Wireless Security Overview

ECT582Jim Nowotarski

Autumn 2003

Wireless Security Overview

Jim Nowotarski

ECT582

October 16, 2003

Context

Wireless networks are proliferating, largely due to the rapid take-up of wireless fidelity, more commonly known as Wi-Fi or 802.11b. Wi-Fi has been described as “the first blast in a revolution,” “becoming ubiquitous,” and “a disruptive technology” (6). The reasons for Wi-Fi’s popularity with businesses and consumers include low cost, ease of installation, and high speed. Wi-Fi’s benefits relative to wired networks include:

 Reach – Users can access the network from places difficult or impossible to reach with wired networks.

 Availability – Users can be connected more or less continuously.

 Productivity – Users are more productive because they can use the network for a greater percentage of their workdays.

 Administrative flexibility – Network administrators can build and modify networks more easily and quickly than with wired networks.

The growth of wireless networks is transforming commerce and society. New applications are emerging daily, for example:

• Some amusement parks (Universal, Disney) now sell tickets wirelessly, reducing the need for customers to stand in line for rides
• So-called “windshield warriors” (e.g., salesmen) can productively spend their down time connected to the Internet while at a hotel, coffee shop, or McDonald’s
• New applications of Voice over IP (VoIP) coupled with Wi-Fi will enable Star Trek-like badges to be used for voice communication

One of the main concerns with wireless networks, particularly among CIOs, is security. The relative newness of wireless, as well as its easy accessibility, makes it vulnerable to security risks. Most of these risks are ones being dealt with in the wired network world as well, but some are unique to wireless. The IT research firm Gartner Group recently stated, “. . . wireless LANs will be the largest growing security problem faced by enterprises through 2008.” (Gartner TG-20)

The good news is that new standards and products are being planned and delivered that will address many of these security risks. The remainder of this paper provides an overview of some of the more common risks, implications associated with these risks, and potential solutions to mitigate the risks. Much of this discussion is focused on wireless LANs.

Vulnerabilities, Implications, Solutions

Three of the most common security vulnerabilities associated with wireless are:

1. Rogue access points

2. War driving

3. Eavesdropping

Each of these vulnerabilities is described in more detail below.

1.Rogue access points

Description of vulnerability. According to Gartner, in most enterprise LANs, a device that asks for an IP address is automatically given one, and it immediately starts working. If a misguided user, or criminal, connects a rogue wireless LAN (WLAN) network (access point plus devices) to the internal, wired LAN, it can quickly cause harm.

Implications.

 Availability – The rogue network can result in sluggish connections or denial of service error messages for legitimate users. [Aside: Wired tells a humorous story about Eric Benhamou, the chair of Palm and 3Com, who brought a Mac laptop and Apple AirPort from home and installed it himself on the corporate intranet. This disrupted a meeting of top Palm executives who were in a nearby boardroom trying to access the network (6).]

 Authenticity – The rogue network can result in the network being accessed by unauthorized users.

 Confidentiality – The rogue network can compromise the confidentiality of data on the trusted network.

Solutions.

An intrusion detection system is required. Two common approaches:

 LAN-based detection – This requires that you take inventory of authorized LAN devices and their media access controller identifications (MAC IDs). The enterprise LAN can deny access to unrecognized MAC IDs. A legitimate MAC ID can be stolen or spoofed, so additional safeguards are usually required.

 Airwave detection – This is accomplished by monitoring the enterprise airspace. A common way to do this is by conducting “sniffer walks,” where you walk through the building with a portable detector [this is how the Palm meeting was saved]. Another approach is to install WLAN sensors in a building.

Some form of authentication should be enabled. Wired equivalent privacy protocol (WEP) is standard on today’s WLANs and should be enabled. Gartner estimates that 65% of enterprises don’t turn on any form of WLAN security, including WEP (1). WEP has numerous shortcomings, including short (40-bit) keys, static key management, and minimal provisions for authenticating connections (5). An emerging IEEE standard called 802.1x incorporates Extensible Authentication Protocol (EAP), which defines the basics of how two parties can authenticate one another. Products implementing EAP are now available (2). In the first half of 2004, EAP will be incorporated 802.11i, the next generation of WLAN security standards.

2.War driving

Description of vulnerability. This refers to an unauthorized device connecting to a legitimate wireless access point. This could happen, for instance, as a result of “overspray” – a WLAN signal extending beyond a building’s physical boundary.

Implications. The implications are largely the same as with rogue access points:

 Availability

 Authenticity

 Confidentiality

Solutions.

 Airwave detection – Using sniffers, a network administrator can ensure signals are not going beyond the desired area.

 Antenna adjustment – Antennae can be adjusted or moved to reduce overspray. Newer antennae provide coverage control with greater precision.

 Authentication

3.Eavesdropping

Description of vulnerability. Wireless network signals make it relatively easy for hackers to gather sensitive data, such as passwords or credit card information from wireless shopping traffic. As mentioned earlier, the current WEP approach offers weak encryption.

Implications.

 Confidentiality

Solutions.

 WEP Encryption – If nothing else, turn on WEP – it is better than nothing.

 WiFi Protected Access (WPA) – WPA is a subset of the draft 802.11i standard. WPA replaces WEP with much stronger security based on the Temporal Key Integrity Protocol (TKIP), which supports frequent changing of encryption keys. Products supporting WPA will be available in late 2003.

 802.11i – Full 802.11i security will change WLAN cryptography to the Advanced Encryption Standard (AES), which can accommodate keys of length 128, 192, or 256 bits. Products supporting 802.11i are not expected until late 2004 or early 2005.

 Virtual Private Networks (VPNs) – A VPN creates a secure encrypted connection between, e.g., a public wireless access point in an airport and a private corporate network. This can prevent hackers from sniffing the public network and gathering sensitive data.

If You Do Nothing Else

Gartner notes that, “Ninety percent of successful wireless LAN penetrations will take advantage of misconfigured or rogue access points” (1). Much of this can be prevented with some basic steps. For instance, wireless access points are typically shipped with security turned off. Many consumers and businesses are blissfully unaware of this. At a bare minimum, configure the access point’s basic passwords, parameters, and other security mechanisms (e.g., WEP). Replace default settings. For good measure, locate wireless access points where physical access is difficult or impossible.

REFERENCES

1. Gartner Group. “Wireless LAN Security Decision Framework.” Report DF-20-6636. 31 July 2003. <http://gartner.lib.depaul.edu/gartner_intraWeb>
2. Gartner Group. “Wireless LAN Authentication Choices.” Report QA-20-6834. 12 August 2003. <http://gartner.lib.depaul.edu/gartner_intraWeb>
3. Gartner Group. “Secure the Enterprise Against WLAN Attacks.” Report TG-20-8777. 10 September 2003. <http://gartner.lib.depaul.edu/gartner_intraWeb>
4. Gartner Group. “Wireless LAN Security Decision Framework.” Report DF-20-6636. 31 July 2003. <http://gartner.lib.depaul.edu/gartner_intraWeb>
5. Park, J. and Dicoi, D. “WLAN Security: Current and Future.” IEEE Internet Computing. September/October 2003.
6. Unwired. “Get Wireless! Everything You Need to Know About the Wi-Fi Revolution.” Supplement to Wired magazine. February 2003.

- 1 -