides assurance similar to that offered by the physical security of wired networks. The game between security experts and attackers continues, however, and early wireless authentication and encryption technologies can now be easily defeated by an intruder.
After this lesson, you will be able to
Describe the security risks associated with wireless networks.
Design a wireless network that minimizes security risks.
Describe the 802.1X authentication process.
Choose authentication and encryption methods for a wireless network.
Estimated lesson time: 30 minutes
Because wireless communications are not contained within the physical medium of a wire, wireless networks are more vulnerable to several types of attacks, including:
Eavesdropping.Attackers can capture traffic as it is sent between a wireless computer and the WAP. Depending on the type of antenna used and the transmitting power, an attacker might be able to eavesdrop from hundreds or thousands of feet away.
Masquerading.Attackers might be able to gain access to restricted network resources by impersonating authorized wireless users.
Attacks against wireless clients.Attackers can launch a network-based attack on a wireless computer that is connected to an ad hoc or untrusted wireless network.
Denial of service.Attackers can jam the wireless frequencies by using a transmitter, preventing legitimate users from successfully communicating with a WAP.
Data tampering.Attackers can delete, replay, or modify wireless communications with a man-in-the-middle attack.
To reduce the vulnerability of wireless networks to these types of attacks, you can use Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and several other wireless security techniques.
WEP is a wireless security protocol that helps protect your information by using a security setting, called a shared secret or a shared key, to encrypt network traffic before transmitting it over the airwaves. This helps prevent unauthorized users from accessing the data as it is being transmitted.
Unfortunately, some smart cryptographers found several theoretical ways to discover WEP’s shared secret by analyzing captured traffic. These theoretical weaknesses were quickly implemented in freely available software. The combination of free tools for cracking WEP encryption, the ease of capturing wireless traffic, and the dense proliferation of wireless networks have led WEP to become the most frequently cracked network encryption protocol today.
|Security Alert|| |
You won’t need to understand the details of the WEP standard for the exam, but it is an interesting study on how not to make an encryption protocol. The most easily exploited weakness of WEP is that many of WEP’s possible initialization vectors (IVs) are cryptographically weak and can expose individual bytes of the WEP key. WEP changes these IVs over time, and an attacker who captures millions of packets will eventually gather enough packets with weak IVs to crack the entire WEP key. Some wireless network adapters intentionally avoid using weak IVs, which makes it much more time-consuming to expose the WEP key. Ask your network adapter vendor what they’ve done to make WEP communications more secure. For more detailed information on WEP’s weaknesses, search for the paper titled “Weaknesses in the Key Scheduling Algorithm of RC4” on the Internet.
Besides weak cryptography, another factor contributing to WEP’s vulnerability is that WEP is difficult to manage because it doesn’t provide any mechanism for changing the shared secret. On wireless networks with hundreds of hosts configured to use a WAP, it is practically impossible to regularly change the shared secret on all hosts. As a result, the WEP shared secret tends to stay the same indefinitely. This gives attackers sufficient opportunity to crack the shared secret and all the time they need to abuse their ill-gotten network access.
If you could change the shared secret on a regular basis, however, you would be able to prevent an attacker from gathering enough data to crack the WEP key, and this would significantly improve WEP’s privacy. There are techniques for dynamically and automatically changing the shared secret to dramatically reduce WEP’s weaknesses. When WEP is used with a dynamic shared secret, it is called dynamic WEP. When a static shared key is used with WEP, it is called static WEP.
|Security Alert|| |
Search the Internet for AirSnort and WEPCrack for information on two tools commonly used to break into WEP-protected wireless networks. These tools can derive a WEP key in anywhere from a day to a couple of weeks, depending on how much traffic is transferred across the network, the level of encryption used, and luck. They hardly provide instantaneous access to a wireless network, however.
To put it simply, if you rely only on a static shared secret, you cannot trust WEP to either protect the privacy of your network communications or to prevent uninvited guests from accessing your wireless network. If you are forced to use static WEP to provide compatibility with all of the wireless devices on your network, there are a few things you can do to improve security. First, use the highest level of encryption possible: 128-bit. Short keys might be sufficient in some encryption scenarios, but WEP’s 40- bit encryption is very vulnerable. Second, place WAPs in a perimeter network to restrict access to internal resources. If users need access to the internal network from a wireless network, they can use a VPN connection. Third, position your WAPs so that wireless transmissions are limited to locations that you can physically secure, such as the interior of your building.
|See Also|| |
For more information about perimeter networks, refer to Chapter 4. For more information about VPNs, refer to Chapters 4 and 8.
