Cyber Security for the Digital District:

1
Wireless Security
Wireless Security
Wireless Security
Chris Seiberling / Mass Networks Boston, MA

• Cyber Security for the Digital District
• a CoSN Leadership Initiative
• In partnership with Mass Networks Education
  Partnership (MNEP)

www.securedistrict.cosn.org
2
Context for decision making

• Wireless growth challenges the security-minded
• Changes in standards perplex strategic planners
• New IT accessibility exposes network limitations
  

3
Access Point Explosion
Access Point Explosion
Total unique networks listed with
location 1,629,532 Total networks without WEP
527,326 Total networks with default
SSID 533,281 New networks listed TODAY
with location 736 As of August
25, 2004
http//www.wigle.net/images/PointsOverTime.png
4
Its a contest!
Source wigle.net 2/20/2004
5
Access Points are everywhere
Boston
Boston
6
Not in my backyard?
7
Not in my backyard?
8
Not in my backyard?
Whats in your WLAN?
9
(Some) Standards in the news
802.11b an aging standard? WEP (Wired Equivalent
Privacy) WPA (Wi-Fi Protected Access) Late
2002 802.11g faster but no safer than .11b --
June 2003 PEAP (Protected Extensible
Authentication Protocol) 2004? a
client/server-based end-to-end authentication
protocol to be included in WLAN gear as well as
client software, authentication servers and
online directories. 802.11i June 2004. Uses
128-bit NIST-sanctioned Advanced Encryption
Standard (AES) which replaces Digital Encryption
Standard (DES)
Whats next?
10
Other new opportunities will come with new
challenges

• Voice over WiFi
• Camera-enabled, text-enabled cell phones
• Wireless PDAs
• Cellular-Wireless integration

11

• Before deploying wireless networking, can you
• 1. Management
• Develop a district wireless policy?
• Budget time and staff
• to perform regular intrusion testing and
  monitoring?
• to stay informed of new vulnerabilities to
  wireless networking and appropriate
  countermeasures?
• to train users in wireless security awareness?

12

• Before deploying wireless networking, can you
• 2. Technology
• Make sure secure locations indoors are available
  for placing APs?
• Deploy a second layer of authentication, e.g.
  smart cards or biometrics?
• Install virus protection and personal firewall on
  client computers?
• Disable file sharing on all wireless clients?
• Verify that passwords are being being changed on
  wireless clients?

13
Context for decision making
1. Exploding Access

• 2. Changing Standards

3. Readiness
Recommendations from NISTs Wireless and Network
Security (publication 800-48)
14

• 1. Set Security Goals

Establish framework for decision making on
security
15
1. Set Security Goals

• 2. Risk Analysis

• Identify IT assets that could be affected by
  introduction of new technology (e.g. wireless)
• Determine their vulnerabilities (e.g. WEP) and
  threats (e.g. whackers)
• Test the defenses

16
1. Set Security Goals

• 2. Risk Analysis

3. Risk Reduction

• Solve security gaps with initiatives in
• technology
• policy
• IT management practice
• training
• communication

17
1. Set Security Goals

• 2. Risk Analysis

3. Risk Reduction
4. Crisis Management
Prepare for crises associated with the technology
newly added to the districts set of IT assets.
18
Tame growth, control access
Current deployments enable WEP, test your
network.
Planning a new network? Check for readiness.
Ready to sign a purchase order? consider waiting
for standards to shake out.
19
Thanks!
We need your feedback
www.securedistrict.cosn.org