Wireless Security Needs For Enterprises


Published on

Individual Research Paper submitted for the course- Wireless LANs

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wireless Security Needs For Enterprises

  1. 1. Measures for Improving Wireless Security Needs of Enterprise Corporate-based Users as Compared to Home-based Users Shruti Sreenivasa Reddy University of Colorado, Boulder sreeniva@colorado.edu Abstract made on the current security issues of both corporate and home-based users. Further, recommendations will be Wireless LANs are being deployed ubiquitously. They are provided for improving the security of corporate-based finding their way into a wide variety of markets. Most of users as well as home-based users. these deployments are, unfortunately, not secure. The security needs for a home-based environment is different 2. Background from the corporate environment. The proposed study for this paper is to find better encryption techniques for 2.1 Security threats and attacks corporate retailers as opposed to the basic home security required for Wireless LANs, and to address the security The different security threats or attacks and the tools problem being faced by the enterprise users. used to cause these attacks are listed below: Encryption attacks are those in which the encryption 1. Introduction key is intercepted and recovered by actively monitoring the network traffic. AirSnort is a tool available on the Wireless LANs use radio waves as means of internet as an open source which can assist in an transmitting information over air. Air space does not have encryption attack. AirSnort works on both Windows and any boundary that limits these radio signals. These signals Linux Operating Systems [2], [5]. are not confined to a building and can travel through WepAttack is another WLAN open source Linux tool doors and windows. Therefore, making it easy for person which aids active encryption attacks. This tool uses to access the services of the network or listen to the data dictionary attack, which tests every possibility in the travelling through the network. dictionary to arrive at the right encryption key. Another It is very important for retailers to avoid intelligent type of attack is the brute force attack which guesses the hackers from stealing information from their network. encryption key based on the most probable letters or Retailers have vital personal information of their symbols that can be used. [5], [1]. customers such as their credit card information, addresses, The security of network could also be attacked by phone numbers, etc. Wireless networks are very easy to denying a legitimate user access to the network. This kind hack into as compared to a wired network as the attacker of attack is known as Denial of service attack. By does not have to break into any building or find a cable to passively monitoring the traffic and obtaining the client access information. information, the attacker can pretend to be the client and It takes the attackers several hours to obtain access deny the rightful user access to the network resources [1]. into a wireless network by using different tools that are Another possible security leak would be Insertion available easily on the internet. The method of driving attacks with the use of soft access points, where a station around with a laptop installed with software and looking functions as an access point by using the SSID of the for wireless networks is known as Wardriving [2]. There network. [1] This can be done using a tool called FakeAP, are many such Wardriving tools that are operating system- which works on Linux, or RawAP. This confuses tools specific or support only certain wireless card-types. such as Netstumbler, Wi-Fi scanner, etc. that are used Wardriving tools are used to attack a wireless network monitor wireless traffic [5]. in several ways. These tools are easily available and can Security breaches could also happen due to be downloaded from the internet. To make a network Misconfiguration of access points and client software. immune to these kinds of attacks various encryption These access points are a loop hole in the network. [1] techniques are used. They are also known as “Rogue” access points, which This paper will discuss how a wireless LAN can be give access to internal network for hackers. Most secure attacked and how these attacks can be prevented by using wireless LANs are known to be prone to attacks due to different encryption techniques. A comparison will be wrong configuration of the access points [4].
  2. 2. Man-in-middle attacks occur when the hacker is able to when it is transmitted. TKIP also uses message integrity access the data being transferred between two stations check (MIC or Michael) this helps prevent an injection with each of the stations being unaware of the hacker’s attack [1]. presence. The hacker can modify the information or not IEEE 802.11i: This standard implements stronger security transmit the information at all to the other station. [1] techniques. The main purpose of this standard is to define a Robust Security Network (RSN) [8]. According to [1], 2.2 Encryption techniques “...RSN dynamically negotiates the authentication and encryption algorithms to be used for communications WEP (Wireless Equivalent Privacy): This encryption is between wireless access point and wireless clients. This used by 802.11b networks. It is the first encryption means that as new threats are discovered, new algorithms protocol used for wireless networks. The algorithm used can be added...” The algorithm used for encryption in by WEP for encryption is RC4. WEP uses a shared secret 802.11i is AES (Advanced Encryption Standard). AES key, which is known to the wireless station and the access uses key-length up to 128-bits. It uses two methods of point. The RC4 algorithm is a stream cipher that generates encryption techniques, counter mode and CBC-MAC pseudorandom stream of bits. The purpose of RC4 (Cipher Block Chaining Message Authentication Code). algorithm is to prevent hackers from altering the The authors of [1] affirm that, “...The counter mode uses information that is being transmitted, therefore before a an arbitrary number that changes with each block of text, data packet is transmitted, a checksum is computed and making it difficult for an eavesdropper to spot a pattern. WEP concatenates the data with the key stream using The CBC-MAC protocol is a message integrity method, exclusive-or (XOR) [1]. which ensures that none of the plaintext bits that were This algorithm was discovered to be vulnerable in used in the encryption were changed...” 2001. By sniffing the network for a few hours and observing a few thousands of packets, a hacker could use 3. Current security scenario for home users an XOR function to mathematically link two packets of a session that have the same RC4 keys and recover the key. Most home users do not use any security measures as Another weakness of WEP is that it does not use any key the home user is usually a common man with little or no management [1]. computer knowledge. These users find it difficult to set up WPA (Wi-Fi Protected Access): to overcome the flaws an 802.11 network with security. The home users are less of WEP, WPA was created by Wi-Fi Alliance. WPA uses prone to an attack. It will take several hours for a hacker more powerful encryption techniques than WEP. WPA to break the encryption key (if being used) and will obtain works in two modes, enterprise and personal mode. personal data of one person, whereas the same amount of Enterprise mode uses a separate authentication server such time spent on a retail store will fetch him personal data of as Remote Access Dial-In-User Service (RADIUS) that millions of customers [1]. This does not mean that they checks if the information is correct [6]. The personal will not be attacked. The home users need to use basic mode (or consumer mode) uses a combination of Pre- encryption techniques like WEP protocol. Shared Keys (PSK). WPA-PSK is easy to implement but uses one common key between many devices. A hacker 3.1 Recommendations for improving security of can disrupt the entire network, if the key is stolen, until home users the key is changed at every AP and data terminal [1], [3]. In [1] the authors state that, “...The current standard The home users need to enable the security settings for wireless security, Wi-Fi Protected Access 2 (WPA2), offered by their devices. While enabling these settings, the was introduced in September 2004. The IEEE 802.11i SSID should not reveal the location or any other important standard WPA2, addresses three main security areas: information of the user [1]. authentication, key management, and data transfer It would be best for the home users to use the WPA- privacy. WPA2 uses the Advanced Encryption Standard PSK encryption because the key is shared only among few (AES) for data encryption and is backward compatible users as compared to thousands employees in an with WPA…” enterprise. WPA-PSK is not free from brute force attack. EAP (Extensible Authentication Protocol): is used to Though, WPA-PSK was originally deployed for home authenticate data between the RADIUS server and the users it used by SOHO (Small Office Home Office) users access point [1]. Wireless LANs uses the IEEE 802.1x because of its simplicity and easy deployment [1]. The standard along with EAP over LAN (EAPoL) [6]. key needs to be changed frequently to prevent brute force TKIP (Temporal Key Integrity Protocol): This protocol attack. was essentially used to make WEP more secure. The The SSID is automatically broadcasted to all users in temporal keys used in TKIP are rotated and every packet the range of the wireless network. Another way to prevent in TKIP has a 48-bit serial number that is incremented
  3. 3. casual users from using your wireless network would be to 83 percent reported a monetary loss. Any wireless device disable the broadcast of the SSID. This may look or unauthorized access point creates an on-ramp to the complicated for an average user who is not comfortable entire wireless and wired networks. Unless properly using complex software. Designing of easier software configured, secured and monitored, these wireless devices where security settings are easily accessible will allow the and networks are dangerous to the entire organization...” user to utilize these security options more easily [1]. [4]. Most of the retailers use just WEP for encryption, There are some new protocols that work specifically which has resulted in monetary loss, the most recent and home users. This uses a combination of password popular security fiasco was that of TJ Maxx’s data breach, protection as well as MAC address authentication along which resulted in 45.7 million credit and debit card data with a certification [7]. The protocol uses the MAC being stolen [3]. According to the Wall Street Journal, the addresses of the authenticated users and assigns a new hackers who worked in a group tapped data from a hand- password to the users. The MAC address table manages held equipment that was used to maintain the inventory. the number of authenticated users [7]. These equipments were used to communicate with the Placing of an access point strategically would help cash registers and house-keeping data in the store [3]. reduce the probability of an attack. Access point should be placed in the center of the building and away from 4.1 Recommendations for improving security of windows and doors [9]. retailers 4. Current security scenario of retailers The retailers should consider using better encryption techniques to improve their security and not rely on WEP The retailers need more security than just a WEP for encryption. It is advised to use stronger encryption encryption. The weak links in security leads to potential techniques such as EAPoL that uses RADIUS, an damage to the company. A data breach would cost the authentication server. company not only in dollars but will also cause brand To improve the security, it is recommended that they damage. Though the advantages of using wireless are use suggestions provided for home users in addition to the tremendous, it has numerous security issues which cannot recommendations that follow. be resolved by mere use of firewalls and VPN-based The deployment of a central controller along with the solutions. A typical retailers’ network is as shown in use of wireless policies would be help maintain the Figure 1. number of devices connected to the network and would reduce the attacks through rogue devices. The wireless policy of Information Technology Services (ITS) of University of Colorado, Boulder, affirms that ITS will be responsible for the deployment of all the access points in the university. All devices that access the university’s wireless network should be registered. This controls rogue devices from accessing important information, like student data, from the network [8]. Numerous devices may enter or leave the network in an enterprise. The use of wireless intrusion and detection techniques will help curb suspicious activity in a network. The air traffic should therefore, be continuously monitored for rogue devices. The use of an analyzer will help identify all the wireless devices that are being used in the network [3], [4]. Physical access to wireless access points, gateways and hand-held devices should be restricted [3]. Another Figure 1: Typical retail store network and its wireless suggestion would be to place the firewall inside the access vulnerabilities. From [3] point and installing antivirus software and regularly updating the version of software used [9]. With the advent of intelligent hackers, it is very Using a directional antenna for the access points would important to secure customers personal information. help in directing the radio waves to the authenticate users. According a white paper by AirDefense, “…According to Further, reducing the signal strength of the antenna will a November, 2003 survey by PricewaterhouseCoopers, 46 prevent the leakage of the signal outside the building. percent of companies and agencies who have wireless Figure 2 shows how good antenna design will help networks have been victims of a security breach. Of these,
  4. 4. improve the coverage and prevent rogues devices from 6. References accessing signals that carry secure information [9]. [1] C. Maple, H. Jacobs, M. Reeve, “Choosing the right wireless LAN security protocol for the home and business user” Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on 20-22 April 2006 Page(s):8 pp. [2] Z. Tao, A. B. Ruighaver, “Wireless Intrusion Detection: Not as easy as Traditional network intrusion detection” TENCON 2005 2005, IEEE Region 10 Nov. 2005 Page(s): 1-5 [3] “Preventing Wireless Data Breaches in Retail”, white paper, AirDefense, Inc., 2002-2007 [4] “Wireless LANs: Is My Enterprise At Risk?” ”, white Figure 2: Antenna design considerations. From [9] paper, AirDefense, Inc., 2002-2006 5. Conclusion and Future work [5] “Wireless LAN – Tools”, ForInSect, undated. http://www.forinsect.de/wlan/wlan-tools.html Securing and preserving your personal information is [6] Benny Bing, “Emerging Technologies in Wireless LANs- essential. A network requires basic security despite the Theory, Design and Deployment”, Cambridge University Press, location of its deployment and its usage. With the use of New York, 2008 proper software and tools many attacks can be prevented. The future of wireless security looks bright, with new [7] Lee Ju-A, Kim Jae-Hyun, Park Jun-Hee, Moon Kyung- standards like IEEE 802.11i and 802.11w which will Duk, “A Secure Wireless LAN Access Technique for Home enhance the security in wireless networks. Network”, Vehicular Technology Conference, 2006. IEEE 63rd However, there are some issues which can be further Volume 2, 7-10 May 2006 Page(s):818 – 822 researched upon. Some of these are as follows: [8] “Wireless Deployment and Management Policy”, For a retailers’ wireless security to be foolproof, apart undated. from the technology it will an effective wireless access http://www.colorado.edu/its/docs/policies/wireless.html policy. What would be the competent way of defining a wireless access policy? If there are extensions in the [9] “Wireless 802.11 LAN Security: Understanding the Key company, should the wireless access policy be re-stated? Issues”, white paper, Systems experts, 2002, The current standard 802.11i uses AES as a linear http://www.systemexperts.com/tutors/wireless-issues.pdf encryption algorithm. A non-linear algorithm will be more effective as it will be tricky for hackers to decrypt the message Will developing a non-linear encryption algorithm improve the security needs of the network? Will this solution require complex computations and will it be cost effective? As stated in the recommendations, it would help the users if new easy-to-use software was designed for security settings in a home network. The easy-to-use software along with intrusion-detection mechanism a home user can identify when the network suffers an attack. Retailers can further improve on their security measures by using custom made access points. The companies that manufacture access points that have specific antenna designs in accordance with the retail store building to prevent leakage of signals.