Securing Wireless LANs - BT · a) Ad-hoc mode (Figure 1)allows a loose association between wireless enabled devices within a light-weight network management structure. It is very

White Paper27th January 2005

Securing Wireless LANs

Index

1. Introduction 3• Aims 3• Benefits Of Wireless LAN 3• The Challenges of using wireless LAN 4

2. Overview of Wireless LAN 5• How the technology works 5• Typical network configurations 5• Types of wireless LAN (Radio Frequencies and Standards) 7• Planning and security policy 8• Security standards compliance 8

3. Security concerns 9• Why are Wireless LAN’s insecure? 9• The vulnerabilities of Wireless LANs 10• Finding networks to attack 10• Breaking the network: for good and bad 11

4. Tools For Wireless LAN Security 13• 4.1 Basic Security Configurations 13• 4.2 Data Link (Layer 2) security methods 14

4.2.1 Wired Equivalent Privacy (WEP) 154.2.2 802.1x and EAP port based authentication 164.2.3 Wi-Fi Protected Access (WPA) V1.X 20

• 4.3 IP Layer Security Solutions 21• 4.4 Additional Security Methods 22

5. The Design Issues: guidelines and recommendations 246. The Future of Wireless LAN Standards 257. Summary 268. References 27Biography 27Appendix A: Glossary 28

3

AimsEffective data communications are vital to sustaining the flow ofinformation that enriches people’s lives and keeps the modernbusiness world operating smoothly. Providing the right data to theright people at the right time makes all the difference to the flowof goods and services in today’s digital networked economy.Network access through a wireless Local Area Network is anincreasingly important enabling technology, that if appropriatelyused, offers the potential for making network access much moreflexible and convenient at low cost without compromising security.

Benefits of wireless LANOpening up information systems, applications and data to userscan enable the transformation of any business by enablingimprovements in operational processes and help streamline thecustomer service experience. Wireless LANs can be an importantpart of an IT estate and help establish the right infrastructure forchange through:

• Increased flexibility

• Increased productivity

• More efficient usage of accommodation

• Increased accuracy of data

• Reduced costs

Even with today’s local area network infrastructure, it is notalways possible to find a connection free when it is needed.Wireless LAN technology allows people to connect to a networkwhen and where they want to – without first having to find asocket. This makes changes in working practices possible andenhances productivity, efficiency and effectiveness.

It has been shown that productivity can be increased substantiallyin a number of business scenarios by deploying wireless LAN. Forexample, business processes can be streamlined by eliminatingthe delay incurred by batch processing transactions from handheld devices. A study prepared for Cisco found that, on average,users increased productivity by 22% by deploying Wireless LANtechnology (source: Cisco1).

Deploying a wireless LAN means people no longer need to be tiedto a particular desk. They can potentially use any space available.By providing wireless LAN coverage in areas, including meetingrooms, restaurants, café areas and temporary accommodation notnormally covered by a local area network, office and buildingspace can be more efficiently used. The resulting flexibility canreduce the amount of real estate needed.

Transaction accuracy can be increased as tasks can be completedwithout the need to re-key information. In the Cisco studypreviously cited, 63% of end users believed that the technologyminimised the mistakes that they made. This is particularlyimportant for the manufacturing, retail and healthcare sectors.

Wireless LAN technology is inexpensive, for example beingpresent within most modern IT equipment such as laptops at noadditional cost. Increased business efficiency and operationaleffectiveness afforded by wireless LANs therefore offers thepotential for real operating cost reductions to be achieved. Inparticular, a Wireless LAN Association (WLANA) study2 indicatesthat wireless LAN deployments can pay for themselves in monthsrather than years, making a compelling case for consideration aspart of your IT estate.

1. Introduction

Wireless LANs (WLANs) based on the IEEE 802.11 standards can provide a convenient way for users to access information without beingtied to a desk. As wireless enabled laptop computers and personal digital assistants become more pervasive, they are set to transformpeople’s lives by enabling greater flexibility for work and leisure. This paper gives an overview of wireless LANs, summarising key securityweaknesses and vulnerabilities with the IEEE 802.11 based wireless LAN systems along with the protective measures that can be taken tocounter act them.

4

By the very nature of using radio as a transmission medium,wireless LANs are open to interception by anybody within range.This makes it necessary to positively authenticate both thedevices joining the network and the network itself, to ensure youare really communicating with who you thought you were, as wellas ensuring privacy of communications. Unfortunately, althoughthese requirements were recognised by the developers of theindustry standards, there are several well-known flaws, some ofwhich are described in this paper, that make poorly configuredwireless LANs inherently insecure. In addition, the inclusion ofwireless LAN devices as a part of a wider IT estate is oftencompletely overlooked, exposing the network to unplannedinteractions. Using an unprotected or poorly designed wirelessLAN to access a corporate network can leave that network open tocriminal, hostile or casual use. This has, quite rightly, attracted alot of concern over the use and deployment of wireless LAN.

While an out-of-the-box Wireless LAN solution is easilyconstructed, it lacks the security and network integrity measuresexpected or assumed for high-end commercial applications. Thishas rendered a basic wireless LAN solution unacceptable for manyorganisations, including UK Government departments, financialinstitutions or businesses requiring controlled access to customeror process data.

No network, whether wired or wireless, can be completely secureagainst unauthorised access or misuse. Yet numerous techniqueshave either been developed or are available that ensure most ofthe flaws in wireless LAN technology can be mitigated. Whilethere are no absolutes, it is prudent to take appropriate securitymeasures to mitigate any threats posed to a network. This meansthat security must be approached in a rigorous way to identify andaddress any vulnerability identified. Practical experience showsthat it is essential that any steps taken must be derived from thebusiness requirements for the network to ensure any securitymeasures taken are both appropriate and proportionate to thethreat posed. Therefore the main problem to be addressed inachieving an acceptable solution is to create a complete systemthat is designed, implemented and managed against a knownsecurity policy. This paper examines the various threats to awireless LAN system and indicates the nature of the precautionsthat can and should be taken to address them. In practise this willalways come down to the specific network usage scenario, sincethere is little point in making investments that are out ofproportion to the realisation of a given threat.

The Challenges of usingwireless LAN

5

How the technology works

A wireless LAN is created by using special radio based networkadaptors that enable communications links to be establishedbetween two or more pieces of equipment. Due to its very nature,the use of radio as a transmission medium means that a networkcan be created simply by bringing a piece of such equipmentwithin close proximity of another one. As described below, thisenables a number of interesting network configurations to beeasily created. Unfortunately this simplicity is also the source ofone of the major concerns with wireless networking, since anyonecan potentially join, or intercept the traffic flowing over, a networkjust by being within range.

Typical network configurations

Wireless LAN devices may associate in a variety of ways and it isimportant to appreciate how these operate. The three most

commonly found operating modes are shown in Figure 1 toFigure 3. These are generally selectable options when configuring anetwork, in that the same pieces of equipment can be separatelyconfigured to operate in any of these modes. Unfortunately in thecase of a poorly designed or managed network, they can also occurby accident simply by switching equipment on. For example,modern operating systems, such as Windows XP, can automaticallydetect the presence of a wireless network adaptor and will startsearching for other devices and networks to connect with throughit. This is not a specific weakness of wireless networking per se,rather a consequence of using a network enabled operating system.

a) Ad-hoc mode (Figure 1) allows a loose association betweenwireless enabled devices within a light-weight network managementstructure. It is very useful for sharing files and resources, such asdisk drives and printers, by quickly enabling a device to connect toone or more other similarly configured devices.

Figure 1: Ad-hoc Mode.

2. Overview of Wireless LAN

configured in this mode by default. Access points in root modecan also communicate over the wired segment to coordinateroaming and handover to a basic level of re-association, enablinga limited number of client devices to move within a given area andstill remain operational on the network.

c) Bridge mode is shown in (Figure 3). In contrast with ad hocmode and infrastructure mode, bridge mode is really a methodof extending a network infrastructure over a geographic area.It involves two or more access points forming a point-to-pointor point-to-multipoint wireless link. From a practical point ofview, a wireless bridge is a half-duplex device capable of layertwo wireless connectivity only and may be used in several modes:root and non-root, access point and repeater modes.

