Wireless Security - PowerPoint PPT Presentation

1 / 70

About This Presentation

Title:

Wireless Security

Description:

Linksys. Hiding the SSID. You can 'cloak' an access point's ID ... Linksys WPC11 ver3 client card. 3COM AP8000 series. Virtual Private Networks (VPNs) ... – PowerPoint PPT presentation

Number of Views:60

Avg rating:3.0/5.0

Slides: 71

Provided by: richar414

Category:

more less

Transcript and Presenter's Notes

Title: Wireless Security

1
Wireless Security

Rick Keir
DoIT Network Services
Lockdown 2003
July 18, 2003

2
Agenda

A quick survey of the problem
The standard security steps
Their weaknesses
Better security
The future of wireless security

3
The problem in one screen
4
Wireless WiscWorld

Deployed starting Fall, 2000
60,000 potential users
Expansion of locations coming this year

5
In addition

Café Connection (paid) near campus
Password protected APs
Unprotected campus APs
Free access at University Bookstore
Free access at Muddy Waters coffee shop
And from my next door neighbor

6
Why Security is Hard

Some things people want
Easy to find and use
Available to their guests and colleagues
Private
Tamperproof
Not a vulnerability to campus

7
What does security mean to you?

What are you worried about?
Who are your users?

8
Who do you want to be secure from?

The moocher, getting a free ride
The creep, harassing from the shadows
The burglar, stealing data
The vandal, launching a denial of service or
other destructive attack

9
What do you want to keep secure?

Resource usage - from the moocher
Audit for abuse by the creep
Keep data private - from the burglar
Protect the networks resources - from the vandal

10
The 64,000 question

If there was no wireless at all, how secure
would
Your resources be from abuse
Your users be from harassment
Your data be from theft
Your network be from vandalism

11
Who are your users?

How many users, how much data?
Some useful groups to keep in mind
Home user group
Small workgroup or lab
Department or larger

12
Home user

Very few users
Small amounts of data
Long periods of no data
Easy to share secrets

13
Small workgroup

Users all fit around a table
Everyone knows whats legitimate
Large amounts of data
Network always on
Secrets can be shared

14
Department

Key management difficult
Not everyone knows whats legitimate
Large amounts of data
Network always on
Difficult to share secrets

15
Background

The pieces of a wireless network

16
The Access Point

Personal access points
Enterprise access points 500 range
Mounting power can
double your costs
in typical campus
deployment

17
The Wireless NIC

Cheap (40)
24 of notebooks ship with wireless (2003)
80-90 of all notebooks will ship with wireless
by 2008
source Strategy Analytics, Forrester

18
Distance matters

For most users two walls are a barrier
Wireless NICs vary in sensitivity
For security purposes can be much further
Networks inside a building have been tapped from
miles away

19
The Antenna

Built-in
External
On the AP and on the NIC

20
The Pringle's Can antenna
21
Background

The wireless standards

22
Wireless 802.11b networking

Speed 11 mB max
Uses the 2.4 GHz band
Most common choice on Madison campus

23
Wireless 802.11a networking

Speed Up to 54 Mbps
Uses the 5 GHz band

24
Wireless 802.11g networking

Speed Up to 54 Mbps
Uses the 2.4 GHz band (same as 802.11b)
Can coexist with 802.11b at some performance cost
Final standard just published

25
Things that sound scary

(but arent)

26
Wardriving Walking, biking, gliding .
27
Warchalking

Term derived from chalking by hobos during the
Depression
http//www.warchalking.org
Again, a lot of FUD

28
Some Common Security Techniques

Hiding the SSID
MAC address lists
WEP

29
Some Common Security Techniques

Hiding the Service Set Identifier (SSID)

30
Hiding the SSID

SSID (shared set identifier)
Examples
Wireless-WiscWorld
Tsunami
Linksys

31
Hiding the SSID

You can "cloak" an access point's ID
However, it's still possible to discover the AP's
SSID

32
Hiding the SSID

SSIDs work as a courtesy
As security mechanisms, they're the equivalent of
a sign saying "Private"
Hiding the SSID is like taking the signs off the
door

33
Some Common Security Techniques

MAC address lists

34
MAC Address lists

Register the MAC address of the user's card
UW-Stout does this
Major administrative task
How long is a MAC good for?

