How Secure is Wireless?

Similar documents
The following chart provides the breakdown of exam as to the weight of each section of the exam.

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless technology Principles of Security

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

LESSON 12: WI FI NETWORKS SECURITY

Wireless LAN Security Guidelines. State of Iowa Department of Administrative Services Information Technology Enterprise Information Security Office

Chapter 1 Describing Regulatory Compliance

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless Networking Basics. Ed Crowley

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

802.1x. ACSAC 2002 Las Vegas

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Security in IEEE Networks

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Wireless Security i. Lars Strand lars (at) unik no June 2004

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

Wireless Attacks and Countermeasures

Wireless LAN Security. Gabriel Clothier

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

COPYRIGHTED MATERIAL. Contents

Chapter 24 Wireless Network Security

IEEE i and wireless security

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Appendix E Wireless Networking Basics

Wireless LAN Security (RM12/2002)

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Securing Wireless LANs with Certificate Services

Standard For IIUM Wireless Networking

WIRELESS AS A BUSINESS ENABLER. May 11, 2005 Presented by: Jim Soenksen and Ed Sale, Pivot Group

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003


Wireless Technologies

Wireless Network Security

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Cisco EXAM Implementing Cisco Unified Wireless Networking Essentials (IUWNE) Buy Full Product.

Wireless Network Security Fundamentals and Technologies

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

TestsDumps. Latest Test Dumps for IT Exam Certification

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

What is Eavedropping?

Information Technology Policy Board Members. SUBJECT: Update to County WAN/LAN Wireless Standards

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Wireless Attacks and Defense. By: Dan Schade. April 9, 2006

Exam Questions CWSP-205

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Wednesday, May 16, 2018

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Chapter 10: Wireless LAN & VLANs

Wireless MAXg Technology

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Certified Wireless Network Administrator

Overview of Security

Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS)

Product Brief: SDC-MSD30AG a/g Miniature SDIO Module with Antenna Connectors

WL 5011s g Wireless Network Adapter Client Utility User Guide

300M Wireless-N Mini USB Adapter

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

Product Brief: SDC-PC10AG a/g Compact Flash Module with Antenna Connectors

Information Security in Corporation

Hardware Capabilities. Product Brief: SDC-PC20G g PCMCIA Card with Integrated Antenna

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author:

CSE 713: Wireless Networks Security Principles and Practices

Security in Data Link Protocols

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

Configuring Security Solutions

Designing AirPort Extreme n Networks

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Network Security and Cryptography. 2 September Marking Scheme

On completing this chapter, you will be able to Explain the different WLAN configurations Explain how WLANs work Describe the risks of open wireless

Product Brief: SDC-PC22AG a/g PCMCIA Card with Integrated Antenna

ClearPass QuickConnect 2.0

Product Brief: SDC-MCF10G g Miniature CF Module with Antenna Connectors

Advanced Security and Mobile Networks

Securing Your Wireless LAN

Wireless Network Standard

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

How Insecure is Wireless LAN?

Product Brief: SDC-PE15N n PCIe Module with Antenna Connectors

Wi-Fi Scanner. Glossary. LizardSystems

Implementing X Security Solutions for Wired and Wireless Networks

Global Information Assurance Certification Paper

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

WarDriving. related fixed line attacks war dialing port scanning

Securing a Wireless LAN

Basic Wireless Settings on the CVR100W VPN Router

Product Brief: SDC-EC25N n ExpressCard Card with Integrated Antenna

Network Security and Cryptography. December Sample Exam Marking Scheme

FAQ on Cisco Aironet Wireless Security

Wireless LAN, WLAN Security, and VPN

Configuring a VAP on the WAP351, WAP131, and WAP371

Transcription:

How Secure is Wireless? South Carolina Chapter of HIMSS Annual Conference April 24-25, 2003 Richard Gadsden Director of Computer and Network Security Medical University of South Carolina gadsden@musc.edu

Overview Wireless concepts Brief history of wireless networking Vulnerabilities and threats Risk management Defense in depth Conclusions