6

b) Infrastructure mode (Figure 2) is probably the most commonlyused and often thought about mode of operation for wirelessLAN. In this case, one or more individual mobile devices connectto a special device known as a wireless access point; usually morecommonly known simply as an “access point”. When operating inthis mode a client device can connect to any other client device onthe network, whether it is wired or wireless, via the access point.

As shown in the diagram, a complete network typically consists ofa wired network backbone and one or more access points. Thiswill usually be overlaid with a management system to control useraccess and provide other administrative features.

Infrastructure mode (Figure 2) is also referred to as “Root” mode.This exists when an access point is attached to a wired networkbackbone through its wired interface. Most access points come

Figure 2: Infrastructure Mode.

7

Figure 3: Bridge Mode.

802.11a, 802.11b and 802.11g although there are several moreunder development. Perhaps the key differences between 802.11a, b and g, are the data rates offered and the radio frequenciesused. These determine the compatibility between equipmentbased on there standards. The 802.11b and 802.11g technologiesoperate in the 2.4GHz ISM frequency band, whereas the 802.11atechnology operates in the 5GHz UNII band. These are all licenceexempt frequencies and as a result are shared with other forms ofradio technology, such as Bluetooth and microwave ovens in the2.4GHz ISM band. This means that for a network envisaged forserious use, radio frequency environment assessment andplanning are essential to minimise interference from otherlegitimate users of this frequency range.

The second key difference between the three specificationsconcerns the maximum bit rate for transmission that the differenttechnologies can offer. While 802.11b can offer a theoreticalmaximum data rate of 11Mbps, 802.11a and 802.11g can offerup to 54Mbps. However, just as with fixed Ethernet networks,experience shows that the effective maximum end user databandwidths available are typically considerably less than theheadline rates due to bandwidth access contention. Practically,the effective data transfer rates observed will often be half thehighest instantaneous bit rate figure cited above. The impact ofa specific office construction or building layout can also furtherdegrade the effective network performance. In practise it istherefore found that wireless LANs can realistically achieve 6-8Mbps for 802.11b, 30-35Mbps for 802.11a and 25-30Mbps for

In Root mode a root bridge is formed between access points, towhich a non-root bridge may also be attached (point-to-multipoint). Access point mode allows the bridge to act as anaccess point in addition to providing a network bridging function.While in Repeater mode, an access point is positioned as a bridgebetween two other bridges. This enables the overall transmissionlink to be extended, albeit with reduced throughput, and soexpands the geographical reach of the whole network.

Types of wireless LAN (Radio Frequencies and Standards)

Wireless LAN technologies are constantly evolving. So choosingequipment based on the right standards to meet currentrequirements, while ensuring that the solution does not precludefuture developments, is an essential ingredient of a good design.

Standards for wireless LAN equipment are now well established bythe Institute of Electrical and Electronics Engineers (IEEE), who setthe specifications for other forms of networking in common use,and are promoted globally to ensure vendor interoperability andbackward compatibility where possible. For wireless LAN, the mainspecifications are documented in the IEEE 802 series of standards.IEEE wireless LAN specifications are also backed by the Wi-FiAlliance. This is a non-profit international association formed in1999 and exists to certify interoperability of wireless Local AreaNetwork products based on the 802.11 specifications.

There are currently three main wireless LAN standards from theIEEE that define the Radio Frequencies and data rates available:

8

802.11g. Since these are all wireless technologies, the figuresquoted are all inherently dependent upon low levels ofinterference and the size of the data packets. Additionally,co-located 802.11b and 802.11g systems can interfere and soreduce the effective end user bandwidth even more. Even so,wireless LANs should easily be able to out perform dial-up modemlinks, ISDN and third generation mobile network services.

The final key difference between these specifications concernscompatibility of the various technologies involved. Equipmentbased on 802.11g is backward compatible with 802.11bequipment as well as being commonly available and comparablein cost. Unfortunately the 802.11a standard is not compatiblewith either 802.11b or 802.11g and currently is more expensive.However devices supporting all three specifications are currentlyavailable at a similar price to 802.11a only devices.

Planning and security policy

As with many things in life, planning a wireless LAN can make allthe difference for achieving acceptable network performance.One important aspect of this concerns the establishment of acomprehensive security policy that embraces the wireless LANelement. This is critical to achieving an effective security solutionand the associated benefits it can bring. It should include ageneral policy, addressing risk assessment, impact analysis andsecurity auditing and certain functional policies, coveringguidelines and baseline practices, design and implementationtechniques as well as monitoring and response procedures. Inparticular, a well-designed security policy should address fourcommon oversights responsible for most insecure deployments:

• Incomplete understanding of new technology

• Misplaced faith in perceived complexity of realising a threat

• Reliance on manufacturers default equipment configurations

• Poor placement of wireless within an established networkframework

Addressing these aspects will bring transparency to the designwith further benefits of helping simplify everyday managementand administration.

Security standards compliance

Corporate security policies typically need to demonstratecompliance with a spectrum of legal, regulatory and businessrequirements. Various groups and bodies are involved indefining these and establishing the benchmarks for industrybest practise, including:

• International Standards Organisation (ISO)

• National Institute of Standards and Technology (NIST)

The ISO standard ISO17799 (or BS7799) is the most widelyrecognised worldwide security management framework standard.Developing and operating a security management system incompliance with this specification is an increasingly essentialrequirement for most organisations.

NIST issue Federal Information Protection Standards (FIPS) thatgenerally apply within the USA but are also common within thefinance community. FIPS 140-2 is the US standard for validationtesting of security encryption products. Accreditation is highlysought after and mandatory for many institutions. Certifiedproducts in this category provide encryption solutions for point-to-point security compliant with the requirements of FIPS 140.

9

Why are Wireless LAN’s insecure?

Wireless LANs are insecure for two main reasons: the inherentnature of the radio medium and inadequate security measuresresulting from poorly specified standards to protect against thetypes of threat previously described.

The very nature of radio waves means that any radio basedcommunications system will emit signals into the widerenvironment, not just into the desired area. For example, in thecase shown in Figure 4, the emission of radio waves from awireless LAN system can leak beyond the immediate environmentbeing served in a building. While this can afford a high degree offlexibility in terms of being able to maintain communications whilemoving around, it also means that signals may be detected,originated or disrupted by the actions of a third party – whetheraccidental or malicious. Steps therefore need to be taken to bothminimise the emission of signals outside of the served area andalso protect against the consequences of it happening.

It can be relatively easy to interfere with any wireless communicationssystem. For example, a higher power transmitter can block signalsand so disrupt communications. Since wireless LANs operate infrequency bands that do not require specific authority to use, theyoccasionally have to compete with other local sources of radio wavesoperating in the same band, such as microwave ovens, Bluetoothdevices, scientific or medical equipment. Other forms of interferencemay also come from wideband noise sources such as florescentlighting. Irrespective of whether an interference source is deliberateor accidental, the impact can either degrade performance or renderwireless LAN devices unusable.

Fortunately to mitigate the potential impact of interference,a range of transmission techniques can be employed. WirelessLAN technology based on 802.11 series specifications employspread spectrum techniques to provide resistance to the typesof interference previously described. Early implementationsof 802.11 used either Frequency Hopping Spread Spectrum(FHSS) or Direct Sequence Spread Spectrum (DSSS).

Figure 4: Conceptual view of radio frequency leakage from an access point in a building.

3. Security concerns

10

With the introduction of later versions of the standards, including802.11 a/b/g, FHSS was deprecated in favour of the moreadvanced DSSS techniques. 802.11b introduced ComplementaryCode Keying (CCK), to support the faster 11 & 5.5 Mbps datarates while maintaining compatibility with the Quadrature PhaseShift Keying (QPSK) technique operating at 2Mbps and BinaryPhase Shift Keying (BPSK) operating at 1Mbps. 802.11gintroduced QPSK to support data rates up to 54Mbps in additionto the 802.11 and 802.11b data rates of 11, 5.5, 2 and 1Mbps.802.11a only uses QPSK to support data rates from 6 to 54 Mbps.

However, while the technologies described above address thepotential problems of radio disruption and interference, they areonly concerned with achieving reliable and efficient transmissionand have no inherent security features. More specifically, theyprovide no form of confidentiality or integrity protection for thedata carried; nor do they do anything about authenticating eitherthe data or the identities of the person or device sending andreceiving it. Mechanisms are therefore required to authenticateusers and devices, provide a means for establishing informationconfidentiality and guaranteeing non-repudiation ofcommunications.

The vulnerabilities of Wireless LANs

To enable quick and easy wireless LAN deployment, vendors tendto ship wireless LAN devices with security features disabled orweakened through the use of well-known default settings.Wireless LANs are therefore increasingly becoming targets forhackers, intent on destroying or gaining access to corporateinformation resources. The world-wide availability of wireless LANand its increasing inclusion as a standard component in laptopsand PDAs has further heightened the interest of the hackercommunity. Unfortunately, there are many security vulnerabilitiesat every layer of the basic security model that a hacker may seekto exploit in a wireless LAN. These vulnerabilities can be exploitedby a number of categories of network attack including:

• Passive attacks

• Active attacks

• Jamming attacks

• Deception attacks

Passive attacks include eavesdropping and sniffing the traffic carriedon the wireless LAN in order that information can be extracted.In contrast, active attacks involve connecting, probing andreconfiguring the network to enable it to be misused, not justrelying on extracting the information exchanged by legitimate users.

Jamming attacks are intended to prevent access to networkresources. These forms of Denial of Service (DoS) attacks can beeither focussed on an individual user, a specific network service,such as web browsing or email, or more generally against thewhole network.

Deception based attacks involve the introduction of unauthoriseddevices, such as rogue access points (as in the “Evil Twin” attack)and duplicate clients, on the network.

These types of attack can often be combined resulting in, forexample the “man-in-the-middle” attack where an attacker can gaininformation about a network by pretending to be an access pointwhile providing an onward connection to the legitimate network.

Finding networks to attack

Simply driving around looking for insecure wireless LANs toattack, an activity known as “War Driving”, has been growing inpopularity within the UK and other countries. Furthermore, theequipment required to participate in this “hobby” is relativelyinexpensive – even though its use will most likely expose its userto falling foul of the computer mis-use act! For example a cheaphomemade long distance antenna can be made using a “Pringles”tube as shown in Figure 5. This can extend the normal wirelessLAN range to several hundreds of metres, bringing other people’swireless LANs in range of a hacker’s equipment. In addition,several Internet web sites have appeared documenting all thefreely available wireless connections nationwide as well as offeringproducts to download, which could facilitate successful wirelessLAN hacking.

11

Typically once a vulnerable wireless LAN has been identified, themajority of hackers may be satisfied with the simple theft ofnetwork resources, such as Internet access. However those with amore malicious intent may also attempt to gain access to systemsand compromise any data held on them.

Breaking the network: for good and bad

Once a target network has been identified, a hacker will generallylook to exploit all basic network vulnerabilities they can find,including poor equipment planning and configuration or deficientoperating procedures. Simulated attacks arising from all theseaspects can and should all be brought to bear in organisedsecurity penetration testing when designing a network.Unfortunately, many networks are deployed without theseconsiderations being taken into account. As a consequence theyare simply left wide open with no basic security in place, offeringan easy target for an attacker. However it is quite easy to takesome simple precautions and so reduce the risk of an attack.Some of these are discussed later in this paper, including the useof Wired Equivalent Privacy (WEP), Medium Access Control (MAC)filtering, closed Extended Service Set IDs (ESSID), protocolfiltering and tight control of access point management interfaces.

However, even an inexperienced hacker can bypass theseprecautions relatively easily if they have access to appropriatetools. WEP can be cracked quickly and efficiently with a numberof methods, including the common FMS attack – a key recoverymethodology named after its discoverers. Although the TemporalKey Integrity Protocol (TKIP) addresses some of WEP’sweaknesses and has been adopted as part of the standard Wi-FiProtected Access (WPA), it too is now a target of current interestfor hacker communities; highlighting the need for networks to becontinually monitored and managed.

Other current hacking techniques can often be based on simpledeception rather than brute force. These include deploying rogueaccess points to spoof a genuine network, as in the “Evil Twin”attack, and using variations on the “man-in-the-middle attack”.By positioning themselves between two wireless hosts, a hackercan initiate a range of attacks including connection hijacking andtraffic injection which become far easier and can be performedeither at the physical layer (Layer 1) or a combination of Layer1 and 2 (data link layer).

Figure 5:Homemade directionalhigh-gain Yagi antenna (© BBC).

12

By definition, a secured network should present greaterproblems for a skilled attacker. Typically this will employ802.1x authentication systems and higher layer (Layer 3 or 4)virtual private networks (VPNs) to secure communications.WPA and LEAP offer 802.1x solutions but even some of thesehurdles can be overcome by brute force, employing enhanceddictionary attacks on password-based systems such as CiscoEAP-LEAP or using a number of other now commonly availabletools. However it must be emphasised that the managementtools for wireless LANs are rapidly developing. These enablesuch attempts to access networks to be increasingly easy todetect and those caught would find it difficult to justify theiractions as unintentional!

A VPN is a private connection over a shared or public network,which allows an organisation to secure its data in a potentiallyhostile environment. VPN attacks are usually directed at the mostcommon protocols such as point-to-point tunnelling protocol(PPTP) or IPsec and really require a thorough understanding ofhow IPsec works and how to exploit known security loopholes.

Ultimately however, a malicious attacker may, if all else fails,simply resort to a Denial of Service (DoS) attack. These arecurrently becoming increasingly more sophisticated, even againstthe new security standard (802.11i) implementations. Theycommonly use frame flooding or deletions, buffer overflowtechniques and creation of premature acknowledgements.This can be achieved by sending failure, disassociation,de-authentication messages or just plain malformed frames.

In summary, wireless LANs are clearly vulnerable to a numberof different types of common attack including:

• Eavesdropping/data monitoring

• Unauthorised use of service, such as Internet access

• Denial of Service attacks including Radio Frequency jamming

• Rogue access points

• MAC spoofing

• Session hijacking

• Client vulnerability

The vulnerabilities must be understood and addressed at eachlevel, specifically by employing and maintaining a rigoroussecurity policy that embraces both the wired and wireless networkinfrastructure. A full understanding of the technology, and itsvulnerabilities, is required to help the system evolve and adapt toa changing but potentially hostile environment. A reliance on theapparent complexity of the system or its default configurationswould underestimate the possible threat and be insufficient todeter an appropriately equipped intruder. A professional designand implementation of wireless in your network is thereforeessential to optimise its value and defend against compromise.

Ultimately however, it cannot be over stated that security is nota “design and forget” issue. Any wireless LAN system cannotsimply be installed and left, since the environment is continuallychanging. It is therefore imperative that networks, whetherplanned wireless LANs or fixed networks, be continuouslymonitored for attacks and potential intrusions. It is also importantto regularly test for network for vulnerabilities, including checkingthe activities of all those with access to the network and itsequipment. Above all there should be a plan for what to do whenan attack is identified. Combined with sensible network“housekeeping”, including ensuring the latest software patchesand security updates are applied to all equipment, andmaintenance of a comprehensive security policy, should ensurethe considerable benefits of wireless LAN can be retained.

13

There are several different security methods that can form part of awireless LAN solution. The specific choice should be dependentupon the assessment of both the threat posed and the exposed riskresulting if the network were to be compromised. Essentially,system strength comes from the depth of the solution employedand security in a wireless LAN solution can vary from ‘none’ to‘very complex’. A wireless LAN can be broadly described as beingone of three main types: Basic, Hardened and Secured, asdescribed using the model below (Figure 6). This section describesthe key methods currently available for each layer in the model.

Figure 6 Modular approach to security solution design(reference model)

A Basic (Insecure) wireless LAN is the equivalent of securing yourhouse by just shutting the doors. It uses the 802.11 standarditself and the manufacturers’ pre-configured security settings.It enables a wireless network to easily be established but lacksprotection against the various attacks previously discussed. Thismay be appropriate for some scenarios, but is unlikely to besufficient for all.

A Hardened wireless LAN represents the next degree ofprotection and is the equivalent of putting locks the doors andemploying a guard to challenge, request or check identification,of someone trying to enter your house. It uses Wired EquivalentPrivacy (WEP) and access controls such as the service set identifier(SSID) and access control lists (ACLs) working at the media accesscontrol (MAC) layer. Dedicated security protocols and standardssuch as 802.1x can be used to request authentication, restrictnetwork access and maintain data privacy by WEP key rotation.

