Wireless Local Area Networking (WLAN) Security …telecom.gmu.edu/.../files/publications/Jim-Burrell-December-2002.pdf · Wireless Local Area Networking (WLAN) Security Assessment

Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures

Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures

(IEEE 802.11 Wireless Networks)

James Burrell

Research project submission for the partial fulfillment of the requirements for the degree ofMaster of Science in Telecommunications

Advisor

Dr. Jeremy AllnuttDirector, M.S. Telecom ProgramGeorge Mason UniversitySchool of Information Technology & Engineering

December 2002


Introduction To WLAN Technology


Introduction

Wireless networking technologies offers many advantages over traditional wired (or physical) network connectivity, to include:

!Mobility support

!Rapid deployment of network resources

!Flexible implementation

!Scalability


Basic WLAN Components

Wireless Network Interface Card(PCMCIA)

Wireless Access Point


WLAN Spectrum Allocation


WLAN Spectrum AllocationISM FREQUNCY BANDS

Frequency (Lower Limit) Frequency (Upper Limit) Total Bandwidth

902 MHz 928 MHz 26 MHz

2.4 GHz 2.4835 GHz 83.5 MHz

5.725 GHz 5.850 GHz 125 MHz

Industrial, Scientific, and Medical (ISM) Frequency Allocations (Source: Bruce)


WLAN Standards


WLAN Standards802.11b HomeRF IrDA 802.11a 802.11g Bluetooth

Max Speed 11Mbps 10Mbps 4Mbps 54Mbps 54Mbps 1 Mbps

Frequency 2.4GHz 2.4 GHz Light waves 5GHz 2.4GHz 2.4 GHz

Indoor Range

150-300 feet 150 feet 1 meter 150-300

feet150-300

feet 30 feet

Application WLAN WLAN Device

Beaming WLAN WLANPersonal

Area Network

Wireless Networking Standards and Specifications (Source: Anderson)


WLAN Transmission Technologies


WLAN Transmission Technologies

• Spread Spectrum

• Narrowbeam Microwave

• Infrared


Comparison of WLAN Transmission Technologies

Transmission Technology Range Limitation

Low High

Signal Interception Susceptibility

Low High

Susceptibility To Interference /

Jamming

Low High

Spread Spectrum **** **** ****

Narrowband Microwave **** ******************** ********************

Infrared ******************* **** ********************


WLAN Network Topologies


WLAN Topologies

Laptop PDA

PDALaptop

Peer-to-Peer (Ad hoc) Topology

Infrastructure Topology

Wireless Bridge Wireless Bridge

Point-to-Point Topology

EthernetSegment

WirelessSegment

Hybrid Topology


IEEE 802.11 Hybrid WLAN Topology

Physical Network Segment

RouterInternetPDA

LANSwitch

Network FirewallLaptop

Wireless AccessPoint

Wireless Network Segment


WLAN Applications


WLAN ApplicationsWLAN Topology Application

Peer-to-Peer Ad hoc networking between mobile devices

Hybrid (Wireless/Wired) Network extension for wired LAN infrastructure

WLAN Client location flexibility and mobility

Point-to-Point Wireless connectivity between buildings or facilities


WLAN ApplicationsOrganization Application Advantage

Educational Institutions Classroom and student connectivity !Relocation of devices to different locations in classrooms

Health Care / Hospitals Patient monitoring and access to patient medical information !Mobility

Inventory Control Connectivity for portable inventory devices with central storage facility !Real-time reporting

Manufacturing Network connectivity for machinery in open locations and hazardous environments

!Relocation of devices to different locations!Hazardous environments

Conference Centers Provide connectivity to attendees with enabled devices !Rapid deployment

Education Shared computer resources among student classrooms and laboratories !Mobility


WLAN ApplicationsTactical/Military Rapid establishment of network

with mobility support in hazardous environments !Mobility

•Rapid network deployment

Multimedia Resources Provide wireless access to multimedia resources

!Shared Resources

Small Office/Home Office (SOHO)

Rapid establishment of low cost network infrastructure

•Low cost networking solution

Residential Rapid establishment of low cost network infrastructure

!Low cost networking solution


WLAN Security Risks


WLAN Security Risks• Network Detection

• RF Signal Limiting

• Interference and RF Disruption

• Unauthorized Network Access

• Data Interception

• Denial of Service

• Insider Threat

• Compromised Devices

• Illicit Access Point Deployment


WLAN Security RisksSecurity Vulnerability Relative Security Risk Level

Low High Security Countermeasures

Detecting WLANs ********************

•Deactivate access point beacon and advertisement transmission

RF Signal Propagation

********************

•Minimize access point transmission level

Interference and RF Disruption*******

•Conduct RF environment analysis•Strategic location of access point deployments

Unauthorized Access **************************

•Use strong authentication


WLAN Security RisksData Interception ************************** !Use encryption

Denial of Service *************!Implement measures to secure against unauthorized access

Insider Threat *********************!Background investigations!Require change of encryption key upon employee termination/dismissal

Compromised Devices*********************

!Security awareness!Reporting requirement for lost or stolen devices!Require change of encryption key if compromise is suspected

Illicit Access Point Deployment *********************!Limit physical access to wired network infrastructure!Conduct routine monitoring for illicit/improperly configured access point


WEP Authentication / Encryption


WEP Encryption ProcessPLAINTEXT MESSAGE CRC

ENCRYPTED MESSAGE

GENERATED ENCRYPTION SEQUENCE

IV

LEGENDCRC Cyclic Redundency

CheckIV Initialization Vector

Logical Exclusive-Or (XOR)Operation


Weaknesses of WEP AlgorithmThe primary issues that have led to the defeating the security provided by WEP, is related to the:

!Implementation of the encryption algorithm

!Relatively short length of the shared encryption key

!IV being transmitted with its associated encrypted message

!Static nature associated with WEP encryption key management


WEP Encryption Process

ENCRYPTED MESSAGEIV

Initialization Vector (IV)used to generate the

psuedo-random encryptionsequence is transmittedalong with the encrypted

message

ENCRYPTED MESSAGEIV

Initialization Vector (IV)used to generate the

psuedo-random encryptionsequence is transmittedalong with the encrypted

message


RF Signal Limiting


SNR Measurements At Selected Distances

(100mW Output Power)

0

10

20

30

40

50

60

10'

20'

100'


SNR Measurements For Selected Output Power Levels

0

20

40

60

80

100

120

0 20 40 80 100

Distance (Feet)

SNR

(dB) 100mW

50mW

5mW

1mW


RF Interference Source

Figure X.X Microwave Interference Source Effect On WLAN Transmissions(Distance From Wireless Device – 10 Feet)

0

10

20

30

40

50

60

Norma l

Int e rfe re nc e S ourc e


Maximum Distances For Output Power Levels

0

200

400

600

800

1000

1200

100 50 5 1

Output Pow er (mW)

Dis

tanc

e (F

eet)

IEEE 802.11b2.4 GHz Wireless Access Point


Firewall / Intrusion Detection System / VPN Integration


Firewall Integration Into A Wireless Network Segment

PDA

LANSwitch

Laptop


Wireless Network SegmentFirewall


IDS Integration Into A Wireless Network Segment

PDA

LANSwitch

Laptop


Wireless Network SegmentFirewall

Intrusion DetectionSystem


VPN Integration Into A Wireless Network Segment

PDA

LANSwitch

Laptop


Wireless Network SegmentVPN

Gateway

VPN / IPSec Tunnel


Emerging Security Technology and Standards


Emerging Security Technology and Standards

•IEEE 802.11e - Quality of Service (QoS)

•IEEE 802.11g - 54 Mbps over 2.4 GHz band

•IEEE 802.11h – Spectrum Manager 802.11a

•IEEE 802.11i - Enhanced security


Summary / Conclusion


Summary! The optimal security solution for WLANs involves a

combination of security technologies

! A detailed threat risk assessment and analysis is essential to determine which security measures, or combination of measures are the most effective

! The implementation of preventive and protective end-to-end security measures, such as firewalls, intrusion detection, and VPN technologies, provides the most secure and effective defense against the threats associated with the transmission of data over an insecure wireless medium


Summary

! Requires implementation of policy requirements to ensure the effectiveness of security solutions

! Training information will emphasize the importance of security to network users


Conclusion

• A combination of security measures will further increase the security offered by WLAN technologies

• Increased security will support new WLAN applications

• Emerging security technology will reduce the increasing security threats associated with providing wireless network connectivity

Documents

Wireless Local Area Networking (WLAN) Security …telecom.gmu.edu/.../files/publications/Jim-Burrell-December-2002.pdf · Wireless Local Area Networking (WLAN) Security Assessment