Why Do Wireless? Demands for mobility Physicians, nurses, other care providers Patients Desire to avoid cabling expense Evolution towards 'ubiquitous' computing

Brief History 1997 1999 IEEE 802.11 (2.4GHz, 1-2Mb/s) IEEE 802.11b (2.4GHz, 11Mb/s) 2000-present: rapid growth 2002 market est $2B 2006 market projected at $5B

History (cont'd) Security awareness April 2001, Peter Shipley 'WarDriving' (WSJ) May 2002, "Best Buy closes wireless registers" (MSNBC) Sep 2002, "Heard of drive-by hacking? Meet drive-by spamming" (ZDNet)

WarDriving http:/www.dis.org/wl/maps

Peter Shipley Father of WarDriving?

History (cont'd) 2003 Higher speeds IEEE 802.11a (5GHz, 54Mb/s) IEEE 802.11g (2.4GHz, 54Mb/s, b/c 802.11b) New security standard expected IEEE 802.11i

802.11 Topologies Independent Basic Service Set (IBSS) Peer-to-peer wireless network Basic Service Set (BSS) Access Point (AP), one or more associated nodes Extended Service Set (ESS) Multiple cooperating APs Modes: Ad-Hoc, Infrastructure

Why NOT Do Wireless? Limited, shared network bandwidth per AP Limited RF spectrum (FCC rules) Limited signal strength (interference likely) Immature standards and technology Rapid obsolescence Many security issues All the risks of wired networks, plus more

Vulnerabilities and Threats WLANs are designed to broadcast traffic Radio waves want to be free Unauthorized users Unauthorized disclosure or modification Denial of service Tools are readily available to receive, modify, and disrupt wireless network traffic

Wireless Hacking Tools Hardware Laptop or handheld with wireless NIC Software (freely available) Antenna(s) To eliminate the need for physical trespass Transportation (optional) GPS (optional)

Wireless Hacking Software Network discovery AirMagnet (commercial, Windows) NetStumbler (free, Windows) Kismet, Wellenreiter (open source, Linux) Cracking WEP encryption keys AirSnort (open source, Linux)

http://www.turnpoint.net/wireless/cantennahowto.html

Security Controls: Bare Essentials Access control (user authentication) Prevent unauthorized users Encryption Protect confidentiality and integrity Monitoring and auditing Prevention, detection

Wired Equivalent Privacy (WEP) 802.11, intended to provide authentication and encryption Developed during the dark years of US govt export controls on crypto (aka "munitions") Seriously flawed Key distribution left as an exercise for the reader Fundamental flaws in cryptographic design (revealed in a series of papers in 2000-2001)

WEP cont'd Aug 2001: WEP is toast AirSnort, WEPCrack WEP today Equivalent to 'No Trespassing Please' sign At least prevents accidental trespass Default configuration?

802.11 Access Control... Not Two options in 802.11 standard Open authentication Shared key authentication (WEP) Additional (non-standard) options Closed authentication (Lucent and others) ACLs (lists of allowed client MAC addresses) All can be easily defeated Default configuration?

Impact of 802.11 Flaws You cannot control access to your WLAN Any attacker can associate his wireless device with your APs Shared network (like hub) means he can eavesdrop on any other wireless user's traffic Your WEP encryption keys can be cracked Attacker can eavesdrop on encrypted traffic Attacker can modify encrypted traffic Attacks are undetectable and untraceable

Fixing 802.11 IEEE 802.11i (expected late 2003) Clients must authenticate prior to L2 association Leverages 802.1x port-level authentication Extensible Authentication Protocol (EAP) RADIUS is the usual back-end authn service Temporal Key Integrity Protocol (TKIP) WEP/TKIP allowed for backward compatibility AES encryption to replace WEP going forward

Fixing 802.11 (cont'd) Wi-Fi Alliance Wi-Fi Protected Access (WPA) Encryption: WEP/TKIP Authentication: 802.1x/EAP WPA being promoted as an interim 'standard'