It should employ a RADIUS server for centralised management andutilise one of the variety of Extensible Authentication Protocol (EAP)techniques to validate users. All management interfaces on networkcomponents, including access points, will also be under tightadministrative control to minimise the threat posed by a hackerreconfiguring network assets. Other ways to harden a wireless LANinclude use of the Temporal Key Integrity Protocol (TKIP), Wi-FiProtected Access (WPA – a collection of the aforementionedprotocols) as well as the new 802.11i standard. When combinedthese tools present a number of barriers to any potential intruder.

A Secured wireless LAN is used for the sort of confidential datathat large corporate companies deal with daily. Individual networkswould expect to be certified (e.g. by CESG or FIPS 140) and providepoint-to-point security such as VPN private connections over sharedor public networks with varying degrees of data encryption.

The architecture shown in Figure 6 allows a modular approach tosolution design where each layer may use an existing solution orbe designed specifically for each case. Among other things, thiscan allow integration with fixed network management elements.Current wisdom recommends that the most secure wireless LANoffering would use an IPsec overlay on top of a “hardened”configuration to mitigate potential security issues.

4.1 Basic Security Configurations

The security of a wireless LAN solution really needs to be consideredfrom the outset and not just included after the access points havebeen installed. It is important to perform an assessment for a networkthat determines the essential requirements it will have to meet, alongwith the identification of any potential security concerns. A vitalelement of this is a detailed site survey that establishes the natureof the RF environment in which the network will operate along withpreferred locations for individual access points.

RF Coverage

Correct RF coverage is important to ensure that the authorisedusers of the system are able to receive the service they require.The RF coverage pattern can be varied as required, using theappropriate RF power levels on the access points, to minimiseexcessive RF leakage and interference. Minimising the RF signalthat escapes from a building is the first line in helping to protectagainst attacks from outside and overlapping coverage zonesprovide resilience in case of access point failure.

Customer Protected Data

IP Secured Wireless LAN

Hardened Wireless LAN

Insecure Wireless LAN

4. Tools for WirelessLAN security

It is also important to consider other configuration aspects of theaccess point itself. Most Access points can be configured via anumber of different interfaces. An example is the Cisco 1200series access point, which can be configured via a console typeconnection, via a web browser interface (over either the Ethernetport or the Radio Interface), via Telnet or via SSH. Any interfacesthat are not used should be disabled where possible, particularlyfrom allowing wireless-side access. The administration usernamesand passwords must be changed from the defaults in line with agoverning security policy concerning passwords.

A further consideration is the physical security of the access point:against both theft and physical access. Theft includes stealing itsconfiguration settings (e.g. SNMP community strings) whilephysical access may allow an intruder to gain control of theconsole ports of the access point and thus to the whole network.

Where a security overlay system exists, filters can also beconfigured to secure the access point. For example, in a wirelessLAN solution that is using an IPsec VPN to secure traffic, there isno need to have the access point open to all traffic. It is possibleto configure the access point’s wireless interface with IP, UDP andEthertype filters that only allow through the required networktraffic such as IPsec VPN or DHCP traffic. MAC address filtering isalso possible but is not scalable and, since MAC addresses aretransmitted unencrypted in the wireless medium, easily spoofed.

Not all access points support the above security measures andavailability should be a consideration when planning to purchase awireless LAN solution. Buying lower specification equipment maysave on initial outlay but could prove embarrassing later.

4.2 Data Link (Layer 2) security methods

Security solutions at Layer 2 offer the next level of security in awireless solution. There are a whole raft of different solutions andmethods that can be used. This section of the paper describesmany of the available methods.

14

Access point security and configuration

At this first level of security, there are a number of configurationoptions that can be set on the access point itself. Wirelessnetworks have two basic methods of allowing a client to associatewith an access point and hence access the network; using theService Set Identifier (SSID) and using authentication, with orwithout a WEP key.

The SSID can be configured in one of two modes of operation.It can be broadcast in the clear or hidden (not broadcast). If it isbroadcast in the clear it means that any wireless LAN client canautomatically detect the SSID and associate with the access point.Turning SSID broadcast off stops this from happening and meansthat the client must be manually configured with the correct SSIDbefore it can associate with the access point. This method alsostops some wireless sniffing tools, such as Netstumbler, fromseeing the wireless LAN. However more advanced tools can stillsee the SSID as any client that associates with the access point willgive it away.

The SSID should always be changed from the manufacturersdefault setting. As a matter of precaution it should NOT be set toidentify the client company, location, department or function,since this could disclose information of potential use to a hacker.

The second method is authentication. In the basic 802.11 standardsauthentication may be Open or Shared Key. Open authenticationassumes that any associated client is authenticated and thereforeallows all clients to join the network. Open authentication can be usedin conjunction with a WEP key, in which case the client cannot joinunless its WEP key is correct. As discussed below, the WEP key is veryweak and therefore this mechanism offers little in the way of security.

Shared Key authentication requires a WEP key on the client andthe access point. The challenge is sent in plain text from the accesspoint and the WEP key encrypts the response. Therefore a snoopercan very easily determine the WEP key using a simple XORfunction, making the solution worse than Open authentication.

15

4.2.1 Wired Equivalent Privacy (WEP)

WEP is the method of data encryption specified in the 802.11standard and relies on a secret key that is shared between themobile stations. WEP can be static, where the key is not rotated,or dynamic, as implemented by 802.1x with use of extensibleauthentication protocol (EAP). It is expected that this approachwould be used in a typical medium to large enterprise environmentand supplemented with TKIP, to address some of WEP’sweaknesses (see next section).

The WEP key is used to encrypt data before it is transmitted andan integrity check is used to make sure that the data was notmodified during transit. The 802.11 standard does not specifyhow the shared key is established. In practice most systems usea single key that is shared between all mobile stations and accesspoints, which is a serious problem for a number of reasons. WEPcan employ either 40+24 bit or 104+24 bit encryption keys.

As its cryptographic basis, WEP uses the RC4 algorithm. Thisalgorithm, which is also used to secure web e-commerce transactions,is fundamentally sound but the way that it has been implemented inWEP makes it weak. In WEP, RC4 operates as a stream cipher. Astream cipher operates by expanding the encryption key sequenceinto an infinite pseudo-random key stream.

The sender XORs the key stream with the plain text to producecipher text. The receiver has the same key, and it XORs the keystream with the cipher text to recover the original plain text. Oneproblem with this approach is that if an attacker flips a bit incipher text then the corresponding bit of plain text is also flipped.If cipher text streams are encrypted with the same key streamstatistical analysis can recover the plain texts (specifically, theXOR of the two plaintexts). Then, if one plaintext is recovered,it becomes trivial to recover others.

WEP attempts to defend against this attack by implementing anIntegrity Check (IC) field in the packet. An Initialisation Vector(IV) is also employed to augment the shared secret key andproduce a different RC4 key for each packet. This value is alsoincluded in the packet header, in clear text.

The IV in WEP is 24 bits long. For busy base stations this impliesthe reuse of the same key streams over a reasonably short spaceof time. This reuse allows an attacker to gather two cipher textsencrypted with the same bit stream and perform statistical analysisto recover the plaintext. Worse, if different mobile stations use thesame key there are even more chances of such IV collisions.

Some wireless LAN cards reset the IV to zero each time the card isinitialised, and increment it by one as each packet is sent. If twocards of this type are initialised and used at about the same timethen there is a significant chance that they will transmit packetswith the same IV. Even worse, the 802.11 standard specifies thatchanging the IV with each packet is optional, making IV collisionseven more likely.

WEP also uses a 32-bit Cyclic Redundancy Check (CRC32)checksum as part of the encrypted payload. Unfortunately thenature of CRC32, which is an error detection rather than anintegrity checking mechanism, means that it is possible to modify apacket and to modify its check sum to make it appear to be valid.

A University of California at Berkeley paper found that when thesame IV is used with the same key on an encrypted packet (knownas an IV collision; referenced above), a hacker could capture thedata frames and derive information about the data as well as thenetwork. For more information, refer to the paper at:http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.

