Wireless Security


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wireless Security

  1. 1. Wireless Security & Controls: Issues, Treats, Solutions & Trends <ul><li>Prepared by: </li></ul><ul><ul><li>Greg Gabet, IBMGS </li></ul></ul><ul><ul><li>Security & Internet Architect </li></ul></ul>
  2. 2. Abstract <ul><li>Wireless technology has hit critical mass before the security & controls have matured. Organizations are architecting wireless solutions for current business requirements & homes are integrating wireless environments that are often used as a platform for their business laptops to connect to the workplace. </li></ul><ul><li>This presentation will exam the architecture, security, & control challenges for SOHO, as well as enterprises. Emerging standards, providers, & best practices for securing & controlling wireless will be discussed. This presentation is for the intermediate to advanced practitioner. </li></ul>
  3. 3. <ul><li>Agenda : </li></ul><ul><li>Motivation for Wireless in the Enterprise </li></ul><ul><li>Wireless Topologies,Characteristics, & Standards </li></ul><ul><li>Wireless Challenges, Opportunities, & Architecture issues </li></ul><ul><li>Specific Threats & New Authentication Mechanisms </li></ul><ul><li>Wireless Management Issues </li></ul><ul><li>Possible Architectures </li></ul><ul><li>Trends </li></ul><ul><li>Summary </li></ul>
  4. 4. $0 $ 1000 $ 2000 $ 3000 $ 4000 $ 5000 1998 1999 2000 2001 2002 2003 2004 2005 Source: Cahners In-Stat Group, 2001 +50% +70% Millions Enterprise WLAN Revenues % Laptops Deployed With build-in wireless ------------------------------- 2002 – 20% 2003 – 60% 2004 – 90% Consumer purchases Are 48% of sales & Enterprises are about 43%. Operators/ISPs Make up remainder. In 2003, 11% was 802.11G. +30%
  5. 5. Wireless Topologies & Demographics WAN (Wide Area Network) 2.5G - 3G Phone MAN (Metropolitan Area Network) 802.11, 802.16, MMDS, LMDS LAN (Local Area Network) 802.11 & HyperLan2 PAN (Personal Area Network) Bluetooth
  6. 6. General Characteristics of Wireless Technologies PDA’s, Mobile Phones, Cellular Access T1 Replacement, Last Mile Access Home, SOHO, Enterprise Networks Peer-to-Peer Device-to-Device A pps Long Medium-Long Fixed Last Mi Medium (1000ft w/o A.) Short R ange 10 to 384Kbps 11 to 100+ Mbps 11 & 54 Mbps (now) 22 & 100Mbps (plans) < 1Mbps S peed GSM, GPRS, CDMA2000, 2.5-3G 802.11/802.16 MMDS, LMDS 802.11A,B,G HiperLAN2 (Europe) Bluetooth S tds WAN MAN LAN/WLAN PAN
  7. 7. IEEE 802.11 Standards Activities Security 802.11i Dynamic Frequency Selection (DFS) & Transmit Power Control (TPC) 802.11h 2.4GHz, 54Mbps Max 802.11g Inter-Access Point Protocol (IAPP) 802.11f Quality of Service (QoS) 802.11e Multiple Regulatory Domains 802.11d 2.4GHz, 11Mbps Max Note: 22Mbps is proprietary 802.11b 5GHz, 54Mbps Max 802.11a D e s c r i p t i o n Standards
  8. 8. 802.11- Both Freq. Bands will be Successful 11Mbps  36Mbps  54Mbps 3 channels Worldwide 802.11g is forward-and-backward compatible with 802.11b Easy upgrade path to 802.11g 802.11b has advantages on cost, size, & power consumption, so will continue to be popular, especially with PDA’s, phones <ul><li>54Mbps </li></ul><ul><li>8 channels for indoor use (allows “honeycomb” network deployment. 12 channels total </li></ul><ul><li>US </li></ul><ul><li>Higher expected throughput than 802.11g </li></ul><ul><li>Global Acceptance </li></ul><ul><li>5 GHz band has less interference </li></ul><ul><li>US Government Likes for security reasons (limited distance) </li></ul>2.4GHz - 802.11b & g 5GHz - 802.11a
  9. 9. Security Challenges & Opportunities <ul><ul><ul><li>Increased Connection & Management Complexity : </li></ul></ul></ul><ul><ul><ul><ul><li>Connections: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Difficult to assure C.I.A. of data over multiple 3 rd party wireless data networks. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Enabling different makes & models of mobile devices (PDAs, Cell Phones, Laptops) work securely with new interfaces to e-business applications, especially when the security capabilities are severely restricted (VPN,PKI,Certs, ECC, CPU). </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Mgmt & Integration of New Devices, OS’s, Protocols & Applications Into Security Architecture: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Variety of vendors & AP/Node management options (IBM, CA, CISCO, & </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Immaturity of wireless devices, operating systems, applications & network technologies (firmware upgrades are frequent, especially for 802.11A & G, LEAP/PEAP) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Increased size of the user base increases the threat of hacker & malicious code attacks. </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>New Policies, Procedures, Practices, Personnel, Mechanisms, Services & Objects! </li></ul></ul></ul></ul></ul><ul><ul><ul><li>Password Vulnerability: </li></ul></ul></ul><ul><ul><ul><ul><li>The initial psw on wireless devices tend to be deactivated by the manufacturer or user, thus allowing unauthorized access to AP/connected devices. </li></ul></ul></ul></ul><ul><ul><ul><li>Unauthorized configuration of Device: </li></ul></ul></ul><ul><ul><ul><ul><li>Wireless devices may have remote configuration facilities, undocumented APIs or software bugs which could be exploited </li></ul></ul></ul></ul><ul><ul><ul><ul><li>. </li></ul></ul></ul></ul><ul><ul><ul><li>Denial-of-Service Attacks: </li></ul></ul></ul><ul><ul><ul><ul><li>Jamming or continuous transmissions of large amts of data to the wireless device will use network bandwidth; thus leading to performance degradation or non-availability. </li></ul></ul></ul></ul><ul><ul><ul><li>Loss-of-Data : </li></ul></ul></ul><ul><ul><ul><ul><li>Storage capabilities of mobile devices are increasing. If a device malfunctions, is lost, or data is accidentally deleted, with no recent data backup of lack of restoration capability, the data will be lost forever . </li></ul></ul></ul></ul>
  10. 10. Where & How Does Wireless Affect Corp Architecture?
  11. 11. Security Architecture Layers & Requirements <ul><li>Objects & Information: </li></ul><ul><ul><ul><ul><li>AP, Wireless Cards, Wireless Mgmt Stations, RADIUS/LDAP servers </li></ul></ul></ul></ul><ul><ul><li>Security Services </li></ul></ul><ul><ul><ul><ul><li>Organization/Personnel responsible for: </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Maintenance of AP & Wireless Card firmware upgrades </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Authentication, Authorization, & Access Control to Wireless subnets/servers </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Audits, Reviews, Compliance Checks for wireless components & critical settings </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Network Architecture of Wireless AP Placement, redundancy, & bandwidth </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Encryption & Integrity of wireless transmissions </li></ul></ul></ul></ul></ul><ul><li>Security Mechanisms </li></ul><ul><ul><ul><ul><li>Tools </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Sniffers, IDS, Vulnerability Assessment hardware & software </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Encryption Keys </li></ul></ul></ul></ul><ul><ul><ul><ul><li>VLANs </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Firewalls, RADIUS, LDAP, SNMP, etc </li></ul></ul></ul></ul><ul><li>Information Security Policies </li></ul><ul><ul><ul><ul><li>Wireless Usage Policy (External & Internal) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>VPN Usage Policy </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Wireless Placement </li></ul></ul></ul></ul>