EAP Soup Flavors so far... EAP-MD5, LEAP, EAP-TLS, EAP-TTLS, PEAP Flavors du jour... EAP-TTLS, PEAP IEEE and IETF Will flavor wars be resolved in 802.11i? Will all known protocol flaws be addressed? especially Compound Authentication Binding problem

Mobile Device Vulnerabilities Portable devices easily lost, stolen Encryption of stored data is dodgy User passwords are too often 'remembered' OS issues Inherently insecure (PalmOS) Impossible to configure securely (Windows) Temptation to store PHI is overwhelming

Other Vulnerabilities Vendor implementation decisions Stupid SNMP tricks Insecure AP management interfaces Fault tolerance (availability) Wireless sessions easily disrupted Roaming between APs is not standardized

Risks Wireless networking of portable, mobile devices is inherently risky Will always be more risky than wired networking of non-portable devices Are the risks manageable today?

Risk Management 1. Assess risks 2. Develop policies Must address wireless security as an extension of enterprise security 3. Implement procedures and controls 4. Education and awareness Users must follow policies and procedures

Security Policies Explain what needs protection and why Define responsibilities and consequences Some policy tips A good policy now is better than a great policy later. A simplistic policy that is well distributed and understood is better than a complete policy that has never been seen or accepted. An updated policy is better than an obsolete one.

Security Policies cont'd Examples of security policy directives All wireless access points must be centrally managed All wireless access points must be managed in accordance with a set of clearly defined principles No RF networking devices may be operated on campus without written authorization All portable computing devices are subject to enterprise computer security policies

Procedures and Controls Infrastructure controls All APs on separate 'untrusted' wired segment Encrypt all WLAN traffic, authenticate all users Safest option: VPN (Layer 3) Alternative: 802.1x/EAP with dynamic WEP (Layer 2) Others: Fortress, Vernier, Blue Socket, etc. Monitor airspace Monitor network Detect and respond to intrusions

Procedures and Controls cont'd Mobile device controls Disallow ad-hoc networking mode Require up-to-date AV software Require personal (host-based) firewalls, IDS Local storage of information, e.g. PHI? Disallow Require encryption Educate users on policies and procedures Audit for compliance

Defense in Depth All of the currently available 802.11 'Layer 2' controls for authentication and encryption are still evolving, still unproven Safest to use them only if combined with additional, proven controls at 'Layer 3' and up VPN SSH, SSL, etc. Understand the risks if single line of defense

Conclusions Q: Is wireless networking worth all the risks? A: It depends! Potential benefits? Significant Known risks? Significant Costs of risk mitigation? Significant Proceed with caution, using a sound risk management approach to safeguarding information.

References W. Arbaugh, N. Shankar, Y.C. Wan, Your 802.11 Wireless Network has No Clothes. Technical report, Dept. of Computer Science, University of Maryland, March 2001. http://www.cs.umd.edu/~waa/wireless.pdf. D. Baker, Wireless (In)Security for Health Care. HIMSS Advicacy White Paper, Science Applications International Corporration, January 2003. http://www.himss.org/content/files/wirelessinsecurityv11.pdf. N. Borisov, I. Goldberg, and D. Wagner, Intercepting Mobile Communications: The Insecurity of 802.11. Proceedings of MOBICOM 2001, 2001. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.

References cont'd S. Fluhrer, I. Mantin, A. Shamir, Weaknesses in the Key Scheduling Algorithm of RC4. Presented to the Eighth Annual Workshop on Selected Areas in Cryptography, August 2001.http://www.crypto.com/papers/others/rc4_ksaproc.ps. J. Puthenkulam, V. Lortz, A. Palekar, D. Simon, The Compound Authentication Binding Problem. Internet-Draft, March 2003. http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding- 02.txt P.Shipley, Open WLANs: the early results of WarDriving.http://www.dis.org/filez/openlans.pdf. J. Walker, Unsafe at any key size: an analysis of the WEP encapsulation, Tech. Rep. 03628E. IEEE 802.11 committee, March 2000. http://grouper.ieee.org/groups/802/11/documents/documentholde r/0-362.zip.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback