Security DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement




What Is Wireless Security

by Swayam Prakasha
03/30/2006

 

In this Article:

  1. Basic Security Measures in the 802.11x Standard
  2. Types of Wireless Network Attacks
  3. Preventive Measures
  4. Security Protections for Your Organization
  5. Summary
  6. References

The new standard in wireless networks--802.11g--offers speed, security, and performance. It is also the most widely employed standard in corporate internal wireless LAN networks. You can transfer data at up to 54Mbps using 802.11g (which is five times the speed of older 802.11b wireless networks). And wireless LANs provide some obvious benefits: they always provide on-network connectivity, they do not require a network cable, and they actually prove less expensive than traditional networks. Wireless networks have evolved into more affordable and logistically acceptable alternatives to wired LANs. But to take advantage of these benefits, your wireless LAN needs to be properly secured.

Network security in a wireless LAN environment is a unique challenge. Whereas wired networks send electrical signals or pulses through cables, wireless signals propagate through the air. Because of this, it is much easier to intercept wireless signals. This extra level of security complexity adds to the challenges network administrators already face with traditional wired networks. There are a number of extremely serious risks and dangers if wireless networks are left open and exposed to the outside world. This article covers the types of attacks wireless networks encounter, preventive measures to reduce the chance of attack, guidelines administrators can follow to protect their company's wireless LAN, and an excellent supply of online resources for setting up a secure wireless network.

Basic Security Measures in the 802.11x Standard

Let's have a look at some of the security features available in the 802.11x wireless standard.

  • Service Set Identifier (SSID):
    SSID is meant to differentiate one network from another. SSID is the identification string used by the wireless access points by which clients are able to initiate connections. SSID settings on your network should be considered the first level of security, and should be treated as such. In its standards-adherent state, SSID may not offer any protection to who gains access to your network, but configuring your SSID to something not easily guessable can make it harder for intruders to know what exactly they are looking at. For each wireless access point you deploy, it is very important to choose a unique and difficult-to-guess SSID. Also, by default, wireless gateways happily broadcast the SSID to be picked up by any wireless network device for easy configuration. Hiding the SSID by disabling the SSID broadcast makes the life of an intruder tough.

  • Associating:
    Before a wireless client and an access point start communicating, they are expected to start a dialogue. This process is called associating. When the 802.11x standard came into the picture, IEEE added an extra feature that allows networks to require authentication immediately after a device associates. This authentication can be considered as an extra layer of keyed security. There is a weakness in this, as it involves a clear text transmission. Thus it is possible for an attacker to get hold of the keys.

  • Wired Equivalent Privacy (WEP):
    WEP is a standard method for encrypting traffic over a wireless network. WEP was intended to give wireless users security equivalent to being on a wired network. With WEP turned on, each packet to be transmitted is first encrypted and then passed through a shredding machine called RC4. 128-bit encryption is preferred over 64-bit encryption, as it is lot more difficult to break. A major problem associated with WEP is key management. When we enable WEP according to the wireless standard, we need to visit each wireless device that we use and type in the proper WEP key. If the key is compromised due to some reasons, either you have to change the key or lose all security. Also, if you have hundreds of users on your network, changing the WEP key creates lots of difficulties. Thus, though WEP has several weaknesses, using WEP is better than not using it.

Types of Wireless Network Attacks

As in wired networks, the basic controls you'll need include a host system that authenticates the user or device attempting to access the network, and encryption that protects the data as it travels from the user device to the access point, whether to ensure confidentiality or to ensure that no one has tampered with the message or changed its content. The wireless networks based on 802.11x have been plagued by some well-publicized security failings. The IEEE 802.11x protocol provides a different approach to security and security management that overcomes the failings of 802.11x Wired Equivalent Privacy (WEP). The following is the list of some of the main known security risks.

1. Insertion Attacks 2. Interception and Monitoring of Wireless Traffic 3. Misconfiguration 4. Client-to-Client Attacks 5. Jamming

The Wireless Equivalent Privacy (WEP) encryption built into 802.11x can be compromised relatively easily. Wireless sniffing programs, such as AirSnort, can implement attacks that exploit these weaknesses. WEP has some known weaknesses in how the encryption is implemented. Keep in mind that using WEP is better than not using anything; it at least stops casual sniffers.

Let's take a closer look at each type of wireless network attack listed above.

Insertion attacks: These occur when you place unauthorized devices on the wireless network without going through a security process and review. This type of attack can happen when an attacker tries to connect a wireless client to an access point without authorization. It is possible to configure the access points so that they require a password for client access. If there is no password, an intruder can connect to the internal network simply by enabling a wireless client to communicate with the access point.

Interception and monitoring of wireless traffic: As in wired networks, it is possible to intercept and monitor the network traffic across a wireless LAN. For this type of attack to take place, the only condition that needs to be satisfied is that he/she needs to be within the range of an access point.

Misconfiguration: Many access points ship in an unsecured configuration so that they can be handled and deployed easily. Unless each unit is configured prior to deployment, these access points will be a high risk for attack or misuse.

Client-to-client attacks: Two wireless clients can communicate with each other, bypassing the access point. Therefore, there is a need for the users to defend the clients not just against an external attack but also against each other.

Jamming: DoS (Denial of Service) attacks are easily applied to the wireless world, where legitimate information cannot reach the clients or access points, mainly because the legitimate traffic overwhelms the frequencies.

By gathering enough "interesting" packets, that is, those that contain weak initialization vectors (starting keys), the sniffers can decrypt WEP-encoded messages by breaking the keys employed by WEP. Some vendors are trying to fix this problem through firmware updates that provide "weak key avoidance."

Pages: 1, 2

Next Pagearrow






Sponsored by: