Wireless Network Security

1
Wireless Network Security

• Jeremy Vance
• VICORP Restaurants Inc
• Network Administrator

2
VICORP Restaurants Inc.

• Family Dining since 1956
• Village Inn, Bakers Square Concepts
• 260 Company Stores 50 Supported Franchisee
  Locations
• 750 Users 150 Laptops
• Computing Environment
• SAP, Oracle
• Compaq Servers
• Use VPNs over public internet connections for our
  WAN connectivity.
• POS4, Remacs
• Microsoft Windows environment.

3
Agenda

• Wireless benefits and potential drawbacks
• Technologies
• Wireless standards
• Security Protocols and Standards
• Concerns, Technical issues and Best practices
• Our Wireless project
• Questions and Comments
• Additional Resources

4
Wireless Benefits and Drawbacks
5
Wireless Benefits

• When used at a store location
• Provides connectivity to GM and Regional
  managers, getting them out of the back office and
  out on the floor.
• Provides connectivity to corporate laptop users
  when traveling.
• Provides a source of connectivity to customers,
  which can increase head count and become a source
  of income.
• Provides connectivity to devices at the store
  where cabling is unrealistic.
• When used at the corporate offices
• Provides connectivity to locations without
  cabling.
• Provides connectivity to individuals visiting the
  company (Vendors, Investors, etc..)
• Provides connectivity for individuals during a
  meeting in a conference room.

6
Potential Wireless Drawbacks

• Connection can be hijacked and bandwidth lost.
• Provides an easier source for network intrusion.
• Sensitive data is at greater risk.
• Support is a challenge, especially for customers.
• Providing wireless access to customers may or may
  not be a good fit with your business.

7
What Are Attackers After?

• Free connectivity that can be used for malicious
  reasons. Connections are high speed and
  anonymous.
• Easy entry into a secured network in order to
  cause damage or disruptions to service.
• Access to sensitive data, such as Credit Card
  numbers and financial statements.

8
Technologies
9
802.11 IEEE Standards

• Define how wireless devices will communicate with
  each other.
• Not all standards are work together.

10
Wireless Standards

• 802.11b
• Uses the 2.4Ghz carrier frequency range (So do
  microwaves and cordless phones).
• Greater coverage area.
• Speeds up to 11Mbps (Realistically 5Mbps).
• Most commonly used standard today.
• Least expensive hardware.
• 802.11a
• Uses the 5Ghz carrier frequency range (Steers
  clear of interference).
• Smaller coverage area.
• Speeds up to 54Mbs (Realistically 25Mbps).
• Most expensive hardware.

11
Wireless Standards

• 802.11g
• Newest technology. Takes the best of 802.11a and
  802.11b.
• Uses the 2.4Ghz carrier frequency range (Better
  coverage).
• Uses newer multiplexing technologies to mitigate
  interference from other devices.
• Speeds up to 54Mbps (Realistically 20Mbps).
• Hardware costs fall between 802.11a and 802.11b.
• 802.11e
• Future standard.
• Will provide QoS (Quality of Service) to wireless
  networks.
• 802.11i
• Next evolution in Wireless security.
• Coming soon.
• Will provide better security for wireless
  networks by using AES (Advanced Encryption
  Standard).

12
Wireless Standards Report Card
Speed
Coverage
Interference
Cost
802.11a
802.11b
802.11g

• All three specify WEP or WPA as the
  encryption method.

13
Security Protocols and Standards

• Authentication Decides who is allowed to
  connect.
• Encryption Protects the data between access
  point and client.
• Tunneling VPNs Protects the data end to end.

14
Authentication

• MAC Address Authentication
• Every network adapter has a unique 12 digit
  hexadecimal number called a MAC address.
• Uses a list of allowed MAC addresses to decide
  who will be allowed to connect.
• Supported by almost all 802.11 products.
• Port Based Authentication
• Defined by the 802.1x IEEE standard.
• Uses EAP (Extensible Authentication Protocol) and
  a backend Authentication Server, such as RADIUS,
  to decide who will be allowed to connect.
• Until authentication is successful, only EAP
  traffic going to the Authentication Server is
  allowed to pass.
• There have been several variation and
  improvements made to EAP. (LEAP, PEAP, EAP-TLS,
  etc)

15
Encryption

• WEP (Wired Equivalent Privacy)
• Uses an RC4 cipher to encrypt data.
• Uses a static shared key.
• Keys typically are 40bits, 64bits, or 128bits
  long.
• Uses a 24-bit IV (Initialization Vector) and the
  shared key to generate the RC4 cipher.
• Supported by all 802.11 products.
• WPA (Wi-Fi Protected Access)
• Recently approved as a replacement for WEP.
• Specifies a method for re-keying, which makes the
  key much harder to crack since it changes.
• Support for 802.1X and EAP.

16
Encryption

• AES (Advanced Encryption Standard)
• Will use a much longer key than WEP or WPA.
• Will allow for a different key for each packet,
  making it extremely difficult to crack.
• Recently adopted by the U.S. Government as the
  replacement for Triple DES.
• 802.11i specifies AES as the encryption method.