The cryptographic weaknesses of WEP combined with a lack ofWEP key management at wireless LAN base stations has led tothe rapid development of tools useful for hacking. NetStumbler3provides a wealth of wireless LAN related information andcracking tools such as AirSnort and WEPCrack can both be usedto crack WEP protected networks, almost in real time.

Improving WEP

Temporal Key Integrity Protocol (TKIP) is an upgrade to WEPthat fixes some of the known security problems in the WEPimplementation of the RC4 stream cipher. It uses dynamic keys todefeat the capture of passive keys and can be implemented viafirmware upgrades, with a small performance loss. It relies on astrong cryptographic hash function and message integrity check.

16

The Message Integrity Check (MIC), sometimes known as Michael,used in TKIP is an improvement that replaces the traditionalCRC-32-style integrity check vector (ICV). The aim is to counterforgery attacks. In this case, the MIC is sent for verification withthe data packet but is additional, therefore adding a significantnetwork overhead, and decreasing throughput.

Unfortunately due to the possibility of data collisions (where twoinput data strings can create the required single output), a newclass of attacks are possible called birthday attacks (or the Michaelattack). These are based on the classic birthday paradox where, fora 50% chance of one person in a room to share your birthday, 253people need to be present. However only 23 people are requiredfor a greater than 50% chance that two of them share a birthday,thus reducing the number of attempts before a match is found.

4.2.2 802.1x and EAP port based authentication

802.11 standards have several major security problems, notablyin WEP key management and user/access point authenticationas discussed above. The 802.1x port authentication standard aimsto resolve some of the issues surrounding the poor authenticationmechanisms in 802.11 and the use of WEP. However it is worthnoting that 802.1x is NOT a member of the 802.11 wirelessstandards family of data networking standards. Rather it is anintegral part of the wider 802 series specifications themselves.

With standard 802.11, there is no authentication of the user orany mutual authentication between the user and the access pointinvolved. As described previously, the basic security features ofWEP and the SSID can be easily obtained, using several readilyavailable tools from the Internet, allowing association with thewireless access point and potentially full network access.

The key issues with WEP are:

• No authentication on a per packet basis to identify packetsource.

• No user identification, authentication and authorisation.

• No support for extended authentication mechanisms suchas certificates or smart cards.

• WEP key management problems and inherent weakness.

The 802.1x standard addresses these by adding another layer ofsecurity and authenticating the user and/or client device that istrying to associate with the access point. The protocol uses portbased network access and the Extensible AuthenticationProtocol (EAP) to provide mutually authenticated network access,allowing per-user/per-session information to be sent.

The 802.1x standard using EAP allows for the use of a number ofdifferent layer 2 authentication methods. Originally, EAP wasdesigned as a flexible authentication method for PPP links, allowingthe PPP server to authenticate the client. EAP has been adapted foruse in the wireless LAN environment and allows an authenticationmessage exchange between wireless client and authenticationserver, usually RADIUS. It is worth remembering that 802.1x andEAP are two separate protocols, combining into one networkingsolution. The 802.1x part provides port based access control andthe EAP part provides the authentication method.

802.1x is now supported in Windows XP and there are a variety ofEAP authentication types, such as: EAP MD5, EAP-TLS (TransportLevel Security), EAP-TTLS (Tunnelled Transport Level Security),Cisco LEAP (Lightweight EAP), PEAP (Protected EAP), EAP-FAST(Flexible Authentication Secure Tunnel) and EAP-SIM (SubscriberIdentity Module).

A brief summary of the operation of 802.1x

The 802.1x authentication method for wireless LANs consistsof three main components: the supplicant (usually the clientsoftware), the authenticator (usually the access point) and theauthentication server (usually a RADIUS server)

The 802.1x protocol is considered ‘port based’ because it usesthe concept of two logical network ports, a ‘controlled’ and‘uncontrolled port’ for the purposes of authentication,authorisation and accessing network resources.

When the client tries to connect to the access point, the accesspoint detects the client and enables the client’s port. It forcesthe clients’ network port into an unauthorised state allowing onlyEAP traffic through the uncontrolled port. The EAP traffic isencapsulated using the EAPOL (EAP over LAN) protocol. Thewireless access point allows the EAP packets to pass through theuncontrolled port to the authentication server. Once the client hasbeen authenticated the access point then sets the clients networkport into an authorised state and the client is able to access

17

network resources over the controlled port. This logical dual portsystem is illustrated in Figure 7.

Data gathering may be used to attack the network and adictionary based decryption engine may produce plain text afterthe event. However, there are more serious problems. An earlypaper by Mishra and Arbaugh from the University of Maryland(http://www.cs.umd.edu/~waa/1.x.pdf) demonstrated that the802.1x standard, at the heart of the security extensions to WEP(the Robust Secure Network or RSN), has serious flaws when it isused in a wireless LAN. In particular, it is vulnerable to two majorsecurity problems:

• The “Man in the Middle” attack

• Session hijacking (which causes a host that has beenlegitimately authenticated on to the network to be thrownoff, and the attacker to take its place)

Mishra and Arbaugh propose a number of changes to the 802.11and 802.1x standards to prevent these attacks. These solutionsare per-packet integrity and authenticity of 802.11 data andmanagement frames, authenticity and integrity for 802.1xmessages and a scalable, symmetric authentication architecturefor the RSN framework.

Using 802.1x and EAP allows for a number of differentauthentication methods, these are as follows:

EAP-MD5

This was the first authentication type created for 802.1x but israrely used as it has three main security issues when used in awireless LAN: one-way authentication (only for the supplicant),challenge passwords (which can be obtained by eavesdropping)and no per-session WEP keys (allowing eavesdropping directlyafter authentication). Despite this it provides a base-level EAPsupport amongst 802.1x devices.

EAP-TLS

EAP-Transport Level Security (TLS) authentication was developedby Microsoft (hence present in Windows XP) and standardised bythe Internet Engineering Task Force (IETF). It is dependent on theSecure Socket Layer (SSL) protocol using certificates on bothclient and server side and is therefore suitable for organisationsthat want to deploy a Public Key Infrastructure (PKI). It usesSSL with digital certificates and signatures to provide mutualauthentication (client machine and access point) and a secure(encrypted) channel for the wireless as well as negotiation ofthe encryption method and secured private key exchange.

Figure 7: The 802.1x process.

LAN PortSupplicant (Client)

Authenticatore.g Cisco Switchor wireless access point

Authentication Service

Radius

NetworkServices

Uncontrolled Port

Controlled Port

Port authorised

Port unauthorised

EAP

18

EAP-TTLS

The EAP-Tunnelled Transport Level Security (TTLS) protocol is avariation of the EAP-TLS protocol and was jointly developed byFunk Software and Certicom. EAP-TTLS was designed to offerthe security available with EAP-TLS but in an easier to managepackage. It does not require the client (supplicant) side certificatefor authentication; it only requires the server side certificate. Theclient still needs to know the server certificate in order to createthe secure tunnel. This certificate is typically delivered as partof the client software installation and configuration. However,a problem exists if the server certificate is compromised throughequipment loss or data theft from a legitimate client device. Thismay lead to a situation where all certificates have to be revokedand new ones issued.

EAP-TTLS uses two stages for the complete authenticationprocess. The first of these stages uses the server side certificate tocreate a TLS tunnel between the client and server. Once thistunnel is established the secure exchange of user credential cantake place to authenticate the user. It is worth noting that awhole range of different authentication methods can be used forauthenticating the user, such as tokens, certificates or passwords.

EAP-TTLS works in a very similar method to PEAP although thekey differences between PEAP and EAP-TTLS are not in the waythey operate. PEAP has been developed by Microsoft, Cisco andRSA and EAP-TTLS has been developed buy Funk Software andCerticom. Support for PEAP authentication is now included inthe Windows XP operating system whereas EAP-TTLS requiresa separate client. Both methods provide the same solution andsecurity through mutual authentication and then make use ofWEP for encryption. It is really down to user or administratorpreference as to which should be used, bearing in mindcost implications.

Cisco Lightweight EAP (Cisco LEAP)

Several wireless LAN vendors have taken steps to address theweaknesses of WEP. A good example are the LEAP extensionsin 802.1x proposed by Cisco, which makes WEP key generationmuch more dynamic. The LEAP 802.1x implementationis a Cisco proprietary authentication protocol. LEAP wasdeveloped to offer mutual authentication between a client andRADIUS server and offers support for per user and per sessionWEP keys as well as centralised key management.

