Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wireless Networking, Security Issues with the implementation ...


Published on

  • Be the first to comment

Wireless Networking, Security Issues with the implementation ...

  1. 1. Wireless Networking Security Issues with the Implementation of IEEE 802.11x Government Communications Security Bureau
  2. 2. Format <ul><li>Introduction </li></ul><ul><li>Wireless Technologies </li></ul><ul><li>Issues </li></ul><ul><li>Threats </li></ul><ul><li>Mitigation </li></ul><ul><li>Summary </li></ul>
  3. 3. Introduction Wireless is an evolving security “headache” <ul><li>It’s a very convenient technology, so.. </li></ul><ul><ul><li>Wireless will be (& is) happening – regardless </li></ul></ul><ul><ul><li>We can ignore it or deal with it … </li></ul></ul><ul><li>Current technology has issues, </li></ul><ul><ul><li>newer techniques may improve security </li></ul></ul><ul><li>Users & Managers </li></ul><ul><ul><li>need to be fully aware of, and not underestimate the issues </li></ul></ul>
  4. 4. Common Wireless Protocols & Standards <ul><li>Infrared </li></ul><ul><li>(W)CDMA / GPRS </li></ul><ul><li>Bluetooth </li></ul><ul><li>IEEE 802.11x </li></ul>
  5. 5. What is 8 02.11? <ul><li>Wireless Local Area Network (WLAN) Protocol </li></ul><ul><li>Defines Ethernet-like communication channel using radios instead of wires </li></ul><ul><li>Advantages over other standards - longer ranges, higher speeds, simpler configurations </li></ul>
  6. 6. Key Features of 802.11 b (Wi-Fi) <ul><li>Supports data rates of up to 11 Mbps at distances of up to 150 metres using the 2.4 GHz spectrum . </li></ul><ul><li>Using a directional antenna, range can be extended as far as 14 kilometers. </li></ul><ul><li>Supports up to 128 network devices. </li></ul><ul><li>Supports voice over IP (VoIP) data and voice networking capabilities. </li></ul>
  7. 7. Key Features of 802.11 a <ul><li>Supports data rates of up to 54 Mbps at distances of up to 100 metres using the 5 GHz spectrum. </li></ul><ul><li>Using a directional antenna, range can be further extended. </li></ul><ul><li>Supports up to 128 network devices. </li></ul><ul><li>Supports voice and data networking capabilities. </li></ul>
  8. 8. IEEE 802.11 g <ul><li>Higher rate extension to 2.4GHz band up to 54Mbps </li></ul><ul><li>Backwards compatible with 802.11b (g's slow down to b) </li></ul><ul><li>“ Super G” = channel bonding up to 108Mbps </li></ul>
  9. 9. 802.11 a,b and g Security Features <ul><li>Service Set Identifiers (SSIDs) </li></ul><ul><ul><li>a unique identifier attached to the header the packets that acts as a password </li></ul></ul><ul><li>Wireless Encryption Protocol (WEP) </li></ul><ul><ul><li>designed to provide the same level of security as that of a wired LAN </li></ul></ul><ul><li>Media-access control (MAC) address filtering </li></ul><ul><ul><li>unique device identification filtering </li></ul></ul><ul><li>Wireless Protected Access (WPA) </li></ul><ul><ul><li>interim security upgrade </li></ul></ul>
  10. 10. IEEE 802.11 i <ul><li>Supplementary enhancements to 802.11 standard </li></ul><ul><ul><li>Key caching </li></ul></ul><ul><ul><li>Pre-authentication - allows fast roaming </li></ul></ul>
  11. 11. 802.11 i Security Features <ul><li>Encryption based on AES (Advanced Encryption Standard) </li></ul><ul><ul><li>128-bit strong key cipher </li></ul></ul><ul><li>Temporal Key Integrity Protocol (TKIP) </li></ul><ul><ul><li>Addresses all known vulnerabilities </li></ul></ul><ul><li>CBC-MAC cipher algorithm (CCMP) </li></ul><ul><ul><li>header and data integrity </li></ul></ul><ul><li>Change in cipher keys over time </li></ul><ul><li>EAP (Extensible Authentication Protocol) </li></ul><ul><ul><li>key management, user and device authentication </li></ul></ul>
  12. 12. “ The Broken” Video (5 min’s)
  13. 13. Insecure Wellington Wireless APs
  14. 14. Issues <ul><li>WEP </li></ul><ul><ul><li>Algorithm is weak </li></ul></ul><ul><li>SSIDs </li></ul><ul><ul><li>Broadcast in clear </li></ul></ul><ul><li>MAC </li></ul><ul><ul><li>Able to be spoofed </li></ul></ul><ul><li>WPA </li></ul><ul><ul><li>Interim standard </li></ul></ul>
  15. 15. Issues <ul><li>Adhoc Networking </li></ul><ul><ul><li>Users can establish peer to peer networks without controls </li></ul></ul><ul><li>Advertising your network </li></ul><ul><ul><li>Via poor placement of access points </li></ul></ul><ul><ul><li>High powered devices </li></ul></ul>
  16. 16. Threats <ul><li>Interception </li></ul><ul><li>DoS (Denial of Service) </li></ul><ul><li>Masquerading </li></ul><ul><li>User devices </li></ul><ul><li>Poor planning and management </li></ul>
  17. 17. <ul><li>Not secure by nature </li></ul><ul><li>Open medium </li></ul><ul><ul><li>Broadcasts and leaks </li></ul></ul><ul><li>Passive techniques </li></ul><ul><li>Multipurpose devices </li></ul><ul><ul><li>User </li></ul></ul><ul><ul><li>Security professional </li></ul></ul><ul><ul><li>Hacker/Cracker </li></ul></ul>Interception
  18. 18. Petone from Mount Victoria - solid Wi-Fi signal detected at some 10kms.
