© 2002, Cisco Systems, Inc. Wireless LAN Security


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In the next few slides, we identify the key barriers for large-scale wireless deployment We compare the first generation WLAN features/solutions with those offered by Cisco Aironet solutions The quotes in the box are verbatim customer quotes SSID: Sent in clear, not really security. Merely a name for the WLAN WEP: optional in 802.11. Most leading vendors support both 40 and 128-bit Tout how we do WEP in hardware and take only a 2-3% performance hit while our competitors such as Lucent and 3Com do it in s/w and may take up to 25% performance hit Talk about how our solution supports centralized authentication integrated with network logon. Highly scalable. Unlike schemes that are based on MAC address. Dynamic WEP key management. Hassle-free. VPN from public access spaces like airports, hotels.
  • Loud and clear customer demand today Mature, understood technology – “good enough for the Internet” Reluctance to use WEP Many heterogeneous client environments Cannot fully utilize an 802.1x LEAP deployment Market requiring highest security Financials, Healthcare, Others Cisco is uniquely positioned WLAN leadership VPN & security leadership Can deliver an integrated VPN over WLAN solution Create value for Aironet and VPN 3000 lines Allow for margin and profitability preservation
  • Security of wireless LANs has received a lot of bad press. However, Wireless LANs can be as secure as wired infrastructure if set up correctly Prior to deploying an education institution needs to conduct a risk assessment of its environment and decide how much security it needs Note that 70% of businesses do not turn on the basic security available on all WLAN products – educate your customers No security – this may be the most appropriate option where open access is required -- 802.11b Configurable Features Security Options -- SSID – Not a security handle, sent in the clear; Public/Private WLAN segregation Drawbacks -- “Promiscuous mode” drivers; Null association Basic Security – 802.11b Configurable Features Security Options – SSID, WEP Encryption (H/W or S/W); Public/Private WLAN Segregation Drawbacks -- Static keys – create security and management issues; Easily hacked Enhanced Security – Enhanced Features Security Options – 802.1x Authentication Framework (802.11 TGi Baseline) Mutual Authentication – Dynamic, per user, per session, WEP key Automatic, frequent re-authentication Advantages – Multi-tiered security approach Maximum Security – Special Applications requiring maximum security Provides the following: Tunneling Encryption Packet integrity User and device authentication Policy management
  • Add text
  • © 2002, Cisco Systems, Inc. Wireless LAN Security

    1. 1. Wireless LAN Security
    2. 2. The #1 Concern for Enterprise about Wireless: Security Source: WSJ, 2/5/01
    3. 3. Agenda <ul><li>Wireless LAN security issues </li></ul><ul><li>Standards-based solutions: 802.1X and TKIP </li></ul><ul><li>WiFi Protected Access (WPA) </li></ul><ul><li>Other security methods </li></ul><ul><li>Rogue APs </li></ul><ul><li>Demo </li></ul><ul><li>Summary </li></ul>
    4. 4. Security Requirements for WLANs “ Wireless is like having an RJ45 in my car park”
    5. 5. Wireless LAN Security Issues <ul><li>Issue </li></ul><ul><li>Access control: Anyone in AP coverage area can get on WLAN </li></ul><ul><li>Privacy: Wireless sniffer can view all WLAN data packets </li></ul><ul><li>802.11 Solution </li></ul><ul><li>Use WEP to encrypt all data transmitted between client and AP </li></ul><ul><li>Without WEP key, user cannot transmit or receive data </li></ul>Wireless LAN (WLAN) Wired LAN client access point (AP)
    6. 6. Limitations of 802.11 Security <ul><li>Authentication </li></ul><ul><li>Authentication is device-based, not user-based </li></ul><ul><li>Client does not authenticate network </li></ul><ul><li>Existing authentication databases are not leveraged </li></ul><ul><li>Key management </li></ul><ul><li>Keys are static </li></ul><ul><li>Keys are shared among devices and APs </li></ul><ul><li>If adapter or device is stolen, all devices and APs must be rekeyed </li></ul><ul><li>RC4-based WEP keys </li></ul><ul><li>Encryption algorithm is vulnerable to attack </li></ul><ul><li>Message integrity is not ensured </li></ul>