WEP gets a lot of criticism for being weak, and the criticism is well deserved…but I think it does accomplish its goal. The name, Wired Equivalent Privacy, demonstrates that WEP’s ambitions aren’t all that high. First, WEP’s goal is to provide only privacy, not necessarily data integrity, authentication, or authorization. Second, WEP is only intended to provide privacy similar to that provided by wired networks. In my opinion, traditional wired networks have weak security.
I used to work in a facility that housed one of the Internet’s largest datacenters. This datacenter contained hundreds of servers worth millions of dollars, and it stored hundreds of millions of dollars worth of confidential data. Fitting the high value of its contents, the building was constructed with a concrete moat to prevent an attacker from driving a vehicle into the building and to limit access to the primary entrance. At the entrance was a receptionist who was only a phone call away from security guards.
Despite these safeguards, the physical security was almost meaningless. I had a friend who would visit me on a regular basis. She wasn’t a trained spy or even an ambitious hacker, but she managed to bypass the security controls almost every time she visited simply by walking past the reception desk with a confident look on her face. If she had been a hacker, she could’ve connected a mobile computer directly to an available Ethernet port and had access to the network from inside the firewall.
Most buildings aren’t that secure. Even if the building has a security guard at the main entrance, the building almost certainly has other entrances. To enter the building, just wait in the parking lot and follow an authorized employee through a side door.
Back to the security of wired networks. At most companies, the only barrier preventing an intruder from accessing the internal network and connecting to many internal resources is being unable to physically plug a wire into an Ethernet jack. The network engineers, therefore, trust the physical security of the facility to protect the privacy of their data. Sure, static WEP can be bypassed by any mildly ambitious intruder, but the same can be said for the physical security of most buildings.
The initial WEP standards provided for two types of computer authentication: open system and shared secret. Shared secret authentication requires wireless clients to authenticate by using a shared secret; open system authentication allows any client to connect without providing a password.
Fortunately, choosing between open system and shared secret authentication is easy: always use open system authentication. On the surface, this seems illogical because open system authentication merely identifies the wireless client without providing any proof of identity, but shared key authentication requires knowledge of a secret key. However, shared secret authentication actually weakens security because most WEP client implementations, including Windows XP, use the same secret key for both authentication and WEP encryption. A malicious user who captures the keys used for both authentication and encryption can use cryptanalysis methods to determine the shared secret authentication key, and therefore the WEP encryption key.
Once the WEP encryption key is determined, the malicious user has full access to the network, as if WEP encryption were not enabled. Therefore, although shared key authentication is stronger than open system for authentication, it weakens WEP encryption. If you use open system authentication, any computer can easily join your network. However, without the WEP encryption key, the wireless clients cannot send or receive wireless communications, and they will not be able to abuse the wireless network.
Although the early implementations of WEP were woefully inadequate, WEP’s vulnerability can be significantly reduced by using 802.1X authentication. 802.1X enables WEP to regularly change the encryption keys, which dramatically reduces the likelihood that an attacker will be able to gather enough data to identify the shared secret.
802.1X employs an Internet Engineering Task Force (IETF) standard protocol called Extensible Authentication Protocol (EAP) to carry the authentication conversation between the client, the WAP, and a Remote Access Dial-In User Server (RADIUS) service. As part of the 802.1X secure authentication process, the EAP method generates an encryption key that is unique to each client. RADIUS forces the client to generate a new encryption key on a regular basis, which makes it more difficult for an attacker to capture enough traffic to identify a key. This allows existing WEP-capable hardware to be used while minimizing WEP’s vulnerabilities.
|See Also|| |
For more detailed information on 802.1X authentication, see “IEEE 802.1X Authentication for Wireless Connections” at http://www.microsoft.com/technet/columns/cableguy/cg0402.asp.
The process used by a client connecting to a dynamic WEP network with 802.1X authentication, as shown in Figure 10.1, is significantly more complex than the process a client uses to connect to an unsecured wireless network.
Figure 10.1: Connecting to an 802.1X-authenticated wireless network
Specifically, the client must perform the following steps to connect to an 802.1X- authenticated wireless network:
When the client computer is in range of the WAP, it will try to connect to the Service Set Identifier (SSID) hosted by the WAP. If the client has been configured with shared network authentication, it will authenticate itself to the WAP by using the network key. Because the WAP is configured to allow only 802.1X-authenticated connections, it issues an authentication challenge to the client. The WAP then sets up a restricted channel that allows the client to communicate only with the RADIUS service.
The wireless client examines the RADIUS server’s public key certificate to ensure that an attacker is not impersonating the RADIUS server. The client then attempts to authenticate, using 802.1X, to the RADIUS service.
