A good general security aphorism: When your system depends on everyone adhering to the rules in order for it to work, it is open to attack.

Wireless policy

We should have a clearly stated policy, findable on the security site and the policy page, about not putting up rogue wireless access points, and why it's a bad idea to do so. Also we should give information about wireless security issues and the need for end-to-end encryption.

Exposures to consider with wireless

• Technology problems, e.g., interoperability
• Theft of hardware (card fits easily in pocket, laptops are stealable)
• Masquerading (can alter MAC easily, get past MAC-based authentication) - AP authenticates systems, not users.
• Viruses - speakers believe wireless-tailored viruses are only a matter of time.
• Eavesdropping - sniffing the wireless portion of the net is trivial because authentication isn't required for that. Authentication just gets you past the AP onto the wired net.
• Authorization vulnerabilities

WEP

Purpose is to provide Wired Equivalent Privacy -- i.e., (only) the level of privacy you'd get if using a wired connection. However, it fails to achieve this. RC4 encryption would work fine but not implemented correctly. Note again that WEP only protects transmissions in the air.

One thing that stops people from using WEP is that there is no mechanism for sharing keys between Access Points. Each Access Point must be contacted separately to manage keys. This contributes to either not using WEP at all, or never changing the keys once established.

WEP is flawed even if it worked well encryption-wise. For performance reasons, it doesn't encrypt the SSID and in general doesn't encrypt management packets. SSID=Service Set Identifier, an identifier attached to packets sent over the WLAN that functions as a password for joining a particular radio network (BSS, "basic service set"). All radios and access points within the same BSS must use the same SSID or their packets will be ignored. Note that wireless configuration information, including WEP key, is either stored on the card itself (and therefore stealable by stealing the card) or stored locally on the system -- and again stealable by either breaking in or by stealing the laptop. Cisco stores information on the card; Lucent stores it locally on the system -- under Windows it's stored in a world-readable registry key!

Most implementations use the default SSID anyway, so sniffing it or locating it on the system or card isn't necessary. See www.wi2600.org/mediawhore/nf0/wireless/ssid_defaults for a list.

Lots of problems with WEP

• CRC check chosen for authentication is weak. It was never designed for authentication, but only for detecting problems in data integrity. It is possible to modify a message while maintaining a valid CRC. You can also inject messages this way. The 40-bit ascii string generator used causes the same 40-bit key to be generated again by the pseudo-random number generator every 2^24 times. It takes about 35 seconds on a 500Mhz PIII to derive the key. The 128-bit key generated for WEP doesn't suffer these particular problems, as it relies on MD5, not CRC.
• Keystream reuse. Note again that the shared key is static and due to inconvenient management, is rarely if ever changed. The randomness of the keystream depends on the Initialization Vector, which is repeated after about 16 million packets. For a given initialization vector, the keystream doesn't change. When the keystream is reused, two messages end up encrypted with the same keystream. In addition, most clients simply reset the IV to 0 and begin incrementing by 1 for each packet, hardly random. There are lots of collisions, and each collision makes it easier to mathematically derive the keystream. An easy attack involves sending a bunch of known packets, like pings, and then watches the replies, which he knows to be a static IV plus ciphertext version of a known reply.
• Key Scheduling Algorithm used with RC4. A paper indicates that an attacker can gain access via this vulnerability to an entire WLAN in less than 15 minutes. It requires 1-8 million packets, and is not particularly CPU intensive. The root of the problem is the "known plaintext" of the IV prepended to the key, which leads to a weak key. RC4 isn't the culprit, the poor key choice is. Longer keys won't help with this problem -- the attacker recovers each key byte individually, so longer keys cause the attack to scale linearly, not exponentially as one would normally expect for a longer encryption key. Practically speaking, 128-bit keys are no more secure against this attack than 40-bit.

So, you don't need to steal the card or look at the WEP key on the local hard drive, registry, wherever - you can trivially derive it.

Current 802.11b authentication options

• Open is the default, meaning any client can associated with an access point. That doesn't mean they would be handed an IP address, though, or able to get past the access point. Note that it does mean they'd have access to the wireless portion of the network, even if they can't get past the access point onto the wired net.
• Shared key authentication uses a shared secret key (i.e., the WEP key) to authenticate the client to the AP. This is massively flawed, though, unfortunately: the client sends an authentication frame to the AP, which responds with a 128-bit challenge. The client replies with the same challenge sent back encrypted with the shared key. AP then replies with a "success" authentication if the decrypted version of the challenge matches the original.
• Closed Network - no broadcast SSID in the beacon packet. Netstumbler (see below) won't find AP's that don't broadcast the SSID. However, clients must know the SSID already in order to connect to closed networks.
• Captive Portal - this is what many hotels or cafes use for network access. AP's are all on a separate network, and traffic isn't passed without successful authentication, usually MAC-based. Can still sniff the wireless portion, though.

Current 802.11b Authorization
MAC layer. Can configure the AP to talk only to specific MAC addresses. This controls access to the wired network, note, not the wireless portion.

WEP keys are totally insecure because it's easy to obtain the key. However, for knob-rattlers and other casual intruders (script kiddies), WEP is substantially better than nothing, since it makes the difference between some (small) effort and no effort. It is currently so unused that no one bothers to exploit it - there are too many totally unsecured wireless networks around to make even the trivial effort involved worthwhile. It can still help protect against casual snoopers and bandwidth theft.

