1 How Secure is Wireless? South Carolina Chapter of HIMSS Annual Conference April 24-25, 2003 Richard Gadsden Director of Computer and Network Security Medical University of South Carolina
2 Overview Wireless concepts Brief history of wireless networking Vulnerabilities and threats Risk management Defense in depth Conclusions
3 Why Do Wireless? Demands for mobility Physicians, nurses, other care providers Patients Desire to avoid cabling expense Evolution towards 'ubiquitous' computing
4 Brief History IEEE (2.4GHz, 1-2Mb/s) IEEE b (2.4GHz, 11Mb/s) 2000-present: rapid growth 2002 market est $2B 2006 market projected at $5B
5 History (cont'd) Security awareness April 2001, Peter Shipley 'WarDriving' (WSJ) May 2002, "Best Buy closes wireless registers" (MSNBC) Sep 2002, "Heard of drive-by hacking? Meet drive-by spamming" (ZDNet)
7 Peter Shipley Father of WarDriving?
8 History (cont'd) 2003 Higher speeds IEEE a (5GHz, 54Mb/s) IEEE g (2.4GHz, 54Mb/s, b/c b) New security standard expected IEEE i
9 Topologies Independent Basic Service Set (IBSS) Peer-to-peer wireless network Basic Service Set (BSS) Access Point (AP), one or more associated nodes Extended Service Set (ESS) Multiple cooperating APs Modes: Ad-Hoc, Infrastructure
10 Why NOT Do Wireless? Limited, shared network bandwidth per AP Limited RF spectrum (FCC rules) Limited signal strength (interference likely) Immature standards and technology Rapid obsolescence Many security issues All the risks of wired networks, plus more
11 Vulnerabilities and Threats WLANs are designed to broadcast traffic Radio waves want to be free Unauthorized users Unauthorized disclosure or modification Denial of service Tools are readily available to receive, modify, and disrupt wireless network traffic
12 Wireless Hacking Tools Hardware Laptop or handheld with wireless NIC Software (freely available) Antenna(s) To eliminate the need for physical trespass Transportation (optional) GPS (optional)
15 Security Controls: Bare Essentials Access control (user authentication) Prevent unauthorized users Encryption Protect confidentiality and integrity Monitoring and auditing Prevention, detection
16 Wired Equivalent Privacy (WEP) , intended to provide authentication and encryption Developed during the dark years of US govt export controls on crypto (aka "munitions") Seriously flawed Key distribution left as an exercise for the reader Fundamental flaws in cryptographic design (revealed in a series of papers in )
17 WEP cont'd Aug 2001: WEP is toast AirSnort, WEPCrack WEP today Equivalent to 'No Trespassing Please' sign At least prevents accidental trespass Default configuration?
18 Access Control... Not Two options in standard Open authentication Shared key authentication (WEP) Additional (non-standard) options Closed authentication (Lucent and others) ACLs (lists of allowed client MAC addresses) All can be easily defeated Default configuration?
19 Impact of Flaws You cannot control access to your WLAN Any attacker can associate his wireless device with your APs Shared network (like hub) means he can eavesdrop on any other wireless user's traffic Your WEP encryption keys can be cracked Attacker can eavesdrop on encrypted traffic Attacker can modify encrypted traffic Attacks are undetectable and untraceable
20 Fixing IEEE i (expected late 2003) Clients must authenticate prior to L2 association Leverages 802.1x port-level authentication Extensible Authentication Protocol (EAP) RADIUS is the usual back-end authn service Temporal Key Integrity Protocol (TKIP) WEP/TKIP allowed for backward compatibility AES encryption to replace WEP going forward
21 Fixing (cont'd) Wi-Fi Alliance Wi-Fi Protected Access (WPA) Encryption: WEP/TKIP Authentication: 802.1x/EAP WPA being promoted as an interim 'standard'
22 EAP Soup Flavors so far... EAP-MD5, LEAP, EAP-TLS, EAP-TTLS, PEAP Flavors du jour... EAP-TTLS, PEAP IEEE and IETF Will flavor wars be resolved in i? Will all known protocol flaws be addressed? especially Compound Authentication Binding problem
23 Mobile Device Vulnerabilities Portable devices easily lost, stolen Encryption of stored data is dodgy User passwords are too often 'remembered' OS issues Inherently insecure (PalmOS) Impossible to configure securely (Windows) Temptation to store PHI is overwhelming
24 Other Vulnerabilities Vendor implementation decisions Stupid SNMP tricks Insecure AP management interfaces Fault tolerance (availability) Wireless sessions easily disrupted Roaming between APs is not standardized
25 Risks Wireless networking of portable, mobile devices is inherently risky Will always be more risky than wired networking of non-portable devices Are the risks manageable today?
26 Risk Management 1. Assess risks 2. Develop policies Must address wireless security as an extension of enterprise security 3. Implement procedures and controls 4. Education and awareness Users must follow policies and procedures
27 Security Policies Explain what needs protection and why Define responsibilities and consequences Some policy tips A good policy now is better than a great policy later. A simplistic policy that is well distributed and understood is better than a complete policy that has never been seen or accepted. An updated policy is better than an obsolete one.
28 Security Policies cont'd Examples of security policy directives All wireless access points must be centrally managed All wireless access points must be managed in accordance with a set of clearly defined principles No RF networking devices may be operated on campus without written authorization All portable computing devices are subject to enterprise computer security policies
29 Procedures and Controls Infrastructure controls All APs on separate 'untrusted' wired segment Encrypt all WLAN traffic, authenticate all users Safest option: VPN (Layer 3) Alternative: 802.1x/EAP with dynamic WEP (Layer 2) Others: Fortress, Vernier, Blue Socket, etc. Monitor airspace Monitor network Detect and respond to intrusions
30 Procedures and Controls cont'd Mobile device controls Disallow ad-hoc networking mode Require up-to-date AV software Require personal (host-based) firewalls, IDS Local storage of information, e.g. PHI? Disallow Require encryption Educate users on policies and procedures Audit for compliance
31 Defense in Depth All of the currently available 'Layer 2' controls for authentication and encryption are still evolving, still unproven Safest to use them only if combined with additional, proven controls at 'Layer 3' and up VPN SSH, SSL, etc. Understand the risks if single line of defense
32 Conclusions Q: Is wireless networking worth all the risks? A: It depends! Potential benefits? Significant Known risks? Significant Costs of risk mitigation? Significant Proceed with caution, using a sound risk management approach to safeguarding information.
33 References W. Arbaugh, N. Shankar, Y.C. Wan, Your Wireless Network has No Clothes. Technical report, Dept. of Computer Science, University of Maryland, March D. Baker, Wireless (In)Security for Health Care. HIMSS Advicacy White Paper, Science Applications International Corporration, January N. Borisov, I. Goldberg, and D. Wagner, Intercepting Mobile Communications: The Insecurity of Proceedings of MOBICOM 2001,
34 References cont'd S. Fluhrer, I. Mantin, A. Shamir, Weaknesses in the Key Scheduling Algorithm of RC4. Presented to the Eighth Annual Workshop on Selected Areas in Cryptography, August J. Puthenkulam, V. Lortz, A. Palekar, D. Simon, The Compound Authentication Binding Problem. Internet-Draft, March txt P.Shipley, Open WLANs: the early results of WarDriving. J. Walker, Unsafe at any key size: an analysis of the WEP encapsulation, Tech. Rep E. IEEE committee, March r/0-362.zip.
[ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know
2013 Summer Camp: Wireless LAN Security Exercises 2013 JMU Cyber Defense Boot Camp Questions Have you used a wireless local area network before? At home? At work? Have you configured a wireless AP before?
Wireless Networks Authors: Marius Popovici Daniel Crişan Zagham Abbas Technical University of Cluj-Napoca Group 3250 Cluj-Napoca, 24 Nov. 2003 Presentation Outline Wireless Technology overview The IEEE
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
Introduction to Wireless Networking and Security Chino Information Technology Center Steve Siedschlag, Associate Professor What is a Wireless LAN? The wireless telegraph is not difficult to understand.
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed  2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
Wireless Networking Chapter 23 Overview In this chapter, you will learn how to Discuss wireless networking components Analyze and explain wireless networking standards Install and configure wireless networks
How to Set Up a Secure Home Wireless Network What you don t know about setting up a home wireless network can hurt you. 2008 APCUG Convention Session Tom Jones, P.E., RCDD-NTS CQS-CWLSS AGENDA Some Terms
Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE COURSE TITLE WIRELESS TECHNOLOGY SPECIALIST COURSE DURATION 13 Hours of Interactive Training COURSE OVERVIEW This course will teach you
Wireless Attacks and Defense By: Dan Schade April 9, 2006 Schade - 2 As more and more home and business users adapt wireless technologies because of their ease of use and affordability, these devices are
Wireless Technologies Networking for Home and Small Businesses Chapter 7 Manju. V. Sankar 1 Objectives Describe wireless technologies. Describe the various components and structure of a WLAN Describe wireless
Five components of WLAN Security 1. Data Privacy 1. Privacy is important because transmission occurs over the air in freely licensed bands. The Data can be sniffed by anyone within range. 2. Eavesdropping
A Configuration Protocol for Embedded Devices on Secure Wireless Networks Larry Sanders email@example.com 6 May 2003 Introduction Wi-Fi Alliance Formally Wireless Ethernet Compatibility Alliance (WECA)
Security in 802.11 Data Link Protocols Gianluca Dini Dept. of Ingegneria dell Informazione University of Pisa, Italy Via Diotisalvi 2, 56100 Pisa firstname.lastname@example.org If you believe that any security
Product Brief: SDC-PC20G 802.11g PCMCIA Card with Integrated Antenna The SDC-PC20G PCMCIA card from Summit Data Communications combines Summit s 802.11g radio and customized software both proven on mobile
COUNTY OF SACRAMENTO Inter-Departmental Correspondence December 6, 2007 TO: FROM: Information Technology Policy Board Members Jeff Leveroni, Chair Technology Review Group SUBJECT: Update to County WAN/LAN
Model No. ib-wua300nm Ver.: 1.0.0 FCC STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed
Product Brief: SDC-PE15N 802.11n PCIe Module with Antenna Connectors The SDC-PE15N PCI Express Mini Card (PCIe) radio module from Summit Data Communications combines a high-performance, dual-band 802.11n
CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS Mohammad O. Pervaiz, Mihaela Cardei, and Jie Wu Department of Computer Science &Engineering, Florida Atlantic University 777 Glades Road, Boca Raton, Florida
Advanced Security and Mobile Networks W.Buchanan (1) 9. GSM/3G Unit 7: Mobile Networks. Wireless. Security. Mobile IP. Mobile Agents. Spread spectrum. Military/Emergency Networks 8. Ad-hoc 7. Mobile Networks
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: email@example.com Content
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK Technologies Co., Ltd. Other brands and product names are trademarks or registered trademarks
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
Running head: SECURITY FOR WIRELESS COMPUTING Security for Wireless Computing 1 Security for Wireless Computing Anthony Gauvin Security for Wireless Computing 2 Abstract Many corporations and small business
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
Page 1 of 7 How Insecure is Wireless LAN? Abstract Wireless LAN has gained popularity in the last few years due to its enormous benefits such as scalability, mobile access of the network, and reduced cost
PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
Last Modified: 10/20/15 Wireless Network Standard Purpose The standard and guidelines described in this document will ensure the uniformity of wireless network access points at the University of Georgia.
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (firstname.lastname@example.org) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
Security in 802.11 Data Link Protocols Gianluca Dini!"#$%&'(&)*+"+*",-.&/"001)*(',2.3-'*" University of Pisa, Italy Via Diotisalvi 2, 56100 Pisa email@example.com!"#$%&#'()*(+(#,-.,#./$#0(1&2*,$#32%')(4#1./#
V100R002C10 Permission Control Technical White Paper Issue 01 Date 2016-04-15 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form
Security Analysis of Common Wireless Networking Implementations Brian Cavanagh CMPT 585 12/12/2005 The use of wireless networking to connect to the internet has grown by leaps and bounds in recent years.
Today s challenge on Wireless Networking David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd. Agenda How Popular is Wireless Network? Threats Associated with Wireless Networking
TDC 363 Introductions to LANs Lecture 7 Wireless LAN 1 Outline WLAN Markets and Business Cases WLAN Standards WLAN Physical Layer WLAN MAC Layer WLAN Security WLAN Design and Deployment 2 The Mobile Environment
TL-WN851N TL-WN851N Draft N Wireless PCI Adapter Draft N Wireless PCI Adapter COPYRIGHT & TRADEMARKS TL-WN851N Draft N Wireless PCI Adapter Specifications are subject to change without notice. is a registered
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G USB Network Adapter User Guide Model No. WUSB54G Copyright and Trademarks Specifications are subject to change without notice. Linksys
WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK S.DEEPTHI 1 G.MARY SWARNALATHA 2 PAPARAO NALAJALA 3 Assoc. Professor, Dept. of Electronics &Communication Engineering at Institute of Aeronautical Engineering,
Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03 Introduction Although a variety of wireless network technologies have or will soon reach the general business market, wireless
Wireless Security and Monitoring Training materials for wireless trainers Goals to understand which security issues are important to consider when designing WiFi networks to be introduced to encryption,
Article ID: 5035 5 Tips to Fortify your Wireless Network Objective Although Wi-Fi networks are convenient for you and your employees, there may be unwanted clients using up the bandwidth you pay for. In
1 Session Number Denver Tech Days 2002 WLAN Security Mike Morrato System Engineer Cisco Systems April 10, 2002 2 Agenda Past security methods in Wireless LANs The problem with 802.11 - Wireless Insecurity
Chancen und Risiken im Bereich von WLAN's FGSec - Vorabendveranstaltung 20. Juni 2002 Uwe B. Kissmann Leader IT- Security Services. IBM Global Services Switzerland UKIS@CH.IBM.COM Currently, we are working
Wireless e-business Security Lothar Vigelandzoon E-business evolution Increased business drivers for cost efficiency & market penetration Increased Importance of brand reputation Distance between IT and
U S E R M A N U A L 802.11b/g PC CARD Table of Content CHAPTER 1 INTRODUCTION... 1 1.1 WIRELESS LAN FEATURE FUNCTIONS... 1 1.2 REGULATORY NOTICE... 1 1.2.1 FCC Class B Statement...1 1.2.2 Canadian Regulatory
Wireless-N Business Notebook Adapter USER GUIDE BUSINESS SERIES Model No. WPC4400N Model Model No. No. Copyright and Trademarks Specifications are subject to change without notice. Linksys is a registered
TL-WN353GD 54M Wireless PCI Adapter Rev: 1.0.1 1910010046 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands
A Comparison of Data-Link and Network Layer Security for IEEE 802. Networks Group #8 Harold L. McCarter, Ryan Calme, Hongwu Zang, Wayne Jones INFS 62 Professor Yih-Feng Hwang July 7, 2006 Abstract This
A Division of Cisco Systems, Inc. Dual-Band 5 GHz 802.11a + GHz 2.4 802.11g WIRELESS Dual-Band Wireless A+G Notebook Adapter User Guide Model No. WPC55AG Copyright and Trademarks Specifications are subject
OptiView Series III Network Analyzer Wireless Suite Ensure Security, Performance and Compliance of Your Wireless LAN Part of the OptiView Management Suite (OMS) OMS provides the breadth of visibility and
Wi-Fi 1 1. INTRODUCTION Wi-Fi, or Wireless Fidelity, is freedom: it allows you to connect to the Internet from your home, a bed in a hotel room or at a conference room at work without wires. How? Wi-Fi
Wireless Networking (hosted at http://utahgeeks.sourceforge.net) I. OBJECTIVES The University of Utah has a need to provide near seamless secure wireless access across campus without impacting or hindering
PRODUCT GUIDE Wireless Intrusion Prevention Systems The Need for Wireless INTRUSION PREVENTION SYSTEMS A Wireless Intrusion Prevention System (WIPS) is designed to address two classes of challenges facing
WHITE PAPER PCI Wireless Compliance Demystified Best Practices for Retail PCI Wireless Compliance Demystified The introduction of wireless technologies in retail has created a new avenue for data breaches,
TECHNICAL BRIEF The Xirrus High Density Access Points are the highest capacity Wi-Fi APs on the planet and deliver massive scalability to meet the demands of today s mobile users. These High Density APs
Model No. ib-wpa300n 1910020629 Ver.: 1.0.0 FCC RF Radiation Exposure Statement: This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This device and
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. The
Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve
A Division of Cisco Systems, Inc. GHz 2.4 802.11g WIRELESS Wireless-G Access Point User Guide Model No. WAP54G v2 Copyright and Trademarks Specifications are subject to change without notice. Linksys is
s@lm@n Cisco Exam 642-737 Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] Cisco 642-737 : Practice Test Question No : 1 RADIUS is set up with multiple servers
IEEE802.11b/g WLAN CardBus Adapter User s Manual Version 1.0 i TABLE OF CONTENTS 1 Introduction... 1 2 Wireless LAN Basics... 2 3 IP Address... 3 4 Install Drivers and Utility... 4 5 Wireless Network Configuration...
Information Technology Mobile Computing Module: Wireless Local Area Network: IEEE 802.11 Learning Objectives Introduction to Wireless Local Area Network Advantages of WLAN Types of WLAN IEEE 802.11 standards
Copyright by Edimax Technology Co, LTD. all rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer
Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security
T he operates seamlessly in the 2.4 GHz frequency spectrum supporting the 802.11b (2.4GHz, 11Mbps) and the newer, faster 802.11g (2.4GHz, 54Mbpswireless standard. High output power and high sensitivity
KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned
Page 1 of 5 Demonstrate knowledge of and install wireless local area computer networks Level 6 Credits 15 Purpose This unit standard covers installation of wireless local area networks including setting
802.1X: Deployment Experiences and Obstacles to Widespread Adoption Terry Simons University of Utah; open1x.org Terry.Simons@utah.edu Jon Snyder Portland State University firstname.lastname@example.org 802.1X Adoption Ratified
Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide The Cisco Structured Wireless-Aware Network (SWAN) provides the framework to integrate and extend wired and wireless networks to deliver
VoIP Security and Mitel IP Telephony Solutions Dan York Chair, Mitel Product Security Team February 2006 Agenda The Challenge of Security Understanding VoIP Security Threats Mitel Security Solutions Tools,
Overcoming Concerns about Wireless PACs and I/O in Industrial Automation Industrial Automation Flirts with Wireless The automation industry increasingly finds wireless attractive, and for several reasons.