Chapter 7: Security and Wireless LANs

Cisco Press

1 2 3 4 5 Page 2
Page 2 of 5

Thinking Securely

The broadcast nature of a wireless network effectively raises the importance of authentication, encryption, and hashing. Starting with Authentication, you want to be sure that only permitted parties can communicate with your APs. Because you are effectively broadcasting your message over the ether, everyone can potentially hear every communication. Encryption is, therefore, needed to ensure communication privacy. Finally, the broadcast environment makes it relatively easy to capture, modify, and resend a message. Hashing your messages will address this problem.

Literature on information security typically uses the example of communication between two people. This section does the same, using the example of communication between Tony and Kelly. The specific security challenges that Tony and Kelly face when communicating are

  • Tony and Kelly need to know that they are indeed communicating with each other. This is known as authentication of the communicating parties.

  • Tony and Kelly want to be sure that only they can interpret the message exchange. Encrypting the messages into ciphers that only Tony and Kelly can decipher achieves this goal. Keys are used to lock and unlock the messages. These keys can be static or dynamic, and symmetric or asymmetric (Public/Private). The combination of the respective key characteristics determines how secure the solution is but also the computational cost.

  • Finally, Tony and Kelly want to be sure that the messages have not been tampered with while the messages were in transit. This is achieved by attaching a checksum (hashing) to the message that is recomputed and compared upon receipt. If the checksum is the same, the messages have not been tampered with.

It is not impossible to ensure secure wireless communications. Securing WLANs is possible if done correctly. However, heightened awareness is required to ensure that you don't overlook a critical component and thus create a back door.


Note - It might not be possible for you to think like a hacker, but it is not necessary, either. What is important is to establish a security posture that identifies the parts of your network (or information that passes through it) that are most sensitive and need protection.


Different Security Models

Depending on how you decide to combine the security elements mentioned in the preceding section, different security models are appropriate. This section describes the most commonly adopted models, which include the following:

  • No authentication, encryption, or hashing

  • Native encryption only

  • Native authentication only

  • User-based authentication

  • Machine-based authentication

  • Native encryption and authentication but no hashing

  • Authentication and encryption using overlay security solutions

No Authentication, Encryption, or Hashing

By providing no method of authentication, encryption, or hashing, your network is most open to attack. However, an attack doesn't necessarily mean that an individual wants to break into your network with malicious intent. It can also mean that an individual inadvertently attaches to your WLAN and uses your network resources.

Even though this model leaves you most open to unauthorized use of your WLAN, sometimes you will choose not to authenticate users or encrypt data. One such situation is when you want to provide your guests with WLAN connectivity.


Note - On occasion, little or no WLAN protection is available for proprietary devices or unique operating systems.


Native Encryption Only

Because WLANs use radio as a transmission medium, the first line of defense—physical medium control and containment—as offered by wired networks is not present. Indeed, LANs are somewhat protected by their physical structure, with some or all parts in a building or underground. To provide some kind of physical isolation similar to wired LANs, the 802.11b standard defined the Wired Equivalent Privacy (WEP) security protocol. WEP intends to provide some degree of privacy by encrypting the information between the radio endpoints.

Because WEP was designed when WLANs were in their infancy, it is not surprising to see that WEP turned out to be less effective than initially expected. WEP does not provide true end-to-end security because it only operates at the two lowest layers of the OSI model: the physical and data link layers.


Note - Any time you expose a standard to the general community, you risk compromising the standard because hackers can reverse-engineer the standard to develop an exploit.


In addition, WEP uses a static symmetric key to encrypt the data. The key's static nature is a challenge because key management becomes complicated and a vulnerability is created that propagates to other parts of the security chain. Key management challenges include

  • Distributing keys

  • Supporting timed changes

  • Determining how to address the physical loss of end devices

Finally, WEP employs a key length of 48 or 128 bits. Given the continued and accelerated growth in computing power, standard desktops are now capable of quickly breaking these keys through exhaustive searches.