If the client and RADIUS service have been configured to use Protected EAP (PEAP) authentication, the client establishes a Transport Layer Security (TLS) session with the RADIUS service and then transmits credentials using the configured authentication protocol.
If the client and RADIUS service have been configured to use EAP-TLS authentication, the client authenticates by using public key certificates.
There is a third authentication method called EAP-Message Digest 5 Challenge Handshake Authentication Protocol (EAP-MD5 CHAP). However, it is not suitable for authenticating wireless connections, and Windows XP Service Pack 1 removes it as an option. It is not an option in Windows Server 2003.
The RADIUS service checks the client credentials against the directory. If it can authenticate the client’s credentials and the access policy allows the client to connect, it will grant access to the client. The RADIUS service relays the access decision to the WAP. If the client is granted access, the RADIUS service transmits the dynamic shared secret to the WAP. The client and WAP now share common key material that they can use to encrypt and decrypt the traffic that will pass between them.
In Windows environments, the RADIUS service will usually be a Windows Server 2003–based computer running Internet Authentication Service (IAS), and the directory will be an Active Directory directory service domain.
The WAP then bridges the client’s connection to the internal network, completing the 802.1X authentication process. If the client is configured to use Dynamic Host Configuration Protocol (DHCP), it can now request a lease.
The sections that follow describe the authentication methods and the role of the RAIDUS service in more detail.
PEAP PEAP is typically used to authenticate wireless clients by using a user name and password; EAP-TLS is used to authenticate wireless clients by using public key certificates. Although using a user name and password is not as strong as using public key certificates, because passwords can be stolen or guessed, the resulting encryption is still very strong. When PEAP authentication is used with a RADIUS service that forces encryption keys to change regularly, the resulting WEP encryption is not likely to be compromised in a reasonable amount of time. PEAP’s primary advantage over EAP-TLS is that it is easier to deploy because it does not require you to implement a Public Key Infrastructure (PKI).
The PEAP authentication method has two phases. Phase 1 authenticates the RADIUS server by using the RADIUS server’s public key certificate and then establishes a TLS session to the RADIUS server. Phase 2 requires a second EAP method tunneled inside the PEAP session to authenticate the client to the RADIUS service. This allows PEAP to use a variety of client authentication methods.
This is an important point: PEAP uses two separate types of authentication, one in each authentication phase. The first authentication is handled by PEAP without requiring administrative configuration. You must configure the second authentication protocol, however. Although wireless standards could theoretically support any authentication method, Windows Server 2003 and Windows XP support two by default: Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and certificates using EAP-TLS tunneled inside PEAP. You will almost always use MS-CHAP v2 with PEAP, however, because you should use EAP-TLS for certificate-based authentication. Certificate-based authentication does not require the additional layer of encryption provided by PEAP.
|Security Alert|| |
It’s a good thing the MS-CHAP v2 authentication is protected by TLS encryption, because MS-CHAP v2 is indeed susceptible to an offline dictionary attack. An attacker who can capture a successful MS-CHAP v2 exchange can methodically guess passwords until the correct one is determined. It would take a while, but the attacker will eventually get the password.
After the user is successfully authenticated, the authentication server supplies dynamically generated keying material to the WAP. From this keying material, the WAP creates new encryption keys for data protection.
|Exam Tip|| |
If you have a hard time remembering the difference between PEAP and EAP-TLS, you can think of the P in PEAP as standing for password, because you usually use PEAP for password-based authentication, and you use EAP-TLS when client certificates are available.
EAP-TLS EAP-TLS performs the same functions as PEAP by authenticating the client computer and generating keying material that will be used for encrypting the wireless communications. However, EAP-TLS uses public key certificates to authenticate both the client and the RADIUS service. EAP-TLS was designed by Microsoft and is based on an authentication protocol that is nearly identical to the protocol used in the Secure Sockets Layer (SSL) protocol for securing Web transactions. While public key certificates provide strong authentication and encryption, you should only use EAP-TLS if you already have a PKI in place for another application or your organization’s security requirements do not allow simple password authentication.
|See Also|| |
For more information about EAP-TLS, refer to RFC 2716.
RADIUS RADIUS is a standardized service used primarily to authenticate dial-up users. Windows Server 2003 includes a RADIUS service and proxy named IAS. The traditional use for IAS on Windows networks is to allow an Internet Service Provider (ISP) to authenticate an organization’s users based on the Active Directory domain credentials stored on the organization’s private network.