Note about security model with wireless in general: in the wireless phone/pager service world, security meant prevention of fraud - protection of provider's ability to bill users and get money. NOT protection of user privacy, or user anything, particularly data.

Terminology
An access point typically connects wireless with wired networks. If it connects two wireless nets, it's technically an "extension point".

Things to watch out for with implementation

Access Point placement - because channels are spaced at 5Mhz, while bandwidth itself is 22Mhz (FCC specification), you can get interference if you have 2 channels right next to each other. Roaming can be achieved by having slightly overlapping AP areas, using *different* channels.
Can increase capacity and bandwidth by:

• reducing physical coverage area per AP
• reducing client-to-AP ratio
• using aggregation to increase AP-to-client ratio using load balancing.

Note that you can really have only three AP's in the latter setup, because only three channels can be used in the same space without some overlap & interference.

Two most common mistakes made: not changing the default SNMP community strings and the default SSID.

Best practices

• enable WEP
• change your SSID from the default
• change your SNMP community string
• disable broadcast of SSID
• change the password on the AP
• periodically survey your own site
• use MAC address filtering, think about whether you really want to use DHCP on your wireless network
• encourage use of end-to-end encryption (SSL, SSH, VPN) for confidentiality and privacy
• Expand IDS to include WLAN activity
• Update security policies to specifically address wireless net.

Differences between the 802.11x's

• 802.11b - what we use now, aka "WiFi". Operates in 2.4Ghz range. Residential Gateways & Enterprise Access Points tend to be identical hardware but different firmware, the residential gateway being limited to, say, 10 clients at a time. Access Servers usually include built-in Radius or some mechanism for talking to an authentication server. Outside Routers usually don't talk directly to clients
• 802.11a operates in 5Ghz range. Has data rates of 20Mbps and up, uses Intersil's Orthoganal Frequency Division Multiplexing (OFDM), a much more efficient encoding method. TI's Binary Convolution Coding (PBCC) was a contender, but not chosen -- however, may be supported as an option.
• 802.11g uses same 2.4Ghz range, but is much more efficient in transmission technology and so allows higher throughput than 802.11b.

802.11a is closer to completion now than 802.11g (still 2.4Ghz range, but more efficient data transmission), but probably will never completely replace 802.11g or b. For one thing, in some countries the 5Ghz spectrum is licensed, sometimes by the military. It also uses more power than the other two. However, new plasma light bulb technology, 75% more efficient, operate in 2.4Ghz range, so may help drive adoption of 802.11a in some areas, since operation of these lights would crater an 802.11g or b WLAN. Note that neither 802.11g *nor* 802.11a is likely to be usable as a simple firmware upgrade for wireless equipment. Simply too different from 802.11b.

The Future

Planned improvements to WEP

• Short-term: a lightweight protocol called TKIP (previously called WEP v. 2, but the name WEP is now considered somewhat tainted). This can be implemented on existing hardware with a firmware update, so any 802.11b WEP-capable system could use it. In addition to addressing the known issues with WEP, it stores keys dynamically in memory rather than on the card or in the local system registry. It includes a mechanism for clients to share a group key (multicast) in addition to each having a special individual key (unicast).
• Long-term: a protocol based on AES encryption for future devices. Won't be supported for existing cards due to increased resource demands.

Robust Security Network (RSN)/ Enhanced Security network (ESN) = same thing, two names.

Defined in 802.11 Security Baseline. RSN security consists of two basic subsystems, TKIP or AES for data privacy (note that the AES-based wireless encryption protocol hasn't been defined yet); and security association management for improved security negotiation procedures, authentication, and key management.

Roaming

• IAPP, Inter Access Point Protocol to standardize roaming features for use within a single organization. Started by Cisco, Digital Ocean and Lucent. 802.11f is the proposed extension to 802.11.
• WECA, Wireless Ethernet Compatability Alliance is part of the Wireless ISP Roaming (WISPR) Initiative, intended to ultimately allow roaming everywhere, much like wireless phone service in Europe, where it doesn't matter who the local carrier is -- you still get coverage and you still get billed. Would use RADIUS and a browser for authentication. Note that in this scenario end-to-end encryption becomes more critical than ever.

Questions to ask vendors regarding support for 802.1X

• Do you support dynamic key mapping keys (per-station unicast keys)?
• Do you support use of password-based authentication methods that are invulnerable to dictionary attack? If so, is the specification public?
• Can the AP *automatically* change the default keys?
• What are your plans for supporting forthcoming AES-based ciphers? What about TKIP, at least?

Resources

Netstumbler = utility for finding wireless networks and access points (and SSIDs), doesn't sniff data traffic: www.netstumbler.com
Note: you can configure an AP not to respond to probe packets such as those used by netstumbler. By default they do respond. Users will need to know the SSID prior to using the wireless net, then, since the AP won't tell it to them.

NAI has a commercial wireless sniffer that records everything.

Cellular: I am ignoring this for my notes. Good places for technical information about cellular: www.privateline.com/Cellbasics/Cellbasics.html and www.howstuffworks.com/cell-phone.htm
One note about WAP, though: "gap in WAP" is that WAP handset to WAP server is WTLS, WAP server to Internet is SSL, but locally on WAP server, once data is decrypted it is exposed until re-encrypted with SSL. So, whoever controls WAP server has access to everything.

Cisco VPN (but not our 5000 series) will ultimately support mobile PDA clients.

Here is a good list of 10 things to do to make your wireless network more secure.

* A note about MAC authentication - try looking in card properties under Advanced. MAC address has a handy field you can fill in to set it to whatever you want!