Wireless Systems

The growth of wireless systems creates several opportunities for attackers and attacked alike. These systems are relatively new, they use well- established communications mechanisms, and they are easily intercepted. Wireless systems are those systems that don't use wires to send information, but rather transmit them through the air.

This section discusses the various types of wireless systems that you will encounter, and it gives you some suggestions on how to respond to security issues associated with this technology. Specifically, this section deals with WTLS, the IEEE 802 wireless standards, WEP/WAP applications, and the vulnerabilities they present.

WTLS

Wireless Transport Layer Security (WTLS) is the security layer of the Wireless Applications Protocol. WTLS provides authentication, encryption, and data integrity for wireless devices. It is designed to utilize the relatively narrow bandwidth of these types of devices, and it is moderately secure. WTLS provides reasonable security for mobile devices, and it is being widely implemented in wireless devices. Figure 4.16 illustrates WTLS as part of the WAP environment. WAP provides the functional equivalent of TCP/IP for wireless devices. Many devices, including newer cell phones and PDAs, include support for WTLS as part of their networking protocol capabilities.

Figure 4.16: WTLS used between two WAP devices

IEEE 802.11 Wireless Protocols

The IEEE 802.11 family of protocols provides for wireless communications using radio frequency transmissions. The frequencies in use for 802.11 standards are the 2.4GHz and the 5GHz frequency spectrum. Several standards and bandwidths have been defined for use in wireless environments, and they are not extremely compatible with each other:

802.11 The 802.11 standard defines wireless LANs transmitting at 1Mbps or 2Mbps bandwidths using the 2.4GHz frequency spectrum and using either frequency-hopping spread spectrum (FHSS) or direct-sequence spread spectrum (DSSS) for data encoding.

802.11a The 802.11a standard provides wireless LAN bandwidth of up to 54Mbps in the 5GHz frequency spectrum. The 802.11a standard also uses Orthogonal Frequency Division Multiplexing (OFDM) for encoding rather than FHSS or DSSS.

802.11b The 802.11b standard provides for bandwidths of up to 11Mbps (with fallback rates of 5.5, 2, and 1Mbps) in the 2.4GHz frequency spectrum. This standard is also called WIFI or 802.11 high rate. The 802.11b standard uses only DSSS for data encoding.

802.11g The 802.11g standard provides for bandwidths of 20Mbps+ in the 2.4GHz frequency spectrum. The 802.11g standard is currently undergoing debate and discussion about technical standards.

Three communications technologies are used to communicate in the 802.11 standard: direct-sequence spread spectrum (DSSS), frequency-hopping spread spectrum (FHSS), and Orthogonal Frequency Division Multiplexing (ODFM).

DSSS accomplishes communication by adding the data that is to be transmitted to a higher speed transmission. The higher speed transmission contains redundant information to ensure data accuracy. Each packet can then be reconstructed in the event of a disruption.

FHSS accomplishes communication by hopping the transmission over a range of predefined frequencies. The changing or hopping is synchronized between both ends and appears to be a single transmission channel to both ends.

ODFM accomplishes communication by breaking the data into subsignals and transmitting them simultaneously. These transmissions occur on different frequencies or subbands.

The 802.11 protocol can use FHSS or DSSS, 802.11g uses ODFM, and 802.11b uses DSSS. The mathematics and theories of these three transmission technologies are way beyond the scope of this book. If you want to investigate these modulation systems further, a good place to start is Webopedia. The URL for Webopedia is www.webopedia.com.

WEP/WAP

Wireless Access Protocol (WAP), as you may recall, is the protocol that wireless systems frequently use for network communications. Wired Equivalent Privacy (WEP) is intended to provide the equivalent security of a wired network protocol. This section briefly discusses these two terms and provides you with an understanding of the relative capabilities they provide.

WAP

The Wireless Access Protocol (WAP) is the technology designed for use with wireless devices. WAP has become a standard adopted by many manufacturers including Motorola, Nokia, and others. WAP functions are equivalent to TCP/IP functions. WAP uses a smaller version of HTML called Wireless Markup Language (WML), which is used for Internet displays. WAP-enabled devices can also respond to scripts using an environment called WMLScript. This scripting language is similar to Java, the programming language. Figure 4.17 shows the WAP protocol stack. Notice that the layers of WAP appear to resemble the layering in TCP/IP.

Figure 4.17: The WAP protocol in action

The ability to accept web pages and scripts produces the opportunity for malicious code and viruses to be transported to WAP-enabled devices. No doubt, this will create a new set of problems, and antivirus software will be needed to deal with them.

WAP systems communicate using a WAP gateway system, as depicted in Figure 4.18. The gateway converts information back and forth between HTTP and WAP, as well as encodes and decodes between the security protocols. This structure provides a reasonable assurance that WAP-enabled devices can be secured. If the interconnection between the WAP server and the Internet is not encrypted, packets between the devices may be intercepted, creating a potential vulnerability. This vulnerability is called a gap in the WAP.

Figure 4.18: A WAP gateway enabling a connection to WAP devices by the Internet

WEP

Wired Equivalent Privacy (WEP) is a relatively new security standard for wireless devices. WEP encrypts data to provide data security. As recently as August of 2002, the protocol came under scrutiny for not being as secure as it was initially intended. WEP is vulnerable due to weaknesses in the encryption algorithms. They allow the algorithm to potentially be cracked in as few as five hours using available PC software.

This makes WEP one of the more vulnerable protocols available for security. WEP is a relatively new technology and will no doubt improve as it moves into the mainstream.

Wireless Vulnerabilities

Wireless systems are vulnerable to all of the attacks currently being made on wired networks. Because these protocols use radio frequency signals, they have an additional weakness. All radio frequency signals can be easily intercepted. To intercept 802.11 traffic, all that is needed is a PC with an appropriate 802.11 card installed. Simple software on the PC can capture the link traffic in the WAP and then process this data in order to decrypt account and password information.

An additional aspect of wireless systems is the site survey. Site surveys simply involve listening in on an existing wireless network using commercially available technologies. This allows intelligence, and possibly data capture, to be performed on systems in your wireless network.

The term was initially used to determine whether or not a proposed location was free from interference. When used by an attacker, a site survey can determine what types of systems are in use, the protocols used, and other critical information about your network. It is the primary method used to gather data about wireless networks. Virtually all wireless networks are vulnerable to site surveys.