Internet Security Principle Wireless LAN/WAN Protection

1
Internet Security PrincipleWireless LAN/WAN
Protection
2
Group Member

• Jia-Wei Tsay
• Taesun(Andy) Park

3
Contents

• Introduction
• Applications
• Technologies
• Threats
• Recent security mechanism
• Protection solutions
• Conclusion
• Reference

4
Introduction

• Abstract
• What is the wireless LAN
• What is the wireless WAN
• The importance of wireless LAN/WAN protection

5
Abstract

• Wireless LAN/WAN are becoming a respectable
  alternative in indoor communications. It offers
  flexibility and mobility in networking
  environments, as the user is not bound to a
  certain workplace anymore
• Wireless technology allows the network to go
  where wire cannot go. Mobile workforce who
  require real time access to data benefit from
  wireless LAN/WAN connectivity since they can
  access it almost any time any place. Wireless
  LAN/WAN are also ideal for providing mobility in
  home and hot spot environments

6
Abstract(cont)

• Unfortunately, disgruntled employees, hackers,
  viruses, industrial espionage, and other forms of
  destruction are not uncommon in today's Networks
• This project addresses the vulnerabilities and
  the security to the wireless LAN/WAN

7
What is the wireless LAN

• A wireless LAN (WLAN) is a flexible data
  communication system implemented as an extension
  to, or as an alternative for, a wired LAN within
  a building or campus. Using electromagnetic
  waves, WLANs transmit and receive data over the
  air, minimizing the need for wired connections.
  Thus, WLANs combine data connectivity with user
  mobility, and, through simplified configuration,
  enable movable LANs

8
What is the wireless LAN(cont)

• A wireless local area network (WLAN) is a
  flexible data communication system using radio
  frequency (RF) technology to transmit and receive
  data over the air. It can be integrated with
  existing campus network seamlessly and easily so
  that we can enjoy network computing without
  looking for a physical network port
• wireless LAN is a collection of two or more
  devices connected via an open air medium in order
  to share data

9
What is the wireless WAN

• Wireless WANs, which can bridge branch offices of
  a company, cover a much more extensive area than
  wireless LANs. Unlike WLANs, which offer limited
  user mobility and instead are generally used to
  enable the mobility of the entire network, WWANs
  facilitate connectivity for mobile users such as
  the traveling businessman. In general, WWANs
  allow users to maintain access to work-related
  applications and information while away from
  their office.

10
What is the wireless WAN (cont)

• In wireless WANs, communication occurs
  predominantly through the use of radio signals
  over analog, digital cellular, or PCS networks,
  although signal transmission through microwaves
  and other electromagnetic waves is also possible.
  Today, most wireless data communication takes
  place across 2G cellular systems such as TDMA,
  CDMA, PDC, and GSM, or through packet-data
  technology over old analog systems such as CDPD
  overlay on AMPS.

11
What is the wireless WAN (cont)

• Although traditional analog networks, having been
  designed for voice rather than data transfer,
  have some inherent problems, some 2G (second
  generation) and new 3G (third generation) digital
  cellular networks are fully integrated for
  data/voice transmission. With the advent of 3G
  networks, transfer speeds should also increase
  greatly.

12
The importance of wireless LAN/WAN protection

• Security is an important aspect in wireless
  LAN/WAN since it is hard to restrict access to
  network resources physically, which can be made
  with wired LAN/WAN by physical access control in
  the premises

13
Application

• Doctors and nurses in hospitals are more
  productive because hand-held or notebook
  computers with wireless LAN capability deliver
  patient information instantly.
• Consulting or accounting audit engagement teams
  or small workgroups increase productivity with
  quick network setup.
• Network managers in dynamic environments minimize
  the overhead of moves, adds, and changes with
  wireless LANs, thereby reducing the cost of LAN
  ownership.

14
Application(cont)

• Training sites at corporations and students at
  universities use wireless connectivity to
  facilitate access to information, information
  exchanges, and learning.
• Network managers installing networked computers
  in older buildings find that wireless LANs are a
  cost-effective network infrastructure solution.
• Retail store owners use wireless networks to
  simply frequent network reconfiguration.

15
Application(cont)

• Trade show and branch office workers minimize
  setup requirements by installing preconfigured
  wireless LANs needing no local MIS support.
• Warehouse workers use wireless LANs to exchange
  information with central databases and increase
  their productivity.
• Network managers implement wireless LANs to
  provide backup for mission-critical applications
  running on wired networks.
• Senior executives in conference rooms make
  quicker decisions because they have real-time
  information at their fingertips.

16
LAN/WAN Technologies

• WAP
• Bluetooth
• AMPS
• TDMA
• CDMA
• GSM
• G3 IMT-2000 International Mobile
• GPRS
• LMDS
• 100BaseRadio

17
WAP

• WAP stands for Wireless Application Protocol
• WAP is an application communication protocol
• WAP is used to access services and information
• WAP is inherited from Internet standards
• WAP is for handheld devices such as mobile phones
  
• WAP is a protocol designed for micro browsers
• WAP enables the creating of web applications for
  mobile devices.
• WAP uses the mark-up language WML

18
WAP(cont)

• The WAP standard is based on Internet standards
  (HTML, XML and TCP/IP). It consists of a WML
  language specification, a WMLScript
  specification, and a Wireless Telephony
  Application Interface (WTAI) specification.
• WAP is published by the WAP Forum, founded in
  1997 by Ericsson, Motorola, Nokia, and Unwired
  Planet

19
Bluetooth

• Bluetooth technology is a forthcoming wireless
  personal area networking (WPAN) technology that
  has gained significant industry support and will
  coexist with most wireless LAN solutions. The
  Bluetooth specification is for a 1 Mbps, small
  form-factor, low-cost radio solution that can
  provide links between mobile phones, mobile
  computers and other portable handheld devices and
  connectivity to the internet.

20
Bluetooth(cont)

• This technology, embedded in a wide range of
  devices to enable simple, spontaneous wireless
  connectivity is a complement to wireless LANs
  which are designed to provide continuous
  connectivity via standard wired LAN features and
  functionality

21
Wireless WAN (Summary)

• 1G First generation (Analog voice) AMPS
• - Advanced Mobile Phone Service
• 2G Second Generation (Digital voice and
  messages)
• - TDMA - Time Division Multiple Access (D-AMPS,
  NA-TDMA, IS-54, IS-136)
• - CDMA - Code Division Multiple Access
  (CDMA-One, IS-95a) GSM - Global System for Mobile
  communication
• 2.5G
• - EDGE Enhanced Data rate for Global Evolution
  
• - GPRS General Packet Radio Service
• 3G Third Generation (Broadband Data and Voice
  over IP)
• - IMT-2000 backbone of 3G world
• - W-CDMA Wideband CDMA
• - Cdma2000 Broadband CDMA
• - LMDS / MMDS Local Multipoint / Multipoint
  Microwave Distribution Systems

22
Wireless WAN (Summary)
2004
2003
2002
2001
GSM
GPRS
W-CDMA
EDGE
Cingular VoiceStream
TDMA
ATT Wireless
iDEN
Nextel
CDMA-2000
CDMA
1x
3x
Verizon Wireless Sprint PCS
Easy upgrade
2G
3G
2.5G
Upgrade requires new modulation
Upgrade requires entire new radio system
23
Wireless WAN
Cellular Telephony - bandwidth 9.6-14.4 Kbps
(2G) 28.2-128 Kbps (2.5G) 200-2000 Kbps (3G)
- standards GSM, CDMA, TDMA, GPRS common use
national coverage Paging - bandwidth 9.6 Kbps
standard CDPD common use two-way short text
messages Satellite - bandwidth 400-1500
Kbps (downlink) 256 Kbps (uplink)
24
AMPS - Advanced Mobile Phone Service
-First generation wireless tech - analog
cellular phone system (in USA and South Africa)
- uses FDMA - Frequency Division Multiple
Access - (800-900)MHz frequency Spectrum
Subdivided into 25 KHz Channels(4000 channels)
- one subscriber at a time to each channel (no
sharing) - the system based on fixed cells
(geographic zones) - 3 components cellular
phone, base station, MTSO - Mobile Telephone
Switching Office
25
TDMA - Time Division Multiple Access (2G)

• operate at 800 MHz (806-902 MHz digital cellular
  system) or 1900 MHz (1850-1990 MHz PCS -
  Personal Communication Service)
• 1900 MHz system requires more cells than 800 MHz
  system
• 30-KHz radio channels are divided into 6 time
  slots ( a fraction of the second). Each time slot
  is assigned among 8 subscribers
• referred to as D-AMPS - Digital AMPS NA-TDMA-
  North America TDMA IS-54 - the first
  implementation of TDMA IS-136 - next generation
  TDMA (transmission up to 43.2 Kbps)
• http//www.uwcc.org/ TDMA

26
CDMA - Code Division Multiple Access (2G)

• operate at 800 MHz (digital cellular system) and
  1900 MHz (PCS) frequency bands
• 10-20 times the capacity of analog AMPS 4- 6
  times the capacity of TDMA up to 384 Kbps
• referred to as IS-95 CDMA (or CDMA One) standard
  by TIA
• CDMA assigns digital codes to activate subscribes
  CDMA divides the radio spectrum into channels
  that are 1.25 MHz wide
• Lack of international roaming capabilities
• there are 2 competing standards cdma2000
• - American implementation, backward compatible
  with GSM and other second-generation wireless
  systems
• - W-(for Wideband)-CDMA developed by European
  Telecommunications Standards Institute
  Incompatible with existing CDMA or GSM
  infrastructure
• http//www.3gpp.org/ CDMA

27
GSM - Global System for Mobile communication (2G)

• European version of TDMA, very popular in Europe
• support for "Short message service" (short test
  messages)
• operates at 900 MHz and 1800 MHz (Europe) 1900
  MHz in USA as PCS
• very popular in Europe, Asia, India, Africa
  combination of FDMA and TDMA FDMA divides the 25
  MHz bandwidth into 124 carrier frequencies of 200
  KHz each each 200 Kbps channel in divided into 8
  time slots using TDMA
• up to 384 Kbps based on 60 orbiting
  satellites
• international roaming capabilities in more than
  170 countries
• Vendors Alcatel, Ericsson, Lucent, Nokia, Nortel

28
G3 IMT-2000 International Mobile
Telecommunication - Year 2000

• project started in 1992
• wireless access through satellite and terrestrial
  systems packet services 144 Kbps, 384 Kbps, 2
  Mbps
• circuit-switched services 144 Kbps, 284 Kbps,
  2Mbps
• 3 modes of operation
• - based on CDMA ONE
• - IS 95B based on CDMA 2000
• - IXMC, IXTREME, HDR, 3XMC based on TDMA/GSM
  
• - EDGE Global roaming
• http//www.itu.int/imt2000/

29
GPRS, LMDS, 100 BaseRadio
GPRS General Packet Radio Service (2.5 G) -
packet switched intermediate step to transport
high-speed data efficiently over GSM- and
TDMA-based networks - GPRS uses 8 time slots in
the 200 KHz channel and can support IP-based
packet data speeds between 14.4 Kbps and 115
Kbps LMDS - Local Multi-point Distribution
Service - not popular yet, terrestrial
broadband wireless tech. - - versions 24, 28,
31,38,40 GHz - 1 Mbps - 45 Mbps - operates at
very high frequences 100BaseRadio - operates
at 5.2 GHz, 5.3 GHz and 5.775 GHz - the
standard complies with IEEE802.3, 802.1d, VLANs
30
Wireless WAN (Summary)

• 1G First generation (Analog voice) AMPS
• - Advanced Mobile Phone Service
• 2G Second Generation (Digital voice and
  messages)
• - TDMA - Time Division Multiple Access (D-AMPS,
  NA-TDMA, IS-54, IS-136)
• - CDMA - Code Division Multiple Access
  (CDMA-One, IS-95a) GSM - Global System for Mobile
  communication
• 2.5G
• - EDGE Enhanced Data rate for Global Evolution
  
• - GPRS General Packet Radio Service
• 3G Third Generation (Broadband Data and Voice
  over IP)
• - IMT-2000 backbone of 3G world
• - W-CDMA Wideband CDMA
• - Cdma2000 Broadband CDMA
• - LMDS / MMDS Local Multipoint / Multipoint
  Microwave Distribution Systems

31
Wireless WAN (Summary)
2004
2003
2002
2001
GSM
GPRS
W-CDMA
EDGE
Cingular VoiceStream
TDMA
ATT Wireless
iDEN
Nextel
CDMA-2000
CDMA
1x
3x
Verizon Wireless Sprint PCS
Easy upgrade
2G
3G
2.5G
Upgrade requires new modulation
Upgrade requires entire new radio system
32
Threats

• Inherent flaws
• Hackers
• Distribution file and quality of password
• Interception
• Masquerading
• denial-of-service attack
• transitive trust attack

33
Inherent flaws

• Attacks from within the networks user community
• Unauthorized access to network resources via the
  wireless hardware typically high capability
  receiver
• Eavesdropping on the wireless signaling from
  outside the company or work group
• In a wireless LAN cannot be physically
  restricted. Any registered user of the network
  can access data that he has no business
  accessing. Disgruntled current and ex-employees
  have been known to read, distribute, and even
  alter, valuable company data files.

34
Hackers

• Remote access products allows people to dial in
  for their email, remote offices connected via
  dial-up lines, on-site Web sites, and "Extranets"
  that connect vendors and customers to own network
  which can make network vulnerable to hackers

35
Distribution file and quality of password

• On the other hand, the user needs to have the
  file distributed when he wants to access the
  Intranet. Typically, this distribution file would
  reside on the hard disk of the user's personal
  laptop. The quality of the password that opens
  access to the keys in the file, is essential to
  the whole security of the system if a malicious
  user finds out the password and gains access to
  the distribution file, she can log on to the
  server and thus create a tunnel to the intranet

36
Interception

• A kind of identity interception, in which the
  identity of a communicating party is observed for
  a later misuse, or data interception in which an
  unauthorized user is observing the user data
  during a communication

37
Masquerading

• Masquerading takes place when an attacker
  pretends to be an authorized user in order to
  gain access to information or to a system

38
DOS attack

• A denial-of-service attack could be launched
  against a wireless LAN by deliberately causing
  interference in the same frequency band the
  wireless LAN operates
• Due the nature of the radio transmission the
  wireless LANs are very vulnerable against denial
  of service attacks
• If attacker has powerful enough transceiver, he
  can easily generate such radio interference that
  our wireless LAN is unable to communicate using
  radio path

39
Transitive trust attack

• If the attacker can fool wireless LAN to trust
  the mobile he controls, then there is one hostile
  network node inside all firewalls of enterprise
  network and it is very difficult to prevent any
  hostile actions after that
• fooling the mobile to trust the base controlled
  by attacker as our base

40
Recent security mechanism

• Service Set ID (SSID)
• Wired Equivalent Privacy (WEP)
• Wireless Transport Layer Security (WTLS)

41
SSID

• Service Set ID (SSID) is a network name. This
  name is sometimes considered secret
• An access point can be configured either to allow
  any client to connect to it or to require that a
  client specifically must request the access point
  by name. Even though this was not meant primarily
  as a security feature, setting the access point
  to require the SSID can let the ID act as a
  password.

42
WEP

• Wireless LANs using the IEEE 802.11b standard
  have been growing rapidly over the past two years
• WEP is the optional security mechanism defined
  within the 802.11 standard designed to make the
  link integrity of the wireless medium equal to
  that of a cable
• A WEP is based on protecting the transmitted data
  over the RF medium using a 64-bit or 128-bit seed
  key and the RC4 encryption algorithm

43
WTLS

• WAP uses WTLS as the security mechanism
• WAP uses WTLS which is a wireless relative of the
  more common SSL mechanism used by all major web
  browsers. WTLS resembles SSL in that both rely on
  certificates on the client and server to verify
  the identity of the participants involved.
• While SSL implementations generally rely on RSA
  encryption, WTLS supports RSA, Diffie-Hellman,
  and Elliptic Curve encryption. WTLS doesn't
  provide for end-to-end security due to WAP's
  current architecture and limitations of
  server-side Transport Layer Security (SSL)

44
Problems

• The SSID can typically be found by "sniffing" the
  network. Therefore this lends very little to
  securing a network
• WEP, when enabled, only protects the data packet
  information and does not protect the physical
  layer header so that other stations on the
  network can listen to the control data needed to
  manage the network
• WEP can be cracked by simply modifying several
  device driver settings on your wireless
  LAN-equipped mobile device

45
Problems(cont)

• Weaknesses in the Key Scheduling Algorithm of RC4
  which would allow an intruder to pose as a
  legitimate user of the network in WEP
• Wireless network Wi-fi used by American Airlines,
  Starbucks and several hotel chains having no
  encryption at all, so almost everything sent from
  a customer's laptop can be picked up by a nearby
  hacker

46
Protection solutions

• Use higher-level security mechanisms such as
  IPsec and SSH for security, instead of relying on
  WEP.
• Treat all systems that are connected via 802.11
  as external. Place all access points outside the
  firewall
• users should augment the protocol with extra
  layers of security, such as a VPN (virtual
  private network) or a firewall

47
Protection solutions(cont)

• Cisco is going to release in the up coming year
  x.509 certificate authentication. So each person
  will be required to unlock their x.509
  certificate with a password and then present
  their certificate over an encrypted channel
  before they are allowed access to the network.
  Early indications from Cisco are that there will
  be some sort of session key based on this
  certificate. So even if you have the keys for the
  128 bit encryption you will still not be able to
  understand or "sniff" the traffic without a
  session key produced when the individual is
  authenticated

48
Protection solutions(cont)

• do not use the default key change the key
  immediately and change it regularly don't tell
  anyone the key, ever and conduct WLAN audits
  regularly to ensure there are no rogue WLAN
  connections
• The WAP Forum has addressed this issue in WAP
  2.0, offering end-to-end security
• You should now have an operating RADIUS server
  and access points that deny access to
  unauthorized users. Spoofing IP addresses won't
  work -- MAC addresses that don't successfully
  authenticate are not allowed to pass through the
  access point. Your wireless network is now
  secured against hackers

49
Conclusion

• The only applications that should be developed
  for a wireless environment are those that are not
  mission-critical or that are protected with
  firewalls, token devices for authentication,
  encryption, and Intrusion Detection Systems
• Despite proponents' claims to the contrary,
  wireless data technologies still possess a level
  of insecurity, particularly if custom security
  measures (such as encryption) are not put in
  place by the enterprise or application developer

50
Conclusion(cont)

• These are among the security enhancements that
  are being proposed by Cisco, Microsoft, Intel and
  others to the 802.11 standards committee for
  stronger security capabilities in the standard
• Only when these products and technologies are
  proven to be secure from end to end will mobile
  commerce begin to take off.

51
Reference

• http//www.fortresstech.com/
• http//techupdate.zdnet.com/techupdate/stories
  http//www.nwfusion.com/newsletters/wireless/2001/
  00765538.html
• http//www.informit.com/content
• http//www.hktechnology.com/hktnet/Solutions20for
  20wlan/what_is_wlan/overview.htm
• http//www.cityu.edu.hk/csc/deptweb/publications/t
  ech-report.htm
• http//www.pcworld.com/news/article/0,aid,55146,00
  .asp
• http//www.google.com/search?qcache35upR5YLz3Mw
  ww.wirelessethernet.org/pdf/Wi-FiWEPSecurity.pdft
  hreatofwirelessLanhlzh-TW

52
Reference(cont)

• http//www.networkcomputing.com/1004/1004buyerside
  1.html
• http//www.sans.org/infosecFAQ/wireless/wireless_L
  AN.htm
• http//www.futurelooks.com/features/Articles/80211
  b/page3_frame.htm
• http//www.itworld.com/Sec/2306/NWW010426isslan/
• http//www.practicallynetworked.com/support/wirele
  ss_secure.htm

53
Reference(cont)

• http//www.uwcc.org
• http//www.3gpp.org
• http//www.itu.int/imt2000
• http//www.cdpd.org
• http//www.wirelesswans.com
• http//www.x.net.au/Wireless_WAN_Howto.htm
• http//www.pinnaclecomm.com/wireless/
• http//www.w-wan.com/about/case_studies/story9.htm
  l
• http//www.pdamd.com/vertical/features/wireless_4.
  xml

54
Reference(cont)

• http//www.shopforacomputer.com/wireless_081601/wi
  reless_wan.htm
• http//archive.ncsa.uiuc.edu/edu/nie/overview/netw
  ork/educate.html
• http//www.wireless-nets.com/articles.htm
• http//www.securityfocus.com/cgi-bin/library.pl?ca
  t176
• http//www.its.state.ut.us/contents/services/wan/w
  anhardware.shtml