Because RADIUS is designed to allow network hardware to authenticate against an external user database, WAPs also can use RADIUS to authenticate wireless users as they join the network. Authenticating to a RADIUS service allows user authentication for wireless networks to be centralized, rather than forcing administrators to store user credentials on each WAP.
|See Also|| |
Chapter 4 describes the fundamentals of RADIUS and specific instructions for installing IAS.
The RADIUS service receives a user-connection request from the WAP and authenticates the client against its authentication database. A RADIUS service can also maintain a central storage database of other relevant user properties. In addition to the simple yes or no response to an authentication request, RADIUS can provide other applicable connection parameters for the user, including static IP address assignment and maximum session time.
The ability to specify a maximum session time enables the RADIUS service to force the client to reauthenticate on a regular basis. This reauthentication automatically generates a new shared secret, which upgrades static WEP to dynamic WEP. Each time the shared secret is changed, an attacker must restart the process of cracking the encryption key. If the maximum session time is low enough, it will be practically impossible for an attacker to capture enough data to crack the shared secret key. As a result, dynamic WEP can be considered adequately secure for most environments.
Although WEP with dynamic re-keying is secure enough to meet the needs of most organizations, WEP still has security weaknesses. WEP still uses a separate static key for broadcast packets. An attacker can analyze these broadcast packets to build a map of private IP addresses and computer names. WEP keys have to be renewed frequently, which places an additional burden on RADIUS services.
|Off the Record|| |
Dynamic WEP is very secure. Its biggest weakness might be its bad reputation. Often, executives at a company won’t allow a wireless deployment because they’ve heard about the ability for attackers to break through WEP security. Even though standard WEP is not at all easy to exploit, and almost impossible to exploit when dynamic re-keying is used, the publicity WEP’s vulnerabilities have received makes WPA even more attractive.
To address these lingering weaknesses with WEP, the Wi-Fi Alliance, a consortium of the leading wireless network equipment vendors, developed Wi-Fi Protected Access (WPA). WPA can use the same authentication mechanisms and encryption algorithms as WEP. This compatibility allows support for WPA to be added to WAPs with a simple firmware upgrade. However, WPA virtually eliminates WEP’s most exploited vulnerability by using a unique encryption key for each packet.
As with any bleeding-edge technology, you’re going to run into problems implementing wireless security on heterogeneous networks. Here’s how every wireless network I’ve deployed has gone:
I configure a WAP that supports the latest security standard. Today, I look for WPA compatibility. A couple of years ago, I used WEP with 128-bit encryption.
I configure the clients, typically computers running Windows XP or Windows 2000, to connect as securely as possible to the WAP.
A week or two later, I get a call that some new computer or device can’t connect to the network. Usually, this is a Windows XP–based computer with a different vendor’s wireless network adapter driver, a Linux computer with an open source driver, or some wireless appliance.
After some troubleshooting, I determine that the new wireless device isn’t currently compatible with the security I’ve configured. Faced with the option of waiting for updated drivers or lowering the wireless security level, the client chooses to lower the security to a compatible level.
As a result, even wireless networks that start their lives with strong security end up vulnerable. The moral of this story is that you might be forced to restrict the devices that connect to your network to maintain strong security. Over time, this should get better.
There are two encryption options for WPA: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption System (AES). TKIP is the encryption algorithm used by WEP, and it will be used in the vast majority of WPA implementations. WPA improves upon WEP’s implementation of TKIP, however. WPA with TKIP reuses initialization vectors (IVs) less frequently than WEP with TKIP, and, as a result, significantly reduces the likelihood that an attacker will collect enough traffic to compromise the encryption. Additionally, WPA with TKIP creates a unique encryption key for every frame, whereas WEP can use the same key for weeks or months. Finally, WPA with TKIP implements the message integrity code (MIC), often referred to as Michael, to guard against forgery attacks.
WPA can also use AES, a more secure encryption algorithm than TKIP. Unfortunately, although most existing wireless equipment can be upgraded to support WPA, most equipment cannot be upgraded to support AES. As a result, you will probably not be able to use AES unless you specifically choose equipment that supports it.
When you enable WPA, you establish a passphrase that is automatically associated with the dynamically generated security settings. This passphrase is stored with your other network settings on the base station and on each of your networked computers. Only wireless devices with the WPA passphrase can join your network and decrypt network transmissions.
WPA provides better security than WEP. However, WEP data protection, when combined with strong authentication and rapidly changing encryption keys, can meet the security requirements of most organizations. This is fortunate because many organizations will be forced to continue using WEP. Not all wireless network hardware supports WPA, but WEP is universally supported. Windows 2000 and earlier versions of Windows do not have built-in support for WPA, though you might be able to download an update from the vendor of your wireless network adapter. Finally, WPA must be configured manually on Windows XP clients because WPA configuration settings cannot be defined by using Group Policy objects (GPOs) with the built-in Active Directory functionality included with Windows Server 2003. For these reasons, you might be forced to choose WEP over WPA, even though you will sacrifice some degree of security.