  12. 12. Critical Security & Privacy Issues for Wireless LAN <ul><li>According to IDC’s Mobile Council Advisory Survey , the most significant wireless security concerns are: </li></ul><ul><ul><li>Management of devices’ security </li></ul></ul><ul><ul><li>Corruption of data sent to wireless devices </li></ul></ul><ul><ul><li>Malicious code & Malware (Viruses,Trojans, Worms) </li></ul></ul><ul><ul><li>Unauthorized users </li></ul></ul><ul><ul><li>Confidentiality of data sent wirelessly </li></ul></ul><ul><ul><li>Security of data stored on a handheld device </li></ul></ul>
  13. 13. Why Wireless LAN’s Create Problems <ul><li>CIA can be lost for information as it passes over wireless data networks </li></ul><ul><li>Operators often turn off encryption & anonymous AP resets will set AP back to defaults. Note: Not all vendors provide a physically accessible reset button </li></ul><ul><li>War driving can collect valuable info that often shared with the Internet </li></ul><ul><li>Rogue access points can collect valuable info used to later break systems </li></ul><ul><li>Data Interception on backbone networks can result in information disclosure </li></ul><ul><li>RF signal jamming can lead to unavailability of mobile devices & network </li></ul><ul><li>One way authentication: Most wireless clients are authenticated to the network, not vice versa (one sided authentication only). This enables &quot;man-in-the-middle&quot; attacks to eavesdrop on transmissions </li></ul><ul><li>Paths of communication may pass multiple uncontrolled networks (Exec’s LAN) </li></ul><ul><li>Lack of Security Awareness of Users – Actually your biggest bang for buck. </li></ul><ul><li>Weak wireless crypto algorithms allow RF scanning & decryption of WEP keys </li></ul><ul><li>Physical security issues (Access points and cards are easy to steal!) </li></ul><ul><li>Lack of Policies, Procedures, Compliance & Audit Understanding </li></ul><ul><li>Lack of granularity in access – Often, an all or nothing approach to access </li></ul><ul><li>Minimum mainstream network infrastructure support (Probes, Agents, IDS, Radius with LEAP/PEAP/EAP support). </li></ul>
  14. 14. Threats – Unauthorized Access Points <ul><li>Plug-in Unauthorized Clients: An attacker tries to connect his wireless client, typically a laptop to an access point without authorization, intentional or unintentional. This is often used for those requiring ‘free’ internet access </li></ul><ul><li>Plug-in Unauthorized Renegade Access Point: Companies are aware that internal employees have deployed wireless capabilities on their network. An internal employee wanting to add their own wireless capabilities to the network plugs in their own access point into the wired intranet – thus creating a risk if the access point has not been properly secured. This could lead unauthorized clients then gaining access to unauthorized access points, allowing intruders into the internal network. </li></ul>Unsecured Rogue AP Secure Valid AP Internal Client Hacker LAN Internal Client
  15. 15. Threats – War Driving Map Created & On Internet <ul><li>War Driving : a process, named after the term War Dialing process used by hackers to locate compromisable dialup modems. Requires inexpensive equipment, typically a laptop or a PDA, Wireless card, GPS & an external “antenna” </li></ul><ul><li>As people are &quot;War Driving&quot;, locating the APs & recording the GPS coordinates of the AP location, these AP maps are being shared to any attacker on the Internet. </li></ul><ul><li>If a company has their AP location & information shared on the Internet, their AP becomes a potential target & increases their risk. </li></ul>
  16. 16. Threats: Man-in-the-Middle <ul><li>Access Point Clone intercepting traffic: An attacker can trick legitimate wireless clients to connect to the attacker's honey pot network by placing an unauthorized base station with a stronger signal within close proximity of the wireless clients that mimic a legitimate base station. This may cause unaware users to attempt to log into the attacker's man in the middle servers. With false login prompts, the user unknowingly can give away sensitive data like passwords. </li></ul>Rogue AP, not connected to internal LAN Rogue DHCP Server Internal Client Hacker LAN Valid Access Point
