Wireless TEchnology
...erent speeds for the 802.11 standards. Wireless LAN Throughput by IEEE Standard IEEE WLAN Standard Over-the-Air (OTA) Estimates Media Access Control Layer, Service Access Point (MAC SAP) Estimates 802.11b 11 Mbps 5 Mbps 802.11g 54 Mbps 25 Mbps (when .11b is not present) 802.11a 54 Mbps 25 Mbps 802.11n 200+ Mbps 100 Mbps Table 1. Comparison of different 802.11 transfer rates. (Source: Intel Labs) Wireless Security Types There are no un-hackable security measures that will single handedly prevent hackers from stealing or taking over a network. With this said there are measures that can be put in place to make a wireless network not looking as attractive and hackers would most likely look else where for an easier mark. Another way of stating this would be living in a home that has no outside lights, living in a wooded area that obscure the view of a home, having now security alarms installed. To a crook this a like taking candy from a baby but on the other hand having flood lights installed a clear view of the home, lights that come on when movement is sensed and installing a alarm system. Even though this is still not 100% secure this will in turn deter the common criminal from picking this house and would most likely move on to a house that is an easier target of opportunity. The best method to securing a wireless network would be add layers of security measure as more layers are added that chances for a hacker of getting caught increases. This will deter most hackers from trying to break into the network and will look elsewhere for easier targets. Risks from hackers are sure to remain with us for any foreseeable future. The challenge for IT personnel will be to keep one step ahead of hackers. Members of the IT field need to keep learning about the types of attacks and what counter measures are available. There are four measures to keep in mind with security • All wireless LAN devices need to be secured • All company communications need to be secured • All employees and contractors need to be educated and kept up to date on security • All company networks need to be actively monitored for security and compliance There are many types of security that are available and in the proceeding pages they will be discussed. WEP (Wired Equivalency Privacy) This is a standard encryption that was the original encryption when wireless first hit the market. This first attempt at securing wireless was meant to make wireless as secure as wired networks but as well all know this did not happen, once the exploits were discovered third party programs came about to enable hackers to snoop and detect patterns in the WEP. WEP uses 128 and 256-bit encryption, the longer the encryption the better, this is better then nothing and WEP can offer more security then the advanced WPA-PSK encryption. WEP is used at the two lowest layers of the OSI model (http://www.webopedia.com/TERM/W/WEP.html) WPA (Wi-Fi Protected Access) This was created to replace WEP and combines the dynamic key encryption of TKIP (Temporal Key Integrity Protocol) with the mutual authentication of 802.1x. When WPA was developed it was designed with a RADIUS sever for independent authentication that is located inside the firewall, but when it was developed for the individual uses that did not have RADIUS servers the name became WPA-PSK (Wi-Fi Protected Access Pre-Shared Key). This has some flaws as graduate students cracked this encryption to where a program needs four specific packets to break this security. If the WPA has a RADIUS server then the authentication is tied through the domain log-on as this allows an entry for employees and provides a method for user security policies. Mac ID filtering (Media Access Control) (Media Access Control) is used to exclude or allow only listed client stations to authenticate with the access point. These settings apply to both the Internal and Guest networks. Stations are filtered by "MAC" address, a hardware ID that uniquely identifies each node of a network. A MAC address consists of a string of twelve (12) hexadecimal digits separated by colons, for example: FE:DC:BA:09:87:65. Some BIOS will have the option to select any desired MAC ID for it’s built in network capability. PEAP (Protected Extensible Authentication Protocol)This protocol allows for a secure transport of data, passwords, and encryption keys without the need of a certificate server. Cisco, Microsoft, and RSA Security developed this protocol. DHCP (Dynamic Host Configuration Protocol) DHCP is an Internet protocol tool for automating the configuration of computers that use TCP/IP. DHCP is used to assign IP addresses, deliver TCP/IP stack configuration parameters such as subnet mask and router. This will also provide information for configuration addresses for a printer, time other services. Using DHCP along with MAC ID filtering that has pre-assigned addresses will help to keep out the un-wanted (http://wrt-wiki.bsr-clan.de/index.php?title=Static_DHCP) WPA2 (Wi-Fi Protected Access) This is the second generation of WPA and incorporates the consumer Wi-Fi and enterprise Wi-Fi as this is a higher assurance to make networks secure. This generation is based on the final 802.11i makes use of the Advanced Encryption Standard (AES) Block Cipher. This is also eligible for compliance in FIPS 140.2; this would usually be implemented in areas that are sensitive but not classified information. Typical organization would entail banks and the healthcare organizations http://en.wikipedia.org/wiki/WPA2 RADIUS (Remote Authentication Dial In User Service) This provides an excellent weapon against hackers as RADIUS was originally proprietary. An insides server was to act as a gatekeeper through the use of verifying identities through username and password that was determined by the user. The RADIUIS server checks that the information is correct using authentication schemes such as PAP, CHAP or EAP. If the authentication is passed the server will authorize access to the ISP system. RADIUS can also be configured to enforce user policies and restrictions as well as accounting information for billing purposes. LEAP (Lightweight Extensible Authentication Protocol) This protocol is based on 802.1x and helps to minimize the original security flaws by using WEP, this is a sophisticated key management system and also uses MAC address authentication. LEAP is still not safe from hackers and THC-LeapCracker can be used to break Cisco’s version of LEAP and can be used against computers connected to an access point in the form of a dictionary attack (refers to the general technique of trying to guess some secret by running through a list of likely possibilities, often a list of words from a dictionary) http://en.wikipedia.org/wiki/Dictionary_attack Extensible Authentication Protocols (EAPs) such as those mentioned above (LEAP and PEAP), are highly effective means of securing an enterprise network. It is important to choose an authentication schema that best fits your organization and security requirements. The following table (Table 1) provides a comparison of different vendor’s implementations of EAP technologies (Microsoft, p 8-9). Feature LEAP (EAP-Cisco) EAP-TLS EAP-MD5 PEAP Advantages Vendor support Cisco scheme only supported by limited wireless network adapters and wireless AP equipment from Cisco. Widely supported. Wide support, but not recommended for wireless. Widely supported by Microsoft, Cisco, Funk, Interlink Networks, Meetinghouse and other vendors. Mutual authentication Yes, with passwords. Weak form of server authentication. Yes, user and authentication server with certificates. No, client authentication only. Yes, using end-to-end encrypted TLS channel for user credentials. The server is authenticated with a certificate and the user by any EAP-supported scheme. Strong form of server authentication prevents rogue wireless APs. Rotating keys (re-keying) Generated during authentication. Low key strength. Generated during authentication. High key strength. No. Relies on static keys. Generated during authentication. High key strength Security technology level Stronger than MD5 but exposed to offline dictionary attacks. Strong. Weak. Not secure. Strongest password-based approach available. Standards-based No Yes Yes Yes User credential protection Open to offline dictionary attack. Certificate-based authentication. Open to offline dictionary attack. Protected by TLS channel. Computer authentication No Yes, with a computer certificate installed on the access client. No. Supported by EAP methods such as EAP-MS-CHAP v2. Ease of implementation Limited choice of wireless network adapters, wireless APs, and RADIUS servers. Requires PKI. Widely supported and offered natively in Windows clients. Simple, but not recommended for wireless. Widely supported and offered natively in Windows clients. Global applicability Limited vendor choice. Requires PKI. Not secure, so a poor choice. Widely available open standard with growing support. Credential flexibility None. Password only. Only digital certificates. Password only. Any approved EAP method. Table 1. Comparison of Common 802.1X EAP-Encapsulated Authentication Protocols It is also possible (dependent on vendor technology) to...