However, while this is effective at preventing real time decryptionof wireless LAN transmissions, the data is still secured using WEPand it therefore potentially has all the same vulnerabilities.

Cisco LEAP was initially developed as a security method for Ciscowireless client cards and access points. It can now also be used onoperating systems that do not natively support any 802.1xmethods and is now supported by many non-Cisco wireless cards(with Cisco Extensions, or CCX compliant) and access points.

Cisco LEAP does not require a PKI infrastructure in contrast toEAP-TLS. Instead it uses a unique username and password toperform the mutual authentication. So from a configurationperspective LEAP can be easier to implement than an EAP-TLSsolution. A summary of LEAP authentication is as follows:

The wireless client needs to be authenticated by a RADIUS server,and can only transmit EAP traffic until it is authenticated. Theaccess point forwards these EAP messages onto the RADIUS serverfor authentication. During mutual authentication between the clientand the RADIUS server a dynamic WEP key is derived at the clientand at the RADIUS server. The RADIUS server sends the dynamicWEP key to the access point via a secure channel. After the accesspoint receives the key, regular network traffic forwarding is enabledat the access point for the authenticated client.

Cisco LEAP is by no means the complete answer to the wirelessLAN security problems and it is susceptible to offline dictionaryattacks. A tool called ‘asLEAP’ can perform a dictionary attackagainst LEAP passwords and is able to crack LEAP passwords inunder a minute (dependent upon the strength of the password).(The Unix/Linux/BSD version can de-authenticate the client,capture the re-authentication packets and typically crack manyweak implementations in less than a minute on a 486-66MHz PC.The Windows version takes almost 5 minutes to complete thesame task using a P4-2.8GHz PC). The username is also sent inclear text so the username and password can be derived easily.In fact LEAP cannot mitigate an offline dictionary attack using‘asLEAP’ and as a result, LEAP should be seen as another levelof security but not a complete solution.

19

Protected EAP (PEAP)

Protected EAP (PEAP) is an EAP-TLS based standard that has beenput into place by Microsoft, Cisco and RSA Security and becamean IETF draft. PEAP is essentially similar to EAP-TTLS in that ituses two distinct stages in its authentication process and alsonegates the need for a full PKI infrastructure as required by EAP-TLS. PEAP only requires a server side certificate to be configuredat the authentication server, usually via RADIUS.

The first of the two stages in PEAP authentication uses TLS tocreate a tunnel between client and server. This is then used toauthenticate the authentication server to the client using a digitalcertificate. Once this authentication has taken place and a tunnelhas been established an exchange of EAP messages takes placethrough it. This exchange authenticates the user and delivers theWEP key to the client, allowing encrypted data flowto take place.

The benefit of the PEAP method is similar to that of EAP-TTLS,in that the user credentials are fully protected. PEAP also has thebenefit that it is supported by Cisco access points, Client Cardsand RADIUS server products and it is also built into Windows XPand Windows Server 2003 products. Many other manufacturersof wireless products are also starting to offer PEAP support.

There are two different versions of PEAP currently supported,PEAP-EAP-MS-CHAPv2 and PEAP-EAP-TLS. The TLS variant requiresserver and client side certificates, which means that a PKIinfrastructure is required. The MS-CHAPv2 variant allows for the useof either certificate or password authentication on the client side.

EAP-FAST

EAP-Flexible Authentication via Secure Tunnel (FAST) is a newCisco proprietary solution claimed to be “as secure as PEAP and aseasy as LEAP”. While the use of symmetric cryptography makesauthentication faster from a theoretical point of view, thisimprovement may make little difference in practise since thisaspect is usually processed in the order of milliseconds in any case.

So why use this? EAP-FAST is designed to speed re-authenticationwhen a station roams from one access point to another. Repeating anEAP-TLS or PEAP authentication requires public key cryptography andmany messages exchanged between the station and server. Thistakes a few seconds when stations roam and must authenticatethemselves again. That delay might not be a problem for transaction-based applications, or even session-based applications that cansurvive lost packets, however, applications like voice over IP reallyrequire less than 30 milliseconds of latency and it is here thatEAP-FAST may be of real value.

EAP-SIM

EAP-SIM (GSM) is a mechanism for Mobile IP network accessauthentication and registration key generation using the GSMsubscriber identity module (SIM). By using SIM key exchange, noother preconfigured security association besides the SIM card isrequired on the mobile node. GSM technology does not have tobe used and the idea is to just use GSM SIM authorisation withMobile IP over wireless LANs. The market is not mature yet butthis could prove to be a very useful technology in the future.

Summary of 802.1x methods

There are many different 802.1x based authentication methods,each offering differing levels of security, the strongest of thesebeing EAP-TTLS and PEAP. Perhaps the main drawback is that theyall still rely the RC4 cipher and use WEP, Dynamic WEP or makeuse of the TKIP key rotation method for use with an encryptionalgorithm for encryption. Dynamic WEP and TKIP provide a betterlevel of security than using static WEP keys, but they are still usingthe flawed RC4 cipher mechanism. Using 802.1x security methodsin the wireless LAN environment should therefore only beconsidered as layer 2 pre-authentication mechanisms and not torely on them to provide encryption of data.

20

4.2.3 Wi-Fi Protected Access (WPA) V1.x

Wi-Fi Protected Access (WPA) was developed to provide an interimsecurity solution whilst the 802.11i standard was still in draftformat and its associated methods were not widely adopted. The802.11i standard has now been agreed, published and specifiesthe use of the AES (Advanced Encryption Standard), which isconsidered cryptographically secure for the next 10+ years atpresent. In contrast WPA still uses RC4. The Wi-Fi Alliance will call802.11i interoperability WPA version 2. However, at the start of2005 there were few products that have been fully certified.

How WPA works

Wi-Fi Protected Access (WPA) is a standards-based, interoperablesecurity enhancement that improves the level of data protectionand access control for existing and future wireless LAN systems.It is derived from and will be forward compatible with theupcoming 802.11i standard. WPA leverages Temporal KeyIntegrity Protocol (TKIP) for data protection and 802.1x forauthenticated key management. WPA supports two mutuallyexclusive key management types, WPA and WPA-Pre-sharedkey (WPA-PSK).

802.1x EAP authentication method

EAP-MD5 LEAP EAP-TLS PEAP EAP-TTLS EAP-FAST

Client Certificate No No Yes No No No

Server Certificate No No Yes Yes Yes No

Client Passwordauthentication

Yes Yes No (not required) Yes Yes Yes

User credential Medium Mediumsecurity Weak (depends on Strong Strong Strong (depends on

password strength) password strength)

Dynamic keyexchange No Yes Yes Yes Yes Yes

MutualAuthentication No Yes Yes Yes Yes Yes

User Identityprotection No No No Yes Yes Yes

Table 1 below summarises each of the 802.1x based authentication methods.

Table 1: EAP authentication methods summary.

21

WPA with key management

When using WPA with a key management method, such as aRADIUS server, the clients and the authentication serverauthenticate to each other using an EAP authentication method.The client and server generate a pair-wise master key (PMK).Using WPA, the server generates the PMK dynamically and passesit to the access point. The PMK is then used to generate thesession keys used with WEP’s RC4 encryption to encode the data.

WPA-PSK (Pre- shared key)

Using WPA-PSK a pre-shared key is configured on both the clientand access point. This pre-shared key is used as the PMK. It isrecommended that this key is over 20 characters in length andfollows proper password guidelines in order to minimise riskagainst dictionary attacks.

This use of WPA-PSK is useful when there are only a small numberof users and hence not many keys to manage. WPA-PSK wouldnot be recommended as the only security solution in an enterpriseenvironment. It would be used to provide layer 2 authenticationwith an IPsec VPN overlay to fully secure the wireless LAN traffic.

Summary of WPA

For the moment WPA provides a stronger level of security thanWEP but is vulnerable to the same attacks as its constituentprotocols. There is also a weak password problem with WPA-PSKand it is recommended that passwords should follow strongpassword guidelines and be over 20 characters in length.