  17. 17. Threats: Client Attack <ul><li>Client Dissociations : Forced client re-association / disassociation attacks. This will effectively causes a denial of of service on the client under attacks. A second form of this attack is to take over an established connection </li></ul>Rogue AP internal to the client Rogue Attack Client Internal Client Hacker LAN Valid Access Point
  18. 18. Threats: Security Controls <ul><li>Misconfiguration issues: Many access stations analyzed have been configured in a minimal & default secure mode. Unless the administrator of the base station understands the security risks, most of the base stations will remain at a high risk level. Server Set ID (SSID) Attackers can use default SSIDs to attempt to penetrate base stations that are still in their default configuration. </li></ul><ul><li>Reset Issues: Included in this are reset access points. Often when an access point hangs or crashed, someone may push the reset button on the access point. This clears any WEP keys the access point may have had. </li></ul><ul><li>Physical Security Issues: Often security guards are not trained to recognize physical wireless attacks, nor how to detect them. </li></ul>
  19. 19. Threats – WEP security <ul><li>WEP Encryption Issues: 802.11b standard uses encryption called WEP (Wired Equivalent Privacy). WEP has known weaknesses in how the encryption is implemented (IV). Note: WEP is better than no WEP; it at least stops casual sniffers. </li></ul><ul><li>Available Tools: Today, there are readily available tools for most attackers to crack the WEP keys. Airsnort, Yellowjacket, Airfart & others tools take a lot of packets (several million) to get the WEP key, on most networks this takes longer than most people are willing to wait (1 or more days). If the network is very busy, the WEP key can be cracked & obtained within 30 minutes. Because of the WEP weakness, wireless sniffing & hijacking techniques can work despite the WEP encrypted turned on. </li></ul><ul><li>Weak Default WEP Keys: Access points have been seen with manufacturer created WEP keys linked to the Hex encoding of the SSID of the access point. Some manufacturing companies use WEP keys which are the same as the SSID or easily guessable </li></ul>
  20. 20. <ul><li>Lack of integrated user admin </li></ul><ul><ul><li>Need for separate user databases; no use of RADIUS </li></ul></ul><ul><ul><li>Potential to identify user only by device attribute like MAC address </li></ul></ul><ul><li>Inherent weaknesses in RC4-based WEP keys </li></ul>TKIP and AES Limitations of 802.11 WEP Security <ul><li>Shared, static WEP keys </li></ul><ul><ul><li>No centralized key mgmt </li></ul></ul><ul><ul><li>Poor protection from variety of security attacks </li></ul></ul><ul><li>No effective way to deal with lost or stolen adapter </li></ul><ul><ul><li>Possessor has network access </li></ul></ul><ul><ul><li>Re-keying of all WLAN client devices is required </li></ul></ul><ul><li>No mutual authentication </li></ul>802.1X WPA
  21. 21. 802.1X Authentication Types <ul><li>LEAP (EAP Cisco Wireless) </li></ul><ul><ul><li>User authentication via user ID & password </li></ul></ul><ul><ul><li>Supports Windows, CE, Linux, Mac OS, and DOS </li></ul></ul><ul><ul><li>Aggressive licensing program by Cisco to other vendors </li></ul></ul><ul><li>EAP-TLS ( EAP-Transport Layer Security) </li></ul><ul><ul><li>User authentication via client certificates & server certificates </li></ul></ul><ul><ul><li>Supported in XP, but other Windows versions by 2004 </li></ul></ul><ul><ul><li>Currently used by Microsoft </li></ul></ul><ul><li>PEAP (Protected EAP) </li></ul><ul><ul><li>User authentication via user ID and password or OTP </li></ul></ul><ul><ul><li>Supported by Cisco Aironet client adapters and by Microsoft in various Windows versions </li></ul></ul><ul><ul><li>Uses server-side TLS, which requires only server certificates </li></ul></ul><ul><li>EAP-TTLS </li></ul><ul><ul><li>User authentication via user ID & password or OTP </li></ul></ul><ul><ul><li>Uses server-side TLS </li></ul></ul>Note: EAP is Extensible Authentication Protocol