17
Tunneling

• PPTP and L2TP
• Designed as extensions of the PPP protocol.
• Used to provide authentication and client
  configuration.
• Provides basic data encryption.
• Most commonly by Windows Virtual Private
  Networking.
• IPSec (IP Security Protocol)
• Used to encrypt data a verify its authenticity.
• Used by most VPN servers and appliances.
• Commonly used in conjunction with L2TP in Windows
  VPNs.
• Collection of several separate protocols that
  perform packet authentication, encryption,
  compression, and key exchange management.

18
Considerations, Technical Issues and Best
Practices
19
Wireless Security Considerations

• Lack of physical security with a Wireless
  network.
• Signal may bleed outside of the intended
  service area.
• By default most access points will announce their
  presence by broadcasting a beacon. This includes
  the unique identifier, or SSID of the access
  point.
• Many wireless implementations do not even have
  WEP enabled.
• Inexpensive products typically only support MAC
  address authentication and WEP encryption.
• Implementing additional security such as RADIUS,
  and VPNs adds cost and management complexity to
  the design.

20
Wireless Security Technical Issues

• MAC Address Authentication
• Adds a good level of security, but can be
  difficult to manage.
• Becomes useless if hardware is stolen.
• WEP
• Since WEP uses a small IV (24-bit) and a static
  shared key, the shared key can be computed simply
  by collecting enough data so the the IV is
  reused.
• On a heavily used network this can occur within 1
  hour.
• WEP hacking is well documented and tools are
  readily available.
• 802.1X
• Requires additional backend authentication
  servers.
• Vulnerable to Man-In-The-Middle attacks and
  Session hijacking.

21
Best Practices

• At a minimum enable WEP on your access points.
• Look for access points that utilize WPA.
• Deploy access points outside of your firewalls.
• If possible use strong authentication methods
  like 802.1X with EAP and RADIUS.
• If possible use secondary encryption on the
  wireless network.
• Consider turning the SSID broadcast off.
• Lock down services on the wireless network that
  are not needed.
• Perform a site survey.
• Use directional antennas. Sectors and yagis will
  help keep a signal going where it is meant to go
  instead of leaking it to other locations.
• Don't boost the access points signal needlessly.
• Consider shielding external walls near access
  points.
• If possible wait for the 802.11i standard.

22
Our Wireless Project
23
Goals

• Implement a wireless network in each of our
  stores as part of our POS4 roll out.
• Provide Area Managers with access to all network
  resources (in store, corporate, and Internet).
• Connections needed to be secure.
• Connections needed to be reliable.
• We wanted to keep cost to a minimum and
  demonstrate an ROI.
• Connections needed to show a noticeable speed
  increase over existing dial-up connections.
• Provide a solution that did not require a great
  deal of training or management overhead.
• We wanted to avoid investing in dead end and
  bleeding edge technologies.
• Support of customers was deemed out of scope.

24
Our Solution

• Based on our goals the following decisions were
  made
• We would use business grade DSL service where
  available to provide reliability and speed.
• 802.11b was selected because at the time 802.11a
  was expensive and we considered it bleeding edge.
• A site survey would be performed at installation
  time to ensure best placement of the access
  point.
• Strong authentication such as 802.1x, MAC
  Authentication would not be used due to
  additional cost and management overhead.
• VPN connections back to corporate would be
  required as a means of secondary encryption.
• A firewall would be installed to protect the
  wireless clients from the Internet.
• Remote firewall would have service restrictions
  to prevent unauthorized use of Internet
  connection.

25
Top Level Architecture
26
Components

• D-Link 22Mbps 802.11b Access point (90 Retail)
• 802.11b standard allows for speeds up to 22Mbps
  (realistically 11Mbps).
• Supports remote management.
• US Robotics 802.11b wireless card (50 Retail)
• 802.11b standard allows for speeds up to 22Mbps
  (realistically 11Mbps).
• Netgear Broadband Router (50 Retail)
• Supports remote management.
• Supports Port mapping, so that we can manage the
  D-Link access point remotely.
• Protects wireless clients form the Internet using
  NAT and access lists.
• Supports NAT-T and PPTP pass-through.
• Supports blocking traffic by service type.

27
Outcome

• Wireless solution implemented with a hardware
  cost less than 150 per store and 50 per laptop.
• Area Managers are now able to connect to the
  Internet, Corporate and Store resources from the
  restaurant floor.
• Corporate laptop users are able to utilize the
  wireless connection when traveling.
• Using WEP and VPN tunnels we are able to secure
  the connections.
• Components are readily available.
• Business class DSL service provides a reliable
  connection and is noticeably faster than dial-up.
• Very little additional training or management.

28
Questions Comments
29
Additional Resources

• Wi-Fi Alliance - http//www.wifialliance.com
• IEEE 802.11 specifications - http//standards.ieee
  .org
• Wi-Fi Planet http//www.wi-fiplanet.com
• WEP Security issues http//www.drizzle.com/abob
  a/IEEE/11-01-253r0-I-WEP2SecurityAnalysis.ppt
• Cisco Wireless Products http//www.cisco.com/en/
  us/products/hw/wireless
• 802.1X for 802.11 overview http//www.nwfusions.
  com/news/tech/2001/0924tech.html
• 802.11i overview http//csrc.nist.gov/wireless/S
  10_802.11i20Overview-jw1.pdf