  19. 19. DoS (Denial of Service) <ul><li>Intentional jamming </li></ul><ul><li>Crowded airwaves </li></ul><ul><ul><li>ISM (Industrial, Scientific and Medical application) frequency range. </li></ul></ul><ul><ul><li>Bluetooth, 802.11b/g, portable home phones, baby monitors and any more common devices. </li></ul></ul><ul><ul><li>Limited number of channels. </li></ul></ul><ul><li>Unlicensed frequencies </li></ul><ul><li>Not a lot you can do to stop it </li></ul>
  20. 20. Masquerading <ul><li>Spoofing </li></ul><ul><ul><li>MAC </li></ul></ul><ul><ul><li>SSID </li></ul></ul><ul><ul><li>Stronger signal levels </li></ul></ul><ul><ul><li>Insert an access point . </li></ul></ul>Access Point Rogue User LegitUser <ul><li>Poor authentication </li></ul><ul><ul><li>Device level (link level) </li></ul></ul><ul><ul><li>User level </li></ul></ul>
  21. 21. User devices <ul><li>Why attack the Access Point if a wireless client device itself is open? </li></ul><ul><li>Wireless client devices broadcast in many directions </li></ul><ul><li>Steal the device and keys </li></ul><ul><li>Theft of a legitimate device provides ‘legitimate’ access </li></ul><ul><li>Standard attacks once in – Trojans, rootkits, remote control … </li></ul>
  22. 22. Poor planning and management <ul><li>No site surveys </li></ul><ul><ul><li>Rogue access points </li></ul></ul><ul><ul><li>High power signals </li></ul></ul><ul><li>Broadcasting more info’ than needed </li></ul><ul><ul><li>SSID - useful names or defaults </li></ul></ul><ul><ul><li>Poor antenna placement </li></ul></ul><ul><li>No policies or staged implementation ……. </li></ul>
  23. 23. Real time or my time <ul><li>Most well known hacks are real-time, network-intrusion based; </li></ul><ul><li>What if I want the information on the network - just record it! </li></ul><ul><ul><li>Time is on my side - take it way </li></ul></ul><ul><ul><li>Peel away each layer </li></ul></ul><ul><ul><li>Brute force/crack the data </li></ul></ul><ul><ul><li>Wait for vulnerabilities </li></ul></ul>
  24. 24. Why so many threats? <ul><li>Fast-evolving technology, not well understood, not fully mature </li></ul><ul><li>Generally the technology ships insecure by default </li></ul><ul><li>Network experts are not automatically wireless experts </li></ul><ul><li>Easy (‘know nothing’ expertise) to set-up </li></ul><ul><li>Successful and secure wireless requires careful planning and management </li></ul>
  25. 25. If you do nothing
  26. 26. What to do about it <ul><li>Policies VPN’s </li></ul><ul><li>Cell Sizing Enterprise gateways </li></ul><ul><li>Planning Site Surveys </li></ul><ul><li>Limit broadcasts Encryption </li></ul><ul><li>Training and certification S egment Wireless </li></ul><ul><li>Careful Management Change the defaults </li></ul><ul><li>No ‘ad hoc’ networking Device level fire walling </li></ul><ul><li>Device and user authentication Layer defence mechanisms </li></ul><ul><li>Asset tracking and user training Fix DRS ( dynamic rate shifting ) </li></ul><ul><li>The list goes on …………………………. </li></ul>You can secure wireless, but security is by design not default ….
  27. 27. Mitigation Strategies
  28. 28. Policies and Planning <ul><li>Employ and enforce policies: </li></ul><ul><li>Use or expand existing IT security policy. </li></ul><ul><li>SIGS, ISO 17799 and Security Notices. </li></ul><ul><li>Ensure only agency-supplied devices are used. </li></ul><ul><li>Complete a comprehensive risk assessment. </li></ul><ul><li>Monitor and audit usage. </li></ul>
  29. 29. Policies (cont) <ul><li>What can you send over a wireless network? </li></ul><ul><ul><li>Wireless (802.11x) networks can be used to transmit and receive information under the following conditions… </li></ul></ul>
  30. 30. Policies (cont) See GCSB CONFIDENTIAL and up WPA and approved encryption algorithm or 802.11i RESTRICTED and SENSITIVE WPA or 802.11i IN-CONFIDENCE 128bit WEP or better UNCLASSIFIED Requirements Security Classification
  31. 31. General Recommendations <ul><li>Design your network to reduce the amount of external advertising of your network </li></ul><ul><ul><li>Complete an indepth site survey, mapping the area to be covered. </li></ul></ul><ul><ul><li>Carefully select the locations of access points, the power output of devices etc. </li></ul></ul><ul><li>Manage changes carefully </li></ul><ul><ul><li>When coverage needs to be extended, or new devices deployed, consider the implications of how this may affect the overall network. </li></ul></ul>
  32. 32. General Recommendations (cont.) <ul><li>Secure your access points: </li></ul><ul><ul><li>Use or upgrade to Wireless Protected Access (WPA). </li></ul></ul><ul><ul><li>Change Service Set Identifiers (SSID) to something meaningless. </li></ul></ul><ul><ul><li>Disable Broadcast-Mode. </li></ul></ul><ul><ul><li>Enable Media Access Control (MAC). </li></ul></ul><ul><ul><li>Limit times of day connections to prevent ‘out of hours’ attacks. </li></ul></ul><ul><ul><li>Disable Peer-to-Peer. </li></ul></ul>
  33. 33. General Recommendations (cont.) <ul><li>Secure your information: </li></ul><ul><ul><li>Use strong encryption and authentication, i.e. VPNs. </li></ul></ul><ul><ul><li>Employ firewalls and do not allow traffic to flow directly between the WLAN and the LAN. </li></ul></ul><ul><ul><li>Require authentication before traffic passes between the WLAN and the LAN. </li></ul></ul><ul><ul><li>Set-up Intrusion Detection </li></ul></ul><ul><ul><li>Users should monitor the W-LAN to ensure they connect only to authorised APs and networks. </li></ul></ul>
  34. 34. Specific requirements for UNCLASSIFIED material <ul><li>Of the encryption types previously discussed, you must only enable 128-bit WEP encryption </li></ul><ul><li>WPA is preferred, or </li></ul><ul><li>802.11i </li></ul>
  35. 35. Specific requirements for IN-CONFIDENCE material <ul><li>You must employ WPA for access-point encryption and ensure your network is generally secure and well managed. </li></ul><ul><li>VPNs should be used, via an approved encryption algorithm, such as 3-DES or AES, or </li></ul><ul><li>802.11i </li></ul>
  36. 36. Specific requirements for SENSITIVE & RESTRICTED material <ul><li>You must employ the techniques discussed earlier and employ firewalls and VPNs using encryption like AES, or </li></ul><ul><li>802.11i </li></ul>
  37. 37. Specific requirements for CONFIDENTIAL and up <ul><li>See GCSB for more information </li></ul>
  38. 38. Approved Products and Algorithms <ul><li>Symmetric encryption algorithms: </li></ul>Algorithm Conditions of use Advanced Encryption Standard (AES) AES supports key lengths of 128, 196 and 256 bits, all of which are suitable. Triple DES (3DES) Triple DES MUST use either: ·    2 distinct keys in the order key1, key2, key1. ·    3 distinct keys.
  39. 39. Approved Products and Algorithms (cont) <ul><li>Asymmetric / public key algorithms: </li></ul>Algorithm Approved uses Diffie-Hellman (DH) Agreeing on encryption session keys. Digital Signature Algorithm (DSA) Digital signatures. Note: GCSB’s recommended algorithm for this purpose. Rivest-Shamir-Adleman (RSA) Digital signatures. Passing encryption session keys or similar keys.
  40. 40. Approved Products and Algorithms (cont) <ul><li>Hashing Algorithms </li></ul>Algorithm Reference(s) Message Digest v5 (MD5) ·    AS 2805.13.3 ·    RFC 1321 Secure Hashing Algorithm (SHA-1) ·    AS 2805.13.3 ·    FIPS 180
  41. 41. Other algorithms and products <ul><li>To the IN-CONFIDENCE level, if it meets FIPS 140-2 and/or is certified to EAL4, then although the product or algorithm is not specifically approved, it probably does meet the required minimum standards for approval. </li></ul><ul><li>A more complete list of approved products is provided by AISEP and can be found at: </li></ul><ul><li> </li></ul>
  42. 42. Summary <ul><li>Wireless networking offers many advantages that makes it highly attractive. </li></ul><ul><li>There are an increasing array of devices and options that can and are being used. </li></ul><ul><li>If we do not manage these devices into our networks, they will turn up anyway. </li></ul><ul><li>Good security policies, and good networking planning are the basis for security. </li></ul><ul><li>It is possible to plan, implement and manage a secure wireless network. </li></ul><ul><li>Security need not be too difficult. </li></ul>
  43. 43. Guidance <ul><li>Government Communications </li></ul><ul><li>Security Bureau </li></ul><ul><li>Phone: 04 4726881 </li></ul><ul><li>Email: [email_address] </li></ul><ul><li>Web: </li></ul>