Wireless Security Issues and the impact of current legislation

1
Wireless Security Issuesand the impact of
current legislation

• Russell Rowe
• President
• Chief Security Officers, LLC
• www.chiefsecurityofficers.com

2
Wireless Protocols

• 802.11b
• 11Mbps at 2.45GHz
• 802.11a
• 54Mbps at 5.8GHz
• 802.11g
• 54Mbps at 2.4GHz
• (different physical layer than 802.11b)

3
Problems with 802.11b

• Security issues with the infrastructure
• Carelessness of the network installer
• What hackers can do

4
802.11b Issues

• SSID (Service Set Identifier)
• shows logical network and channel in the header
  of the packet
• WEP (Wired Equivalent Privacy)
• RC4 symmetric stream cipher with 40 bit and 104
  bit encryption keys
• easy to crack after collecting enough packets
  (5-10 million packets requires under a second to
  crack the encryption)
• significant loss of bandwidth

5
More 802.11b Issues

• User authentication does not exist
• Unicast session management support does not exist
• MAC filters usually not turned on

6
Carelessness of the Installer

• WEP not enabled or lowest encryption level
  selected
• Default passwords not changed
• Default encryption keys not changed
• Default setups left intact

7
Possible Threats

• What Hackers Can Do
• Sniff packets
• (credit card info, username, passwords etc)
• Steal internet access -gt Reduce Bandwidth
• Inject large amounts of traffic onto the WLAN
• Hijack sessions (MAC spoofing)

8
Security Solutions

• Change Defaults Settings
• SSID, administrator password
• Enable WEP (Wired Equivalent Privacy)
• Use IPsec (Internet Protocol Security)
• Use SSH (Secure Socket Shell)
• Use SSL (Secure Socket Layer)
• Disable DHCP (Dynamic Host Config Protocol) on AP
• Verify antenna characteristics
• Block transmission of SSID

9
Security Solutions

• Utilize strong account policies
• Use NTFS
• Encrypt files
• Use personal firewalls on laptops, PDAs
• Search for rogue APs
• Use Media Access Control (MAC) layer filtering
  and access control lists
• Use RADIUS or EAP
• Utilize WLAN analyzers and intrusion detection
  products to maintain security and detect rogue
  APs
• AirMagnet
• Latis Network

10
Wireless Definitions
Whackers -hackers that target wireless network
vulnerabilities War- Driving -driving through
area in vehicle with laptop and wireless card
with purpose of locating wireless networks War-
Walking -similar to War-Driving but using
Handheld/PDA device on foot War-
Flying -sniffing wireless networks in aircraft
11
More Wireless Definitions
War- Spamming -taking over unprotected Access
Points and using it to make attacks over the
internet. example) to inject SPAM to internet
War- Jacking -knock out an Access Point with
DOS (Denial of Service), then set up a new fake
AP which appears as legitimate original AP War-
Chalking -practice of marking and mapping
unsecured Wi-Fi AP to allow others to easy
distinguish and use
12
War Chalking Symbols
An Open Access Point - can easily be accessed
SSID of Access Point
Bandwidth of Network
WEP Protected AP -usually inaccessible to public
due to encryption
13
Wireless Sniffing Software
Sniffing Tools -software programs used to
find/locate WLAN -detect if encrypted, signal
strength, SSID, MAC, channel, vendor, noise, time
of detection, (if GPS longitude and
latitude) ex) NetStumbler and MiniStumbler Hackin
g Tools -software that listens to actual packet
flow, for purpose of cracking password and
breaking into network ex) AirSnort Capture
Tools -software used to capture data but also
allow troubleshooting to fix WLAN problems ex)
AirMagnet
MiniStumbler
AirMagnet
14
Locations Sniffed
15
Wireless Hot Spots Found
16
Results Default SSID
Total Default SSID Default 41.51 Non-Default
58.49
Business Default 33.33 Non-Default 66.67
Residential Default 58.82 Non-Default 41.18
17
Results WEP
Total with WEP Encrypted 32.08 Unencrypted 67.92
Business Encrypted 33.33 Unencrypted 66.67
Residential Encrypted 29.41 Unencrypted 70.59
18
Software Tools
Pocket PC Applications -Mini Stumbler -Yellow
Jacket 802.11b Analyzer -VX Sniffer Laptop
Applications -Net Stumbler
19
Hardware Tools
Parabolic WLAN Antenna
Cisco Aironet Wireless LAN Card
Sony Picturebook
Compaq Ipaq 3670
Lucent WaveLAN/IEEE (Agere ORiNOCO)
20
HIPAA Implications

• HIPAA requires secure electronic storage and
  transmission of patient data
• Penalties - 250,000 fine per incident. 10 years
  in prison.
• Healthcare one of the most active early adopters
  of wireless. Will spend 395 million on Wireless
  by 2005
• Security regulations take affect April 2005, but
  really kicking into gear now because
  organizations need security to implement privacy
  measures
• Many security issues with wireless
• Security rule gives no substantial guidance on
  how to secure wireless
• WEP not sufficient
• Compliance
• Use more secure hardware/software
• Bluesocket
• Segment network
• Implent Access control, Authentication,
  Encryption

21
California SB 1386

• Requires companies to notify their customers of
  computer security breaches
• Took effect July 1st
• Any business that has California customers
• Companies underestimating impact
• Breach must expose certain types of info
• Customer names
• Drivers License
• Credit card or bank account numbers
• Dont have to disclose breach if data encrypted
• Law doesnt specify level of encryption necessary
• Only have to notify California customers
• Probably easier to notify all customers
• Federal law in the works
• Compliance
• Encrypt data. Make sure it is encrypted at all
  times
• Segment customer information

22
Whats New

• WPA Wi-Fi Protected Access
• Coming this summer
• Functional replacement for WEP
• Stronger interoperable security
• 802.11i
• New generation WLAN security tools