    7. 7. Addressing the Limitations: 802.11i <ul><li>Authentication </li></ul><ul><li>Authentication is device-based, not user-based </li></ul><ul><li>Client does not authenticate network </li></ul><ul><li>Existing authentication databases are not leveraged </li></ul><ul><li>Key management </li></ul><ul><li>Keys are static </li></ul><ul><li>Keys are shared among devices and APs </li></ul><ul><li>If adapter or device is stolen, all devices and APs must be rekeyed </li></ul><ul><li>RC4-based WEP keys </li></ul><ul><li>Encryption algorithm is vulnerable to attack </li></ul><ul><li>Message integrity is not ensured </li></ul>802.1X TKIP and AES
    8. 8. Overview of 802.1X <ul><li>Link layer (layer 2) support for Extensible Authentication Protocol (EAP) </li></ul><ul><li>Securely facilitates authentication message exchanges between: </li></ul><ul><ul><li>Wireless Client </li></ul></ul><ul><ul><li>Access Point </li></ul></ul><ul><ul><li>AAA Server </li></ul></ul><ul><li>Allows the use of numerous authentication algorithms </li></ul><ul><li>WLAN implementations of 802.1X must support mutual authentication </li></ul>
    9. 9. 802.1X Authentication Types <ul><li>EAP-Cisco Wireless, or LEAP </li></ul><ul><ul><li>Is supported by Cisco Aironet client adapters on Windows, CE, Linux, Mac OS, and DOS </li></ul></ul><ul><ul><li>Has been licensed to other vendors </li></ul></ul><ul><li>EAP-TLS (mutual EAP-TLS) </li></ul><ul><ul><li>Is supported in XP and, soon, other Windows versions </li></ul></ul><ul><ul><li>Requires client certificates and server certificates </li></ul></ul><ul><li>PEAP </li></ul><ul><ul><li>Is supported in XP and, soon, other Windows versions </li></ul></ul><ul><ul><li>Uses server-side TLS, which requires only server certificates </li></ul></ul><ul><li>EAP-TTLS </li></ul><ul><ul><li>Is supported by Funk Software’s Odyssey </li></ul></ul><ul><ul><li>Uses server-side TLS </li></ul></ul>
    10. 10. Broadening Support for LEAP <ul><li>Cisco has licensed LEAP to 9 companies to date: </li></ul><ul><li>LEAP support: RADIUS servers </li></ul><ul><ul><li>Funk Software: Steel-Belted Radius Server </li></ul></ul><ul><ul><li>Interlink: Secure.XS Radius Server </li></ul></ul><ul><li>LEAP support: Chipsets </li></ul><ul><ul><li>Intersil: 802.11 chipsets </li></ul></ul><ul><ul><li>Atheros: 802.11 chipsets </li></ul></ul><ul><ul><li>TI: 802.11 chipsets </li></ul></ul><ul><li>LEAP support: Client Devices </li></ul><ul><ul><li>Apple: Powerbooks/iBooks </li></ul></ul><ul><ul><li>Symbol: Handhelds </li></ul></ul><ul><ul><li>HP: Print Servers </li></ul></ul><ul><li>LEAP support: Client Supplicant Software </li></ul><ul><ul><li>Funk Software: Odyssey Client v.1.1 </li></ul></ul><ul><ul><li>Meetinghouse: Aegis Client v.1.3.6 </li></ul></ul>
    11. 11. Overview of the Cisco Temporal Key Integrity Protocol (TKIP) <ul><li>WEP is broken </li></ul><ul><ul><li>AirSnort attack, among others render WEP ineffective </li></ul></ul><ul><li>TKIP is designed to “patch” WEP – not the long term WLAN encryption solution </li></ul><ul><li>Allows existing devices to be upgraded </li></ul>
    12. 12. WEP: AirSnort “Weak IV” Attack <ul><li>Attack is based on Fluhrer/Mantin/Shamir paper </li></ul><ul><li>Initialization vector (IV) is 24-bit field that changes with each packet </li></ul><ul><li>RC4 Key Scheduling Algorithm creates IV from base key </li></ul><ul><li>Flaw in WEP implementation of RC4 allows creation of “weak” IVs that give insight into base key </li></ul><ul><li>More packets = more weak IVs = better chance to determine base key </li></ul><ul><li>To break key, hacker needs 5-6 million packets </li></ul>IV encrypted data WEP frame dest addr src addr
    13. 13. WEP: Bit-Flipping and Replay Attack <ul><li>Hacker intercepts WEP-encrypted packet </li></ul><ul><li>Hacker flips bits in packet and recalculates ICV CRC32 </li></ul><ul><li>Hacker transmits to AP bit-flipped frame with known IV </li></ul><ul><li>Because CRC32 is correct, AP accepts, forwards frame </li></ul><ul><li>Layer 3 device rejects and sends predictable response </li></ul><ul><li>AP encrypts response and sends it to hacker </li></ul><ul><li>Hacker uses response to derive key (stream cipher) </li></ul>message XOR plain text 1234 stream cipher XXYYZZ cipher text XOR 1234 stream cipher message predicted plain text
