Proxim Wireless LANs

1
Proxim Wireless LANs
2
Enabling Information Access Anytime, Anywhere
K-12 Schools Universities
Hospitals
Public Hot Spots
Corporate Campuses
3
Wireless LAN Applications
4
Wireless LAN ApplicationsVoice over Wi-Fi
Solutions

• Instant voice communications across team members
  and groups
• Increase business productivity
• Improve customer service levels
• Better teamwork
• Motorola/Avaya/Proxim partnership
• All of the above plus the benefit of seamless
  802.11/cellular roaming

5
Wi-Fi Key Market Dynamics
Market Niche Market Novelty Hot Spots Road
Warrior Applications Wi-Fi Service Only
Mass Market Technology of choice for low cost
connectivity Hot areas mobile hot spots with 3G
backhaul Business Applications Wi-Fi projectors,
securitysurv. wireless POS)
Bundled services VoWi-Fi, Wi-Fi/DSL
Customers/Users Consumers
Public Hot Spots and Enterprises
Technology 802.11 Single-Mode Devices Client
Cards Standards confusion Heavy APs
802.16 - indoor and outdoor Multi- Mode Devices
(e.g. SCCAN) Wireless Chips Combo 802 standard
Wireless switches
6
Proxim Sweet SpotConvergence of Wi-Fi and
Broadband Wireless

• Wi-Fi/Broadband wireless convergence
• Wireless/wireline convergence through centralized
  wireless LAN intelligence
• Wi-Fi/Cellular/VoIP convergence
• Standards convergence microwave functionality
  with .11 economics
• Bundled services voice over Wi-Fi, Wi-Fi/DSL
  etc.

7
Wireless LAN NetworkingSecurity
8
Agenda

• Recent past and present state of wireless LAN
  security
• Detailed explanation of Robust Secure Networks
  (RSN)
• 802.1X Authentication
• TKIP Encryption
• CCMP Encryption
• Industry roadmap for wireless LAN security
• Recommended security for enterprise deployments
• Migration to WPA for legacy ORiNOCO APs
• Future developments

9
WLAN Security Threats

• Eavesdropping
• Unauthorized access
• Stealing Internet access bandwidth
• Access to sensitive data
• Rogue AP
• Enterprises need to adjust security policies
• Sophisticated attacks
• WEP attack (using weak keys to find actual WEP
  key)
• Brute force or dictionary attacks
• Replay or forgery attacks
• Man-in-the-middle attacks
• Denial of service attack

10
Key Terms

• Authentication
• Mechanisms used to identify a wireless client to
  an access point and vice-versa
• Encryption
• Protect data from interception and decoding

11
Wireless LAN Security - Past

• Original wireless LAN Security (as defined up to
  802.11b)
• Service Set Identifier (SSID)
• Vulnerable to snooping, misconfiguration
• Shared Key Authentication
• Vulnerable as a group password easily exploited
  due to WEP flaws
• WEP Encryption
• Vulnerable implementation of RC4 algorithm
• MAC Address Authentication
• Vulnerable to spoofing, stolen devices, requires
  configuration
• Key security issues
• No mutual authentication between client and
  wireless LAN infrastructure
• Network subject to man-in-the-middle attack
• Device-based authentication, not user-based
• MAC addresses can be spoofed, devices lost or
  stolen
• Shared, static encryption key
• Network vulnerable to brute force attacks

12
Solving 802.11 Security Issues Today
Security Vulnerabilities
Todays Solutions

• Weak authentication
• Authentication methods based on device, not user
  
• Weak encryption

• Two-way mutual authentication between AP and
  client using IEEE 802.11i
• User based authentication
• - I.e. username/password
• Dynamic per user, per session AES keys
• Automatic rekeying
• and more

Enterprise-class Access Points and clients
implement all of these solutions to allow simple,
safe deployment of 802.11b, 802.11a and 802.11g
wireless networks.
13
Can I Safely Deploy Wireless LANs Today?

• YES!
• Use
• Infrastructure that supports IEEE 802.11i and
  Wi-Fi Protected Access 2 (WPA2)
• 802.1X Authentication with Rotating Keys
• AES
• WPA2 certification ensures interoperabilitywith
  other vendors equipment
• Certification will begin by the Wi-Fi Alliancein
  September 2004

14
Is Only Over-The-Air Security Good Enough?

• NO!
• Newest threats are
• Rogue Access Points
• Unsecured management interfaces
• In addition, strong benefit to using one Wi-Fi
  infrastructure to support multiple user
  communities
• Employees
• Guests
• Contractors
• ORiNOCO Access Points meet all these requirements

15
Multi-Layered, Proactive Wi-Fi Security

• Enterprise-class encryption to secure information
• WPA today
• Upgradeable to AES and 802.11i tomorrow
• Standards based authentication to ensure you are
  who you say you are
• EAP-TLS, TTLS or PEAP
• Secure management interfaces
• SNMPv3 and SSL

16
Proactive Security to Keep Your Network Safe

• Advanced Rogue AP Detection
• Proactively detects and identifies rogue APs to
  prevent security breaches
• Automatically searches both 2.4 and 5 GHz bands
• Finds new, consumer-grade tri-mode APs
• Eliminates hassle of physical searches or
  expensive sensor overlay
• Interfaces with any SNMP management platform
• Wavelink Mobile Manager support available by
  March 31, 2004

Wavelink Mobile Manager
17
Multiple VLANs with Different Security Contexts

• Multiple security settings on a single AP
• So employees, guests, contractors, etc can
  easily, securely use the same infrastructure
• Support for up to 16 VLANs per radio
• 16 each for .11b/g and .11a for a total of 32
• Management VLAN increases security of AP

18
Putting It All Together Implementing WPA or
WPA2

• Select an Access Point that supports
  enterprise-class security
• WPA today
• Upgradeable to AES and 802.11i tomorrow
• Select a standards based authentication method
• EAP-TLS, TTLS or PEAP
• Both PEAP and TTLS
• Are open standard, not proprietary
• Are username/password based
• Do not require certificates for client
• PEAP supplicant available from Microsoft
• Select a WPA/WPA2 compatible RADIUS server
• Recommend Funk Odyssey or Steel-Belted Radius for
  enterprise deployments
• Microsoft IAS also supports WPA

• A note on Ciscos LEAP
• Proprietary EAP method
• Broken publicly at DefCon 11 industrys premier
  security conference
• Not secure

19
Funk Software WLAN Security Leader

• Founded in 1982 by Paul Funk based in Cambridge,
  MA
• Complete suite of WLAN security products includes
  Odyssey and Steel-Belted Radius
• Deployable today
• Fully compatible with ORiNOCO wireless LANs
• Market and technical leadership
• Market leader in RADIUS with over 7,000 customers
• 2003 Awards Frost Sullivan The 802.11 Report
  Information Security magazine

20
ORiNOCO and Funk A Secure Wireless LAN
Architecture
Authentication Database or
Domain Server
Odyssey or Steel Belted Radius Server
ORiNOCO APs
Microsoft client in Win XP, 2000 or Odyssey
Client with any Wi-Fi radio
21
Future Security Developments

• Detection of Rogue Access Points
• Often deployed by employees internal to
  organization unfamiliar with security risks
• Available today
• SNMP v3 support
• Eliminate ability to manipulate AP parameters
  through SNMP management tools
• Available today
• Client session accounting records
• Record client logon and logoff times
• Available today
• Enhanced wireless LAN client management
• Status of associated clients and ability to
  disassociate specific clients

22
Thank you!