© 2006 Cisco Systems, Inc. All rights reserved. SND v Securing LAN and WLAN Devices Securing Wireless LANs

© 2006 Cisco Systems, Inc. All rights reserved. SND v Outline Overview Introducing WLANs Threats to WLANs Evolution of Security Features Service Set Identifier Wired Equivalent Privacy Enhanced Methods for WLAN Threat Migration WLAN IDS Summary

© 2006 Cisco Systems, Inc. All rights reserved. SND v Wireless LANs Extend Wired LANs Server Switch Wireless LAN (WLAN) as an Extension to a Wired LAN Access Point Internet WLAN Controller

© 2006 Cisco Systems, Inc. All rights reserved. SND v Comparing WLANs with LANs Similarities: A WLAN is an 802 LAN: –Data over air instead of data over wire –Looks like a wired network to the user The same protocols run over both LANs and WLANs: –Simple Network Management Protocol –IPsec Differences: Use of radio frequency introduces country-specific regulations Clients are mobile Radio-frequency physical layer introduces privacy and connectivity issues = Access Point Switch Both WLAN and LAN devices operate at Layer 2. Client

© 2006 Cisco Systems, Inc. All rights reserved. SND v WLAN Characteristics CharacteristicDescription Physical layer DSSS OFDM Infrared Frequency band2.4 GHz (ISM band) and 5 GHz Data rates b1 Mbps, 2 Mbps, 5.5 Mbps, 11 Mbps (DSSS) a54 Mbps (OFDM) g54 Mbps (OFDM) Operating rangeUp to 150 feet indoors and 1500 feet outdoors Positive aspectsHigh data throughput without wires Negative aspects Throughput decreasing with distance and load; poor security in native mode

© 2006 Cisco Systems, Inc. All rights reserved. SND v Typical WLAN Components and Topologies Wireless Clients LAN Backbone Channel 1 Access Point SSID1 Wireless Cell Access Point SSID1 Wireless Cell Channel 6 Wireless Clients Overlapping 10-15% WLAN Controller

© 2006 Cisco Systems, Inc. All rights reserved. SND v Unified Advanced Services Unified built-in support of leading-edge applicationsnot an afterthought; Cisco Wireless Location Appliance, Cisco WCS, SDN, NAC, Wi-Fi phones, and RF firewalls World-Class Network Management World-class NMS that visualizes and helps secure your air space; WCS Network Unification Seamless network infrastructure across a range of platforms; Cisco 2000 and 4400 Wireless LAN Controllers; future Cisco Catalyst 6500 Series WiSM, ISR, and 3750 integration Mobility Platform APs dynamically configured and managed through LWAPP. Cisco Aironet Access Points: 1500, 1300, 1240AG, 1230AG, 1130AG, and Bridges; 1400 and Client Devices Secure clients that work out of the box. These include Cisco Aironet clients and third-party devices that comply with the Cisco Compatible Extensions program. Cisco Self-Defending Network Cisco Unified Wireless Network

© 2006 Cisco Systems, Inc. All rights reserved. SND v Threats to WLANs WLAN equipment is widely available and inexpensive standard designed for ease of use and deployment Availability of sniffers Statistics on WLAN securities Media hype about hotspots, WLAN hacking, war driving Nonoptimal implementation of encryption in standard WEP Authentication vulnerability Loss of mobile devices such as PDAs I found another one.

© 2006 Cisco Systems, Inc. All rights reserved. SND v PRESENT Evolution of WLAN Security INTERIMINITIAL Wireless IDS First Generation Encryption Wi-Fi Protected Access No strong authentication Static, breakable keys Not scalable Standardized Improved encryption Strong, user-based authentication (e.g., LEAP, PEAP, EAP- FAST) IEEE i Identify and protect against attacks, DoS AES encryption Authentication: 802.1x Dynamic key management WPA2 (Wi-Fi Alliance implementation of i) OPEN ACCESS Service Set Identifier No encryption Basic authentication Not a security handle Cisco LEAP Interim Solution Dynamic WEP keys Mutual authentication

© 2006 Cisco Systems, Inc. All rights reserved. SND v Open Access PhaseSSID SSID String of 32 ASCII characters If access point broadcasts SSID under , any client with a null string will associate to any access point regardless of SSID setting on access point Should not be considered a security feature

© 2006 Cisco Systems, Inc. All rights reserved. SND v Initial PhaseWEP WEP The basic IEEE security standard Uses 40-bit keys 128-bit keys optional Optional part of the association process Uses the RC4 stream cipher from RSA Security for encryption

© 2006 Cisco Systems, Inc. All rights reserved. SND v Open Authentication 6. Access point A confirms association and registers client. [ RF PACKET ] Access Point B Access Point A Initial Connection to an Access Point 1. Client sends probe request. [ RF PACKET ] 2. Access point (A and B) sends probe response. Client evaluates access point response, selects best access point. [ RF PACKET ] 3. Client sends authentication request to selected access point (A). [ RF PACKET ] 4. Access point (A) confirms authentication and registers client. [ RF PACKET ] 5. Client sends association request to selected access point (A). [ RF PACKET ]

© 2006 Cisco Systems, Inc. All rights reserved. SND v Shared Key Authentication 4. Client sends an authentication request to access point (A). [ RF PACKET ] 5. Access point (A) send authentication response containing the unencrypted challenge text. [ RF PACKET ] 7. Access point (A) compares the encrypted challenge text with its copy of the encrypted challenge text. If the text is the same, the access point (A) will allow the client onto the WLAN. [ RF PACKET ] Steps 1 through 3 are the same as for open authentication. 6. Client encrypts the challenge text using one of its WEP keys and sends it to access point (A). [ RF PACKET ] Access Point B Access Point A

© 2006 Cisco Systems, Inc. All rights reserved. SND v Basic Security Issues Protects against outside threats –Checks for devices that do not possess key –Hardware theft may be an issue One-way authentication –Checks client key only No way to dynamically generate keys No integration with existing network authentication methods Rogue access points –May render either client or network vulnerable –Important to two-way (mutually) authenticate user and network

© 2006 Cisco Systems, Inc. All rights reserved. SND v Basic Security Issues (Cont.) Device-based authentication –User or user credential-based authentication more desirable –No simple integration with existing database to authenticate users No method for WLAN account auditing Not Authorized Authorized What is the password?

© 2006 Cisco Systems, Inc. All rights reserved. SND v Exploits of Security Vulnerabilities Several attacks exploit vulnerabilities in security: Weak initialization vector attack Active bit flipping attack to inject traffic or to decrypt traffic Authentication dictionary attacks

© 2006 Cisco Systems, Inc. All rights reserved. SND v Enhanced Security security is enhanced by adding methods for user authentication and data stream encryption. Encryption Provide encryption keys after authentication Authentication Prove that you belong to the network

© 2006 Cisco Systems, Inc. All rights reserved. SND v Interim PhaseWPA History of WPA: WPA introduced in late 2003 Prestandard implementation of IEEE i WLAN security Addresses currently known security problems with WEP Allows software upgrade on already deployed equipment to improve security Components of WPA: Authenticated key management using 802.1x: EAP authentication, and preshared key authentication Unicast and broadcast key management Standardized TKIP per-packet keying and Message Integrity Check protocol Initialization vector space expansion: 48-bit initialization vectors Migration modecoexistence of WPA and non-WPA devices (optional implementation that is not required for WPA certification)

© 2006 Cisco Systems, Inc. All rights reserved. SND v Present PhaseWPA2 WPA2 is the full Wi-Fi Alliance implementation of the i standard i uses the AES block cipher that replaces the DES. WPA2 standardizes use of 802.1X for authentication.

© 2006 Cisco Systems, Inc. All rights reserved. SND v x for i specifies use of 802.1x for client authentication Based on EAP framework Improved authentication credentials –Superior to device-based (such as MAC address) authentication Session-based encryption keys Centralized user administration 802.1x for WLANs

© 2006 Cisco Systems, Inc. All rights reserved. SND v LEAPEAP-FASTPEAPEAP-TLS Multiple operating system support YesLimited Single login using Microsoft Windows login Yes No*Yes Dynamic WEP key and mutual authentication Yes Static password supportYes No One-time password supportNo YesNo Capability to tie login with non-Microsoft user databases (LDAP, Novell Directory Services, and so on) NoYes (LDAP)Yes Layer 3 roaming supportYes Works with WPAYes Yes** * Microsoft PEAP (EAP-Microsoft Challenge Handshake Authentication Protocol Version 2) supports single sign-on. ** WPA testing is done with EAP-TLS, but all EAP types can be used with WPA x EAP Deployment Comparison

© 2006 Cisco Systems, Inc. All rights reserved. SND v x Advantages for WLANs Mutual authentication –The server is authenticated by the client, and the client is authenticated by the server. Encryption keys derived dynamically Ability to refresh encryption keys –RADIUS session timeout is used to give a fixed validity window for a user WLAN session key. Centralized user and key management

© 2006 Cisco Systems, Inc. All rights reserved. SND v Present PhaseWLAN IDS Threats include: Unauthorized users Rogue access points Solutions include: WLAN IDS WLAN NAC WLAN IDSs have these features: Excess management frame detection Authentication attack detection Switch Access Point WLAN Controller Rogue Access Point x N Attacker Tries to Connect

© 2006 Cisco Systems, Inc. All rights reserved. SND v Summary WLANs are IEEE 802 LANs that allow mobile users to access a network. WLANs provide ports to users outside the confines of the organization buildings and, with growing availability of wireless equipment, can expose networks to attack. The IEEE standard included specifications for security with WEP. The SSID is a configurable parameter that is checked as part of the association process and should match on both the wireless client and the access point. Under specifications, an access point may advertise its SSID, so the SSID should not be considered a security feature. The implementation of the RC4 algorithm in WEP was inadequate and exposed WLANs to a variety of attacks that are based on exploiting the WEP initialization vector. An interim standard called WPA, which incorporated 802.1x authentication and improved encryption, was released prior to IEEE ratifying the i standard in June x has been implemented as WPA2. WLAN IDS look for excess management frames and excess authentication attempts to detect possible intrusions by attackers.

© 2006 Cisco Systems, Inc. All rights reserved. SND v