WPA is not difficult to configure in its basic pre-shared key modeon either the access point or the client; it is no more difficult thanconfiguring a static WEP key. However, there is a potentialdifficulty in finding out whether the client operating system needsthe relevant upgrades or if the wireless LAN card being usedsupports WPA. This is a big problem in the corporate environmentwhere many different types of PC, Operating system and clientcard could be available.

If a WPA solution is to be proposed for layer 2 authenticationthen it is essential that the client machine software and hardwaresupport WPA. It is also worth noting that using WPA in thepre-shared key method requires the key to be entered on allaccess points and clients. In a large deployment this wouldbe a significant operational task.

The more sensible option would therefore be to use WPA witha key management solution. This would reduce the overheadof managing keys and also remove the security issue of loosinga WPA client, or access point, and having the WPA keypotentially compromised.

In summary, WPA is considered the best current real-worldsolution despite its supposed current theoretical flaws.

4.3 IP Layer Security Solutions

Cryptographic Virtual Private Networks

Virtual private networks (VPNs) have replaced dedicated,expensive leased lines for linking LANs with secure connections.They typically employ some form of encapsulation (tunnelling)along with user authentication, data integrity checks and dataencryption. Operating a VPN ensures data security over anunsecured wireless network segment and will run at layer 3, 4.For extra security it can be combined with layer 2 for a strongsecurity solution.

Connections are either remote access or peer-to-peer (router-to-router) and can employ a variety of protocols including point-to-point tunnelling protocol (PPTP), Layer 2 Forwarding/TunnellingProtocol (L2TP) and IP Security (IPsec) – a series of IETF definedstandards. In software, Secure Shell (SSH2) provides acryptographically secure TCP/IP tunnel with authenticationmitigating against eavesdropping, man-in-the-middle andinsertion/replay attacks.

The main disadvantages of VPNs are that they often requireadditional client software and network hardware. ThoughWindows now comes with support for IPsec, PPTP and L2TP,not all VPN concentrators support the same set of functions.IP VPNs have poor support for subnet roaming across routers.However either Mobile IP or SSL VPN could be employed hereto address this.

They do provide the strongest solution to wireless LAN securitybeing based on protocols and mechanisms that have been triedand tested over many years.

22

Segmentation devices

The wireless network should be trusted to the same extent at thepublic Internet and designed with this consideration in mind.Design segmentation is seen as an effective method of addressingthis concern. Segmentation means increasing security by keepingthe access points separate from the backbone network by asecurity device. There are several devices and methods that canbe used. It is important that the network design also includes anappropriate level of redundancy and avoids a single point offailure. In practice this means that there will be single or, morelikely, multiple points of connection with several networks overlaidas shown in Figure 8.

4.4 Additional Security Methods

There are other useful approaches to security, which can formpart of an overall solution, such as intrusion detection systems(IDS), thin clients, authenticated DHCP services, distributed agentsoftware and traffic base-lining techniques. Some of these havebeen specifically created or modified to address the wirelessLAN environment.

IDS tools inspect inbound/outbound traffic and, if an attack isdetected, evaluate the situation and signal alarms to amanagement station. Thin clients may allow efficient andcost-effective networking with reduced security risk.

Figure 8: points of connection in a network design.

Wireless backbone

Point of Connection Internet

Wired backbone

23

Static IP addresses can provide further security but usingauthenticated DHCP allows a greater level of trust between serverand client, mitigating DoS attacks, hijacking and theft of service.Traffic base lining may be used for reference, performance orsecurity by analysing selected network segments over time. Honeypots and honey-nets are becoming an increasingly popular securitymethod by providing diversionary targets to deflect an attacker.

The key features of most successful highly rigorous solutions include:24x7 centralised skilled monitoring/vigilance, professional securityaudits, accurate/timely reporting and security spot-checking.

Wireless Intrusion Detection Systems

Wireless intrusion detection systems (WIDS) are now appearingto compliment their traditional wired counterparts. These aredesigned specifically for the wireless network environmentand provide more than the minimal security of a wired solutionin the wireless environment, addressing vulnerabilities thatwould otherwise be missed such as man-in-the-middle attacks,hi-jacking, jamming and rogue elements such as “Evil Twins”.Wireless-based IDS products should search a wireless LAN forvulnerabilities, detect and respond to intruders and help manage awireless LAN. They differ from firewalls, which just monitor or stopintrusions, by also evaluating the situation and signalling an alarmwhen an intruder is detected. As part of a WIDS, sensors aretherefore employed that operate near access points or are evenpart of the access point firmware itself. These sensors monitortraffic 24x7 and report to a central monitoring server. WIDSsystems are usually of two types:

Signature based systems are most common and easiest tobypass as they rely on comparisons between known attacks calledattack signatures.

Knowledge based systems monitor and analyse, flaggingsuspicious network events (a.k.a. behaviour-based or statisticalsystems). Comprehensive network base lining is required for thesesince the main problems lie with detecting false positives, wherealarms are raised due to policy or boundary violations by legitimateoperations within the network.

A fully featured WIDS system should ideally have features of boththe above approaches. It should also provide continuous real-timemonitoring using automated analysis to reduce “false-positives”and isolate real attacks.

Key features should include:

• Network-based vs. host-based monitoring

• Passive vs. reactive monitoring

• Misuse detection

• Anomaly detection

• Vulnerability detection

• Performance monitoring

WIDS traffic itself must also be secured and a clear and swiftresponse policy against attack implemented.

24

This paper has highlighted a range of current methods forproviding wireless LAN security at different levels.

Of the many security methods available, the right one for youdepends on your specific needs. For example a public wirelessaccess hotspot may require little wireless side security, as it ispublic and open but its wired side should be appropriatelyprotected. In contrast a small business solution may require anelement of security although a full-blown VPN solution may be tooexpensive or too complex to justify. However, a governmentorganisation or large corporation may require a full VPN solutionover and above a layer 2 authentication method such WPAor PEAP.

Creating an appropriately secured wireless LAN requires arigorous, methodical approach to developing and applyingappropriate security policies. A layered security model may bebuilt up in a step-wise manner:

• Rudimentary steps would simply involve scanning forconflicting wireless LANs, changing all equipment defaultsettings and applying WEP.

• Intermediate steps could involve placing the access point ina DMZ, implementing MAC address filtering, restrictingbeacons and probe responses and also setting traffic limitsand managing broadcast strength.

• More comprehensive steps would probably involve shapingthe wireless LAN signal radiation, employing tracking andlocation finding tools and wireless LAN traffic monitoring.

• However for robust commercial solutions, more advancedtechnologies such as Virtual Private Networks (VPN) andIntrusion detection Systems (IDS) would be required,needing specialist design and implementation support.

5. The Design Issues: guidelinesand recommendations

25

New changes coming to wireless LANs will include ways to make iteven more secure and dependable. The 802.11i standard, whichwas finalised in June 2004, will greatly improve Wi-Fi securityencryption by using the Advanced Encryption Standard (AES) basedon the Rijndael encryption algorithm. AES uses variable key lengthsand block sizes, providing greater levels of security than 3DES, andwill see a move away from the RC4 algorithm that WEP andcurrent versions of WPA use. However, most 802.11i-compliantaccess points will need a separate co-processor to handle this dataencryption, which means that some existing Wi-Fi equipment willprobably have to be replaced to gain the security benefits.

The 802.11e standard addresses quality-of-service issues and ensuresthe timely delivery of data packets. This is especially important forstreaming applications, such as videoconferencing, and it will be vitalas businesses move toward using Voice over IP on their wirelessnetworks. While vendors such as Broadcom have already added802.11e-like capabilities to some of their products, these pre-datethe final standard that is expected to be agreed in 2005.

802.11h defines spectrum managed 802.11a technology, withsupport for transmit power control (TPC) and dynamic frequencyselection (DFS), where the access point manages the transmissionpower and channel in use.

Other standards in progress include 802.11f (currently only arecommended practice), providing roaming interoperability usingInter-access Point Protocol (IAPP) and 802.11s, defining Meshnetworking that will do much to reduce architecture costs.

The next wireless LAN speed standard, 802.11n, will likely offera bandwidth of around 108Mbps. While the new specification is atleast a year from being ratified by the IEEE, some vendors arelikely to release products based on an early draft version of the802.11n spec

Yet another wireless network technology that is predicted to havean impact over the next two years is 802.16, better known asWiMax – having both fixed (802.16a) and mobile (802.16e)flavours. This technology supports speeds as high as 70Mbps anda range of up to 30 miles, making it ideal for large corporatecampuses and rural areas where cable and DSL broadband servicemay not be widely available. Intel aims to begin shipping chipswith WiMax technology in 2005 and equipment can be expectedto be available sometime after.

6. The Future of WirelessLAN Standards

26

Wireless LANs that enable flexible access to fixed networkinfrastructure have existed for several years. They are easyto build using ad-hoc networks or by adding access pointsin an existing network. The component parts are now bothrelatively inexpensive and widely available with wirelessLAN capability standard with most laptop PC equipment.

While an out-of-the-box Wireless LAN solution is easilyconstructed, it lacks the security and network integritymeasures expected or assumed for high-end commercialapplications. Yet it is possible to mitigate and manage thesedeficiencies through taking appropriate steps to configurewireless LAN equipment and combine it with other networkelements into a complete engineered solution.

Once deployed a secure wireless LAN affords you fasterresponsiveness, improved decision-making, increasedproductivity, more efficient use of accommodation andreduced costs through more flexible network access. Thebenefits of convenience, mobility and collaboration will forman indispensable part of future working practices and befurther enabled by new applications such as Voice overWireless LAN.

Wireless LANs are no more (or less) vulnerable than anyother network technology and, properly implemented,the benefits far outweigh the risk.

7. Summary

27

Bas Metolli joined BT in 2001, after completing BSc degree inComputer Communications and Networks at the University ofLondon. Since then, he has worked on many aspects of wiredsecurity, to his current field of wireless LAN based networksecurity. He is currently a member of the Secured IP Networksteam in the IP Network Engineering unit within BT Exact.

Ash Sadler joined BT in 1990 as modern apprentice. Since then,he has worked on various projects encompassing Microsoft andwireless LAN technology. He is currently a member of the SecuredIP Networks team in the IP Network Engineering unit withinBT Exact. Ash has gained CWNA and Microsoft accreditation.

Richard Baxter joined BT in 1999 with an MSc degree inInformation Technology from University College, London (UCL).His background is in the mobile and wireless areas, in particularstandards for terminals and application protocols. He is currentlya member of the Secured IP Networks team in the IP NetworkEngineering unit within BT Exact.

Ian Hughes returned to BT in 1994 following a four year breakworking in the mobile telecoms area. With an MSc inTelecommunications Engineering from University College London hehas worked on various projects encompassing secure networkingand wireless LAN technologies. His current role, as a WirelessSecurity Consultant within BT Exact, includes the design andpenetration testing of customer wireless LAN solutions. He is theSecurity Design Authority for a number of BT’s wireless products,including BT Openzone, and is a Certified Wireless SecurityProfessional (#CWNP174664).

1 NOP World-Technology “Wireless LAN Benefits Study” forCisco Systems (2001)

2 “Wireless LAN ROI” prepared by the Wireless LAN Association(WLANA) (2002)

General sources:

Wi-Foo: The Secrets of Wireless Hacking Vladimirov, Gavrilenko, Mikhailovsky Adison-Wesley 2004

Certified Wireless Network Administrator (CWNA)McGraw-Hill Osborne Planet3 Wireless 2003 ISBN 0-07-222902-0

Certified Wireless Security Professional (CWSP)McGraw-Hill Osborne Planet3 Wireless 2003 ISBN 0-07-223012-6

802.11 Security, Potter and Fleck (O’Reilly)2003 ISBN 0-596-00290-4

Internet sources:

http://www.cs.umd.edu/~waa/1.x.pdf(Mishra and Arbaugh, University of Maryland)

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html(University of California at Berkeley)

http://www.intermec.com/eprise/main/Intermec/Content/About/getWhitePapers?ArticleID=1276

http://hyatus.dune2.info/Wireless_802.11/Hardening_802.11.pdf

http://www.cesg.gov.uk/

Biography

8. References

28

3DES Triple Data Encryption Standard ACL Access Control ListACS Access Control Server (Cisco RADIUS

implementation)AES Advanced Encryption StandardAP Access PointBT British telecomCCX Cisco compatible extensionsCCX Cisco extensionsCESG Communications-Electronics Security GroupCRC Cyclic Redundancy CheckCWNA Certified Wireless Network AdministratorCWNA Certified Wireless Network AdministratorCWSP Certified Wireless Security ProfessionalDFS Dynamic Frequency ControlDHCP Dynamic Host Configuration ProtocolDMZ De-Militarised ZoneDoS Denial of ServiceDSSS Direct Sequence Spread SpectrumEAP Extensible Authentication ProtocolEAP-FAST EAP-Flexible Authentication via Secure TunnelEAP-MD5 EAP-Message Digest 5EAPOL EAP Over LANEAP-TLS EAP-Transport Level SecurityEAP-TTLS EAP-Tunnelled Transport Level SecurityESP Encapsulated Security PayloadESSID Extended Service Set IDEWG Enterprise Wireless GatewayFHSS Frequency Hopping Spread SpectrumFIPS Federal Information Protection StandardsHTTP Hyper Text Transfer ProtocolIAPP Inter-access Point ProtocolIDS Intrusion Detection SystemIEEE Institute of Electrical and Electronic EngineersIETF Internet Engineering Task ForceIKE Internet Key ExchangeIP Internet ProtocolIPsec Internet Protocol SecurityISM Industrial, Scientific and MedicalISO International Standards OrganisationIV Initialisation VectorL2TP Layer Two Tunnelling ProtocolLAN Local Area Network

LDAP Lightweight Directory Access ProtocolLEAP Cisco Wireless EAPMAC Media Access ControlMbps Megabits per secondMIC Message Integrity CheckMIC Message Integrity CheckMS-CHAP Microsoft Challenge Handshake Authentication

ProtocolNIC Network Interface CardNIST National Institute of Standards and Technology OFDM Orthogonal Frequency Division MultiplexingPC Personal ComputerPEAP Protected EAPPKI Public Key InfrastructurePPP Point to Point ProtocolPPTP Point to Point Tunnelling ProtocolRADIUS Remote Authentication Dial in User ServiceRBAC Role Based AccessRF Radio FrequencyROI Return On InvestmentRSA Rivest Shamir Adelman CryptographyRSN Robust Secure NetworkSIM Subscriber Identity ModuleSNMP Simple Network Management ProtocolSSH Secure ShellSSID Service Set IdentifierSSL Secure Socket LayerTACACS Terminal Access Controller Access Control systemTKIP Temporal Key Integrity ProtocolTPC Transmit Power ControlUDP User Datagram ProtocolUNII Unlicensed National Information InfrastructureVPN Virtual Private NetworkWDS Wireless Domain ServicesWEP Wired Equivalent Privacy WIDS Wireless Intrusion Detection SystemWIDS Wireless Intrusion Detection SystemWLAN Wireless Local Area NetworkWLANA Wireless LAN AssociationWLSE Wireless LAN Solution EngineWPA Wi-Fi Protected AccessWPA-PSK WPA-Pre Shared Key

Appendix A: Glossary

Offices and laboratories worldwideWeb: http://www.bt.com/btexact Email: [email protected]: 0800 169 1689 (UK only) Phone: +44(0) 1473 607080 Fax: +44(0) 1473 607700Published by BT Exact, BT’s research, technology and IT operations business© British Telecommunications plc, 2005. Registered office: 81 Newgate Street, London EC1A 7AJ. Registered in England, number 1800000.All rights reserved. Permission is given for this publication provided to be reproduced provided it is reproduced in its entirety and that a similarcondition, including these conditions, is included in the reproduction. Reproduction of parts of this publication is permitted provided the source isclearly acknowledged. For further details, please contact the publisher. BT maintains that all reasonable care and skill has been used in thecompilation of this publication. However, BT shall not be under any liability for loss or damage (including consequential loss) whatsoever or howsoeverarising as a result of the use of this publication by the reader, his servants, agents or any third party. Designed by Unigraph Limited D22341/01/05.Printed in England.

PHME: 47526

Documents

Securing Wireless LANs - BT · a) Ad-hoc mode (Figure 1)allows a loose association between wireless enabled devices within a light-weight network management structure. It is very