  22. 22. 802.1X-based: Mutual Authentication RADIUS server authenticates client Client authenticates RADIUS server Derive key Derive key Mutual Authentication is required to prevent rogue clients from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients RADIUS Server Access Point AP blocks all requests until authentication completes
  23. 23. 802.1X/LEAP Mutual Authentication RADIUS server Start identity AP blocks all requests until authentication completes identity RADIUS server authenticates client Request identity Client authenticates RADIUS server Derive key Derive key Mutual Authentication is required to prevent rogue clients from accessing your network, AND to prevent rogue AP’s from “stealing” data from your clients
  24. 24. PEAP Authentication Use server-side EAP-TLS to authenticate RADIUS server… user-supplied token user database … & builds SSL-encrypted tunnel Use tunnel to authenticate user via token, One Time Password, or other data PEAP sets up a secure, encrypted tunnel between client and RADIUS server RADIUS server
  25. 25. Firewall Enterprise High Speed Hotel/Airport/Home With VPN Client Wireless Secure Intranet Using VPN Remote Access Security using VPN Internet VPN Client
  26. 26. 802.11 Access Using VPNs <ul><li>Cost: Requires VPN concentrators behind APs </li></ul><ul><li>Performance: Encryption is done in software on client </li></ul><ul><li>Roaming: Roaming between VPN concentrators forces application restarts </li></ul><ul><li>QoS: All traffic is IPSec traffic; no QoS, multicast, or multiprotocol support) </li></ul><ul><li>Clients: Not supported on phones, scanners, or other specialized devices </li></ul><ul><li>Familiar </li></ul><ul><li>Used in most organizations </li></ul><ul><li>Makes WLAN and remote access UIs consistent </li></ul><ul><li>Trusted for authentication and privacy </li></ul><ul><ul><li>Supports central security management </li></ul></ul><ul><ul><li>Ensures 3DES encryption from client to concentrator </li></ul></ul><ul><li>Compatible with Aironet and other WLAN products </li></ul>Cons Pros
  27. 27. IEEE 802.11i Security for Enterprise Level Sec. <ul><li>Mutual Authentication </li></ul><ul><li>Dynamic Session Key </li></ul><ul><li>Message Integrity Check (MIC) </li></ul><ul><li>Temporal Key Integrity Protocol (TKIP) </li></ul><ul><ul><li>Initialization Vector Sequencing </li></ul></ul><ul><ul><li>Rapid Re-Keying </li></ul></ul><ul><ul><li>Per-packet Key Hashing </li></ul></ul><ul><li>Future </li></ul><ul><ul><li>Stronger encryption schemes such as AES </li></ul></ul>
  28. 28. WPA = “Wi-Fi Protected Access” <ul><li>WPA = 802.1X + TKIP </li></ul><ul><ul><li>WPA requires authentication & encryption </li></ul></ul><ul><ul><li>802.1X authentication choices include LEAP, PEAP, TLS </li></ul></ul><ul><li>WPA has Strong Industry Supporters </li></ul><ul><ul><li>Adds to 802.1X & TKIP </li></ul></ul><ul><ul><li>Widespread adoption of WPA will add robust security & remove the “security issue” from the WLAN industry </li></ul></ul><ul><ul><li>WPA will become accepted as the standard </li></ul></ul><ul><li>WPA compliance is needed for Wi-Fi certification of new products beginning in August 2003 </li></ul>
