Wireless Security

1
Chapter 8

• Wireless Security

2
Objectives

• Explain wireless networking and why it is used
• Describe IEEE 802.11 radio wave networking
• Explain Bluetooth networking
• Describe attacks on wireless networks
• Discuss wireless security measures
• Configure security for wireless interfaces in
  workstation operating systems

3
Introduction to Wireless Networking

• Enables communications where a wired network is
  impractical
• Reduces installation costs
• Provides anywhere access
• Enables easier small and home office networking
• Enables data access to fit the application

4
Attacks on Wireless Networks

• Many opportunities, particularly through sniffer
  software
• Difficult or impossible to detect

5
Wireless Network Support Organizations

• Wireless LAN Association (WLANA)
• WINLAB

6
Why Use a Wireless Network Instead of a Wired
Network?

• A wired network can be difficult or impossible to
  install in some situations

7
Radio Wave Technologies

• Network applications use high frequencies
  measured in hertz
• Line-of-sight transmission
• Spread spectrum technology
• Popular technologies
• IEEE 802.11 standard
• Bluetooth

8
Radio Wave Technologies
9
Radio Wave Technologies

• Advantages
• Relatively inexpensive
• Easy to install
• Provide anywhere access
• Offer an alternative for hard-to-cable areas
• Disadvantages
• Do not have speeds to match 100Mbps
  communications
• Frequencies may experience interference

10
IEEE 802.11 Radio Wave Networking (Continued)

• Advantages in terms of compatibility and
  reliability
• Devices are not proprietary
• Encompasses fixed and mobile stations
• Recognizes indoor and outdoor communications

11
IEEE 802.11 Radio Wave Networking (Continued)

• Kinds of communication
• Discrete units (asynchronous)
• Governed by time restrictions

12
How IEEE 802.11 Wireless Networks Function

• Components
• Access methods
• Handling of data errors
• Transmission speeds
• Authentication
• Topologies
• Multiple-cell wireless LANs

13
Wireless Components

• Wireless NIC (WNIC)
• Functions as a transmitter/receiver (transceiver)
• Access point
• Antennas
• Directional antenna
• Omnidirectional antenna

14
Directional Antenna
15
Omnidirectional Antenna
16
Wireless Networking Access Methods

• Priority-based access
• Carrier Sense Multiple Access with Collision
  Avoidance (CSMA/CA)

17
Handling Data Errors

• Automatic repeat request (ARQ) characteristic
• Helps reduce communication errors created by
  sources of interference

18
Transmission Speeds
19
Infrared Wireless Networking

• 802.11R standard
• Can be broadcast in a single direction or in all
  directions
• Transmits in range of 100 GHz to 1000 THz

20
Infrared Wireless Networking

• Security factors
• Difficult to intercept without someone knowing
• Not susceptible to interference from RFI and EMI
• Disadvantages (but also make it more secure)
• Data transmission rates only reach up to 16 Mbps
  (directional) and can be less than 1 Mbps
  (omnidirectional)
• Does not go through walls

21
Diffused Infrared Wireless Communication
22
Using Authentication to Disconnect

• Prevents two communicating stations from being
  inadvertently disconnected by a nonauthorized
  station

23
802.11 Network Topologies

• Independent basic service set (IBSS) topology
• Consists of two or more wireless stations that
  can be in communication
• Does not use an access point
• Extended service set (ESS) topology
• Uses one or more access points to provide a
  larger service area than an IBSS topology

24
IBSS Wireless Topology
25
ESS Wireless Topology
26
Multiple-Cell Wireless LANs

• ESS wireless topology that employs two or more
  access points
• Inter-Access Point Protocol (IAPP)
• Roaming protocol that enables a mobile station to
  move from one cell to another without losing
  connection

27
Bluetooth Radio Wave Networking

• Uses frequency hopping in the 2.4-GHz band
  designated by FCC for unlicensed ISM
  transmissions
• Uses time-division duplexing (TDD) for packet
  transmissions

28
Anatomy of Attacks on Wireless Networks

• Antenna
• Wireless network interface card
• GPS
• War-driving software

29
Rogue Access Point

• Wireless access point installed without knowledge
  of network administrator
• Not configured to have security
• Provides an attacker with an unsecured entryway
  to packet communications

30
Attacks Through Long-Range Antennas

• Increases reach of a signal
• Enables network to be monitored from a greater
  distance without being observed

31
Man-in-the-Middle Attacks

• Interception of a message meant for a different
  computer
• Attacker operates between two communicating
  computers in order to
• Listen in on communications
• Modify communications

32
Pitfalls of Wireless Communications

• Inherently not secure because they are
  transported over radio waves
• Considerations
• Avoid wireless communications for extremely
  sensitive information
• Configure tightest security available

33
Wireless Security Measures

• Open system authentication
• Shared key authentication
• Wired Equivalent Privacy (WEP)
• Service set identifier (SSID)
• 802.1x security
• 802.1i security

34
Open System Authentication

• Two stations can authenticate each other
• Provides little security, only mutual agreement
  to authenticate
• Default form of authentication in 802.11

35
Shared Key Authentication

• Uses symmetrical encryption
• Same key for both encryption and decryption

36
Wired Equivalent Privacy (WEP)

• Same encryption key is used at both stations that
  are communicating

37
Wired Equivalent Privacy (WEP)
38
Service Set Identifier (SSID)

• Identification value
• typically up to 32 characters in length
• defines a logical network for all devices that
  belong to it
• Each device is configured to have same SSID
• Typically used in ESS, but not IBSS

39
802.1x Security

• Port-based form of authentication
• Uncontrolled port
• Controlled port
• Does not include encryption
• can be set up to work with EAP and its evolving
  versions (EAP-TTLS and PEAP)
• Use different computers for authentication server
  and authenticator

40
802.1i Security

• Builds on 802.1x standard
• Implements Temporal Key Integrity Protocol (TKIP)
  for creating random encryption keys from one
  master key

41
Configuring Security for Wireless Interfaces

• Windows 2000/XP Professional
• Support use of WNICs
• Red Hat Linux 9.x
• Supports use of WNICs (installed through GNOME
  desktop Network Device Control tool)
• Mac OS X
• Built-in compatibility for AirPort WNICs and base
  stations (access points)

42
Windows 2000 Professional Wireless Security
Techniques

• Open system authentication
• Shared key authentication
• WEP (40-bit and 104-bit keys)

• SSID
• 802.1x
• EAP
• Authentication through RADIUS

43
Windows XP Professional Wireless Security
Techniques

• Open system authentication
• Shared key authentication
• WEP (40-bit and 104-bit keys)

• SSID
• 802.1x
• EAP and EAP-TLS
• PEAP
• Authentication through RADIUS

44
Red Hat Linux Wireless Security Techniques

• Open system authentication
• Shared key authentication
• WEP (40-bit and 104-bit keys)
• SSID
• 802.1x

45
Mac OS X Wireless Security Techniques

• Open system authentication
• Shared key authentication
• WEP (40-bit and 104-bit keys)
• SSID
• RADIUS authentication
• Firewall protection

46
Summary

• How wireless networks work
• Popular approaches to wireless networking
• IEEE 802.11
• Bluetooth
• Types of attacks against wireless networks
• Wireless security measures and how to implement
  them in client operating systems