WEP and WPA are the most important wireless network security techniques. However, there are several secondary security techniques that you should be familiar with: media access control (MAC) address filtering, disabling SSID broadcasts, and VPNs.
One common technique used to make it more difficult for a casual user to connect to your wireless network is to configure your WAPs to allow only a predefined set of MAC addresses. Just like wired Ethernet cards, every wireless network card is assigned a unique MAC address by the manufacturer.
When a WAP is configured to use MAC address filtering, it will ignore any messages from wireless cards that use a MAC address not on the approved list. While this does improve security, it has significant manageability drawbacks. First, you must manually maintain the list of MAC addresses on your WAP, which would be impossible to do if you managed more than a dozen computers or multiple WAPs. Second, WAPs typically have limited memory and might not be able to store your organization’s complete list of MAC addresses. Third, if an attacker is knowledgeable and determined enough to circumvent your WEP or WPA encryption, the attacker will also be able to identify and spoof an approved MAC address.
|Exam Tip|| |
It’s important to be familiar with MAC address filtering, but, in the real world, the security gains are so minimal that it’s not worth the trouble to set up.
WAPs provide the option of disabling SSID broadcasts, but this should not be treated as a security feature. SSID broadcasts allow wireless clients to detect an available wireless network. In fact, Windows XP displays a notification to the user when it first receives a SSID broadcast from a wireless network. This is convenient; if you want users to be actively notified of the presence of the wireless client, you should enable SSID broadcasts.
Disabling SSID broadcasts will prevent the casual computer user from discovering your network, but it does nothing to prevent a skilled attacker from detecting your network. For example, a user with the free Network Stumbler tool installed can quickly identify the SSID of a wireless network that has SSID broadcasts disabled, because 802.11 association/disassociation messages are always sent unencrypted and contain the SSID that the client wants to associate to or disassociate from.
|See Also|| |
You can download Network Stumbler from http://www.stumbler.net.
While a VPN is an excellent solution for securely traversing a public network such as the Internet, VPNs are not the best solution for securing wireless networks. For this kind of application, a VPN is unnecessarily complex and costly. It adds little additional security to dynamic WEP, but it significantly increases costs, reduces usability, and removes important pieces of the functionality.
VPN clients usually require the user to initiate a connection to the VPN server; therefore, the connection will never be as transparent as a wired network connection. Non- Microsoft VPN clients might also prompt for logon credentials, in addition to the standard network or domain logon, when the connection is established. If the VPN disconnects because of a poor wireless signal or because the user is roaming between WAPs, the user has to repeat the connection process.
Because the VPN connection is only user-initiated, an idle, logged-off computer will not be connected to the internal network. Therefore, a computer cannot be remotely managed or monitored unless a user is logged on. Certain computer GPO settings, such as startup scripts and computer-assigned software, might never be applied. Finally, mobile computers often go into standby or hibernation mode. However, resuming from standby or hibernation does not automatically re-establish the VPN connection; the user has to do this manually.
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the “Questions and Answers” section at the end of this chapter.
Which of the following authentication methods would you use to protect a wireless network for an organization that has an existing PKI and in which all computers and users have been issued certificates with private keys? (Choose all that apply.)
Open network authentication
Shared network authentication
802.1X PEAP authentication
802.1X EAP-TLS authentication
802.1X EAP-MD5 CHAP authentication
Which of the following authentication methods would you use to protect a wireless network for an organization that prefers using user names and passwords for authentication? (Choose all that apply.)
Open network authentication
Shared network authentication
802.1X PEAP authentication
802.1X EAP-TLS authentication
802.1X EAP-MD5 CHAP authentication
Wireless networks have a high potential for abuse because potential attackers can access the network without physically entering a building.
WEP provides authentication and encryption. However, because of a weakness in the way static WEP uses encryption keys, it is vulnerable to attacks that can compromise the privacy and integrity of network communications.
802.1X authentication can be used to overcome static WEP’s most significant security vulnerability by forcing wireless clients to reauthenticate to a RADIUS service on a regular basis, thereby generating a new shared secret. When WEP is forced to automatically generate a new shared secret on a regular basis, it is called dynamic WEP.
To authenticate wireless users by using a user name and password pair, use PEAP authentication. To authenticate users with public key certificates, use EAP-TLS.
WPA provides stronger encryption than WEP, but it is not as widely supported.
|< Day Day Up >|| |