  29. 29. Threats – 802.1x issues <ul><li>Rogue 802.1x Log errors issues : Clients authenticating with rogue access points & rogue Cisco ACS servers will show up in the rogue ACS server logs, showing user ID Failures. Hence the only unknown is the password, as the userID, SSID & MAC can all be determined. </li></ul><ul><li>802.1x session termination: Authenticated clients can be sent a session termination string by a rogue access point / client combination allowing the rogue client to continue an established session. </li></ul>Valid AP Rogue DHCP Server Rogue ACS Server 802.1x Internal wireless Client Error Log Authentication Log Rogue AP
  30. 30. Threats – Internal Issues (ie SNMP) <ul><li>Weak Internal issues : Wireless base stations may have a SNMP (Simple Network Management Protocol) agent running with the default community string name of “public”, an internal rogue employee can often both read & write sensitive information & data on the base station. . </li></ul><ul><li>With the default of most base stations using the community word &quot;public&quot;, potentially sensitive information can be obtained from the access point. This includes turning off WEP encryption. </li></ul><ul><li>Configuration Patches: Some access points can have their configurations downloaded from the internal LAN’s, due to security configurations issues, </li></ul>
  31. 31. Wireless/Mobile Security Critical Issues There is a lack of end-to-end model, non-convergent standards, & support for seamless roaming Internet Wireless Applications Portals Wireless messaging Wireless lifestyle facilitation Wireless Networks WPAN WLAN WWAN Wireless Devices Intranet Corporate office services Wireless transactions Internet services Insecure RF interfaces Weak user authentication controls Data transmitted over the air with weak authentication & encryption controls Internet weakness still apply but are made worse by the much larger user base New network gateways, often with weak security Massive user base demanding confidentiality & privacy while roaming Insecure pervasive devices New & innovative applications & technologies introduce many new vulnerabilities Personal application services Users
  32. 32. <ul><li>Threats are often not the biggest issue…….. </li></ul><ul><li>Security Management </li></ul>
  33. 33. Basic Wireless Security Profiles Traveler No WEP and Broadcast Mode Dynamic Encryption Key Scalable Key Managem’t Mutual 802.1x/EAP Authentication TKIP/WPA Enterprise Enhanced Security Public Network Security Special Apps./ Business Traveler Virtual Private Network (VPN) Public Access Open Access 40-bit, 128-bit, 256-bit Static Encryption Key Telecommuter & SOHO Basic Security
  34. 34. Wireless Management Requirements <ul><ul><li>Standardization of Network management & configuration tools used to manage wireless networks (budget & training) </li></ul></ul><ul><ul><li>Centralized management from a network operations center </li></ul></ul><ul><ul><li>Configuration of Access Points (logistics) </li></ul></ul><ul><ul><li>Configuration of Clients & upgrade procedures (logistics & personnel) </li></ul></ul><ul><ul><li>Client Management, access revocation, dual access, single signon </li></ul></ul><ul><ul><li>Wireless policies </li></ul></ul><ul><ul><li>Logging & accounting at a centralized level </li></ul></ul><ul><ul><li>Standards Based, such as LDAP </li></ul></ul><ul><ul><li>Centralized accounting & billing (maybe) </li></ul></ul><ul><ul><li>Rogue detection & encryption confirmation </li></ul></ul><ul><ul><li>Wireless LAN Key Management </li></ul></ul><ul><ul><li>Intrusion detection & response processes will have to be extended to cover wireless </li></ul></ul><ul><ul><li>Secure Password-protected management functions </li></ul></ul><ul><ul><li>Differential Access could require multiple new groups/profiles to manage </li></ul></ul><ul><ul><li>Wireless Technology integration </li></ul></ul>
  35. 35. Wireless Policy Issues <ul><li>Policy needs to dictate permitted services & usage i.e. what types of connections are permitted ? </li></ul><ul><li>Wireless Access is often binary. i.e. Full network access or no network access – Roles potentially need to be catered for. (scanner vs. full LAN access) </li></ul><ul><li>One needs a means of identifying & enforcing wireless access policies </li></ul><ul><li>Existing company security policies need to be updated to cater for wireless security issues </li></ul><ul><li>Policy needs to indicate how access will be controlled.. i.e. Time of the day </li></ul><ul><li>Policy requirements dictate that all access needs to be logged </li></ul><ul><li>User compliance & standards enforcement </li></ul><ul><li>Centralized control of security policies </li></ul><ul><li>Wireless management </li></ul><ul><li>Wireless intrusion alert issues </li></ul><ul><li>Process to update client Software levels </li></ul><ul><li>Intrusion detection Policies </li></ul>
  36. 36. Wireless Management of Threats & Risk Mitigation <ul><li>User involvement & Cost </li></ul><ul><li>Process Management & Standards </li></ul><ul><li>Audits & Controls, </li></ul><ul><li>User & Key administration & authorization </li></ul><ul><li>Application security </li></ul><ul><li>Environmental Security </li></ul><ul><li>Bandwidth Robustness </li></ul><ul><li>Client security & Awareness </li></ul><ul><li>Network Security </li></ul><ul><li>Physical Security </li></ul><ul><li>Standards & technology issues </li></ul><ul><li>Policy Creation </li></ul><ul><li>Training for Support </li></ul><ul><li>WEP Key Password Quality </li></ul><ul><li>Technology (TKIP, AES, WAP) </li></ul><ul><li>Compliance & Client Detection Tools </li></ul><ul><li>Technology & Architecture (VPN, RADIUS, FW) </li></ul><ul><li>Network design & AP Layout </li></ul><ul><li>Network Review, IDS, & Vulnerability Assessments </li></ul><ul><li>Education for Policy, Compliance & Access Control </li></ul><ul><li>Standards, Architecture, Patch Management </li></ul>
  37. 37. Wireless Mgmt Must Balance all Security Weaknesses 1 2 3 4 User involvement, Awareness & Roles Key password quality User & key administration Environment Integrity & Robustness Network Security & Technology Issues Client Security Application Security Audits & Controls, & IDS Process Management & Standards Weakness Weakness Strength Weakness  
  38. 38. “ How to” Wireless Security Issues <ul><ul><li>Common challenges faced by our customers include the following:  </li></ul></ul><ul><ul><ul><li>How to ensure business continuity? </li></ul></ul></ul><ul><ul><ul><li>How to be sure our existing security controls are appropriate? </li></ul></ul></ul><ul><ul><ul><li>How to justify the cost of security? </li></ul></ul></ul><ul><ul><ul><li>How to determine what security controls need to be implemented? </li></ul></ul></ul><ul><ul><ul><li>How to increase awareness & make security a priority within the business? </li></ul></ul></ul><ul><ul><ul><li>How to be sure our existing security controls are appropriate? </li></ul></ul></ul><ul><ul><ul><li>How to implement end-to-end solutions covering business & IT? </li></ul></ul></ul><ul><ul><ul><li>How to leverage new methods & technologies? </li></ul></ul></ul><ul><ul><ul><li>How to prepare for an industry recognised security certification? </li></ul></ul></ul><ul><ul><ul><li>How to remain confident over time that we have an appropriate security level? </li></ul></ul></ul><ul><ul><ul><li>How to find skilled individuals? </li></ul></ul></ul><ul><ul><ul><li>How to Architect the solution for flexibility, scalability, reliability, & security </li></ul></ul></ul><ul><li>  </li></ul>
  39. 39. 802.1Q wired network w/ VLANs Client Differentiation with Separate VLANs Channel: 11 SSID: phone VLAN: 3 Channel: 6 SSID: pda VLAN: 2 Channel: 1 SSID: laptop VLAN: 1 SSID: phone Security: WEP SSID: laptop Security: PEAP, TKIP SSID: pda Security: LEAP, CKIP
  40. 40. Client Differentiation with VLANs SSID: phone Security: WEP SSID: laptop Security: PEAP, TKIP SSID: pda Security: LEAP, CKIP Channel: 6 SSID laptop = VLAN 1 SSID pda = VLAN 2 SSID phone = VLAN 3 802.1Q wired network w/ VLANs
