Wireless Network Security
TJX Data Breach (Marshalls, T.J. Maxx,
HomeGoods, A.J. Wright…)
v
TJX used WEP
security
v
They
lost
45
million customer
records
v
They settled the
lawsuits for $40.9
million
Objectives
v
Describe the
protections
basic
IEEE
802.11
wireless
security
v
Define the vulnerabilities of open system authentication,
WEP, and device authentication
v
Describe the WPA and WPA2 personal security models
v
Explain how enterprises can implement wireless security
IEEE 802.11 Wireless Security
Protections
IEEE
v
Institute of Electrical and Electronics Engineers (IEEE),
1963
v
In the early 1980s, the IEEE began work on developing
computer network architecture standards
v
This work was called Project 802
v
In 1990, the IEEE formed a committee to develop a
standard for WLANs (Wireless Local Area Networks)
v At that time WLANs operated at a speed of 1 to 2 million bits
per second (Mbps)
IEEE 802.11 WLAN Standard
v
In 1997, the IEEE approved the IEEE 802.11 WLAN
standard
v
Revisions
v IEEE 802.11 (2,4 GHz, 2 Mbps)
v IEEE 802.11a (5 GHz, 54 Mbps, 25- 75m)
v IEEE 802.11b (2.4 GHz, 11 Mbps, 35- 100m)
v IEEE 802.11g (2.4 GHz, 54 Mbps, 25- 75m)
v IEEE 802.11n (2.4 GHz, 5GHz, 300 Mbps, 50- 125m)
Controlling Access to a WLAN
v
Access is controlled by limiting a device’s access to the
access point (AP)
v
Only devices that are authorized can connect to the AP
v
One way: Media Access Control (MAC) address filtering
v
CSE uses this technique (unfortunately)
Controlling Access
MAC Address Filtering
Wired Equivalent Privacy (WEP)
v
Designed to ensure that only authorized parties can view
transmitted wireless information
v
Uses encryption to protect traffic
v
WEP was designed to be:
v Efficient and reasonably strong
WEP Keys
v
WEP secret keys can be 64 or 128 bits long
v
The AP and devices can hold up to four shared secret
keys
v
One of which must be designated as the default key
WEP Encryption Process
Transmitting with WEP
Device Authentication
v
Before a computer can connect to a WLAN, it must be
authenticated
v
Types of authentication in 802.11
v Open system authentication
v
Lets everyone in
v Shared key authentication
v
Only lets computers in if they know the shared key
Vulnerabilities of
IEEE 802.11 Security
Open System Authentication
v
To connect, a computer needs
the SSID (network name)
v
Routers normally send out
beacon frames announcing
the SSID
v
Passive scanning
v A wireless device listens for a
beacon frame
Turning Off Beaconing
v
For "security" some people turn off beacons
v
This annoys your legitimate users, who must now type in
the SSID to connect
v
It doesn't stop intruders, because the SSID is sent out in
management frames anyway
v
It can also affect roaming
v
Windows XP prefers networks that broadcast
MAC Address Filtering Weaknesses
v
MAC addresses are transmitted in the clear
v An attacker can just sniff for MACs
v
Managing a large number of MAC addresses is difficult
v
MAC address filtering does not provide a means to
temporarily allow a guest user to access the network
v Other than manually entering the user’s MAC address into
the access point
WEP
v
To encrypt packets WEP can use only a 64-bit or 128-bit
number
v Which is made up of a 24-bit initialization vector (IV) and a
40-bit or 104-bit default key
v
The 24-bit IV is too short, and repeats before long
v
In addition, packets can be replayed to force the access
point to pump out IVs
Cracking WEP
v
With the right equipment, WEP can be cracked in just a
few minutes
v
You need a special wireless card
Personal Wireless Security