    14. 14. TKIP: Key Hashing (Per-Packet Keys) IV base key RC4 stream cipher plaintext data encrypted data RC4 stream cipher IV base key hash Because packet key is hash of IV and base key, IV no longer gives insight into base key XOR packet key IV no key hashing key hashing
    15. 15. TKIP: Message Integrity Check (MIC) IV encrypted data dest addr WEP frame stream cipher XOR Sender adds MIC to packet stream cipher XOR Recipient examines MIC; discards packet if MIC is not intact src addr MIC seq # plaintext ICV MIC seq # plaintext ICV
    16. 16. Broadcast Key Rotation Overview <ul><li>Broadcast key is required in 802.1X environments </li></ul><ul><li>Re-keying of broadcast key is necessary, just as with unicast key </li></ul><ul><li>Key is delivered to client encrypted with client’s dynamic key </li></ul>
    17. 17. Airsnort - Capture enough packets - A passive listener can recover the secret WEP key by listening into enough packets. - Enough = 5-6 millions packets <while running> Airsnort capture v0.0.9 Copyright 2001, Jeremy Bruestle & Blake Hegerle Total Packets : 2096201300 Encrypted Packets: 1009835030000 Interesting Packets: 0 Timeouts: 0 Last IV = 00:50:DA “ Has anyone had any luck with snorting against a Cisco 340 Access Point with 11.07? I have been running against one all day and according to capture I have 60 billion encrypted packets but 0 interesting packets.” - Toby Bearden, hacker, in posting to Airsnort Forum
    18. 18. WPA <ul><li>What? WPA = 802.1X + TKIP </li></ul><ul><ul><li>A non-802.1X option exists for home/SOHO products 1 </li></ul></ul><ul><li>Why? </li></ul><ul><ul><li>802.1X and TKIP are key elements of 802.11i </li></ul></ul><ul><ul><li>Industry is tired of waiting for 802.11i to be ratified </li></ul></ul><ul><ul><li>Responding to push from Microsoft, Wi-Fi Alliance agreed to incorporate WPA into Wi-Fi compliance testing </li></ul></ul><ul><li>When? </li></ul><ul><ul><li>Optional testing begins in February 2003 </li></ul></ul><ul><ul><li>WPA compliance is needed for new Wi-Fi certification beginning in August 2003 </li></ul></ul><ul><li>Result: WPA is new industry baseline for WLAN security </li></ul>1 http://www. wi - fi .com/ OpenSection / pdf /WPA_Home_Overview. pdf Overview: http://www.wi-fi.com/OpenSection/pdf/Wi-Fi_Protected_Access_Overview.pdf Q&A: http://www. wi - fi .com/ OpenSection / pdf / Wi - Fi _Protected_Access_QA. pdf
    19. 19. Cisco and WPA <ul><li>Current capabilities of Cisco Aironet products </li></ul><ul><ul><li>Have supported 802.1X since December 2000 </li></ul></ul><ul><ul><li>Have supported pre-standard TKIP implementation since December 2001 </li></ul></ul><ul><li>Cisco plans </li></ul><ul><ul><li>Continue to support all 802.1X types, including LEAP, as well as pre-standard TKIP </li></ul></ul><ul><ul><li>Ensure WPA compliance, primarily by adding support for standard TKIP </li></ul></ul><ul><ul><li>VLANs can be used for mixed client environments </li></ul></ul>* Not committed
    20. 20. Security using VPN High Speed Hotel/Airport Wireless Secure Intranet Using VPN Internet Firewall Enterprise
    21. 21. WLAN Security Hierarchy Virtual Private Network (VPN) No Encryption, Basic Authentication Public “Hotspots” Open Access 40-bit or 128-bit Static WEP Encryption Home Use Basic Security 802.1x, TKIP/SSN Encryption, Mutual Authentication, Scalable Key Mgmt., etc. Business Enhanced Security Remote Access Business Traveler, Telecommuter
    22. 22. VLAN concepts – the wireless world SSID VLAN-id Security Policy Radius VLAN override (optional per user basis) Engineering 14 802.1x with Dynamic WEP + TKIP yes Marketing 24 802.1x with Dynamic WEP + TKIP yes HR 34 802.1x with Dynamic WEP + TKIP no Guest 44 Open/no WEP no
    23. 23. The problem with rogue APs… <ul><li>Wireless APs can be deployed securely </li></ul><ul><ul><li>802.1x with TKIP </li></ul></ul><ul><ul><li>VPN </li></ul></ul><ul><li>Rogue APs do not conform to corporate security requirements and open the network to trespassers, snoops, and hackers </li></ul>“ Wireless is Rogue APs are like having an RJ45 in my car park.”
    24. 24. Who installs Rogue APs?- “Focus on the Frustrated Insider” <ul><li>Malicious hacker </li></ul><ul><li>Penetrates physical security specifically to install a rogue AP </li></ul><ul><li>Can customize AP to hide it from detection tools </li></ul><ul><li>Hard to detect – more effective to prevent via 802.1x and physical security </li></ul><ul><li>More likely to install LINUX box than an AP </li></ul><ul><li>Frustrated Insider </li></ul><ul><li>User that installs wireless AP in order to benefit from increased efficiency and convenience it offers </li></ul><ul><li>Common because of wide availability of low cost APs </li></ul><ul><li>Usually ignorant of AP security configuration, default configuration most common </li></ul>Jones from accounting >99.9% of rogue APs James Bond <.1% of rogue APs
    25. 25. Media Attention to Rogue APs Wardriving <ul><li>12,600 hits on google for wardriving </li></ul><ul><li>Most wardrivers use NetStumbler to find, map (using GPS), and upload locations of discovered APs to online database </li></ul><ul><li>NetStumbler is a free download for Windows and WinCE </li></ul>War Driving (wôr dri'vin) v. 1 Driving around looking for unsecured wireless networks. -term coined by Pete Shipley http://www.wirelesscentral.net/aprod/STUM-ANTW.html?ns <ul><li>Pringles can Antenna </li></ul><ul><li>12 Dbi Gain </li></ul><ul><li>45 minutes to construct </li></ul><ul><li>$6.45 total cost </li></ul>http://www.oreillynet.com/cs/weblog/view/wlg/448
    26. 26. NetStumbler in use – 59 APs in 7 miles <ul><li>My daily drive to work taken within the car at normal speeds with an IPAQ running NetStumbler with an integrated PCMCIA antenna </li></ul><ul><li>In addition to AP MAC address and SSID, the following information is available with netstumbler </li></ul><ul><ul><li>802.11 channel </li></ul></ul><ul><ul><li>Signal to Noise Ration (SNR) </li></ul></ul><ul><ul><li>Latitude/longitude (if GPS connected) </li></ul></ul><ul><ul><li>More… </li></ul></ul>59 APs found WEP off WEP on SSID of APs found
    27. 27. Media Attention to Rogue APs WarChalking <ul><li>What is Warchalking? </li></ul><ul><li>Warchalking is the process of looking for wireless computer networks and making chalk marks to indicate their locations so that others can more easily find them. </li></ul><ul><li>http://www.warchalking.org/ </li></ul><ul><ul><li>Online community containing descriptions and photos of warchalked sites </li></ul></ul><ul><li>12,100 hits on Google for “warchalking” </li></ul>
    28. 28. Summary… <ul><li>You probably already have a WLAN deployment in your corporate network (whether you know it or not) </li></ul><ul><li>An IT deployed and supported WLAN is the best way to prevent insiders from installing their own APs </li></ul><ul><li>802.1x on switched infrastructure prevents Rogue Devices </li></ul><ul><ul><li>Effective against all classes of unauthorized access (frustrated Insider and “Malicious hacker” </li></ul></ul><ul><ul><li>Allows identity based policy on switch port </li></ul></ul><ul><li>Do you own ‘War Walking’ </li></ul>
    29. 29. Questions? 304 1055_05F9_c1 © 1999, Cisco Systems, Inc.
    30. 30. © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID