© 2006 Cisco Systems, Inc. All rights reserved.ONT v Implement Wireless Scalability Introducing 802.1x

© 2006 Cisco Systems, Inc. All rights reserved.ONT v The Need for WLAN Security

© 2006 Cisco Systems, Inc. All rights reserved.ONT v The Need for WLAN Security IEEE equipment is widely available and inexpensive. The standard is designed for ease of use and deployment. Many sniffers are available. Statistics on WLAN security are not encouraging. Media reports about hot spots, WLAN hacking, and war driving are frequent. Encryption is not optimally implemented in standard WEP. Authentication is vulnerable.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Security Methods Authentication and Encryption

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Security MethodsAuthentication and Encryption Authentication: Proves that you belong on the network Encryption: Protects the data traversing the network Both authentication and encryption are needed and mandated by standards.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v WLAN Security Issues Rogue access points Weakness of older forms of security: –Service set identifier (SSID) –Authentication controlled by MAC –Static WEP keys –Nonmutual authenticationone way only

© 2006 Cisco Systems, Inc. All rights reserved.ONT v WEP Attacks Weak, static WEP key Passive or weak initialization vector (IV) attack details Active or bit flipping and replay attack Authentication dictionary attacks

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Overview of WLAN Security

© 2006 Cisco Systems, Inc. All rights reserved.ONT v WEP IEEE standard for encryption Uses RC4 algorithmknown vulnerabilities Keys can be static and shared among many clients Or keys can be dynamic and unique for each client (as with 802.1x) per session

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Open Authentication

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Shared Key Authentication

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Cisco Enhanced WEP Security

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Cisco Enhanced WEP Security Cisco Prestandard enhancements Implemented in 2001 and 2002 Authentication: –802.1x and Extensible Authentication Protocol (EAP) protocols –User, token, machine credentials –Dynamic encryption key generation Encryption: –Cisco Key Integrity Protocol (CKIP) –Cisco Message Integrity Check (CMIC)

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Enhanced Security Encryption: –Temporal Key Integrity Protocol and Message Integrity Check –Wi-Fi Protected Access (WPA)TKIP encryption –WPA2Advanced Encryption Standard (AES) Authentication: –802.1x and Extensible Authentication Protocol (EAP) protocols –User, token, machine credentials –Dynamic encryption key generation –IEEE i

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EncryptionTKIP and MIC Enhancements to RC4-based WEP: –Key hashing for unique seed values per packet –MIC from Michael algorithm –Broadcast key rotation Key hashing protects against WEP initialization vector vulnerabilities, whereas MIC protects against man-in-the- middle or replay attacks.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EncryptionAES Specified in i 128-bit block ciphercryptographically more robust than RC4 Part of WPA2 Requires new radio cards on clients and access points because more CPU power is required

© 2006 Cisco Systems, Inc. All rights reserved.ONT v x Overview

© 2006 Cisco Systems, Inc. All rights reserved.ONT v x Authentication Overview Extensible and Interoperable supports: –Different EAP authentication methods or types –May be used with multiple encryption algorithms –Depends on client capability Supported by Cisco since December 2000.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v x Authentication Key Benefits Mutual authentication between client and authentication (RADIUS) server Encryption keys derived after authentication Centralized policy control

© 2006 Cisco Systems, Inc. All rights reserved.ONT v x and EAP Authentication Protocols Lightweight Extensible Authentication Protocol (LEAP)EAP Cisco Wireless EAP-Flexible Authentication via Secure Tunneling (EAP-FAST) EAP-Transport Layer Security (EAP-TLS) Protected EAP (PEAP): –PEAP-GTC –PEAP-MSCHAPv2

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Components Required for 802.1x Authentication Authentication server = EAP-capable RADIUS server: –Cisco Secure ACS, Microsoft IAS, Meetinghouse Aegis –Local authentication service on Cisco IOS access point –May use either local RADIUS database or an external database server such as Microsoft Active Directory or RSA SecurID Authenticator = 802.1x-capable access point Supplicant = EAP-capable client: –Requires 802.1x-capable driver –Requires an EAP supplicanteither available with client card, native in operating system, or from third-party software

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-Cisco Wireless

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Cisco LEAP Client support: –Windows 98-XP, Windows CE, Macintosh OS 9. X or 10.X, and Linux Kernel 2.2 or 2.4 –Cisco Compatible Extensions Clients (CCXv1) RADIUS server: –Cisco Secure ACS and Cisco Access Registrar –Meetinghouse Aegis –Interlink Merit Microsoft domain or Active Directory (optional) for back-end authentication (must be Microsoft format database) Device support: –Cisco autonomous access points and bridges –Cisco lightweight access points and WLAN controllers –Cisco Unified Wireless IP Phone 7920 (VoIP) handset

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Cisco LEAP Authentication

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-FAST

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-FAST: Flexible Authentication via Secure Tunneling Considered in three phases: Protected access credential is generated in phase 0 (Dynamic PAC provisioning) –Unique shared credential used to mutually authenticate client and server –Associated with a specific user ID and an authority ID –Removes the need for PKI A secure tunnel is established in phase 1 Client is authenticated via the secure tunnel in phase 2

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-FAST Authentication

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-TLS

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-TLS Client support: –Windows 2000, XP, and Windows CE (natively supported) –Non-Windows platforms: Third-party supplicants (Meetinghouse) –User certificate required for each client Infrastructure requirements: –EAP-TLS supported RADIUS server Cisco Secure ACS, Cisco Access Registrar, Microsoft IAS, Aegis, Interlink –RADIUS server requires a server certificate –Certificate authority server (PKI) Certificate management: –Both client and RADIUS server certificates to be managed

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-TLS Authentication

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-PEAP

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-PEAP Hybrid authentication method: –Server-side authentication with TLS –Client-side authentication with EAP authentication types EAP-GTC EAP-MSCHAPv2 Clients do not require certificates. RADIUS server requires a server certificate: –RADIUS server has self-issuing certificate capability. –Purchase a server certificate per server from PKI entity. –Set up a simple PKI server to issue server certificates. Allows for one-way authentication types to be used: –One-time passwords –Proxy to LDAP, Unix, Microsoft Windows NT and Active Directory, Kerberos

© 2006 Cisco Systems, Inc. All rights reserved.ONT v EAP-PEAP Authentication

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Wi-Fi Protected Access

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Wi-Fi Protected Access WPA introduced in late 2003 Prestandard implementation of IEEE i WLAN security Addresses currently known security problems with WEP Allows software upgrade on deployed equipment to improve security Components of WPA: –Authenticated key management using 802.1x: EAP authentication and preshared key authentication –Unicast and broadcast key management –Standardized Temporal Key Integrity Protocol (TKIP) per-packet keying and message integrity check (MIC) protocol –Initialization vector space expansion: 48-bit initialization vectors –Migration modecoexistence of WPA and non-WPA devices (optional implementation that is not required for WPA certification)

© 2006 Cisco Systems, Inc. All rights reserved.ONT v i and WPA Authentication and Key Management Overview

© 2006 Cisco Systems, Inc. All rights reserved.ONT v WPA Issues WPA uses TKIP, which uses the same base encryption algorithmRC4as WEP. WPA cannot avoid the design flaws of WEP entirely. WPA, is in the end, a compromise solution. Software upgrade is required for clients and access points, which gives no guarantee that all vendors will support the solution. Operating system support or a supplicant client is required. WPA is susceptible to a new type of DoS attack. WPA is susceptible to a recently discovered weakness when preshared keys are used.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v IEEE iWPA i: –Ratified in June 2004 –Standardizes: 802.1x for authentication AES encryptionFacilitates U.S. government FIPS compliance Key management WPA2: –Supplement to WPA version 1Wi-Fi Alliance interoperable implementation of i –Provides for AES encryption to be used –Proactive Key Caching –Third-party testing and certification for WLAN device compatibility

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Wireless Intrusion Detection Systems Address RF-related vulnerabilities: –Detect, locate, mitigate rogue devices –Detect and manage RF interference –Detect reconnaissance if possible Address standards-based vulnerabilities: –Detect management frame and hijacking style attacks –Enforce security configuration policies Complementary functionality: –Forensic analysis –Compliance reporting

© 2006 Cisco Systems, Inc. All rights reserved.ONT v WPA and WPA2 Modes WPAWPA2 Enterprise mode (business, education, government) Authentication: IEEE 802.1x/EAP Encryption: TKIP/MIC Authentication: IEEE 802.1x/EAP Encryption: AES-CCMP Personal mode (SOHO, home/personal) Authentication: PSK Encryption: TKIP/MIC Authentication: PSK Encryption: AES-CCMP

© 2006 Cisco Systems, Inc. All rights reserved.ONT v WPA2 Issues Client (supplicant) must have a WPA2 driver that supports EAP. RADIUS server must understand EAP. PEAP carries EAP types within a channel secured by TLS and so requires a server certificate. WPA2 is more compute-intensive with optional AES encryption. WPA2 may require new WLAN hardware to support AES encryption.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Summary Authentication and encryption are the two primary facilities for securing the WLAN. Encryption is the method of ensuring that data remains uncorrupted throughout the sending and receiving process. Encryption using static WEP keys is very vulnerable. EAP and the 802.1x standards are designed to leverage existing standards. The LEAP authentication process is mutual because the client needs to authenticate the server and the server needs to authenticate the client.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Summary (Cont.) With EAP-FAST, the wireless client associates with access point using open authentication. EAP-TLS uses authentication derived from digital certificates for user and server authentication. PEAP uses user authentication with OTP or static password. WPA has two different modes: Enterprise and Personal. Both modes provide encryption support and user authentication. WPA2 is similar to WPA but supports AES encryption.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v