Wireless and Instant Messaging

1
Wireless and Instant Messaging

• Chapter 8

2
Learning Objectives

• Understand security issues related to wireless
  data transfer
• Understand the 802.11x standards
• Understand Wireless Application Protocol (WAP)
  and how it works
• Understand Wireless Transport Layer Security
  (WTLS) protocol and how it works

continued
3
Learning Objectives

• Understand Wired Equivalent Privacy (WEP) and how
  it works
• Conduct a wireless site survey
• Understand instant messaging

4
802.11

• IEEE group responsible for defining interface
  between wireless clients and their network access
  points in wireless LANs
• First standard finalized in 1997 defined three
  types of transmission at Physical layer
• Diffused infrared - based on infrared
  transmissions
• Direct sequence spread spectrum (DSSS) -
  radio-based
• Frequency hopping spread spectrum (FHSS) -
  radio-based

continued
5
802.11

• Established WEP as optional security protocol
• Specified use of 2.4 GHz industrial, scientific,
  and medical (ISM) radio band
• Mandated 1 Mbps data transfer rate and optional 2
  Mbps data transfer rate
• Most prominent working groups 802.11b, 802.11a,
  802.11i, and 802.11g

6
802.11a

• High-Speed Physical Layer in the 5 GHz Band
• Sets specifications for wireless data
  transmission of up to 54 Mbps in the 5 GHz band
• Uses an orthogonal frequency division
  multiplexing encoding scheme rather than FHSS or
  DSSS
• Approved in 1999

7
802.11b

• Higher-Speed Layer Extension in the 2.4 GHz
  Band
• Establishes specifications for data transmission
  that provides 11 Mbps transmission (with fallback
  to 5.5, 2, and 1 Mbps) at 2.4 GHz band
• Sometimes referred to as Wi-Fi when associated
  with WECA certified devices
• Uses only DSSS
• Approved in 1999

8
802.11c

• Worked to establish MAC bridging functionality
  for 802.11 to operate in other countries
• Folded into 802.1D standard for MAC bridging

9
802.11d

• Responsible for determining requirements
  necessary for 802.11 to operate in other
  countries
• Continuing

10
802.11e

• Responsible for creating a standard that will add
  multimedia and quality of service (QoS)
  capabilities to wireless MAC layer and therefore
  guarantee specified data transmission rates and
  error percentages
• Proposal in draft form

11
802.11f

• Responsible for creating a standard that will
  allow for better roaming between multivendor
  access points and distribution systems
• Ongoing

12
802.11g

• Responsible for providing raw data throughput
  over wireless networks at a throughput rate of 22
  Mbps or more
• Draft created in January 2002 final approval
  expected in late 2002 or early 2003

13
802.11h

• Responsible for providing a way to allow for
  European implementation requests regarding the 5
  GHz band
• Requirements
• Limits PC card from emitting more radio signal
  than needed
• Allows devices to listen to radio wave activity
  before picking a channel on which to broadcast
• Ongoing not yet approved

14
802.11i

• Responsible for fixing security flaws in WEP and
  802.1x
• Hopes to eliminate WEP altogether and replace it
  with Temporal Key Integrity Protocol (TKIP),
  which would require replacement of keys within a
  certain amount of time
• Ongoing not yet approved

15
802.11j

• Worked to create a global standard in the 5 GHz
  band by making high-performance LAN (HiperLAN)
  and 802.11a interoperable
• Disbanded after efforts in this area were mostly
  successful

16
(No Transcript)
17
Wireless Application Protocol (WAP)

• Open, global specification created by the WAP
  Forum
• Designed to deliver information and services to
  users of handheld digital devices
• Compatible with most wireless networks
• Can be built on any operating system

18
WAP-Enabled Devices
19
WAP-Enabled Devices
20
How WAP 1x Works

• WAP 1.x Stack
• Set of protocols created by the WAP Forum that
  alters the OSI model
• Five layers lie within the top four (of seven)
  layers of the OSI model
• Leaner than the OSI model
• Each WAP protocol makes data transactions as
  compressed as possible and allows for more
  dropped packets than OSI model

21
WAP 1.x Stack Compared to OSI/Web Stack
22
Differences Between Wireless and Wired Data
Transfer

• WAP 1.x stack protocols require that data
  communications between clients (wireless devices)
  and servers pass through a WAP gateway
• Network architectural structures

23
WAP versus Wired Network
24
The WAP 2.0 Stack

• Eliminates use of WTLS relies on a lighter
  version of TLS the same protocol used on the
  common Internet stack which allows end-to-end
  security and avoids any WAP gaps
• Replaces all other layers of WAP 1.x by standard
  Internet layers
• Still supports the WAP 1.x stack in order to
  facilitate legacy devices and systems

25
(No Transcript)
26
Additional WAP 2.0 Features

• WAP Push
• User agent profile
• Wireless Telephony Application
• Extended Functionality Interface (EFI)
• Multimedia Messaging Service (MMS)

27
Wireless Transport Layer Security (WTLS) Protocol

• Provides authentication, data encryption, and
  privacy for WAP 1.x users
• Three classes of authentication
• Class 1
• Anonymous does not allow either the client or
  the gateway to authenticate each other
• Class 2
• Only allows the client to authenticate the
  gateway
• Class 3
• Allows both the client and the gateway to
  authenticate each other

28
WTLS Protocol Steps of Class 2 Authentication

• WAP device sends request for authentication
• Gateway responds, then sends a copy of its
  certificate which contains gateways public key
  to the WAP device
• WAP device receives the certificate and public
  key and generates a unique random value
• WAP gateway receives encrypted value and uses its
  own private key to decrypt it

29
WTLS Security Concerns

• Security threats posed by WAP gap
• Unsafe use of service set identifiers (SSIDs)

30
Wired Equivalent Privacy (WEP)

• Optional security protocol for wireless local
  area networks defined in the 802.11b standard
• Designed to provide same level of security as a
  wired LAN
• Not considered adequate security without also
  implementing a separate authentication process
  and providing for external key management

31
Wireless LAN (WLAN)

• Connects clients to network resources using radio
  signals to pass data through the ether
• Employs wireless access points (AP)
• Connected to the wired LAN
• Act as radio broadcast stations that transmit
  data to clients equipped with wireless network
  interface cards (NICs)

32
How a WLAN Works
33
APs
34
NICs
35
How WEP Works

• Uses a symmetric key (shared key) to authenticate
  wireless devices (not wireless device users) and
  to guarantee integrity of data by encrypting
  transmissions
• Each of the APs and clients need to share the
  same key
• Client sends a request to the AP asking for
  permission to access the wired network

continued
36
How WEP Works

• If WEP has not been enabled (default), the AP
  allows the request to pass
• If WEP has been enabled, client begins a
  challenge-and-response authentication process

37
WEPs Weaknesses

• Problems related to the initialization vector
  (IV) that it uses to encrypt data and ensure its
  integrity
• Can be picked up by hackers
• Is reused on a regular basis
• Problems with how it handles keys

38
Other WLAN Security Loopholes

• War driving
• Unauthorized users can attach themselves to WLANs
  and use their resources, set up their own access
  points and jam the network
• WEP authenticates clients, not users
• Wireless network administrators and users must be
  educated about inherent insecurity of wireless
  systems and the need for care

39
Conducting a Wireless Site Survey

• Conduct a needs assessment of network users
• Obtain a copy of the sites blueprint
• Do a walk-through of the site
• Identify possible access point locations
• Verify access point locations
• Document findings

40
Instant Messaging (IM)

• AOL Instant Messenger (AIM)
• MSN Messenger
• Yahoo! Messenger
• ICQ
• Internet Relay Chat (IRC)

41
Definition of IM

• Uses a real-time communication model
• Allows users to keep track of online status and
  availability of other users who are also using IM
  applications
• Can be used on both wired and wireless devices
• Easy and fast

continued
42
Definition of IM

• Operates in two models
• Peer-to-peer model
• May cause client to expose sensitive information
• Peer-to-network model
• Risk of network outage and DoS attacks making IM
  communication unavailable

43
Problems Facing IM

• Lack of default encryption enables packet
  sniffing
• Social engineering overcomes even encryption

44
Technical Issues Surrounding IM

• Files transfers
• Application sharing

45
Legal Issues Surrounding IM

• Possible threat of litigation or criminal
  indictment should the wrong message be sent or
  overheard by the wrong person
• Currently immune to most corporate efforts to
  control it
• Must be monitored in real time

46
Blocking IM

• Install a firewall to block ports that IM
  products use IM will be unavailable to all
  employees
• Limited blocking not currently possible

47
Cellular Phone Simple Messaging Service (SMS)

• Messages are typed and sent immediately
• Problems
• Tracking inappropriate messages
• Risk of having messages sniffed

48
Chapter Summary

• Efforts of IEEE, specifically 802.11x standards,
  to standardize wireless security
• Security issues related to dominant wireless
  protocols
• WAP
• Connects mobile telephones, PDAs, pocket
  computers, and other mobile devices to the
  Internet
• WEP
• Used in WLANs

continued
49
Chapter Summary

• WTLS protocol
• Conducting a site survey in advance of building a
  WLAN
• Security threats related to using (IM)