35
MAC Address lists

Not a defense against the determined intruder
NIC can be stolen
Valid MAC addresses can be sniffed
Once a valid MAC is sniffed, it can be spoofed

36
MAC Address lists

MAC spoofing a problem on some campuses
When used to limit bandwidth and access, MAC
restrictions encourage the evolution of a student
body that knows how to spoof MAC addresses

37
Some Common Security Techniques

38
Using WEP encryption

User enters a WEP key

39
Using WEP encryption

Every user must have the WEP key
Every user must get the new key when it changes
Every user must type in the new key after a
change
Every user is responsible for keeping the key a
secret

40
Using WEP encryption

"All users on a network share a common, static
key. (Imagine the security of sharing that single
key in a community of college students!)
- Cheswick, Bellovin Rubin,
Firewalls Internet Security

41
Using WEP encryption

Theoretical flaws discovered
Off-the-shelf exploits built
Airsnort, WEPCrack

42
Using WEP encryption

"WEP can be considered dead in the water. It
provides a sense of security, without useful
security.
- Cheswick, Bellovin Rubin,
Firewalls Internet Security

43
Things that do work

Authentication
End-to-end encryption
VPNs

44
Authentication

Typical scenario
User opens browser
User is redirected to an https// captive
portal page (Wireless WiscWorld doesnt do this
currently user must type URL)
User logs on (or pays for an account)
User is granted a DHCP lease

45
Authentication

Typical open source captive portals
WiCap http//www.geekspeed.net/wicap
basic set of scripts
NoCat http//nocat.net
More complete can run multiple copies against
same authentication server

46
Authentication

RADIUS server
"Remote Authentication Dial In User Service"
This is what wireless WiscWorld does (NetID)
At UW, NetID is encrypted in login process

47
Authentication

Role-based authentication authorization still
hard in large organizations like a University
Need a directory of your users
This is a middleware problem

48
Authentication

Shibboleth
802.1x framework

49
Shibboleth

Project of Internet2 (U. Washington, U.
Wisconsin, IBM, Sun, others)
A way of allowing a user to assert some
attributes (i.e., I am a faculty member) to a
3rd party
Without revealing credentials or identity to the
3rd party
Good match with problems of libraries
First deployments happening this year
Watch this space!

50
Authentication via 802.1x

Supplicant (laptop computer)
connects to
Authenticator (the wireless access point)
which allows you to connect only to
Authentication server
until you are authenticated

51
Authentication via 802.1x

Supplicant can be anything that wants to join a
network
Authenticator a layer 2 device port (WAP,
Ethernet switch)
Authentication server probably a RADIUS server

52
Authentication via 802.1x

The authentication protocol is EAP (Extensible
Authentication Protocol)
Challenge - response system
Transport for it can include
Lightweight EAP (LEAP)
Transport Layer Security (TLS)
Tunneled Transport Layer Security (TTLS)
Protected EAP (PEAP)

53
Authentication via 802.1x

Crypto system is pluggable, also

54
Authentication via 802.1x

The access point only allows traffic between the
laptop and the authentication server
Multiple cycles of challenge/response can occur
until the authentication server accepts or
rejects the credentials
Credentials might be username/password, a PKI
certificate, or something else

55
Authentication via 802.1x

The authentication server can send additional
information to the supplicant
WEP key cycling
Doesnt fix flaws

56
Encryption

(See Jim Leinwebers talk in the other room!)
Private
Unaltered
Non-repudiable (digital signatures)

57
What gets encrypted?

Your email password?
Your FTP password?
Credit card numbers?
Your actual email, FTP session, etc.?

58
Common cases of encryption

Your WiscMail password (recent changes)
SFTP (replacement for FTP)
HTTPS pages (Amazon, UW Credit Union, UW Portal)
PKI Email (but not many people use this yet!)

59
WPA - whats coming next

Wireless Protected Access
Works with 802.1x and EAP
Being tested for cryptographic flaws
May ship late this year
Early support in Windows XP
Apple including support in Panther

60
WEP vs.. WPA

Poor encryption
40 bit keys
Keys are static and shared
Manual key distribution
WEP key is used for authentication and encryption

61
WEP vs. WPA

Poor encryption
40 bit keys
Keys are static and shared
Manual key distribution
WEP key is used for authentication and encryption

No known flaws in encryption
128-bit keys
Session keys are dynamic
Automatic key distribution
802.1x/EAP user authentication

62
So

WPA has support for 802.1x authentication
WPA fixes cryptographic flaws for key
distribution key capture (via TKIP)
WPA adds an integrity check for packets (MIC)

63
WPA - whats the downside?

Access points and NICs need upgrades
Mixed mode WEP
Supplicants (code for your laptop)
Windows XP (free)
Mac OS X Panther (not released)
Windows 2000/98/ME (3rd party, 50)
Linux, Mac OS X, Windows NT (3rd party, 40)

64
WPA - whats the downside?

Upgrades being delivered for 802.11g first
Only 802.11b WPA upgrades (as of June 30)
Cisco Aironet 802.11b 1100
Cisco Aironet 802.11a/b 1200
Linksys WPC11 ver3 client card
3COM AP8000 series

65
Virtual Private Networks (VPNs)

Can encrypt the entire conversation
Needs client on user's machine
Slows things down

66
Discussion - guests

Should you allow guest access?
How long can someone be a guest?
What can a guest do?

67
Discussion - guests

Who gives out guest access?
IT staff?
Administrative staff?
Faculty?
Everyone?

68
The bottom line

Wireless networking is difficult to make both
usable and secure for all but small populations
Authorization is a necessary first step
Encryption is needed to keep data private
An end-to-end problem everyone has to cooperate

69
Some sources of information