WAP – Wireless Application Protocol Bluetooth, HomeRF and IEEE 802.11 all compete for the same band and will interfere with each other. Security problem. Bluetooth and HomeRF are PANs. Bluetooth – will be 802.15 - 30 foot range, 1 megabit/sec, orig repl for wires 7 connections simultaneously partial security, no roaming buggy interoperability - to be fixed in v1.1 RF interference with IEEE 802.11b - 2.4GHz band IEEE 802.15 being finalized for PANs (pico net) Lacks security features in 802.11* (not a LAN) 802.11b - AKA &quot;Wi-Fi&quot; or wireless Ethernet -- 11 megabits/sec. HiperLan2 and 802.11a both reach 54 megabits/sec and use 5Ghz HiperLan1 23.5 Mbps - no h/w. Shares GSM radio tech. HomeRF based on original 802.11 FHSS. Cheap. Jini – Sun Java middleware to run on piconet/PAN
Effective Practices in Wireless Security for Higher Ed H. Morrow Long, CISSP, CISM Director - Information Security Yale University EDUCAUSE 2004 Annual Conference Wednesday Oct 20, 2004, 2:15p-3:05p - Track 3 Session Meeting Room 605 - Denver Colorado Convention Center Effective Practices Working Group
Copyright H. Morrow Long 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
http://www.intel.com/ca/personal/do_more/wireless/stories/bondar.htm With more than 50 speaking engagements a year throughout North America and a career as a photographer that takes her around the world, Bondar, who was chosen to participate in the prestigious Women of Influence speakers series, carries her notebook PC, equipped with Intel® Centrino™ mobile technology+, everywhere she goes. On a recent visit to Yale University in Connecticut, Bondar says, " I used it on hospital rounds with neurosurgery residents ." This is not your father's notebook, distinguished solely by portability. The built-in wireless technology allows unprecedented freedom.+ Among its attributes are mobility, of course, enhanced by a thin profile and lightweight components, longer battery life and uncompromised performance. A user within range of a wireless local area network (WLAN), or hotspot, has immediate high-speed access to the Internet and e-mail and can download or send text, data and graphics with ease. "Even five years ago," says Bondar, "wireless technology would have made a huge difference to my life."
802.11b Wireless Security Flaws 802.11b has been criticized by UC Berkeley ISAAC group researchers as flawed: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html At least one public domain program now is available on the Internet which will sniff WEP traffic and brute force reverse engineer the static key which is being used for encryption. Therefore WEP by itself is no longer considered secure to protect 802.11b traffic.
802.11b Access Points and networks were demonstrated as vulnerable to ARP cache poisoning by Cigital, Inc. in September 2001.
Wireless PCs can be impersonated/traffic redirected.
SSH and SSL sessions can be hijacked.
Wired hosts can be impersonated and have their traffic redirected if the access point is attached to a wired LAN.
Other wireless LANs attached to the same wired LAN are also susceptible to ARP cache poisoning.
802.11b Wireless Security Flaws Denial of Service 802.11b bandwidth degrades as single strength decreases (from 11mb to 1mb in increments). 802.11b frequency band conflicts with Bluetooth, wireless microphones, microwave ovens, etc. 802.11b supports multiple channels – can be used for noise/conflict avoidance, but not really useful for security (by obscurity). Signal can be boosted at PC end by adding an antenna. Amplifying signal reception at the AP increases noise.
802.11b Wireless Security Flaws Denial of Service Yesterday’s CCA flaw/vulnerability in 802.11b. See the CERT announcement and http://www.computerworld.com/securitytopics/security/story/0,10801,93221p4,00.htm
Note that wireless networks are susceptible to DoS attacks and have very limited shared bandwidth -- THEREFORE THEY ARE NOT SUITABLE REPLACEMENTS FOR A WIRED NETWORK when you need high reliability (e.g. Patient or animal subject RT monitoring).
That said, they can be a useful part of a BCP, Disaster Recovery strategy (Sept. 11, 2001 WTC cases) in the event of a wired network failure, for Internet access.
Suitable shielding may protect internal 802.11b nets.
Intentional jamming may prevent 802.11b use…put outside external shielding.
Don’t use omni-directional antennas to decrease the spread of signal, area of reception – particularly on P2P links.
Not all devices support > 64 bit WEP so 40 bit must often be used.
A few campuses are moving from Cisco LEAP to PEAP or EAP-TLS.
Rutgers is using BlueSocket: http://ruwireless.rutgers.edu/
Dartmouth has widespread WiFi and VoIP over WiFi.
Several campuses use NoCat for both wired and wireless authentication (and thereby enable access).
More Interesting/Unique Practices and Findings
Companies are marketing for-pay public WiFi access points which you can hang off of any high speed Internet connection. These boxes allow users passing by to associate and pay for access by credit card. Look for students to try to make $$$?
Other Interesting/Unique Practices and Findings?
Do no harm: Private Wireless Access Points which cause network disruption at Yale will be removed from the network (this includes causing interference by overlapping RF channels, etc). Use of WEP or WPA is encouraged.
Private Access Points should not use the Yale SSID.
WiFi users are encouraged to use the VPN to access critical apps or sensitive information.
Yale Administrative users should not use WiFi to replace wired LAN connections.
The above admin apps should already however be using application level security on wired networks.
Yale School of Medicine Wireless Policy Points
All private WAPS need to be registered. The default SSID must be changed to something other than Yale’s and the default passwords must be changed.
The WAP must only allow WEP and should implement MAC address filtering.
It should be turned off if/when not used.
Yale School of Medicine Wireless Policy Points
Official YSM WiFi Security :
ePHI should not be transferred unencrypted.
YSM ITS WLANs are changing from VPN (either PPTP or IPSEC) recommended to required. DHCP will vend a RFC1918 private IIP to the YSM WLAN. Users must authenticate to the VPN and use it to connect to any resources outside of the WLAN.
Clients w/o registered MAC addresses or valid VPN sessions attempting HTTP connections to
Addresses outside the WLAN VLAN are redirected to a web portal where documentation and software are available (but little else).
Wireless Data Risks and Threats – What are we worried about?
Controlling Access to our Network
Preventing intruders and disallowing anonymous access.
Identifying and authenticating “trusted” users and devices.
Authorization and network access control
Preventing eavesdropping and decryption to ensure privacy.
Preventing tampering and session hijacking.
Ensuring quality of service, preventing denial of service.
Few using WEP, some are now starting to evaluate WPA (and wait for 802.11i).
Some use of commercial solutions (Vernier, Aruba, some ReefEdge and BlueSocket)?
Some interest is beginning in ‘network admissions’ (require both authentication and a network scan ala UCONN NetReg mods) programs for both wired and wireless LANs:Cisco, Perfigo, StillSecure and Bradford Campus Manager.