Native Authentication Only

Authentication and authentication protocols control access to a network. Keep in mind that authentication does not secure the data that is transmitted on the network. Authentication protocols are designed to ensure that the user or device that is attempting to communicate is indeed whom it claims. It is analogous to a secured door in a large office building. By swiping your identity card, you are "authenticating" yourself. If the card is permitted access, the door is unlocked. Note that in this analogy, the card is authenticated, not the person carrying the card. Furthermore, the ID card does not provide security after you're inside the door. As such, you can make the distinction between two forms of authentication: One is authentication of the user, and the other is authentication of the device.

User-Based Authentication

User-based authentication is probably the most common form of authentication deployed in today's enterprises. Users are given a password that only they are supposed to know. A system challenges the user to provide a username and password. After the pair is checked against a corresponding database, the user is either granted or declined access.

This method's considerations and challenges include password strength and password management. Because in-depth coverage falls outside of the scope of this book, refer to other resources, such as Security and Usability: Designing Secure Systems That People Can Use by Lorrie Faith Cranor and Simson Garfinkel (O'Reilly Press, 2005), if you are interested in learning more.

Machine-Based Authentication

Machine-based authentication goes a step further and verifies the identity of the devices that attempt to join your WLAN. Machine-based authentication is credential-based with the credential hard-coded in the device. This credential is a password of sorts for the machine. Like a person, the machine must be registered to be able to use the network. This credential is either derived or stored locally, or it can be dynamically assigned.

These methods will vary in complexity, but all are tied to an authentication service that is present in the core infrastructure.

Native Encryption and Authentication But No Hashing

The most common mechanism used by enterprises to secure WLANs is the incorporation of both encryption and authentication. Both can be provided in numerous ways. Authentication and encryption have evolved to combat numerous attacks, vulnerabilities, and protocol shortcomings. This evolution has also increased their complexity.

Data encryption can be achieved in many ways. Encryption can be performed using either symmetric or asymmetric, that is public/private, key pairs, and the keys can be either statically or dynamically assigned. Asymmetric keys are typically harder to break because it requires more computational horsepower. Similarly, dynamically assigned keys generate more computational overhead. However, the automation greatly simplifies key management. As the computing power of clients has increased, the encryption on the WLAN has evolved from the simple but hard to manage WEP to complex but easy to manage certificate-based key pairing. The later section "Encryption" will go into more detail on this subject.

Authentication and Encryption Using Overlay Security Solutions

Overlay security solutions employ higher levels of the OSI model to secure communications. Even at these higher levels, the same basic security features exist: encryption, authentication, and hashing. However, given the availability of additional information and embedded intelligence, the result is a higher degree of security sophistication. As such, Virtual Private Networks (VPN) and generic routing encapsulation (GRE) tunneling provide a more secure form of end-to-end communications. Both solutions work on the premise that a secure virtual communications tunnel is constructed between the communicating endpoints through which all data is securely sent. The use of an overlay security solution can sometimes cause disruption because the "tunnel" is a virtual point-to-point connection that needs to be reestablished anytime the connection is broken. Overlay solutions can also cause an added burden to the user or administrator. The user must complete an additional layer of security (setting up a VPN), and the administrator needs to manage all the virtual tunnels.


Note - GRE tunnels are not the means of encryption—they are only the logical manner in which encrypted traffic is routed in the network. For the GRE tunnel to be encrypted, it requires an underlying protocol, such as IPSec or 3DES. Both are commonly used for encryption today.


No WLAN

Although it is not practical, not allowing the use of WLANs is one way to consider handling the issue of security. This book is an advocate of deploying WLANs when they make the best business sense. In this case, "no WLAN" should mean "No WLAN at this time."

WLAN Security Threats

The nature of wireless communications makes defending against attacks very difficult but extremely necessary. Threats come in many forms. The vulnerability and exposure of your network comes from inside and outside your network. Arguably, the internal troubles typically outnumber the external threats.

Security threats surface as disruption in service, unintentional leaks, and industrial espionage. Both professionals and amateurs carry out attacks against WLAN security shortcomings, which is facilitated by a plethora of publicly available tools. Even then, it might not be a person but rather a byproduct of a careless design. The following describes three profiles of people who can compromise a network.

  • The malicious hacker—This is the person who actively tries to exploit security weaknesses of the network. This person's intent is to cause mischief, steal intellectual property, or cause business disruption.

  • The unaware employee—The unaware employee is becoming more common. This is a person who has unintentionally opened a vulnerability either directly (such as by installing a rogue AP) or indirectly (such as acting as a catalyst for the spread of a computer virus).

  • The war driver—War driving is when individuals or groups drive around and actively look for unprotected WLANs. In some cases, people mark the streets or sidewalks with chalk to indicate the presence of unprotected WLANs, which is also known as war chalking.

Now that we know who can carry out WLAN attacks, we will outline the different attack strategies that can be employed. The attack strategies are interception, rogue APs, and denial of service.

Interception

Because there is no physical link in wireless and because radio transmissions are not contained by physical boundaries, data can be intercepted. Any data that is intercepted is compromised as it can be reassembled, resulting in loss of intellectual property or exploitation of other safeguards.

You can, however, put security protocols into place to mitigate or thwart the threat of interception. This is covered in the next section. Interception provides a catalyst for malicious behavior in one of two ways:

  • Eavesdropping—Data sent over a wireless medium can be captured over time. Given enough time, even encrypted data can be decrypted, although well-developed encryption techniques will extend this time from days to years.

  • Impersonation—Commonly known as "man-in-the-middle" attacks, even when the data is sufficiently protected against prying ears, devices can be impersonated. This can lead to service availability attacks or inadvertent data capture with the latter leading to the possibility of encryption cracking.

Rogue APs

Rogue access points are by far the most elusive culprits in a WLAN deployment. Many vendors are building solutions that will tackle the problem of rogue APs. Basically, rogue APs are internal or external to your network and can either create a security hole or cause enough interference to disrupt service. Internal rogues usually occur when an employee introduces an AP to the internal network.

Ongoing commoditization has resulted in a steep drop in the price of access points. As the cost barrier is removed, some people will not only purchase an AP, but also independently decide to "plug" the personal AP into the network in an attempt to gain more freedom and mobility. One way to thwart this problem is to provide ubiquitous WLAN coverage. However, you can't be sure that this solution will stop the practice entirely.

Roque APs are typically not intentionally malicious, but require more effort to detect and mitigate. They threaten the network's well-being and the integrity of the wireless space. Because WLANs rely on the availability of channels of the RF spectrum, having competing devices in the same RF space will likely disrupt your WLAN service.

Denial of Service Attack

A sometimes overlooked security threat is the overloading of the network that results in the inability to access the network. This Denial of Service (DoS) is a very real threat and can be easily carried out against a WLAN. These attacks, although usually intentional, can sometimes happen by accident. DoS as a security concern can never be ruled out because it can never be completely avoided. DoS has one critical effect on the enterprise: the denial of access to the RF space and thus the lack of network access. You learned in Chapter 2 that there is an opportunity cost associated with unavailability of network access. As the organization becomes more dependent on information and network access, this opportunity cost can rapidly escalate with downtime.

Wireless Security Mitigation Techniques

WLANs employ specific methods for encryption, hashing, and authentication. Figure 7-1 illustrates the general elements that make up the embedded WLAN security.

Figure 7-1

Figure 7-1

Embedded WLAN Security

Encryption

Encryption is the action taken to mask the elements in a data stream. This is done by applying a variable (key), which is known by a sending station and a receiving station, to an algorithm that encodes and decodes the transmission. In this section, you will find three basic flavors of encryption that have been applied to WLANs for securing over-the-air transmissions. Each is still suitable for use today. However, they are typically not used in Enterprise environments as they are insufficiently robust.

The initial encryption method was WEP, which provided sufficient protection in early WLAN deployments. Over the years, the ability and desire of people to crack encryption algorithms and break cyphers has increased. As such, more robust encryption schemes are continuously developed to offset weakened methods and to retain the possibility of secure communication. WLANs have thus seen the displacement of WEP by the schemes named CCMP and AES. Let us compare these three methods.

WEP

WEP is an encryption algorithm that is built into the original 802.11 standard. WEP encryption uses the RC4 stream cipher with either 40- or 104-bit keys and a 24-bit initialization vector. WEP was initially deployed as a static key written onto the client, which caused a burden on key management.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

CCMP is a 128-bit keys cipher with a 48-bit initialization vector (IV), which helps prevent replay attacks. The Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCM provides data integrity and authentication.


Note - Although CCMP is a very strong encryption standard but it requires more computing power than WEP. This is important because some wireless access points might not have sufficient computing power to support CCMP.


Advanced Encryption Standard (AES)

AES was developed for securing sensitive but unclassified material by the U.S. government. By directive of the National Institute of Standards and Technology (NIST), a replacement for the Data Encryption Standard (DES) and to a lesser degree 3DES was commissioned. The specification required a symmetric algorithm using a block encryption of no less than 128 bits in size. Note that AES also forms the underlying encryption algorithm used in CCM. Its requirement and subsequent ratification by the U.S. government prompted acceptance by the general public.

The capability of AES encryption to remain protected is estimated to be years as opposed to weeks or days of current encryption methods.


Note - AES was built on the cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, called Rijndael.


Hashing

Hashing prevents man-in-the-middle attacks as it ensures that messages that have been tampered with, while they were in transit, can be identified by the receiver. This is independent of whether the message is encrypted. This section details Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC), which we refer to as radio side protection throughout this chapter. Both of these are used to maintain the integrity of the information sent over the RF.

TKIP (Temporal Key Integrity Protocol)

You can think of TKIP as a wrapper or enhancement for WEP. WEP is still the underlying encryption standard, but TKIP significantly improves the security by addressing its weak hashing capabilities. Using TKIP, every key is "rehashed," effectively giving each packet its own key. Because the attacks upon WEP rely on capturing tens of thousands of packets that use the same key to attempt to identify the actual key, TKIP never reuses the same key. As such, it greatly reduces the risk of the key being discovered.

TKIP is also part of the WPA standard.

Message Integrity Check

In order to combat the ability of a hacker to intercept, examine, and forward on a packet to an AP, there is a need to provide an additional layer of radio side protection. This is done through the insertion of an 8-byte MIC placed between the data portion of the 802.11 frame and the 4-byte Integrity Check Value (ICV). The MIC field is encrypted along with the frame data and the ICV. This is essentially a cyclic redundancy check (CRC) for wireless and is intended to prevent replay attacks, that is replay of an intercepted packet.

Table 7-1 summarizes the different security models described.

Table 7-1: Different Security Models at a Glance

 WEPTKIPCCMP
Cipher TypeRC4RC4AES
Key Size40 or 128 bits128 bits128 bits
Key Life24-bit IV48-bit IV48-bit IV
Integrity CheckCRC-32 (Data only)MICCCM
Replay CounterNoneInherentInherent
Key ManagementNoneEAP-basedEAP-based

Authentication

Authentication is the process in which the identity of a user or device is validated. This is typically done using passwords or certificates. Note that authentication assumes some degree of implicit trust. For example, the use of passwords assumes that it is only known by the authenticating entity. The same is true for certificates as they, in theory, can be handed off to somebody else. Furthermore, in the case of certificates, you need to trust the authority that extends the certificates.

This book does not cover this topic in-depth. However, you should be aware of these nontrivial challenges regarding trust and authentication. In the remainder of this section, we cover the methods and frameworks that are commonly used in WLANs—specifically, 802.1x, Wi-Fi Protected Access (WPA), and 802.11i.

802.1x

The 802.1x standard is a framework that defines a common process of communication for both wired and wireless LAN-based devices to initiate and secure point-to-point authentication. The 802.1x LAN standard can be applied to any subset of the 802 family. Its mainstream debut came at the time when WLAN products hit the mass market. Because standalone WEP was already known to be weak, 802.1x found a niche in which it could help to ensure the secure transmission of data in a WLAN. It is very important to understand that the standard only outlines the framework for communication. This freamework allowed vendors to provide various underlying authentication methods (which you learn more about in the section "EAP Types"), each with its own distinctive features.

The framework defines mutual authentication of devices and recommends the use of RADIUS as an authentication protocol. There are three key components to the 802.1x framework:

  • Supplicant (STA)—The client device that is requesting access. Typically this device is enabled by software, which performs the actual process.

  • Authenticator (Auth)—Plays the role of the middle man, providing an entry point from an untrusted network to a trusted one.

  • Authentication server (AS)—Acts as the validation point of contact. The authentication server maintains a database of all known authenticators and also maintains entitlement for the user or device. This user database can reside on a separate system.

The authentication communication between a client device and the authentication server is broken into two stages, as shown in Figure 7-2:

  • The first mode is Extensible Authentication Protocol (EAP), or EAP over LAN (EAPoL), which is the encapsulation format.

  • The second mode is RADIUS, where the credentials are passed for validation against the authentication database.

Figure 7-2

Figure 7-2

802.1x at a Glance


Note - In Figure 7-2, the supplicant can be any end device (laptop, desktop, PDA, phone). The authenticator can be a switch or AP.


Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) is a standard developed by the Wi-Fi Alliance primarily as a method for interoperability between Wi-Fi vendors. The Wi-Fi Alliance is a coalition of vendors with the charter of finding a common solution for wireless security. The WPA standard helps to mitigate the inherent shortcomings of WEP by protecting the transmission of data in the RF space by mandating the use of TKIP, MIC, and 802.1x.

WPA has two modes:

  • EAP and RADIUS in enterprise mode

  • Pre-shared keys (PSK) in non-RADIUS environments

WPA is built to support WEP as the encryption method, whereas the second phase of WPA, WPA2, supports the addition of CCMP for authentication.

Table 7-2 summarizes the features of the different WPA types.

Table 7-2: Differences Between WPA Types at a Glance

WPA Enterprise ModeWPA PSK Mode
Requires an authentication serverDoes not require an authentication server
Uses RADIUS protocols for authentication and key distributionUses shared secret keys for authentication
Centralizes management of user credentialsProvides device-oriented management of user credentials
Uses 802.1x as an identity framework--

802.11i

Based on WPA, the IEEE has ratified 802.11i as a wireless security standard to help provide a more robust method of protection. This standard introduces new and stronger encryption and hashing methods. It expands the initial validation (handshake) between the AP and client while still using 802.1x for the actual authentication process. 802.11i also mandates the use of AES. The principle enhancements are

  • Discovery—A four-way handshake to authenticate the AP and client

  • Authentication—The 802.1x framework for end-to-end authentication

  • Key management—Method through which systems derive an encryption key that ensures integrity for the whole session

  • Data Protection—Encryption of parts of the data packet

Figure 7-3 illustrates the relationship between these four parts of 802.11i. Each shaded area refers to one of the four functions listed previously.

Figure 7-3

Figure 7-3

Functions of 802.11i

802.11i uses EAP as the end-to-end transport for authentication and 802.1X (EAPoL) to encapsulate these EAP messages over WLANs.

During the discovery phase, participants determine the parties with whom they will communicate. The AP informs the client which security features are required to be used for communications.

Authentication employs 802.1x as a framework and further specifies the following:

  1. The use of centralized network admission policy—at the AS.

  2. Determination of the STA as to whether it does indeed want to communicate.

  3. Mutual authentication between the STA and Auth.

  4. Generation of a master key as a side effect of authentication.

  5. Use of a master key to generate session keys.

Key management also uses the 802.1x framework with the addition of a four-way handshake, which ensures that the client and AP are valid devices (trusted). Because the session key used in client and AP transmissions is valid for the length of the session, an additional mechanism was added to the protocol to help maintain the integrity of the key. Specifically, the following actions take place (four-way handshake):

Related:
1 2 3 4 5 Page 2
Page 2 of 5
IT Salary Survey: The results are in