  41. 41. Firewall Internet LAN VLAN AP Using Firewalls to Wireless AP Services VLAN AP RADIUS
  42. 42. Challenges & Enablers for Wireless Security <ul><li>The challenges can be addressed using Major 3 rd Party Security Solution Providers </li></ul>Risk management process Incident management process Change management process Audit process Security awareness program Secure & Resilient Industry Solutions Technology Architecture Processes Skills Risk management expertise IT security expertise Architecture and design expertise Industry knowledge Session cryptography/VPNs File encryption Content and virus filtering Personal firewalls User and device authentication User authorization Wireless PKI Intrusion detection Security management Structured design method Functional architecture Operational architecture End-to-end security design Managed Intrusion Response Security Services
  43. 43. Wireless Security Solution Design Companies <ul><li>Wireless Security Solution Design Services </li></ul><ul><ul><li>Look for companies to provide the following comprehensive set of activities from the planning & design phases of proven end-to-end Wireless services. And, can be delivered individually or packaged pieces according to your needs: </li></ul></ul><ul><ul><ul><li>Wireless Strategy </li></ul></ul></ul><ul><ul><ul><li>Wireless Readiness Assessment </li></ul></ul></ul><ul><ul><ul><li>Wireless Value </li></ul></ul></ul><ul><ul><ul><li>Wireless Requirements </li></ul></ul></ul><ul><ul><ul><li>Wireless Policy </li></ul></ul></ul><ul><ul><ul><li>Conceptual Architecture </li></ul></ul></ul><ul><ul><ul><li>Functional Architecture </li></ul></ul></ul><ul><ul><ul><li>Wireless Product Selection </li></ul></ul></ul><ul><ul><ul><li>Site Selection & Facility Design </li></ul></ul></ul><ul><ul><ul><li>Component Architecture </li></ul></ul></ul><ul><ul><ul><li>Process Development </li></ul></ul></ul>
  44. 44. Two Types of Wireless Security Auditing Techniques: Individual or Distributed <ul><li>Distributed: What does it do? </li></ul><ul><ul><li>Distributed : wireless clients do the work </li></ul></ul><ul><ul><li>Real-time : continuous audits </li></ul></ul><ul><ul><li>Autonomic : network fixes its problems automatically </li></ul></ul><ul><ul><li>Audit : looks for vulnerabilities, & </li></ul></ul><ul><ul><li>Locates : rogue access points </li></ul></ul><ul><li>Individual: How does it work? </li></ul><ul><ul><li>Passively monitors the wireless network </li></ul></ul><ul><ul><li>Reports policy violations </li></ul></ul><ul><ul><li>Human expert needed </li></ul></ul><ul><ul><li>Periodic audits </li></ul></ul>
  45. 45. Wireless IDS is Needed that can <ul><li>Detect & Protect against: </li></ul><ul><ul><li>WAP spoofing – “man in the middle” attacks </li></ul></ul><ul><ul><li>Denial of Service </li></ul></ul><ul><ul><li>RF Jamming </li></ul></ul><ul><ul><li>WAP misconfiguration </li></ul></ul><ul><ul><li>Rogues APs </li></ul></ul><ul><ul><li>WarDriving probes </li></ul></ul><ul><li>Wireless IDS services can significantly reduce your risk from attacks to your internal network & associated data </li></ul>
  46. 46. Conclusion <ul><li>Wireless is rapidly growing & has potential to increase productivity, especially in SOHO, Homes, certain industries </li></ul><ul><li>Wireless is currently unsecure, but solutions are maturing rapidly </li></ul><ul><li>Wireless technology is becoming enbedded in many form factors (laptops, PDAs, cellphones, etc) </li></ul><ul><li>802.11 WEP security is insufficient for the enterprise </li></ul><ul><li>802.1x & 802.11i offer great improvements and mitigate several security concerns </li></ul><ul><li>True mobile 802.11 wireless is difficult, but Mobile IP and other technologies are tackling the problem </li></ul><ul><li>New technologies create new and old challenges </li></ul><ul><li>People, Process, Policies, & Architecture are require to deploy wireless securely. </li></ul>